hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

4906 Commits

Author SHA1 Message Date
Harry Maclean
25ceeaf241 Ruby: Fix SplatExprCfgNode 2022-11-09 15:03:15 +13:00
Harry Maclean
4bc9096446 Ruby: Add case string comparison barrier guard 
This recognises barriers of the form

    STRINGS = ["foo", "bar"]

    case foo
    when "some string literal"
      foo
    when *["other", "strings"]
      foo
    when *STRINGS
      foo
    end

where the reads of `foo` inside each `when` are guarded by the comparison
of `foo` with the string literals.

We don't yet recognise this construct:

    case foo
    when "foo", "bar"
      foo
    end

This is due to a limitation in the shared barrier guard logic.
 2022-11-09 15:03:13 +13:00
Asger F
43769ad464 Ruby: update test output 2022-11-08 19:20:57 +01:00
Nick Rolfe
a9ff0bdbbf Ruby: accept changed test output 2022-11-08 17:36:31 +00:00
Nick Rolfe
865d0ca64a Ruby: add changenote for ActiveSupport Hash extension summaries 2022-11-08 15:52:21 +00:00
Nick Rolfe
04575674db Ruby: generalise summaries for ActiveSupport Hash extensions 2022-11-08 15:48:20 +00:00
Asger F
271de66f01 Ruby: rename getConst -> getConstant 2022-11-08 16:41:04 +01:00
Asger F
a60f510c85 Ruby: handle knownOrUnkown in default taint step 2022-11-08 16:11:55 +01:00
Tom Hvitved
f0554fcdee Merge pull request #11155 from hvitved/ruby/avoid-stage-recomputation 
Ruby: Avoid stage recomputation
 2022-11-08 13:46:53 +01:00
Tom Hvitved
edde3defed Merge pull request #11153 from hvitved/ruby/basic-block-at-conditions 
Ruby: Split basic blocks around constant conditionals
 2022-11-08 13:35:52 +01:00
Rasmus Wriedt Larsen
4895daba85 DataFlow: Add read/store stepIsLocal consistency checks 2022-11-08 13:32:49 +01:00
Tom Hvitved
f0b9ca4bf9 Ruby: Add more guards tests 2022-11-08 11:09:54 +01:00
Asger F
a75c50620c Ruby: update more SSA test output 2022-11-08 11:03:24 +01:00
Tom Hvitved
37a69b4569 Ruby: Avoid stage recomputation 2022-11-08 10:51:30 +01:00
Erik Krogh Kristensen
c82410fd16 Merge pull request #10680 from erik-krogh/unsafeRbCmd 
RB: add an unsafe-shell-command-construction query
 2022-11-08 09:22:33 +01:00
Tom Hvitved
7ba0682297 Ruby: Split basic blocks around constant conditionals 2022-11-08 09:07:23 +01:00
Tom Hvitved
c86f597153 Ruby: Add test for disjunctive guard 2022-11-08 09:01:22 +01:00
Harry Maclean
03aa8df8e2 Ruby: Cosmetic change 2022-11-08 10:24:21 +13:00
Harry Maclean
d392cdaab6 Merge pull request #11022 from hmac/try-code-injection 
Ruby: try/try! as code execution
 2022-11-08 09:42:52 +13:00
Erik Krogh Kristensen
3f871a08e2 apply suggestions from doc review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-11-07 16:29:10 +01:00
erik-krogh
7a8e7150f0 add change-note 2022-11-07 14:36:55 +01:00
erik-krogh
860c3c443c update expected output of the queries (some sorting changed due to locations being used slightly differently in the shared pack) 2022-11-07 14:34:20 +01:00
erik-krogh
40e4359173 port the Ruby regex/redos queries to use the shared pack 2022-11-07 14:34:18 +01:00
erik-krogh
3432e814c5 add a Ruby implementation of RegexTreeViewSig 2022-11-07 14:33:46 +01:00
erik-krogh
af922702c7 move existing regex-tree into a module 2022-11-07 14:33:46 +01:00
erik-krogh
dddf550593 add codeql/regex as a dependency 2022-11-07 14:33:45 +01:00
Asger F
edc5d8d644 Ruby: update test output 2022-11-07 14:17:50 +01:00
Asger F
a213e9e55d Merge pull request #1 from hvitved/rb/data-flow-layer-capture2 
Ruby: Make sure to always generate SSA definitions for namespace self-variables
 2022-11-07 14:12:48 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
Asger F
f991991474 Ruby: fix incomplete renaming of getCanonicalEnclosing/Nested module 2022-11-07 14:04:10 +01:00
Tom Hvitved
2737255705 Ruby: Make sure to always generate SSA definitions for namespace self-variables 2022-11-07 14:02:09 +01:00
Asger F
a39cefe40f Ruby: fix broken test 2022-11-07 14:01:11 +01:00
Asger F
334d5b1b17 Ruby: fix stale qldoc 2022-11-07 11:23:40 +01:00
Asger F
27e1a8bd7a Ruby: cache predicates related to getConst 2022-11-07 11:18:29 +01:00
Anders Schack-Mulligen
99ca28ea9b Merge pull request #10886 from aschackmull/dataflow/joinorders 
Dataflow: Fix a couple of join-orders.
 2022-11-07 11:05:29 +01:00
Asger F
d4b018f242 Ruby: typo: found up -> looked up 2022-11-07 09:58:00 +01:00
Asger F
25f0382fce Ruby: replace asMethod with asCallableAstNode 2022-11-07 09:38:48 +01:00
Asger F
af5a378572 Ruby: fix typo in qldoc 2022-11-07 09:20:35 +01:00
Asger F
9a38e31baa Ruby: add explicit 'this' 2022-11-07 09:20:28 +01:00
Asger F
ff20908bbd Ruby: Assignment -> AssignExpr 2022-11-07 09:20:16 +01:00
Asger F
25dd8db423 Ruby: Refactor out getAnElementWriteCall 2022-11-07 09:18:18 +01:00
Asger F
5fa49b3319 Ruby: asExpr() -> getExprNode() 2022-11-07 09:18:00 +01:00
Asger F
8b85744d3e Ruby: use lambdaCreation and handle "proc" in there 2022-11-07 09:14:55 +01:00
github-actions[bot]
fca754bddd Post-release preparation for codeql-cli-2.11.3 2022-11-05 14:30:48 +00:00
Dave Bartolomeo
013b7eff1c Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-11-04 18:46:32 -04:00
github-actions[bot]
508327235a Release preparation for version 2.11.3 2022-11-04 20:16:23 +00:00
Arthur Baars
98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Asger F
4ae90e35d5 Ruby: inline transitive class-hierarchy getters 2022-11-04 08:50:33 +01:00
Asger F
472a10fd54 Ruby: direct -> immediate 2022-11-04 08:49:01 +01:00