hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Harry Maclean
eff763d127 Ruby: Model to_json ActiveSupport extension 2022-11-30 13:17:44 +13:00
Harry Maclean
5259d4af63 Ruby: Model various JSON methods 2022-11-30 13:15:18 +13:00
Harry Maclean
0a98559fcb Ruby: Add flow summaries for ActiveSupport::JSON 2022-11-30 13:15:16 +13:00
Harry Maclean
e3def7c22f Ruby: Add change note 2022-11-30 11:50:47 +13:00
Harry Maclean
aed4325ee3 Ruby: Remove unused class 2022-11-30 11:50:35 +13:00
Harry Maclean
b66ea6ed72 Ruby: Simplify ActionMailbox modeling 2022-11-30 11:46:21 +13:00
Harry Maclean
71f2d8f6d8 Ruby: Model ActionMailbox#inbound_mail 2022-11-30 11:46:21 +13:00
Harry Maclean
eac5aa26ee Ruby: Model remote input for ActionMailbox 2022-11-30 11:46:21 +13:00
Harry Maclean
375403fb9d Merge pull request #11114 from hmac/case-barrier-guard-3 
Ruby: Add case string comparison barrier guard
 2022-11-30 11:21:07 +13:00
Tom Hvitved
86e045916d Ruby: Rework call-context sensitivity logic 2022-11-29 14:47:37 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
Tom Hvitved
f3dca95958 Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Peter Stöckli
6b1865d2ca Merge branch 'main' into p--ruby-kernel-open-addition 2022-11-29 10:19:36 +01:00
Peter Stöckli
deb3accd1e make predicate private 2022-11-29 10:07:13 +01:00
Peter Stöckli
88282ade1a Add predicate to filter out calls to File in opal 2022-11-29 10:00:57 +01:00
Peter Stöckli
d8752a0b12 Add additional sinks to the rb/kernel-open query 2022-11-29 10:00:56 +01:00
Erik Krogh Kristensen
0cd50aac40 Merge pull request #11398 from erik-krogh/splat-stuff 
Rb: add some more flow through splat parameters
 2022-11-28 22:31:25 +01:00
Felicity Chapman
b5f849463b Update QL library references 2022-11-28 15:26:24 +01:00
erik-krogh
fd7442868f fix copy-pate error in UnsafeCodeConstructionQuery.qll 2022-11-28 13:45:24 +01:00
Arthur Baars
a8effd1961 Ruby: add change note 2022-11-28 13:02:22 +01:00
Tom Hvitved
cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Tom Hvitved
c65780ee99 Data flow: Inline revFlowInNotToReturn 2022-11-28 12:11:18 +01:00
Tom Hvitved
bdb205a318 Data flow: Track return kind instead of return position in pruning stages 2-4 2022-11-28 12:11:18 +01:00
Tom Hvitved
4346a7f426 Data flow: Inline fwdFlowOutNotFromArg 2022-11-28 12:11:18 +01:00
Tom Hvitved
70d2a0df8a Data flow: Track parameter position instead of parameter in pruning stages 2-4 2022-11-28 12:11:12 +01:00
Nick Rolfe
8a94cabdbf Merge pull request #11250 from github/nickrolfe/stack-trace-exposure 
Ruby: add stack-trace exposure query
 2022-11-28 10:45:59 +00:00
erik-krogh
0c2ff98dc2 add flow from the first splat argument to the first splat parameter 2022-11-28 09:54:05 +01:00
Alex Ford
8362caa9d9 Merge pull request #11417 from alexrford/ruby/activesupport-json_escape 
Ruby: model ActiveSupport `json_escape` flow
 2022-11-25 10:46:34 +00:00
erik-krogh
53f24a5281 fix QL-for-QL warning 2022-11-25 10:32:06 +01:00
erik-krogh
0817238177 drive-by: same change in unsafe-shell-command-construction 2022-11-25 10:32:06 +01:00
erik-krogh
378cc1aed2 add support for string-like-literals 2022-11-25 10:32:06 +01:00
erik-krogh
80c92dc3e6 add support for array pushes 2022-11-25 10:32:05 +01:00
erik-krogh
3461404bbb add basic support for arrays 2022-11-25 10:31:35 +01:00
erik-krogh
0f2a48f461 fix QL-for-QL warnings 2022-11-25 10:26:24 +01:00
erik-krogh
2033dd2dcc remove parameters named "code" as source 2022-11-25 10:25:31 +01:00
erik-krogh
e7c6571f52 remove the "send(..)" and similar from unsafe-code-construction 2022-11-25 10:25:31 +01:00
erik-krogh
f1668801d3 add a rb/unsafe-code-construction query 
rebase
 2022-11-25 10:25:30 +01:00
Harry Maclean
0a4a8516eb Ruby: simplify Hash#transform_keys! flow summary 2022-11-25 16:55:36 +13:00
Harry Maclean
2822c94aa7 Ruby: Minor refactor of barrier guard code 2022-11-25 09:12:51 +13:00
Harry Maclean
6897fb46cb Ruby: Clean up WhenClause CFG 2022-11-25 09:12:51 +13:00
Alex Ford
e6446e501c Ruby: fix docs failure 2022-11-24 15:37:03 +00:00
Alex Ford
893c8763bb Ruby: model ActiveSupport json_escape flow 2022-11-24 15:33:08 +00:00
Erik Krogh Kristensen
03737543d4 Merge pull request #11403 from erik-krogh/additional 
ReDoS: add missing additional keywords
 2022-11-24 15:53:51 +01:00
Tom Hvitved
4e4ee32dbc Data flow: Join on one more column in flowThroughIntoCall 2022-11-24 10:48:29 +01:00
Harry Maclean
57f689401e Ruby: SplatExprCfgNode extends UnaryOperationCfgNode 2022-11-24 17:33:57 +13:00
erik-krogh
95f35196e4 add missing additional keywords 2022-11-23 20:45:51 +01:00
erik-krogh
33216f3867 cleanup imports 2022-11-23 15:22:19 +01:00
erik-krogh
19b5f64a11 use instanceof instead of extends on DataFlow::CallNode in some case 2022-11-23 14:58:17 +01:00
Asger F
22316ee4fe Ruby: merge package/type columns 2022-11-23 11:17:42 +01:00
erik-krogh
2ad28ab4db add library inputs as a source to poly-redos 2022-11-22 13:05:34 +01:00