hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

335 Commits

Author SHA1 Message Date
Chad Bentz
37e0c30842 Add expected output for VariablesConsistency test case 2025-09-23 10:40:30 -04:00
Chad Bentz
89fd9694ce codeql query format 2025-09-22 19:25:05 -04:00
Chad Bentz
0665c39a07 Refactor GrapeHelperMethod constructor to reuse getHelperSelf to traverse dataflow instead of AST 
- add tests to check for nested helpers
 2025-09-22 19:08:34 -04:00
Chad Bentz
f4bbbc346f Refactor Grape framework to be encapsulated properly in Module 2025-09-19 19:06:50 -04:00
Chad Bentz
89e9ee43c0 Convert from GrapeHelperMethodTaintStep extends AdditionalTaintStep to a simplified GrapeHelperMethodTarget extends AdditionalCallTarget 2025-09-19 18:28:45 -04:00
Chad Bentz
c5e3be2c4c Grape - detect params calls inside helper methods 
- added unit tests for flow using inline format
- removed grape from Arel tests (temporary)
 2025-09-16 17:09:18 -04:00
Chad Bentz
ffd32efba2 codeql query format 2025-09-16 09:08:07 -04:00
Chad Bentz
a8d4d6b563 Apply naming standards + changenote 2025-09-15 22:02:03 -04:00
Chad Bentz
5cfa6e83b3 Add support for route parameters(+ blocks), headers, and cookies in Grape API 2025-09-12 22:51:47 -04:00
Chad Bentz
3252bd39d2 Enhance Grape framework with additional data flow modeling and helper method support 2025-09-12 22:13:21 -04:00
Chad Bentz
738ab6fba7 Refactor Grape framework code for improved readability and consistency 2025-09-12 19:23:15 -04:00
Chad Bentz
d295acc3c3 Add initial support for Ruby Grape 2025-09-12 19:22:05 -04:00
Matt Schwager
5192f3128a Update expected test output 2025-07-21 15:26:39 -04:00
Matt Schwager
9da94fb880 Fix #19294, Ruby NetHttpRequest improvements 2025-07-21 15:17:54 -04:00
erik-krogh
7b1b366d98 ruby: update ruby tests after deleting deprecated test predicates 2025-01-27 22:17:00 +01:00
erik-krogh
34f5f61a10 all: use my script to delete outdated deprecations 2025-01-27 22:16:48 +01:00
Tom Hvitved
978a816f11 Ruby: Track types in data flow 2025-01-06 13:26:10 +01:00
Michael Nebel
138e294dae Ruby: Update all test util paths to point to the new location. 2024-12-12 13:54:37 +01:00
Tom Hvitved
6b60865d7e Ruby: Do not distinguish between symbols and strings in hash keys 2024-10-31 11:42:09 +01:00
Tom Hvitved
f04a55ecb5 Ruby: Update hash extension tests 2024-10-31 11:00:33 +01:00
Tom Hvitved
7c4d5981dd Shared: Add missing spaces in inline test expectation output 2024-10-25 13:23:03 +02:00
Tom Hvitved
f1afa2bf59 Ruby: Fix expected test output 2024-10-07 09:16:12 +02:00
Tom Hvitved
f287216060 Update expected test output 2024-09-24 14:21:38 +02:00
Tom Hvitved
6d4f3bd014 Ruby: Rework splat argument/parameter matching 2024-08-20 16:21:56 +02:00
Tom Hvitved
c9aaba677d Ruby: Update expected test output 2024-08-13 13:34:46 +02:00
Tom Hvitved
8ea4f85de3 Ruby: Rework Sinatra.FilterJumpStep 2024-06-21 08:57:59 +02:00
Tom Hvitved
95c764eff6 Fix Sinatra test to properly output pathgraph 2024-06-21 08:57:19 +02:00
Alex Ford
6c3d90e8a0 Merge pull request #16650 from alexrford/rb/routing-improvements 
Ruby: ActionDispatch - support `path => target` route format
 2024-06-18 11:17:05 +01:00
Tom Hvitved
e42de3de6f Ruby: Fix extraction errors 2024-06-04 14:54:02 +02:00
Tom Hvitved
ad99158838 Ruby: Fix/accept extraction errors 2024-06-04 12:55:44 +02:00
Alex Ford
1100b75a3c Ruby: handle routes with path/action pairs 2024-05-31 15:54:57 +01:00
Alex Ford
0473655752 Ruby: actiondispatch add hash arg testcase 2024-05-31 15:08:35 +01:00
Alex Ford
22858249f9 Ruby: actiondispatch test whitespace changes 2024-05-31 15:07:39 +01:00
Tom Hvitved
a006c29a00 Merge pull request #16481 from hvitved/treesitter/bump2 
Tree-sitter: Bump to 0.22.6
 2024-05-22 12:53:14 +02:00
Rasmus Wriedt Larsen
2451a6d3f6 Accept .expected changes 2024-05-21 14:47:42 +02:00
Tom Hvitved
bf2ae9890f Tree-sitter: Bump to 0.22.6 2024-05-21 11:14:06 +02:00
Tom Hvitved
04de315e0e Ruby: Deprecate models-as-data CSV interface 2024-04-12 13:40:14 +02:00
Anders Schack-Mulligen
7cc8fd00aa Ruby: Update expected output (uninteresting). 2024-04-12 09:20:35 +02:00
Harry Maclean
409f46ef7b Merge pull request #14308 from hmac/hmac-rb-csrf-not-enabled 
Ruby: Add a query for CSRF protection not enabled
 2024-04-02 11:30:36 +01:00
Tom Hvitved
e7b00a7b42 Ruby: Add post-update argument nodes for string constants 2024-03-15 10:47:39 +01:00
Joe Farebrother
f464f1b94e Accept test output + fix qldoc typo 2024-03-14 22:25:37 +00:00
Joe Farebrother
3e61be1b6a Add test cases 2024-03-14 22:25:36 +00:00
Harry Maclean
dd5eb982ec Merge pull request #15524 from hmac/hmac-process-spawn 
Ruby: Add some more command injection sinks
 2024-03-13 09:53:10 +00:00
Joe Farebrother
dcc6f83d3b Merge pull request #15782 from joefarebrother/ruby-typhoeus 
Ruby: Model `Typhoeus::Request.new`
 2024-03-05 16:55:38 +00:00
Harry Maclean
91cb2a37fd Ruby: Model Process.exec 2024-03-05 10:19:22 +00:00
Harry Maclean
179aaa1342 Ruby: model Open4.popen4ext 2024-03-05 09:35:18 +00:00
Peter Stöckli
4adc373dfe Ruby: more test cases for code injection via method 2024-03-01 16:01:07 +01:00
Joe Farebrother
65b30c1dff Add tests and qldoc 2024-03-01 14:46:55 +00:00
Peter Stöckli
a693c6d9b4 Ruby: sinks for code injection via calls to method 2024-03-01 14:42:22 +01:00
Tom Hvitved
914a605a87 Ruby: Rework hidden synthetic data-flow nodes 2024-02-27 15:33:58 +01:00