codeql

mirror of https://github.com/github/codeql.git synced 2026-05-21 22:57:11 +02:00

Author	SHA1	Message	Date
Harry Maclean	4df7fd248e	Ruby: Ensure explicit modifiers take priority In Ruby, "explicit" visibility modifiers override "implicit" ones. For example, in the following: ```rb class C private def m1 end public m2 end def m3 end public :m3 end ``` `m1` is private whereas `m2` and `m3` are public.	2022-09-27 10:28:23 +13:00
Harry Maclean	d90257fd50	Add change note	2022-09-27 10:22:54 +13:00
Harry Maclean	79abb36faf	Ruby: Remove MethodModifier	2022-09-27 10:21:06 +13:00
Harry Maclean	97e9eab7fc	Fix QL4QL error	2022-09-27 10:21:06 +13:00
Harry Maclean	d7f40c41c5	Ruby: protected_class_method does not exist	2022-09-27 10:21:06 +13:00
Harry Maclean	58dd521ee9	Ruby: further refactor to method visibility	2022-09-27 10:13:23 +13:00
Harry Maclean	c5f36613da	Ruby: Refactor method visibility modeling	2022-09-27 10:13:21 +13:00
Harry Maclean	dea5036912	Ruby: Update for Http concept changes	2022-09-27 10:03:17 +13:00
Tom Hvitved	45fc62f16b	Data flow: Sync files	2022-09-26 20:39:48 +02:00
Tom Hvitved	88baf0883a	Merge pull request #10358 from hvitved/ruby/dataflow/call-ctx Ruby: Context sensitive instance method resolution	2022-09-26 19:55:10 +02:00
Anders Schack-Mulligen	1687d08587	Dataflow: Sync.	2022-09-26 16:10:03 +02:00
Alex Ford	06e435fd84	Ruby: remove YAML.load_file arg0 as an unsafe deserialization sink	2022-09-26 11:26:30 +01:00
Harry Maclean	7b9519fe7c	Ruby: Fix import	2022-09-26 20:56:11 +13:00
Harry Maclean	7d3f9580ff	Ruby: QLDoc fix	2022-09-26 20:56:11 +13:00
Harry Maclean	9f99a3ca1f	Ruby: Model sanitize ActionView helper	2022-09-26 20:56:11 +13:00
Harry Maclean	9e625acd3d	Ruby: QLDoc fix	2022-09-26 20:56:11 +13:00
Harry Maclean	1d693d336f	Ruby: Model javascript_include_tag and friends	2022-09-26 20:56:09 +13:00
Harry Maclean	35a05f6dea	Ruby: Add summaries for ActiveSupport::SafeBuffer	2022-09-26 20:55:05 +13:00
Harry Maclean	ed0c85e3af	Ruby: Model ActionView helper XSS sinks	2022-09-26 20:55:04 +13:00
Dave Bartolomeo	3bd456e52d	Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 Post-release preparation for codeql-cli-2.11.0	2022-09-23 18:13:59 -04:00
github-actions[bot]	6cef0af5df	Post-release preparation for codeql-cli-2.11.0	2022-09-23 21:01:40 +00:00
Alex Ford	d94b196843	Ruby: fix documentation	2022-09-23 16:56:33 +01:00
Alex Ford	364bc883ba	Ruby: add YAML.load_file as an unsafe deserialization sink	2022-09-23 15:54:15 +01:00
Asger F	11ba0f0bbe	Merge pull request #10253 from asgerf/js/type-defs-squashed JS: Add generated typings to SQL models	2022-09-23 11:34:01 +02:00
Tom Hvitved	f8d2e0e6a8	Ruby: Improve QL doc for `Module::getASubClass`	2022-09-23 10:40:38 +02:00
Tom Hvitved	8b424d181a	Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`	2022-09-23 10:38:48 +02:00
github-actions[bot]	f5cf8cffa3	Release preparation for version 2.11.0	2022-09-22 20:14:12 +00:00
Dave Bartolomeo	cee0e8e137	Merge pull request #10532 from github/henrymercer/3.7-mergeback Final mergeback from `rc/3.7`	2022-09-22 13:42:59 -04:00
Tom Hvitved	9937ae8ef9	Ruby: Call sensitive instance method resolution	2022-09-22 16:22:31 +02:00
Tom Hvitved	ad6b870f94	Data flow: Sync files	2022-09-22 15:01:33 +02:00
Alex Ford	140458b7cc	Merge pull request #9932 from alexrford/ruby/rbi-typegraph-fixes Ruby: RBI library changes to support models-as-data model generation	2022-09-22 13:55:33 +01:00
Tom Hvitved	f0f4fe7286	Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update Ruby: Add post-update nodes for compound arguments	2022-09-22 13:18:51 +02:00
Henry Mercer	f8f99af8b7	Bump the minor version of packs we regularly release	2022-09-22 12:14:19 +01:00
Nick Rolfe	7d0bfe8f98	Merge pull request #10531 from github/nickrolfe/title-case Ruby: use consistent capitalization with `import ... as`	2022-09-22 12:05:44 +01:00
Nick Rolfe	df8a182ac2	Ruby: use consistent capitalization with `import ... as`	2022-09-22 11:13:41 +01:00
Nick Rolfe	ee34ac5394	Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-22 10:59:49 +01:00
Tom Hvitved	ac594842c8	Merge pull request #10504 from hvitved/ruby/private-methods Ruby: Two fixes for `private` methods	2022-09-22 11:54:28 +02:00
Tom Hvitved	10a584ffb9	Merge pull request #10517 from hvitved/ruby/regexp-debug Ruby: Add query for debugging regexp flow	2022-09-22 11:50:50 +02:00
Tom Hvitved	47411e3548	Ruby: Add query for debugging regexp flow	2022-09-21 19:22:10 +02:00
Andrew Eisenberg	99e8cb78b0	Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main Aeisenberg/merge rc3.7 into main	2022-09-21 08:09:47 -07:00
Alex Ford	260db1aea2	Ruby: drop getAQualifiedName predicate from ConstantAccess	2022-09-21 14:28:43 +01:00
Alex Ford	3bbb166642	Ruby: handle block param types more neatly	2022-09-21 13:52:19 +01:00
Nick Rolfe	2edbc16829	Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink	2022-09-21 13:01:21 +01:00
Tom Hvitved	61e9c6f658	Ruby: Fix call graph for overridden `private` methods	2022-09-21 14:00:17 +02:00
Tom Hvitved	e7649fc61a	Ruby: Fix `ModuleBase::get(A)Method` for `private` methods	2022-09-21 14:00:17 +02:00
Tom Hvitved	a9f2e5272f	Merge pull request #10376 from hvitved/ruby/no-ast-by-default Ruby: Do not expose AST layer through `ruby.qll`	2022-09-21 13:15:30 +02:00
Tom Hvitved	0064451ff0	Merge pull request #10491 from hvitved/ruby/fix-bad-join Ruby: Fix bad join-order	2022-09-21 11:13:09 +02:00
Tom Hvitved	59caa977d0	Ruby: Add post-update nodes for compound arguments	2022-09-21 11:02:24 +02:00
Erik Krogh Kristensen	7e17a919ae	Merge pull request #10304 from erik-krogh/rb-followMsg RB: make the alert messages of taint-tracking queries more consistent	2022-09-20 22:58:31 +02:00
Andrew Eisenberg	58e4861b45	Merge branch 'main' into rc/3.7	2022-09-20 12:43:20 -07:00

... 42 43 44 45 46 ...

3556 Commits