hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Tom Hvitved
88baf0883a Merge pull request #10358 from hvitved/ruby/dataflow/call-ctx 
Ruby: Context sensitive instance method resolution
 2022-09-26 19:55:10 +02:00
Anders Schack-Mulligen
1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Alex Ford
06e435fd84 Ruby: remove YAML.load_file arg0 as an unsafe deserialization sink 2022-09-26 11:26:30 +01:00
Harry Maclean
7b9519fe7c Ruby: Fix import 2022-09-26 20:56:11 +13:00
Harry Maclean
7d3f9580ff Ruby: QLDoc fix 2022-09-26 20:56:11 +13:00
Harry Maclean
9f99a3ca1f Ruby: Model sanitize ActionView helper 2022-09-26 20:56:11 +13:00
Harry Maclean
9e625acd3d Ruby: QLDoc fix 2022-09-26 20:56:11 +13:00
Harry Maclean
1d693d336f Ruby: Model javascript_include_tag and friends 2022-09-26 20:56:09 +13:00
Harry Maclean
35a05f6dea Ruby: Add summaries for ActiveSupport::SafeBuffer 2022-09-26 20:55:05 +13:00
Harry Maclean
ed0c85e3af Ruby: Model ActionView helper XSS sinks 2022-09-26 20:55:04 +13:00
Dave Bartolomeo
3bd456e52d Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 
Post-release preparation for codeql-cli-2.11.0
 2022-09-23 18:13:59 -04:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Alex Ford
d94b196843 Ruby: fix documentation 2022-09-23 16:56:33 +01:00
Alex Ford
364bc883ba Ruby: add YAML.load_file as an unsafe deserialization sink 2022-09-23 15:54:15 +01:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
Tom Hvitved
f8d2e0e6a8 Ruby: Improve QL doc for Module::getASubClass 2022-09-23 10:40:38 +02:00
Tom Hvitved
8b424d181a Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency 
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
 2022-09-23 10:38:48 +02:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Dave Bartolomeo
cee0e8e137 Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Tom Hvitved
9937ae8ef9 Ruby: Call sensitive instance method resolution 2022-09-22 16:22:31 +02:00
Tom Hvitved
ad6b870f94 Data flow: Sync files 2022-09-22 15:01:33 +02:00
Alex Ford
140458b7cc Merge pull request #9932 from alexrford/ruby/rbi-typegraph-fixes 
Ruby: RBI library changes to support models-as-data model generation
 2022-09-22 13:55:33 +01:00
Tom Hvitved
f0f4fe7286 Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update 
Ruby: Add post-update nodes for compound arguments
 2022-09-22 13:18:51 +02:00
Henry Mercer
f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Nick Rolfe
7d0bfe8f98 Merge pull request #10531 from github/nickrolfe/title-case 
Ruby: use consistent capitalization with `import ... as`
 2022-09-22 12:05:44 +01:00
Nick Rolfe
df8a182ac2 Ruby: use consistent capitalization with import ... as 2022-09-22 11:13:41 +01:00
Nick Rolfe
ee34ac5394 Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml 
Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink
 2022-09-22 10:59:49 +01:00
Tom Hvitved
ac594842c8 Merge pull request #10504 from hvitved/ruby/private-methods 
Ruby: Two fixes for `private` methods
 2022-09-22 11:54:28 +02:00
Tom Hvitved
10a584ffb9 Merge pull request #10517 from hvitved/ruby/regexp-debug 
Ruby: Add query for debugging regexp flow
 2022-09-22 11:50:50 +02:00
Tom Hvitved
47411e3548 Ruby: Add query for debugging regexp flow 2022-09-21 19:22:10 +02:00
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Alex Ford
260db1aea2 Ruby: drop getAQualifiedName predicate from ConstantAccess 2022-09-21 14:28:43 +01:00
Alex Ford
3bbb166642 Ruby: handle block param types more neatly 2022-09-21 13:52:19 +01:00
Nick Rolfe
2edbc16829 Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink 2022-09-21 13:01:21 +01:00
Tom Hvitved
61e9c6f658 Ruby: Fix call graph for overridden private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
e7649fc61a Ruby: Fix ModuleBase::get(A)Method for private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
a9f2e5272f Merge pull request #10376 from hvitved/ruby/no-ast-by-default 
Ruby: Do not expose AST layer through `ruby.qll`
 2022-09-21 13:15:30 +02:00
Tom Hvitved
0064451ff0 Merge pull request #10491 from hvitved/ruby/fix-bad-join 
Ruby: Fix bad join-order
 2022-09-21 11:13:09 +02:00
Tom Hvitved
59caa977d0 Ruby: Add post-update nodes for compound arguments 2022-09-21 11:02:24 +02:00
Erik Krogh Kristensen
7e17a919ae Merge pull request #10304 from erik-krogh/rb-followMsg 
RB: make the alert messages of taint-tracking queries more consistent
 2022-09-20 22:58:31 +02:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Harry Maclean
d9487a07b1 Ruby: Make helper predicate private 2022-09-20 15:55:35 +01:00
Harry Maclean
6d3f87f610 Ruby: Small fixes 2022-09-20 15:55:35 +01:00
Harry Maclean
bc1723c0ee Fix typos 2022-09-20 15:55:35 +01:00
Harry Maclean
cdc640b544 Revert "Ruby: Allow custom edges in API graph EntryPoints" 
This reverts commit ab061fb1e1d21877fc817c4c66b48fb2d3650fa8.
 2022-09-20 15:55:35 +01:00
Harry Maclean
d5ef853343 Ruby: Remove ActiveStorage entry points 2022-09-20 15:55:35 +01:00
Harry Maclean
54b05e48a9 Ruby: Add change note 2022-09-20 15:55:35 +01:00
Harry Maclean
d68674a660 Ruby: disable problematic MaD path 2022-09-20 15:55:35 +01:00
Harry Maclean
c97fadd7a3 Fix version number. 2022-09-20 15:55:35 +01:00
Harry Maclean
24b582d77a Add missing QLDoc 2022-09-20 15:55:34 +01:00