hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,868 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.4
Commit Graph

1088 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
45af148f05 Merge pull request #9215 from RasmusWL/ruby-mad-argument-self 
Ruby: Fixes for `Argument[any,any-named]` in MaD
 2022-06-16 17:38:32 +02:00
Alex Ford
c44a68613a Ruby: add a test case for ActiveRecord dynamic finder methods 2022-06-16 11:29:56 +01:00
Alex Ford
56bf977498 Ruby: trim some SQLi related comments from ActiveRecord.rb 2022-06-16 11:29:56 +01:00
Alex Ford
de486baf4a Ruby: rename ActiveRecord.rb test case file 2022-06-16 11:29:56 +01:00
thiggy1342
ef9442d377 Merge branch 'main' into experimental-archive-api 2022-06-15 21:46:23 -04:00
thiggy1342
e317392336 add Zip::File.new to framework 2022-06-16 00:22:15 +00:00
Harry Maclean
7c5a83833b Merge pull request #8737 from hmac/hmac/posix-spawn 
Ruby: Model the posix-spawn gem
 2022-06-16 00:50:10 +01:00
Harry Maclean
a38e59a681 Merge pull request #9030 from hmac/hmac/activesupport 
Ruby: Model various bits of ActiveSupport
 2022-06-16 00:49:38 +01:00
thiggy1342
1bdaf529d9 fix qlformat errors 2022-06-15 01:49:48 +00:00
thiggy1342
a0f1c86031 add framework test 2022-06-15 01:39:47 +00:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Rasmus Wriedt Larsen
bb0435aba6 Merge branch 'main' into ruby-mad-argument-self 2022-06-08 14:19:29 +02:00
Alex Ford
5d4473bb2a Merge pull request #8845 from alexrford/ruby/rbi-lib 
Ruby: Add partial support for working with RBI (Ruby Interface) files
 2022-05-27 11:43:44 +01:00
Alex Ford
919555d168 Merge pull request #9341 from alexrford/ruby/activerecordinstance-public 
Ruby: Make `ActiveRecordInstance` public and fix some misidentifications
 2022-05-27 11:21:58 +01:00
Arthur Baars
e3ef258b0e Merge pull request #9287 from aibaars/instance-variable-flow-2 
Ruby: flow through getters/setters
 2022-05-27 10:49:20 +02:00
Alex Ford
4e0e4f9b5b Ruby: make ActiveRecordInstance public 2022-05-26 17:54:02 +01:00
Alex Ford
fd8f1dc88f Ruby: fix some misidentification of ActiveRecordModelInstantiations 2022-05-26 17:54:01 +01:00
Harry Maclean
c80a06a6d8 Ruby: Simplify posix-spawn modeling 2022-05-26 14:29:04 +01:00
Harry Maclean
ee827604f7 Ruby: Model the posix-spawn gem 
This gem exists primarily to provide methods that spawn subprocesses. We
model these as SystemCommandExecutions.
 2022-05-26 14:16:08 +01:00
Tom Hvitved
b3ce2d4a2b Ruby: Data flow for hash-splat expressions in hash literals 2022-05-25 19:55:28 +02:00
Arthur Baars
033df767ef Ruby: allow fields in flow summaries 2022-05-25 16:01:04 +02:00
Arthur Baars
b0a97f9b01 Ruby: flow through getters/setters 2022-05-25 16:01:04 +02:00
Tom Hvitved
ce4959287a Ruby: Flow through hash-splat expressions 2022-05-25 15:40:08 +02:00
Tom Hvitved
a7b39ebeca Ruby: Flow through hash-splat parameters 2022-05-25 12:37:22 +02:00
Rasmus Wriedt Larsen
ae65af2c07 Ruby: Fix Argument[any] in Hash.qll 
With this PR, `self` have to be explicitly added. A few edges were
removed, and I don't know why. It doesn't seem to affect results, so I
did not worry too much.
 2022-05-24 18:09:52 +02:00
Rasmus Wriedt Larsen
04ac466189 Merge branch 'main' into ruby-mad-argument-self 2022-05-24 18:04:02 +02:00
Tom Hvitved
faf24a4f18 Ruby: Data-flow through hashes 2022-05-24 14:27:55 +02:00
Harry Maclean
334c43a2b7 Ruby: Add tests for ActiveSupport modelling 2022-05-24 09:35:26 +01:00
Arthur Baars
cf2eb0d3a1 Merge branch 'main' into instance-variable-flow 2022-05-23 18:48:51 +02:00
Arthur Baars
7ed60b19a2 Ruby: improve test case 2022-05-23 11:59:12 +02:00
Arthur Baars
29ea1b2f24 Ruby: rename getSelfVariableAccess to getReceiver 2022-05-23 11:30:29 +02:00
Arthur Baars
68aeb2ba85 Update test output 2022-05-20 16:30:58 +02:00
Arthur Baars
d9c2b78aa2 Ruby: flow through instance variables 2022-05-20 16:30:58 +02:00
Rasmus Wriedt Larsen
5d6fbcec64 Ruby: Autoformat 2022-05-19 16:30:12 +02:00
Rasmus Wriedt Larsen
e810ba4ef6 Ruby: Expand flowToAnyArg test 2022-05-19 16:27:04 +02:00
Rasmus Wriedt Larsen
0879b6ae12 Ruby: Fix Argument[any,any-named] handling for path component in MaD 2022-05-19 15:51:30 +02:00
Rasmus Wriedt Larsen
7784b9f879 Ruby: WIP: Make Argument[any] and any-named work 
It's not fully working I think the problem is that the code below ties
up `Argument[x]` with parameter positions, and `Parameter[x]` with
argument positions. This flip might be correct for flow-summaries, but
it does NOT seem to be correct for the `path` component  in MaD.

Specifically, quick-eval for ParameterPosition does NOT include `keyword key` while
quick-eval for ArgumentPosition DOES include `keyword key`!

For the test `Foo.sinkAnyNamedArg(key: tainted) # $ MISSING: hasValueFlow=tainted`

c8be8d30b3/ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModelsSpecific.qll (L130-L133)
 2022-05-19 15:51:25 +02:00
Rasmus Wriedt Larsen
df83a51e1e Ruby: Add anyNamedArg summary test 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb6e5c24fc Ruby: Prepare for anyNamedArg summary test 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
a7f627af0c Ruby: Add test for Argument[any] and any-named 2022-05-19 15:42:41 +02:00
Rasmus Wriedt Larsen
cb5ad8b775 Ruby: Don't include Argument[self] in Argument[any] 
For flow-sumamries
 2022-05-19 15:42:41 +02:00
Tom Hvitved
a18aef23f9 Data flow: Do not discard call context when computing reverse lambda flow through jumps 2022-05-19 15:19:41 +02:00
Tom Hvitved
ea703bc49a Ruby: Add test that illustrates false negative lambda flow 2022-05-19 15:19:34 +02:00
Rasmus Wriedt Larsen
051754cf7e Ruby: Add test of what Argument[any] for input/output includes 
and an explicit test of what `Argument[self]` includes.
 2022-05-19 14:02:22 +02:00
Alex Ford
c620fceb82 Ruby: remove unnecessary line from test 2022-05-17 14:57:11 +01:00
Alex Ford
6b496c78ef Ruby: failing crypto op test 2022-05-17 14:57:11 +01:00
Alex Ford
0cc0494586 codeql format 2022-05-16 15:54:31 +01:00
Tom Hvitved
a9f6d203cd Merge pull request #8971 from aibaars/safe-nagivation 
Ruby: add safe navigation operator
 2022-05-16 10:53:56 +02:00
Alex Ford
03e34e071a ruby: inline expectations tests for CryptographicOperation concept 2022-05-13 16:32:36 +01:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00