hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

1627 Commits

Author SHA1 Message Date
Tom Hvitved
945bb7459a Ruby: Update expected test output 2021-11-17 09:05:37 +01:00
Alex Ford
8603609698 Update test output to account for for-loop -> each desugaring 2021-11-17 09:05:36 +01:00
Tom Hvitved
7cfc696d62 Merge pull request #7141 from hvitved/ruby/synthesis-realnode-recursion 
Ruby: Eliminate unnecessary recursion through `RealNode`
 2021-11-17 09:03:30 +01:00
Anders Schack-Mulligen
c70d384d28 Merge pull request #7045 from aschackmull/dataflow/hidden-ret-subpaths 
Data flow: Support hidden return nodes in subpaths predicate
 2021-11-16 15:04:51 +01:00
Tom Hvitved
9e8e2e2b48 Ruby: Update CFG test output (some nodes have been reordered) 2021-11-16 12:45:24 +01:00
Tom Hvitved
03ae58830a Ruby: Add missing CFG entry for ForwardParameter 2021-11-15 16:28:17 +01:00
Tom Hvitved
3ce41015bb Ruby: Add CFG test for forward parameters 2021-11-15 16:25:06 +01:00
Tom Hvitved
34fdf11b4b Ruby: Update expected test output 2021-11-10 15:11:13 +01:00
Alex Ford
25da904314 test cases for rb/csrf-protection-disabled 2021-11-04 19:56:56 +00:00
Tom Hvitved
3544c85445 Ruby: Make the target of basicStoreStep the post-update node 2021-11-04 14:21:22 +01:00
Tom Hvitved
1101b1054d Ruby: Make target of basicStoreStep a normal data flow node 2021-11-04 14:20:07 +01:00
Tom Hvitved
a56a5e4e7d Ruby: Add type tracker tests 2021-11-04 14:19:16 +01:00
Nick Rolfe
11154a9409 Ruby: add regex injection query 2021-10-27 15:58:12 +01:00
Erik Krogh Kristensen
8a4b043cb1 fix imports 2021-10-26 15:39:45 +02:00
Erik Krogh Kristensen
97264b5dda add the bad tag filter query to ruby 2021-10-26 15:25:12 +02:00
Tom Hvitved
f020b2e437 Merge pull request #335 from github/hmac/self-flow 2021-10-22 19:14:20 +02:00
Harry Maclean
aa8607009b Update test fixtures 2021-10-22 10:56:34 +01:00
Harry Maclean
f1add388a0 Synthesise writes to self for classes/modules 
This requires changing the CFG trees for classes and modules from
post-order to pre-order so that we can place the writes at the root node
of the tree, to prevent them overlapping with reads in the body of the
class/module.

We need to do this because classes and modules don't define their own
basic block, but re-use the surrounding one. This problem doesn't occur
for `self` variables in methods because each method has its own basic
block and we can place the write on the entry node of the bock.
 2021-10-22 10:56:34 +01:00
Harry Maclean
356828cd51 Update stored XSS fixture 
The change to `self` modelling finds more true positives in this query.
 2021-10-20 13:30:51 +01:00
Nick Rolfe
86da3c2db3 Add rb/path-injection query 2021-10-20 12:31:16 +01:00
Tom Hvitved
f1f7930529 Make all self nodes LocalSourceNodes 2021-10-20 11:43:50 +02:00
Harry Maclean
c437fd50a4 Update test fixtures 
Some of these look a bit suspicious, so need to double check them before
merging.
 2021-10-20 10:39:36 +01:00
Tom Hvitved
c57b7c5b2b Data flow: Restrict ExprReturnNode to nodes from the body of the callable 2021-10-18 17:01:30 +02:00
Tom Hvitved
397b8345e0 Data flow: Fix bug for sugared call arguments 2021-10-18 13:48:11 +02:00
Tom Hvitved
0de27bbc7e Data flow: Add ArgumentNode test 2021-10-18 13:47:50 +02:00
Arthur Baars
ceecb23118 Merge remote-tracking branch 'rc/3.3' into 'main' 2021-10-15 15:21:48 +02:00
Arthur Baars
976daddd36 Move files to ruby subfolder 2021-10-15 11:47:28 +02:00