hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

4930 Commits

Author SHA1 Message Date
Arthur Baars
c85012460a Ruby: update dbscheme stats 2022-01-28 19:47:31 +01:00
Arthur Baars
c6a36a50c2 Ruby: regenerate dbscheme and library 2022-01-28 19:47:31 +01:00
Arthur Baars
bfbc9fe144 Ruby: update tree-sitter-ruby 2022-01-28 19:47:25 +01:00
Alex Ford
57e958c372 Ruby: missing QLDoc 2022-01-28 17:38:55 +00:00
Alex Ford
269722fa86 Ruby: rb/clear-text-logging-sensitive-data changenote 2022-01-28 17:27:05 +00:00
Alex Ford
7fec2d270b Ruby: QL format 2022-01-28 17:24:56 +00:00
Alex Ford
186623f878 Ruby: Add CleartextLogging.qhelp 2022-01-28 17:24:56 +00:00
Alex Ford
7ed447842f Ruby: cleartext logging test output 2022-01-28 17:24:56 +00:00
Alex Ford
4fc9128350 Ruby: cleartext logging - remove an unnecessary abstract class 2022-01-28 17:24:56 +00:00
Alex Ford
91ccd307e8 Ruby: Implement rb/clear-text-logging-sensitive-data 2022-01-28 17:24:56 +00:00
Alex Ford
cfb2d7ffaf Ruby: add shared SensitiveDataHeuristics.qll 2022-01-28 16:38:58 +00:00
Tom Hvitved
682163962a Data flow: Sync files 2022-01-28 13:01:24 +01:00
Nick Rolfe
8248a942ce Ruby: enable taint checking for array-flow test 2022-01-28 11:33:59 +00:00
Nick Rolfe
c0e1384f4a Ruby: move Array/Enumerable flow summaries to their own file 2022-01-28 11:33:59 +00:00
Nick Rolfe
6c0eb8beee Ruby: update array flow summaries to use getConstantValue() 2022-01-28 11:33:59 +00:00
Nick Rolfe
693ff6a904 Ruby: add flow summaries for remaining Array methods 2022-01-28 11:33:59 +00:00
Nick Rolfe
030cfa36da Ruby: add flow summaries for all remaining Enumerable methods 2022-01-28 11:33:59 +00:00
Nick Rolfe
588e60e230 Merge pull request #7775 from github/nickrolfe/graph_test_ordering 
Ruby/C#: more stable graph test ordering
 2022-01-28 11:16:02 +00:00
Arthur Baars
cada7ef1a4 Ruby: add downgrade scripts to prepare-db-upgrade.sh 2022-01-28 11:07:56 +01:00
Harry Maclean
b01f81aab3 Use modified getAPath predicate for test 2022-01-28 19:45:52 +13:00
Harry Maclean
a1b0f02e6e Ruby: Introduce API::getAnImmediateSubclass() 
class A; end
    class B < A; end
    class C < B; end

In the example above, `getMember("A").getAnImmediateSubclass()` will
select only uses of B, whereas `getMember("A").getASubclass()` will
select uses of A, B and C. This is usually the behaviour you want.
 2022-01-28 16:44:03 +13:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
Nick Rolfe
6f06263d49 Ruby: add more properties for ordering nodes in graph tests 2022-01-27 13:57:43 +00:00
Tamás Vajk
3d2cc8890a Update CHANGELOG.md 2022-01-27 11:50:13 +01:00
Tamás Vajk
cc4bb9b02f Update 0.0.8.md 2022-01-27 11:49:29 +01:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Tom Hvitved
280023c45a Address review comments 2022-01-27 09:44:41 +01:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Tom Hvitved
dd27ed8392 Ruby: Desugar hash literals 
```rb
{ a: 1, **splat, b: 2 }
```

becomes

```rb
::Hash.[](a: 1, **splat, b: 2)
```
 2022-01-26 13:53:18 +01:00
Tom Hvitved
39436828de Ruby: Add internal/Literal.qll for internal implementation details 2022-01-26 13:48:26 +01:00
Arthur Baars
948ebe4b4c Merge pull request #7568 from aibaars/ruby-pattern-matching-taint 
Ruby: taint steps for pattern matches
 2022-01-26 10:27:47 +01:00
Tom Hvitved
28e03a8aae Merge pull request #7738 from hvitved/ruby/action-controller-perf 
Ruby: Fix bad join in `ActionControllerHelperMethod`
 2022-01-26 09:48:21 +01:00
Tom Hvitved
2c27a07ead Merge pull request #7726 from hvitved/ruby/any-array-element-content 
Ruby: Introduce `TAnyArrayElementContent`
 2022-01-26 09:48:01 +01:00
Arthur Baars
941f230c94 Merge pull request #7729 from github/hmac/bump-clap 
Ruby extractor: bump clap
 2022-01-26 08:12:47 +01:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Tom Hvitved
49488fa0a0 Ruby: Fix bad join in ActionControllerHelperMethod 
```
[2022-01-25 12:35:14] (234s) Tuple counts for ActionController::ActionControllerHelperMethod#class#ff/2@ef816fil after 1.5s:
                      7685     ~0%     {3} r1 = JOIN ActionController::ActionControllerContextCall#ff#shared WITH Method::Method::getName_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'controllerClass', Lhs.0 'this'
                      13198    ~0%     {3} r2 = JOIN r1 WITH Constant::ConstantValue::getStringOrSymbol_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'controllerClass', Lhs.2 'this', Rhs.1
                      15835365 ~4%     {5} r3 = JOIN r2 WITH AST::AstNode::getEnclosingModule_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, "helper_method", Lhs.0 'controllerClass', Lhs.1 'this', Lhs.2
                      12943    ~1%     {4} r4 = JOIN r3 WITH Call::MethodCall::getMethodName_dispred#ff ON FIRST 2 OUTPUT Lhs.4, Lhs.2 'controllerClass', Lhs.3 'this', Lhs.0
                      1146184  ~0%     {4} r5 = JOIN r4 WITH Expr::Expr::getConstantValue_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1 'controllerClass', Lhs.2 'this'
                      212      ~0%     {2} r6 = JOIN r5 WITH project#Call::Call::getArgument_dispred#fff ON FIRST 2 OUTPUT Lhs.3 'this', Lhs.2 'controllerClass'
                                       return r6
```

Joining on enclosing module and name simultaneously yields a much better join.
 2022-01-25 13:00:13 +01:00
Tom Hvitved
67962cb93d Ruby: Fix bad join in access predicate 
Joining on variable name alone is a bad thing:

```
[2022-01-25 11:13:20] (228s) Tuple counts for Variable::Cached::access#ff#shared/3@868b54tu after 3m37s:
                      112554    ~0%     {3} r1 = JOIN Variable::VariableReal::getNameImpl_dispred#ff WITH Variable::VariableReal::getDeclaringScopeImpl_dispred#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'arg2', Rhs.1 'arg1'
                      561015756 ~1%     {3} r2 = JOIN r1 WITH Variable::variableName#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.2 'arg1', Lhs.1 'arg2'
                                        return r2
```

This change ensures that we join on name and scope simultaneously.
 2022-01-25 11:37:38 +01:00
Tom Hvitved
0299b4603f Merge pull request #7677 from hvitved/ruby/constant-value 
Ruby: Replace `getValueText` with `getConstantValue`
 2022-01-25 10:31:02 +01:00
Harry Maclean
962d0213b5 Ruby extractor: stop using deprecated function 2022-01-25 22:04:24 +13:00
dependabot[bot]
6543b1a3a9 Update clap requirement from 2.33 to 3.0 
Updates the requirements on [clap](https://github.com/clap-rs/clap) to permit the latest version.

Apply this update in both the generator and extractor.
 2022-01-25 16:53:39 +13:00
Harry Maclean
c5904b7410 Add inline tests for API Graph subclassing 2022-01-25 16:41:49 +13:00
Harry Maclean
517f2d0823 Add optional results to InlineExpectationsTest 
The idea behind optional results is that there may be instances where
each line of source code has many results and you don't want to annotate
all of them, but you still want to ensure that any annotations you do
have are correct.

This change makes that possible by exposing a new predicate
`hasOptionalResult`, which has the same signature as `hasResult`.

Results produced by `hasOptionalResult` will be matched against any
annotations, but the lack of a matching annotation will not cause a
failure.

We will use this in the inline tests for the API edge getASubclass,
because for each API path that uses getASubclass there is always a
shorter path that does not use it, and thus we can't use the normal
shortest-path matching approach that works for other API Graph tests.
 2022-01-25 16:41:49 +13:00
Harry Maclean
d0a274c1e8 Use API graph subclassing in GraphQL modelling 
This simplifies some of the code.
 2022-01-25 16:41:24 +13:00
Harry Maclean
5e7a29a979 Ruby: Use API graph subclassing in Rails modelling 
Now that API graphs have basic subclassing support, we can simplify some
of the ActiveRecord and ActionController code.
 2022-01-25 16:40:14 +13:00
Tom Hvitved
66a24c5c49 Ruby: Introduce TAnyArrayElementContent 2022-01-24 20:25:05 +01:00
Tom Hvitved
cc712c20cb Ruby: Use bitShiftLeft instead of pow in parseInteger 2022-01-24 16:06:35 +01:00
Tom Hvitved
6efa595478 Merge pull request #7688 from hvitved/dataflow/required-component-stack 
Data flow: Restructure `RequiredSummaryComponentStack`
 2022-01-24 15:10:08 +01:00
Tom Hvitved
2a972dc045 Address review comments 2022-01-24 14:27:42 +01:00
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Arthur Baars
78b4d7cbb5 Ruby: remove redundant cast 2022-01-24 11:27:31 +01:00