hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

3487 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
528ef0eeaa Ruby: Use separate dataflow copy for HTTP client libs 
As discussed with @hvitved offline. This helps out to ensrue we don't
needlessly evaluate dataflow for configurations that are not needed
anyway. That is, if other library modeling also used the same dataflow
configuration, which ends up being used in query A, then dataflow for
all the `DataFlowImplForLibraries` configurations would be computeted at
once. When we get to evaluate the query `RequestWithoutValidation.ql`
these results mgith have been forgotten since the predicates are not
cached, and everything will have to be computeted again.

In principle we could be added a dataflow copy for each framework.
However, since we know that the `disablesCertificateValidation`
member-predicates for all the HTTP client libraries will all be used at
the same time, and only for the one query, we only add ONE additional
copy.

Note that the only use of `DataFlowImplForLibraries` before this PR is
using `tainttrackingforlibraries.TaintTrackingImpl` (based on
DataFlowImplForLibraries) for regex computation.
c904ba1d16/ruby/ql/lib/codeql/ruby/Regexp.qll (L153)
Since this is currently transitively imported from Frameworks.qll
(through Core.qll, and core/String.qll), the previous approach didn't
actually violate the assumption about all configurations always being in
scope, but it might have been more by accident, than by purpose.
 2022-09-06 10:43:36 +02:00
Rasmus Wriedt Larsen
25d09cd6d6 Ruby: Simplify getKeywordArgumentIncludeHashArgument 
As suggested by @hvitved in review
 2022-09-06 10:24:22 +02:00
Asger F
5ef69628b3 Ruby: remove exists that ql4ql is unhappy about 2022-09-06 09:36:06 +02:00
Asger F
afd00161e8 Ruby: introduce getExtraNodeFromType 
Using getExtraNodeFromPath with n=0 was a bit of a hack. In principle, the CodeQL libraries might care about the type, even though there are no relevant paths starting at that type.
 2022-09-06 09:17:34 +02:00
Asger F
b99e9a58e7 Update ruby/ql/lib/codeql/ruby/frameworks/data/internal/ApiGraphModels.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-09-06 09:10:24 +02:00
Arthur Baars
604af4f7b3 Merge pull request #10302 from github/rc/3.7 
Merge 3.7 into main
 2022-09-06 08:42:44 +02:00
Arthur Baars
b2431d0b50 Ruby: exclude 'require' and 'require_relative' definitions from call graph 
The syntax_suggest library redefines Kernel.require/require_relative.
Somehow this causes performance issues on ruby/ruby. As a workaround
we exclude 'require' and 'require_relative'.
 2022-09-05 16:52:52 +02:00
Tom Hvitved
b197eff23e Ruby: Add missing edges to the call graph for singleton methods 2022-09-05 14:11:04 +02:00
erik-krogh
a86a940df7 add getRepr() and toString() on RelevantState 2022-09-05 13:27:34 +02:00
erik-krogh
3f1cb04f3e sync files 2022-09-05 11:22:34 +02:00
Tom Hvitved
9ebabd1e1f SSA: Strip shared from namespace and qlpack name 2022-09-05 11:17:30 +02:00
Asger F
62383fb3c9 Ruby: add TypeModel hook for adding type-defs from CodeQL 2022-09-03 13:51:02 +02:00
Asger F
55fdf84d15 Ruby+JS: change LabelEntryPoint.toString() 
fixup Ruby entry point tests
 2022-09-03 13:24:45 +02:00
Asger F
c9ba6f171b Ruby: rename EntryPoint.getAUse,getARhs -> getASource,getASink 2022-09-03 13:13:32 +02:00
erik-krogh
c38062ce93 convert RelevantState to a class in the PrefixConstruction module 2022-09-02 20:26:31 +02:00
Michael Nebel
5511bc8e28 Java/Ruby/Swift: Sync files. 2022-09-02 15:17:24 +02:00
Tom Hvitved
ba62b9e822 Address review comments 2022-09-02 13:07:27 +02:00
Harry Maclean
637e92d990 Ruby: Fix typos 2022-09-02 13:16:14 +12:00
Harry Maclean
6fff02817d Ruby: Fix bug in disablesCertificateValidation 2022-09-02 13:15:02 +12:00
Tom Hvitved
6b728acd9e Use specific codeql/shared-ssa pack for the SSA library 2022-09-01 21:23:33 +02:00
Tom Hvitved
3c3390728a Merge pull request #10245 from hvitved/ruby/simplify-track-instance 
Ruby: Exclude top-level `self` accesses from `trackModule`
 2022-09-01 16:50:14 +02:00
Edoardo Pirovano
8f332714f4 Merge pull request #10260 from github/edoardo/3.7-mergeback 
Merge `rc/3.7` into `main`
 2022-09-01 15:44:17 +01:00
Tom Hvitved
4d485163a6 Ruby: Exclude top-level self accesses from trackModule 2022-09-01 11:05:53 +02:00
Tom Hvitved
8e5d6ba4f9 SSA: Create a new shared library pack and move implementation there 2022-09-01 09:36:49 +02:00
Ian Lynagh
7dc5bdafe3 Merge pull request #10186 from github/post-release-prep/codeql-cli-2.10.4 
Post-release preparation for codeql-cli-2.10.4
 2022-08-31 17:29:57 +01:00
Tom Hvitved
61b67640f4 Ruby: Adapt to parameterized SSA implementation 2022-08-31 11:45:15 +02:00
Tom Hvitved
760c7beb94 SSA: Sync files 2022-08-31 11:45:15 +02:00
Asger F
5ad6c05a9c Merge pull request #10205 from asgerf/mad-generics 
Support type variables in MaD typings
 2022-08-30 18:07:39 +02:00
Asger F
dd44187aed Sync files again 2022-08-30 14:08:33 +02:00
Asger F
d5d1365104 Synchronize ApiGraphModels.qll 2022-08-30 14:07:37 +02:00
erik-krogh
7fd426e748 print a correct range for ranges that doesn't contain any alpha-numeric chars 2022-08-30 13:57:11 +02:00
Erik Krogh Kristensen
8f0b999c31 Merge pull request #10207 from erik-krogh/fixRank 
fix performance issue in the ReDoS query
 2022-08-30 10:17:11 +02:00
erik-krogh
e2caf3e8c0 put a limit on the length of the equivalent range 2022-08-30 09:29:22 +02:00
erik-krogh
f47b097d7c put a limit on the length of the equivalent range 2022-08-29 21:03:52 +02:00
erik-krogh
77949cbeb3 add context to the rankState predicate in ExponentialBackTracking.qll 2022-08-29 13:42:05 +02:00
Harry Maclean
5d356df300 QLDoc fixes 2022-08-29 14:24:37 +12:00
Harry Maclean
9651fa1573 Ruby: Add ActiveResource change note 2022-08-29 14:24:37 +12:00
Harry Maclean
ec58107439 QlDoc fix 2022-08-29 14:24:37 +12:00
Harry Maclean
dcc0123023 Fix QL4QL alert 2022-08-29 14:24:37 +12:00
Harry Maclean
06c95ba457 Ruby: QLDoc 2022-08-29 14:24:37 +12:00
Harry Maclean
75e1497fbf Ruby: Import ActiveResource by default 2022-08-29 14:24:37 +12:00
Harry Maclean
aa6edb0edb Ruby: Model ActiveResource 2022-08-29 14:24:37 +12:00
Harry Maclean
09ad1c29bd Ruby: Add SelfVariableAccessCfgNode 2022-08-29 14:24:37 +12:00
Nick Rolfe
898689f550 Merge pull request #9896 from github/nickrolfe/hardcoded_code 
Ruby: port js/hardcoded-data-interpreted-as-code
 2022-08-26 13:49:25 +01:00
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
Nick Rolfe
52d46552af Ruby: fix 'inefficient string comparison' alert 2022-08-26 09:58:22 +01:00
Nick Rolfe
95bf18fdc9 Ruby: make hex-escaped strings ("\xCD\xEF" etc.) sources of hardcoded data 2022-08-26 09:33:03 +01:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Arthur Baars
24526108d3 Ruby: update dbscheme stats 2022-08-25 17:48:28 +02:00
Arthur Baars
ed005077fa Ruby: upgrade/downgrade scripts 2022-08-25 17:40:52 +02:00