hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4931 Commits

Author SHA1 Message Date
Alex Ford
f6516db105 Ruby: correct preservesValue in AccessLocalsKeySummary 2023-01-20 13:40:19 +00:00
Alex Ford
ab72301a4c Ruby: add a change note for rails render locals dataflow 2023-01-20 13:40:19 +00:00
Alex Ford
8fec4b804f Ruby: StoredXSS test whitespace change 2023-01-20 13:40:19 +00:00
Alex Ford
fd8dd5e103 Ruby: update StoredXSS test output 2023-01-20 13:40:19 +00:00
Alex Ford
8845157d08 Ruby: slightly limit AccessLocalsKeySummary summarized callables 2023-01-20 13:40:19 +00:00
Alex Ford
b5cc1087fe Ruby: add LocalAssignsHashSyntheticGlobal#getARenderCall predicate 2023-01-20 13:40:19 +00:00
Alex Ford
022171923c Ruby: fix some ql for ql alerts 2023-01-20 13:40:19 +00:00
Alex Ford
bea110b598 Ruby: remove blank line in test file 2023-01-20 13:40:19 +00:00
Alex Ford
b78ae1608e Ruby: remove a fixed TODO 2023-01-20 13:40:19 +00:00
Alex Ford
e5fbc92856 Ruby: generalize rails flow step for accessing render locals hash in view 2023-01-20 13:40:19 +00:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Harry Maclean
16baea22c0 Ruby: doc fix 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-20 22:06:29 +13:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Arthur Baars
d5e60dfb22 Ruby: pass diagnostics::LogWriter to extractor 2023-01-19 13:53:56 +01:00
Erik Krogh Kristensen
ee9b01b5e6 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-18 22:14:46 +01:00
Arthur Baars
e85e61b6d7 Ruby: add diagnostics module 2023-01-18 16:28:16 +01:00
erik-krogh
e4d4873d0d remove the dataflow copy for regexp tracking now that type-tracking is used 2023-01-18 11:04:51 +01:00
erik-krogh
1477974bf1 the RegexExecution concept does not need to have getTerm() 2023-01-18 10:10:36 +01:00
erik-krogh
1a3c9c8305 improve performance of regular-expression type-tracking by adding an exploratory initial analysis 2023-01-18 10:10:36 +01:00
erik-krogh
b8f6feb68b delete old test 2023-01-18 10:10:36 +01:00
erik-krogh
45316b6381 rename RegExpConfiguration to RegExpTracking 2023-01-18 10:10:36 +01:00
erik-krogh
25e65e0d9f rewrite the regexp tracking DataFlow::Configuration to TypeTracking 2023-01-18 10:10:36 +01:00
erik-krogh
d0b627b018 move the implementation detail of how regular-expressions are tracked into RegExpConfiguration.qll" 2023-01-18 10:10:05 +01:00
erik-krogh
f516ccb4e2 limit the fieldFlowBranchLimit for the regexp tracker to improve performance 2023-01-18 09:31:04 +01:00
erik-krogh
2fceee4e35 track regular expressions that gets compiled with Regexp.compile 2023-01-18 09:31:04 +01:00
erik-krogh
acf28ebd98 add a RegexExecution, and use it to track regular expressions to their uses in a nice way in rb/polynomial-redos 2023-01-18 09:31:04 +01:00
erik-krogh
6e33dd5df6 add failing test 2023-01-18 09:31:04 +01:00
erik-krogh
8251ad5e99 add unsafe-html-construction query 2023-01-17 15:35:17 +01:00
erik-krogh
8715790fe7 add explicit this 2023-01-17 15:17:48 +01:00
erik-krogh
a562568522 add string concat as a sink for command-construction 2023-01-17 14:48:09 +01:00
erik-krogh
9d9de18bc9 add a generalized AddExprRoot into Operation.qll 2023-01-17 14:48:08 +01:00
erik-krogh
8fc3b268e8 add string concat as a sink for code-construction 2023-01-17 14:48:06 +01:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00
Rasmus Wriedt Larsen
2b0a5fd5d1 DataFlow: Add uniqueParameterNodeAtPositionExclude 2023-01-17 14:05:17 +01:00
erik-krogh
713599963b add --working-dir to Ruby qltest.cmd to fix Windows 2023-01-16 15:37:35 +01:00
Erik Krogh Kristensen
59a8b21851 Merge pull request #10862 from erik-krogh/unsafeCodeConstruction 
Rb: Add an `unsafe-code-construction` query
 2023-01-16 13:22:58 +01:00
Arthur Baars
5865b51a94 Ruby: build extractor using cross 2023-01-13 10:25:27 +01:00
Arthur Baars
dc6f5f60d1 Ruby: update stats 2023-01-13 10:22:42 +01:00
Arthur Baars
28c9b52dce Ruby: add change note 2023-01-13 10:22:42 +01:00
Arthur Baars
46063c7d04 Ruby: update expected output 2023-01-13 10:22:41 +01:00
Arthur Baars
c4ec674057 Ruby: support anonymous (hash)splat parameters/arguments 2023-01-13 10:22:41 +01:00
Arthur Baars
4d3e2bb814 Ruby: upgrade/downgrade scripts 2023-01-13 10:22:41 +01:00
Arthur Baars
290167e1a3 Ruby: re-generated dbscheme/library 2023-01-13 10:22:41 +01:00
Arthur Baars
3a887d1c92 Ruby: update tree-sitter-{ruby, embedded-template} 2023-01-13 10:22:41 +01:00
Arthur Baars
af8cb65b2e Merge pull request #11877 from aibaars/ql-ql-cross 
QL/Ruby: include OS version in cache keys for Rust binaries
 2023-01-12 20:02:25 +01:00
Arthur Baars
e29e077a03 Ruby/QL4QL: include OS version in cache keys 2023-01-12 15:47:10 +01:00
Michael Nebel
18a815ca8b Merge pull request #11721 from michaelnebel/csharpjava/refactorprovenance 
C#/Java: Re-factor provenance related predicates.
 2023-01-12 10:50:31 +01:00
Harry Maclean
33a1469a56 Ruby: Add change note 2023-01-12 16:29:00 +13:00
Harry Maclean
8219465389 Ruby: fix missing doc 2023-01-12 11:35:35 +13:00