Tom Hvitved
fc55567d90
Merge pull request #15853 from hvitved/dataflow/get-location
...
Data flow: Replace `hasLocationInfo` with `getLocation`
2024-03-18 20:21:46 +01:00
Tom Hvitved
8899d66132
Merge pull request #15734 from hvitved/dataflow/hidden-subpath
...
Data flow: Account for hidden `subpath` wrappers
2024-03-18 20:17:16 +01:00
Harry Maclean
187a68bf76
Ruby: Add flow summary for Hash#keys
2024-03-18 17:56:10 +00:00
Harry Maclean
e895f96a3a
Ruby: Taint flow to second block param in map
...
When `map` is called on a hash, the values in the hash are passed to the
second parameter of the block.
2024-03-18 17:55:02 +00:00
Harry Maclean
80ae017aa1
Ruby: Track flow into ActiveRecord scopes
2024-03-18 15:01:37 +00:00
Joe Farebrother
4177c38ed4
Merge pull request #15907 from joefarebrother/ruby-uploaded-file
...
Ruby: Model ActiveDispatch::Http::UploadedFile
2024-03-18 14:02:33 +00:00
Tom Hvitved
e53357d376
Update expected test output
2024-03-18 14:49:32 +01:00
github-actions[bot]
aebe9f6992
Post-release preparation for codeql-cli-2.16.5
2024-03-18 12:16:26 +00:00
Arthur Baars
dbf16827bf
Merge pull request #15951 from github/aibaars/changenotes-fixes
...
Fix minor formatting issues in changenotes
2024-03-18 12:56:50 +01:00
github-actions[bot]
0a6243d07b
Release preparation for version 2.16.5
2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35
Fix minor formatting issues in changenotes
2024-03-18 10:57:05 +01:00
Tom Hvitved
a13391bda1
Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths
...
Variable capture: Avoid overlapping and false-positive data flow paths
2024-03-18 10:45:55 +01:00
Joe Farebrother
8c5fff2d11
Update names and qldoc for params taint predicates
2024-03-15 14:43:29 +00:00
Tom Hvitved
e7b00a7b42
Ruby: Add post-update argument nodes for string constants
2024-03-15 10:47:39 +01:00
Joe Farebrother
f464f1b94e
Accept test output + fix qldoc typo
2024-03-14 22:25:37 +00:00
Joe Farebrother
b4ed77343b
Add change note + fix qldoc
2024-03-14 22:25:36 +00:00
Joe Farebrother
3e61be1b6a
Add test cases
2024-03-14 22:25:36 +00:00
Joe Farebrother
5333c75919
Model additional string attributes
2024-03-14 22:25:36 +00:00
Joe Farebrother
8c31b612ca
Model UploadedFile original_filename and read
2024-03-14 22:25:35 +00:00
Tom Hvitved
4085c8ec8f
Merge pull request #15866 from hvitved/ruby/orm-tracking-ap-limit
...
Ruby: Lower access path limit to 1 for `OrmTracking`
2024-03-13 10:57:09 +01:00
Harry Maclean
806f42ef72
Ruby: Update change note
2024-03-13 09:54:17 +00:00
Harry Maclean
dd5eb982ec
Merge pull request #15524 from hmac/hmac-process-spawn
...
Ruby: Add some more command injection sinks
2024-03-13 09:53:10 +00:00
Tom Hvitved
695e728ed5
Ruby: Lower access path limit to 1 for OrmTracking
2024-03-12 14:58:29 +01:00
Tom Hvitved
dddba3228b
Merge pull request #15867 from hvitved/dataflow/ap-limit
...
Data flow: Add `ConfigSig::accessPathLimit`
2024-03-12 14:57:51 +01:00
Tom Hvitved
4291290277
Ruby: Implement new data flow interface
2024-03-11 20:56:38 +01:00
Joe Farebrother
9c51514bd9
Merge pull request #15857 from joefarebrother/ruby-activerecord-from
...
Ruby: Model second argument of `ActiveRecord` `from`
2024-03-11 16:49:52 +00:00
Henry Mercer
c325ff8a23
Mark lines of code queries as telemetry queries
...
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.
The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
2024-03-11 16:40:31 +00:00
Tom Hvitved
da66281fef
Sync files
2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9
Data flow: Add ConfigSig::accessPathLimit
2024-03-11 13:01:58 +01:00
Joe Farebrother
dbd33d1cf0
Model Argument[1] of ActiveRecord from
2024-03-08 14:04:01 +00:00
Tom Hvitved
24e35f6f3d
Update expected test output
2024-03-08 10:00:43 +01:00
Tom Hvitved
e793a1e9fe
Ruby: Add variable capture spurious flow test
2024-03-08 10:00:42 +01:00
Tom Hvitved
85782ff1d4
Ruby: Exclude calls with arguments from OrmFieldAsSource
2024-03-07 17:34:01 +01:00
github-actions[bot]
dc9092c9ec
Post-release preparation for codeql-cli-2.16.4
2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d
Release preparation for version 2.16.4
2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a
Revert "Release preparation for version 2.16.4"
2024-03-06 12:07:33 -08:00
Anders Schack-Mulligen
0dbe8c3d8a
Merge pull request #15140 from hvitved/dataflow/pruned-ctx-sensitivity
...
Data flow: prune context-sensitivity relations
2024-03-06 10:04:48 +01:00
Harry Maclean
350dab4621
Merge pull request #15722 from hmac/mad-sinks
2024-03-06 08:18:19 +00:00
github-actions[bot]
661e68dab5
Release preparation for version 2.16.4
2024-03-05 18:13:58 +00:00
Joe Farebrother
dcc6f83d3b
Merge pull request #15782 from joefarebrother/ruby-typhoeus
...
Ruby: Model `Typhoeus::Request.new`
2024-03-05 16:55:38 +00:00
Angela P Wen
967963a653
Revert "Release preparation for version 2.16.4"
2024-03-05 08:53:33 -08:00
Joe Farebrother
7027b7fe82
Apply review suggestions: Use getInstance and clarify predicate name/qldoc. Also fix changenote formatting.
2024-03-05 16:34:48 +00:00
Harry Maclean
148241183a
Ruby: update changenote
2024-03-05 10:20:25 +00:00
Harry Maclean
91cb2a37fd
Ruby: Model Process.exec
2024-03-05 10:19:22 +00:00
Tom Hvitved
bd7b2c4cc6
Update expected output
2024-03-05 10:44:13 +01:00
Harry Maclean
179aaa1342
Ruby: model Open4.popen4ext
2024-03-05 09:35:18 +00:00
Harry Maclean
87f3b43576
Ruby: remove deprecated private class
2024-03-05 08:28:16 +00:00
github-actions[bot]
a67218a027
Release preparation for version 2.16.4
2024-03-04 17:42:08 +00:00
Angela P Wen
2b2ea597ce
Fix formatting on changenotes
2024-03-04 16:42:38 +00:00
Joe Farebrother
31687afd5d
Fix performance
2024-03-04 09:47:12 +00:00
