Joe Farebrother
a8aac318d0
Add qhelp
2024-03-22 14:04:52 +00:00
Joe Farebrother
89838981b7
Add test cases
2024-03-22 14:04:52 +00:00
Joe Farebrother
0f45a53adc
Add mass assignment query
2024-03-22 14:04:52 +00:00
Arthur Baars
c219b1a3c7
Merge pull request #16013 from github/rc/3.13
...
Merge rc/3.13 into main
2024-03-21 16:04:58 +01:00
Henry Mercer
4e3a6e2140
Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry
...
Show lines of code data in debug mode only
2024-03-21 12:20:09 +00:00
Henry Mercer
a76832f4e0
Mark LOC queries as debug instead
2024-03-20 21:18:55 +00:00
Tom Hvitved
8f56edea80
Merge pull request #15966 from hvitved/treesitter-split-up-node-info-table
...
Tree-sitter: Split up `ast_node_info` table into two tables
2024-03-20 20:38:18 +01:00
erik-krogh
db3bf0e482
use the sanitizers from ReflectedXSS in unsafe-html-construction
2024-03-20 10:11:07 +01:00
Tom Hvitved
90779f4413
Ruby: Extend barrier guards to handle phi inputs
2024-03-20 10:02:20 +01:00
Tom Hvitved
0f0acc0428
Ruby: Add barrier guard flow tests
2024-03-20 09:25:20 +01:00
Dave Bartolomeo
311ba8ea1b
Merge from main to resolve conflicts
2024-03-19 10:41:31 -04:00
Harry Maclean
219cd4e415
Merge pull request #14426 from hmac/hmac-ar-scopes
...
Ruby: Track flow into ActiveRecord scopes
2024-03-19 14:19:14 +00:00
Harry Maclean
7e479e3c8e
Ruby: Fix Hash#keys flow summary
2024-03-19 13:47:45 +00:00
Harry Maclean
22ddf2129b
Ruby: remove isString from TSymbol
2024-03-19 12:27:34 +00:00
Tom Hvitved
865026f22b
Ruby: Add up/downgrade scripts (sigh)
2024-03-19 13:04:12 +01:00
Tom Hvitved
72ff494739
Ruby: Regenerate dbscheme and stats
2024-03-19 13:04:07 +01:00
Harry Maclean
dde148ee7e
Ruby: add changenote
2024-03-19 08:40:30 +00:00
Harry Maclean
32b80f8cb1
Ruby: Add tests for hash flow
2024-03-19 08:38:14 +00:00
Tom Hvitved
fc55567d90
Merge pull request #15853 from hvitved/dataflow/get-location
...
Data flow: Replace `hasLocationInfo` with `getLocation`
2024-03-18 20:21:46 +01:00
Tom Hvitved
8899d66132
Merge pull request #15734 from hvitved/dataflow/hidden-subpath
...
Data flow: Account for hidden `subpath` wrappers
2024-03-18 20:17:16 +01:00
Harry Maclean
187a68bf76
Ruby: Add flow summary for Hash#keys
2024-03-18 17:56:10 +00:00
Harry Maclean
e895f96a3a
Ruby: Taint flow to second block param in map
...
When `map` is called on a hash, the values in the hash are passed to the
second parameter of the block.
2024-03-18 17:55:02 +00:00
Harry Maclean
80ae017aa1
Ruby: Track flow into ActiveRecord scopes
2024-03-18 15:01:37 +00:00
Joe Farebrother
4177c38ed4
Merge pull request #15907 from joefarebrother/ruby-uploaded-file
...
Ruby: Model ActiveDispatch::Http::UploadedFile
2024-03-18 14:02:33 +00:00
Tom Hvitved
e53357d376
Update expected test output
2024-03-18 14:49:32 +01:00
github-actions[bot]
aebe9f6992
Post-release preparation for codeql-cli-2.16.5
2024-03-18 12:16:26 +00:00
Arthur Baars
dbf16827bf
Merge pull request #15951 from github/aibaars/changenotes-fixes
...
Fix minor formatting issues in changenotes
2024-03-18 12:56:50 +01:00
github-actions[bot]
0a6243d07b
Release preparation for version 2.16.5
2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35
Fix minor formatting issues in changenotes
2024-03-18 10:57:05 +01:00
Tom Hvitved
a13391bda1
Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths
...
Variable capture: Avoid overlapping and false-positive data flow paths
2024-03-18 10:45:55 +01:00
Joe Farebrother
8c5fff2d11
Update names and qldoc for params taint predicates
2024-03-15 14:43:29 +00:00
Tom Hvitved
e7b00a7b42
Ruby: Add post-update argument nodes for string constants
2024-03-15 10:47:39 +01:00
Joe Farebrother
f464f1b94e
Accept test output + fix qldoc typo
2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b
Add change note + fix qldoc
2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a
Add test cases
2024-03-14 22:25:36 +00:00
Joe Farebrother
5333c75919
Model additional string attributes
2024-03-14 22:25:36 +00:00
Joe Farebrother
8c31b612ca
Model UploadedFile original_filename and read
2024-03-14 22:25:35 +00:00
Tom Hvitved
4085c8ec8f
Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit
...
Ruby: Lower access path limit to 1 for `OrmTracking`
2024-03-13 10:57:09 +01:00
Harry Maclean
806f42ef72
Ruby: Update change note
2024-03-13 09:54:17 +00:00
Harry Maclean
dd5eb982ec
Merge pull request #15524 from hmac/hmac-process-spawn
...
Ruby: Add some more command injection sinks
2024-03-13 09:53:10 +00:00
Tom Hvitved
695e728ed5
Ruby: Lower access path limit to 1 for OrmTracking
2024-03-12 14:58:29 +01:00
Tom Hvitved
dddba3228b
Merge pull request #15867 from hvitved/dataflow/ap-limit
...
Data flow: Add `ConfigSig::accessPathLimit`
2024-03-12 14:57:51 +01:00
Tom Hvitved
4291290277
Ruby: Implement new data flow interface
2024-03-11 20:56:38 +01:00
Joe Farebrother
9c51514bd9
Merge pull request #15857 from joefarebrother/ruby-activerecord-from
...
Ruby: Model second argument of `ActiveRecord` `from`
2024-03-11 16:49:52 +00:00
Henry Mercer
c325ff8a23
Mark lines of code queries as telemetry queries
...
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.
The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
2024-03-11 16:40:31 +00:00
Tom Hvitved
da66281fef
Sync files
2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9
Data flow: Add ConfigSig::accessPathLimit
2024-03-11 13:01:58 +01:00
Joe Farebrother
dbd33d1cf0
Model Argument[1] of ActiveRecord from
2024-03-08 14:04:01 +00:00
Tom Hvitved
24e35f6f3d
Update expected test output
2024-03-08 10:00:43 +01:00
Tom Hvitved
e793a1e9fe
Ruby: Add variable capture spurious flow test
2024-03-08 10:00:42 +01:00
