hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Harry Maclean
96a34c3690 QL4QL fix 2022-09-20 15:55:34 +01:00
Harry Maclean
53a34174b9 Model ActiveStorage 2022-09-20 15:55:34 +01:00
Harry Maclean
39a1cf5bd8 Ruby: Allow custom edges in API graph EntryPoints 2022-09-20 15:55:34 +01:00
Tom Hvitved
2677ab6b19 Ruby: Fix bad join-order 
Before
```
Evaluated relational algebra for predicate Module#fe82a56b::lookupMethodOrConst0#2#fff#antijoin_rhs@e23c32nf with tuple counts:
          118006   ~0%    {3} r1 = SCAN Module#fe82a56b::getMethodOrConst#2#fff OUTPUT In.1, In.0, In.2
        35267848   ~3%    {4} r2 = JOIN r1 WITH project#Module#fe82a56b::getMethodOrConst#2#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
           21883   ~0%    {5} r3 = JOIN r2 WITH Module#fe82a56b::Cached::getAPrependedModule#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.0, Lhs.1, Lhs.2
               7  ~16%    {3} r4 = JOIN r3 WITH Module#fe82a56b::getAncestors#1#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4
                          return r4
```

After
```
Evaluated relational algebra for predicate Module#fe82a56b::lookupMethodOrConst0#2#fff#antijoin_rhs@839f6a1k with tuple counts:
        118006  ~1%    {3} r1 = SCAN Module#fe82a56b::getMethodOrConst#2#fff OUTPUT In.0, In.2, In.1
           151  ~0%    {4} r2 = JOIN r1 WITH Module#fe82a56b::Cached::getAPrependedModule#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
           155  ~1%    {4} r3 = JOIN r2 WITH Module#fe82a56b::getAncestors#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.1, Lhs.2
             7  ~0%    {3} r4 = JOIN r3 WITH project#Module#fe82a56b::getMethodOrConst#2#fff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.1
                       return r4
```
 2022-09-20 16:24:39 +02:00
Tom Hvitved
647397759e Merge pull request #10336 from hvitved/ruby/call-graph-rework 
Ruby: Rework call graph implementation
 2022-09-20 15:29:40 +02:00
Nick Rolfe
30b54b2abe Merge pull request #10450 from github/nickrolfe/filesystemresolver 
Ruby: model ActionView::FileSystemResolver as a FileSystemAccess
 2022-09-20 14:21:28 +01:00
Asger F
51618b46a8 Sync ApiGraphModels.qll 2022-09-20 11:47:37 +02:00
Alex Ford
52305da5a3 Ruby: move string getAQualifiedName() up to ConstantAccess 2022-09-19 21:03:05 +01:00
Alex Ford
d00c9ea2c8 Ruby: RBI library improvements, mostly for parameter types 2022-09-19 21:03:05 +01:00
Alex Ford
8d264e7e65 Ruby: add ConstanReadAcess#getAQualifiedName() predicate 2022-09-19 21:03:05 +01:00
Alex Ford
be1ac17a60 Merge branch 'main' into rb/sensitive-get-query 2022-09-19 20:57:20 +01:00
erik-krogh
0645b11cb1 ruby: remove unused predicate from NfaUtilsSpecific 2022-09-19 15:25:00 +02:00
Tom Hvitved
bb08e6f0fd Ruby: Three call graph fixes for singleton methods 2022-09-19 14:20:12 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
Tom Hvitved
a8cc669251 Ruby: Address review comments 2022-09-18 19:34:54 +02:00
Tom Hvitved
29bfb4d185 Ruby: Revert changes to isLocalSourceNode and localFlowStepTypeTracker 
Instead, use small-step type tracking, as suggested by @rasmuswl offline.
 2022-09-16 19:38:26 +02:00
Alex Ford
79ad7d293f Ruby: make SensitiveExpr a dataflow node rather than an Expr 2022-09-16 15:39:16 +01:00
github-actions[bot]
67ce442674 Post-release preparation for codeql-cli-2.10.5 2022-09-16 14:23:44 +00:00
Nick Rolfe
b5d648a6b0 Ruby: model ActionView::FileSystemResolver as a FileSystemAccess 2022-09-16 09:24:14 +01:00
Tom Hvitved
ac4d4ff613 Ruby: Rework call graph implementation 2022-09-16 10:22:26 +02:00
Tom Hvitved
40241acbfc Merge pull request #10425 from hvitved/ruby/bad-join-fix 
Ruby: Fix bad join-order in DB upgrade script
 2022-09-15 12:09:14 +02:00
Tom Hvitved
c6cd2d66f8 Update ruby/ql/lib/change-notes/2022-09-14-ruby-qll.md 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-09-14 20:00:34 +02:00
Tom Hvitved
5cfed75e4c Ruby: Fix bad join-order in DB upgrade script 
Before
```
Evaluated relational algebra for predicate #select#query#ffffff@3e1dedi5 with tuple counts:
          30411461   ~0%    {6} r1 = locations_default AND NOT #select#query#ffffff#antijoin_rhs(Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5)

          30840645   ~4%    {2} r2 = SCAN #select#query#ffff OUTPUT In.0, In.3
            515559   ~1%    {3} r3 = JOIN r2 WITH #select#query#ffffff#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
            515559   ~0%    {5} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Rhs.4, Rhs.5
        2397708060   ~0%    {9} r5 = JOIN r4 WITH locations_default_1023#join_rhs ON FIRST 1 OUTPUT Lhs.1, 0, Rhs.1, Lhs.2, Lhs.0, Lhs.3, Lhs.4, Rhs.2, Rhs.3
            515559   ~4%    {6} r6 = JOIN r5 WITH query#f0820431::body_statement#3#bff ON FIRST 3 OUTPUT Lhs.3, Lhs.4, Lhs.7, Lhs.8, Lhs.5, Lhs.6

          30927020   ~0%    {6} r7 = r1 UNION r6
                            return
```

After
```
Evaluated relational algebra for predicate #select#query#ffffff@8810e071 with tuple counts:
        30411461   ~0%    {6} r1 = #select#query#ffffff#shared AND NOT #select#query#ffffff#antijoin_rhs(Lhs.0, Lhs.1, Lhs.2, Lhs.3, Lhs.4, Lhs.5)

        30840645   ~4%    {2} r2 = SCAN #select#query#ffff OUTPUT In.0, In.3
          515559   ~1%    {3} r3 = JOIN r2 WITH #select#query#ffffff#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
          515559   ~0%    {6} r4 = JOIN r3 WITH locations_default ON FIRST 1 OUTPUT Lhs.1, 0, Lhs.2, Rhs.1, Rhs.4, Rhs.5
          515559   ~0%    {5} r5 = JOIN r4 WITH query#f0820431::body_statement#3#bff ON FIRST 2 OUTPUT Rhs.2, Lhs.3, Lhs.2, Lhs.4, Lhs.5
          515559   ~0%    {6} r6 = JOIN r5 WITH locations_default ON FIRST 2 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.4, Rhs.2, Rhs.3
          515559   ~4%    {6} r7 = JOIN r6 WITH files ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.4, Lhs.5, Lhs.2, Lhs.3

        30927020   ~0%    {6} r8 = r1 UNION r7
                          return r8
```
 2022-09-14 19:27:49 +02:00
Tom Hvitved
7ecfe8daba Address review comments 2022-09-14 15:30:51 +02:00
Tom Hvitved
40e77a0c67 Merge pull request #10415 from hvitved/code-block-fix 
Change two ```codeql to ```ql
 2022-09-14 15:07:55 +02:00
Tom Hvitved
4ea1c0050b Change two ``codeql to ``ql 2022-09-14 13:53:34 +02:00
Tom Hvitved
5472210a92 Ruby: Add change note 2022-09-14 09:14:41 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
Tom Hvitved
74eb6b2b98 Merge pull request #10400 from hvitved/ruby/singleton-class-object-scope 
Ruby: Adjust the scope of singleton class targets
 2022-09-13 20:01:21 +02:00
Tom Hvitved
b477a4cc81 Ruby: Add missing QL docs 2022-09-13 20:00:22 +02:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
Rasmus Wriedt Larsen
511030df48 Ruby: Rewrite a few ::Range uses to instanceof 2022-09-13 15:44:29 +02:00
Tom Hvitved
4247843a27 Ruby: Adjust the scope of singleton class targets 
In

```rb
class << x
  ...
end
```

the scope of `x` is not the singleton class itself, but rather the outer scope.
 2022-09-13 11:39:38 +02:00
erik-krogh
063c76b6d1 apply suggestions from review 2022-09-13 10:52:23 +02:00
Arthur Baars
e07e6c9053 Merge pull request #10382 from RasmusWL/ruby-typo-fix 
Ruby: Fix typo in QLDoc
 2022-09-12 19:04:37 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Rasmus Wriedt Larsen
03cc4a2f7a Ruby: Fix typo in QLDoc 2022-09-12 14:35:20 +02:00
erik-krogh
bae4490620 add change-note 2022-09-12 12:12:18 +02:00
Arthur Baars
7ca2e4c51f Merge pull request #9953 from aibaars/update-grammar 
Update tree-sitter-ruby
 2022-09-12 10:51:37 +02:00
Alex Ford
0da367f6e5 Ruby: address QL4QL alerts for rb/sensitive-get-query 2022-09-12 08:56:17 +01:00
Alex Ford
f84035a65c Ruby: add rb/sensitive-get-query query 2022-09-10 17:43:15 +01:00
Tony Torralba
569fad667a Merge pull request #10360 from atorralba/atorralba/fix-taint-implicit-reads 
Dataflow: Fix implicit reads in taint tracking when FlowStates are used
 2022-09-09 14:28:39 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Tony Torralba
1078cf091e Add change notes for all languages 2022-09-09 10:28:36 +02:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Tom Hvitved
b3653cc3d0 Merge pull request #10216 from hvitved/ssa/shared-lib 
SSA: Create a new `codeql/shared-ssa` library pack and move implementation there
 2022-09-08 15:39:29 +02:00
github-actions[bot]
a9d80a5a48 Release preparation for version 2.10.5 2022-09-08 11:35:54 +00:00
Rasmus Wriedt Larsen
978c165cf4 Ruby: Fix ActiveResource HTTP client request modeling 
This was a conflict between the merge of
https://github.com/github/codeql/pull/9974 and
https://github.com/github/codeql/pull/10114
 2022-09-08 12:14:18 +02:00
Rasmus Wriedt Larsen
1d834799a2 Merge pull request #10114 from RasmusWL/shared-http-client-request 
Ruby/Python: Shared HTTP client request concept
 2022-09-08 11:58:06 +02:00
Tom Hvitved
ac307137ad Merge pull request #10341 from hvitved/ruby/inline-getavaluereachablefromsource 
Ruby: Inline `getAValueReachableFromSource`
 2022-09-08 10:20:43 +02:00