hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

4906 Commits

Author SHA1 Message Date
Harry Maclean
4217a50900 Treat ActiveRecord.create as a model instantiation 2022-09-29 09:24:42 +13:00
Harry Maclean
424f31a24a Add test for AR Model.create instantiations 
These currently aren't recognised.
 2022-09-29 09:24:42 +13:00
Harry Maclean
63309150e0 Make some space 2022-09-29 09:24:37 +13:00
Harry Maclean
e7d19e849f Merge pull request #10090 from hmac/hmac/activestorage 
Ruby: Model Activestorage
 2022-09-29 09:16:25 +13:00
Harry Maclean
0ce0ada4df Merge pull request #10002 from hmac/hmac/protected-methods 
Ruby: Model protected methods
 2022-09-29 08:39:29 +13:00
Tom Hvitved
3af3772041 Ruby: Include With(out)Element in isElementBody 2022-09-28 16:51:20 +02:00
Asger F
76cab235d9 Ruby: reuse argumentPositionMatch 2022-09-28 15:24:48 +02:00
Asger F
8704ccee77 Ruby: mention TNoContentSet is only used by type-tracking 2022-09-28 15:18:09 +02:00
Asger F
65de5d014c Ruby: add test case 2022-09-28 12:23:58 +02:00
Asger F
c8162f80bf Ruby: add TypeModel.getAnApiNode 2022-09-28 12:17:10 +02:00
Asger F
a48b893ed6 Merge pull request #10588 from asgerf/rb/rbi-instantiated-type 
Ruby: add RbiInstantiatedType
 2022-09-28 11:51:20 +02:00
Asger F
fea47c85f3 Ruby: expand on type-tracking test a bit 2022-09-28 11:40:55 +02:00
Asger F
971657245d Ruby: update API graph inline test to match output 2022-09-28 11:17:13 +02:00
Tom Hvitved
99b2df0605 Ruby: Make get(Explicit)VisibilityModifier private 2022-09-28 11:16:13 +02:00
Asger F
ce1c258273 Ruby: Update TypeTracker.expected 2022-09-28 11:15:25 +02:00
Asger F
ee7dea1ab6 Merge branch 'main' into rb/summarize-loads-v2 
This only fixes superficial conflicts with
  https://github.com/github/codeql/pull/10574
semantic conflicts will be addressed in later commits
 2022-09-28 11:11:44 +02:00
Asger F
e56630a485 Ruby: add missing qldoc 2022-09-28 10:49:34 +02:00
Asger F
e1dfed0fcb Ruby: move OptionalContentSet to TypeTrackerSpecific.qll 2022-09-28 10:49:34 +02:00
Asger F
14e384aaa2 Ruby: remove unneeded import 2022-09-28 10:49:34 +02:00
Asger F
ce3665d50e Ruby: remove unneeded qualified AST import 2022-09-28 10:49:34 +02:00
Asger F
665ee81967 Ruby: revert trackUseNode to idiomatic type-tracking 
The optimizations done here now seem to backfire and cause more problems than they fix.
 2022-09-28 10:49:34 +02:00
Asger F
032847f331 Ruby: inline getContents 2022-09-28 10:49:34 +02:00
Asger F
e09a5e87dd Ruby: clarify what getAnElement() does 2022-09-28 10:49:34 +02:00
Asger F
588b31d15d Ruby: fix another typo 2022-09-28 10:49:34 +02:00
Asger F
a7b92295a2 Ruby: fix a typo 2022-09-28 10:49:34 +02:00
Asger F
7dfa58b50d Remove Content::NoContent 2022-09-28 10:49:34 +02:00
Asger F
dd23e125e5 Rename TypeTrackerContentSet -> TypeTrackerContent 2022-09-28 10:49:34 +02:00
Asger F
6abf77d40d Factor comparison into compatibleContents 2022-09-28 10:49:34 +02:00
Asger F
85d0c63ec7 Ruby: store a ContentSet on type tracker instances 2022-09-28 10:49:34 +02:00
Asger F
a5ed3d791b Ruby: expand test case to reveal mismatching forward/backward flow 2022-09-28 10:49:34 +02:00
Asger F
e47deaffbf Ruby: More QLDoc police 2022-09-28 10:49:34 +02:00
Asger F
7737e75427 Update some QLDoc comments 2022-09-28 10:49:34 +02:00
Asger F
cbf16579ed Ruby: tweak pipeline a bit 2022-09-28 10:49:33 +02:00
Asger F
b13b2ce319 Ruby: fix join order when building append relation 2022-09-28 10:49:33 +02:00
Asger F
3498a04b89 Ruby: associate ContentSets with store/load edges in type tracker 2022-09-28 10:49:33 +02:00
Asger F
497258eda5 Ruby: reuse Content type 2022-09-28 10:49:33 +02:00
Asger F
ac1b7eb0b9 Remove SetterMethodCall in MkAttribute 2022-09-28 10:49:33 +02:00
Asger F
a64f7cd146 Ruby: simplify getSetterCallAttributeName 2022-09-28 10:49:33 +02:00
Asger F
a51a540582 Ruby: add content edges to API graph 
Fixes
 2022-09-28 10:49:33 +02:00
Asger F
d5e2b93554 Ruby: add API graph label for content 2022-09-28 10:49:33 +02:00
Asger F
cd9cddf45a Ruby: generate type-tracking steps from simple summary specs 2022-09-28 10:49:33 +02:00
Asger F
f1b99e867c Ruby: use IPA type for type tracker contents 
fixup qldoc in OptionalTypeTrckerContent
 2022-09-28 10:49:33 +02:00
Asger F
53ef054c53 Ruby: Add getACallSimple and use it for arrays and hashes 2022-09-28 10:49:24 +02:00
Asger F
182d7d38a8 Update ruby/ql/lib/codeql/ruby/experimental/Rbi.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-09-28 10:36:09 +02:00
Harry Maclean
adb8368e07 Add change note 2022-09-28 12:16:12 +13:00
Harry Maclean
24a10aa5ff Recognise send_file as a FileSystemAccess 
This method is available in ActionController actions, and sends the file
at the given path to the client.
 2022-09-28 12:14:22 +13:00
Harry Maclean
eada74a15c Add change note 2022-09-28 11:43:31 +13:00
Tom Hvitved
31806b84ba Ruby: Add more flow summaries tests 
The tests highlight the differences between `(With|Without)?Element[1]` and
`(With|Without)?Element[1!]`.
 2022-09-27 20:16:31 +02:00
Tom Hvitved
2351c0288a Ruby: Fix spurious flow through reverse stores 2022-09-27 20:16:31 +02:00
Harry Maclean
28a23209a5 Ruby: Identify ActionController::Metal controllers 
Subclasses of `ActionController::Metal` are stripped-down controllers.
We want to recognise them as ActionController controllers.
There are some common ActionController methods that are not available in
Metal, but these are not likely to be used anyway as they would throw an
exception, so I don't think there's much harm in including them in the
modelling.
 2022-09-28 07:10:09 +13:00