codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Tom Hvitved	d196c77b3d	Ruby: Remove some redundant overrides	2021-12-22 11:25:13 +01:00
Nick Rolfe	9e259b67bb	Merge pull request #7305 from github/nickrolfe/user-controlled-bypass Ruby: query to find user-controlled bypass of sensitive actions	2021-12-21 17:20:20 +00:00
Arthur Baars	a7aff11140	Merge pull request #7394 from aibaars/ruby-cfg-expr-post Ruby: CFG: make all expressions "post-order" nodes	2021-12-21 16:36:42 +01:00
Nick Rolfe	5765f3684c	Ruby: add missing qldoc comment	2021-12-21 15:29:16 +00:00
Nick Rolfe	5db80dac51	Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass	2021-12-21 15:26:08 +00:00
Arthur Baars	a86ba3b14e	Ruby: rename WhenExpr to WhenClause	2021-12-21 12:31:24 +01:00
Tom Hvitved	29cd346702	Ruby: Reduce non-linear recursion in CFG completion library Before ``` noinline incremental Completion::nestedEnsureCompletion#ff(/* Completion::Completion / Completion::TCompletion outer, int nestLevel) :- ( ( Completion::TReturnCompletion#f(outer), rec Completion::Completion#class#f(outer) ); ( Completion::TBreakCompletion#f(outer), rec Completion::Completion#class#f(outer) ); ( Completion::TNextCompletion#f(outer), rec Completion::Completion#class#f(outer) ); ( Completion::TRedoCompletion#f(outer), rec Completion::Completion#class#f(outer) ); ( Completion::TRetryCompletion#f(outer), rec Completion::Completion#class#f(outer) ); ( Completion::TRaiseCompletion#f(outer), rec Completion::Completion#class#f(outer) ); ( Completion::TExitCompletion#f(outer), rec Completion::Completion#class#f(outer) ) ), exists(/ ControlFlowGraphImpl::Trees::BodyStmtTree */ cached dontcare AST::Cached::TAstNode _ \| ControlFlowGraphImpl::Trees::BodyStmtTree::getNestLevel_dispred#ff(_, nestLevel) ) \| [base_case] false() \| [delta_order] ( ( Completion::TReturnCompletion#f(outer), delta previous rec Completion::Completion#class#f(outer) ); ( Completion::TBreakCompletion#f(outer), delta previous rec Completion::Completion#class#f(outer) ); ( Completion::TNextCompletion#f(outer), delta previous rec Completion::Completion#class#f(outer) ); ( Completion::TRedoCompletion#f(outer), delta previous rec Completion::Completion#class#f(outer) ); ( Completion::TRetryCompletion#f(outer), delta previous rec Completion::Completion#class#f(outer) ); ( Completion::TRaiseCompletion#f(outer), delta previous rec Completion::Completion#class#f(outer) ); ( Completion::TExitCompletion#f(outer), delta previous rec Completion::Completion#class#f(outer) ) ), project#ControlFlowGraphImpl::Trees::BodyStmtTree::getNestLevel_dispred#ff(nestLevel), not(previous rec Completion::nestedEnsureCompletion#ff(outer, nestLevel)) . ``` After ``` noinline Completion::nestedEnsureCompletion#ff(Completion::TCompletion outer, int nestLevel) :- ( Completion::TReturnCompletion#f(outer); Completion::TBreakCompletion#f(outer); Completion::TNextCompletion#f(outer); Completion::TRedoCompletion#f(outer); Completion::TRetryCompletion#f(outer); Completion::TRaiseCompletion#f(outer); Completion::TExitCompletion#f(outer) ), project#ControlFlowGraphImpl::Trees::BodyStmtTree::getNestLevel_dispred#ff(nestLevel) . ```	2021-12-20 19:22:47 +01:00
Arthur Baars	6c7114804e	Ruby: remove CaseExprChildMapping::getBranch	2021-12-20 19:21:36 +01:00
Arthur Baars	7644d60dae	Revert "Ruby: CFG: make WhenExpr post-order" This reverts commit `cff63fa7d7`.	2021-12-20 18:57:25 +01:00
Erik Krogh Kristensen	8019b52838	run the non-us patch with "modelled/modeled"	2021-12-20 17:47:15 +01:00
Tom Hvitved	06575efce9	Data flow: Fix bad join-order	2021-12-20 15:44:16 +01:00
Tom Hvitved	aa9444b16c	Address review comment	2021-12-20 15:24:14 +01:00
Alex Ford	313e0c63fd	Merge pull request #7399 from github/ruby/stdlib-logger Ruby: Model what is written to the log from stdlib `Logger` methods	2021-12-20 09:52:29 +00:00
Tom Hvitved	1e27ddf7c7	Ruby: Data flow for keyword arguments/parameters	2021-12-17 15:42:29 +01:00
Arthur Baars	46144fe0a3	Ruby: InClause and WhenClause are no longer Expr	2021-12-17 14:04:25 +01:00
Arthur Baars	974ad070d1	Revert "Ruby: CFG make in-clause post-order" This reverts commit 1343ed58a21eec2954876d8d42e877a382ba89c8.	2021-12-17 14:04:25 +01:00
Arthur Baars	560413f94a	Address comments	2021-12-17 14:04:25 +01:00
Tom Hvitved	e4d9f5f29e	Fix QL doc	2021-12-17 13:14:11 +01:00
Tom Hvitved	ab2e0fdb18	Data flow: Sync files	2021-12-17 13:13:36 +01:00
Arthur Baars	ba89653dff	Ruby: CFG: make RescueClause post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	db4b781fef	Ruby: CFG: make RescueModifier post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	cff63fa7d7	Ruby: CFG: make WhenExpr post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	a9286e897b	Ruby: CFG make in-clause post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	f49605569b	Ruby: CFG make more expressions post-order	2021-12-17 12:21:18 +01:00
Arthur Baars	a4ea7129c2	Ruby: CFG: make 'case' a PostOrder node	2021-12-17 12:21:18 +01:00
Nick Rolfe	dba26a92e9	Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass	2021-12-16 15:05:01 +00:00
Arthur Baars	3ef707e358	Address comment	2021-12-16 15:38:41 +01:00
Arthur Baars	cdbd8b27d3	Ruby: SimpleParameter is not an Expr	2021-12-16 15:38:40 +01:00
Tom Hvitved	e9ef53c31b	Merge pull request #7390 from hvitved/ruby/deprecate-pattern-classes Ruby: Deprecate `Pattern` classes	2021-12-16 14:36:13 +01:00
Tom Hvitved	4ccf9bf67c	Address review comments	2021-12-15 19:57:27 +01:00
Tom Hvitved	2187994f5c	Ruby: Prevent infinite recursion in module resolution library	2021-12-15 15:15:19 +01:00
Harry Maclean	062f7fe390	Merge pull request #7340 from github/hmac/private-methods Ruby: handle private module methods	2021-12-15 21:07:49 +13:00
Harry Maclean	a32711245f	Ruby: Further speed up private method modelling	2021-12-15 17:38:52 +13:00
github-actions[bot]	59da2cdf69	Release preparation for version 2.7.4	2021-12-14 21:35:09 +00:00
Alex Ford	5fa6ecc5f1	Ruby: Model what is written to the log from stdlib `Logger` methods	2021-12-14 17:39:12 +00:00
Dave Bartolomeo	a62f181d42	Move new change notes to appropriate packs	2021-12-14 12:05:15 -05:00
Tom Hvitved	e882cdaca4	Ruby: Add missing `getCallable()` for nested destructured parameters	2021-12-14 15:04:40 +01:00
Tom Hvitved	9ea8b20e77	Ruby: Deprecate `Pattern` classes	2021-12-14 15:04:40 +01:00
Alex Ford	3262a14f22	Ruby: use `DataFlow::CallNode#getBlock` to remove a cast	2021-12-14 13:23:38 +00:00
Alex Ford	f3dcccb64b	Ruby: Add `getBlock` and `getNumberOfArguments` predicates to `DataFlow::CallNode`	2021-12-14 12:58:15 +00:00
Harry Maclean	f21948d0ca	Ruby: Speed up private method modelling	2021-12-14 11:10:38 +13:00
Alex Ford	4ae92667e1	Ruby: use Ruby object instantiation syntax in a comment	2021-12-13 12:54:45 +00:00
Harry Maclean	e1d290d4c0	Ruby: Don't count private methods as Rails actions Private instance methods on ActionController classes aren't valid request handlers. Routing to them will raise an exception.	2021-12-13 15:36:55 +13:00
Nick Rolfe	b80a84c156	Merge pull request #7341 from github/nickrolfe/cookies	2021-12-10 19:52:23 +00:00
Andrew Eisenberg	66c1629974	Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb Post-release preparation 2.7.3	2021-12-10 09:59:45 -08:00
Nick Rolfe	b6c5b4d213	Ruby: define ActionViewCookiesCall	2021-12-10 16:36:26 +00:00
Nick Rolfe	a4da528812	Ruby: query to find user-controlled bypass of sensitive actions	2021-12-10 11:41:09 +00:00
Anders Schack-Mulligen	464b9c3991	Dataflow: Sync.	2021-12-10 11:20:01 +01:00
Tom Hvitved	657cd89286	Merge pull request #7347 from hvitved/cfg/more-consistency-tests Shared CFG: Add two more consistency queries	2021-12-10 10:50:39 +01:00
Arthur Baars	13f7fd88f1	Merge pull request #7283 from aibaars/ruby-pattern-matching-cfg Ruby: pattern matching: CFG	2021-12-10 10:24:38 +01:00

... 63 64 65 66 67 ...

3456 Commits