hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

3397 Commits

Author SHA1 Message Date
Harry Maclean
75e1497fbf Ruby: Import ActiveResource by default 2022-08-29 14:24:37 +12:00
Harry Maclean
aa6edb0edb Ruby: Model ActiveResource 2022-08-29 14:24:37 +12:00
Harry Maclean
09ad1c29bd Ruby: Add SelfVariableAccessCfgNode 2022-08-29 14:24:37 +12:00
Nick Rolfe
898689f550 Merge pull request #9896 from github/nickrolfe/hardcoded_code 
Ruby: port js/hardcoded-data-interpreted-as-code
 2022-08-26 13:49:25 +01:00
github-actions[bot]
3b4ad3c4f1 Post-release preparation for codeql-cli-2.10.4 2022-08-26 09:32:11 +00:00
Nick Rolfe
52d46552af Ruby: fix 'inefficient string comparison' alert 2022-08-26 09:58:22 +01:00
Nick Rolfe
95bf18fdc9 Ruby: make hex-escaped strings ("\xCD\xEF" etc.) sources of hardcoded data 2022-08-26 09:33:03 +01:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Arthur Baars
24526108d3 Ruby: update dbscheme stats 2022-08-25 17:48:28 +02:00
Arthur Baars
ed005077fa Ruby: upgrade/downgrade scripts 2022-08-25 17:40:52 +02:00
Arthur Baars
59773eb743 Ruby: update tree-sitter grammar 2022-08-25 17:21:29 +02:00
Ian Lynagh
a904438828 Update ruby/ql/lib/CHANGELOG.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:24:44 +01:00
Ian Lynagh
5cd4e0d3b1 Update ruby/ql/lib/change-notes/released/0.3.4.md 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-08-25 14:24:38 +01:00
github-actions[bot]
0f63bc077f Release preparation for version 2.10.4 2022-08-25 12:52:26 +00:00
Erik Krogh Kristensen
ba1ad00d2a Merge pull request #10062 from erik-krogh/redosPrefix 
JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`
 2022-08-25 12:57:16 +02:00
Nick Rolfe
acf5b11139 Merge remote-tracking branch 'origin/main' into nickrolfe/hardcoded_code 2022-08-25 11:44:55 +01:00
Ian Lynagh
bf6d9f8c23 Merge pull request #10161 from igfoo/igfoo/exec 
Make a load of files non-executable
 2022-08-25 10:05:39 +01:00
Anders Schack-Mulligen
c6f89aac0a Merge pull request #10141 from aschackmull/ruby/perf-apigraph 
Ruby: Perf fix for trackUseNode.
 2022-08-25 10:22:07 +02:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
Michael Nebel
761ed283b6 C#/Java/Ruby/Swift: Address review comments. 2022-08-24 09:58:54 +02:00
Michael Nebel
30d554503a C#/Java: Fix some QL doc spelling typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
160ae934af C#/Java/Ruby/Swift: Fix typo in QL doc. 2022-08-24 09:58:53 +02:00
Michael Nebel
581824a9b4 C#/Java/Ruby/Swift: Fix various typos. 2022-08-24 09:58:53 +02:00
Michael Nebel
fbc0e6a1ec Ruby: Sync files and make dummy negative summary implementation. 2022-08-24 09:58:52 +02:00
Anders Schack-Mulligen
b83e851ac6 Ruby: one more pragma 2022-08-23 16:04:29 +02:00
Anders Schack-Mulligen
0ea55a9581 Ruby: autoformat 2022-08-23 15:58:29 +02:00
Anders Schack-Mulligen
844e0129b6 Ruby: Perf fix for trackUseNode. 2022-08-23 15:50:54 +02:00
Rasmus Wriedt Larsen
eccc7d6d6f Ruby: Remove redundant .getExpr() 2022-08-23 15:42:21 +02:00
Rasmus Wriedt Larsen
717a355913 Ruby: Accept grammar fix 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-08-23 15:36:45 +02:00
Rasmus Wriedt Larsen
d832298e40 Ruby: Accept grammar fix 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-08-23 15:36:37 +02:00
erik-krogh
5e3cb08ed2 rename stateInPumpableRegexp to stateInRelevantRegexp 2022-08-23 12:40:45 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
Rasmus Wriedt Larsen
61bf2154cd Merge branch 'main' into shared-http-client-request 2022-08-22 12:05:37 +02:00
erik-krogh
049af68bc2 restrict suffix-construction to relevant regexps 2022-08-21 20:35:39 +02:00
erik-krogh
bcf4c57060 Merge branch 'main' into redosPrefix 2022-08-19 19:22:49 +02:00
erik-krogh
d052b1e3c9 also support regular expressions without repetitions 2022-08-19 19:21:44 +02:00
Rasmus Wriedt Larsen
9790594984 Ruby: Bugfix after HTTP::Client::Request change 
I guess this is not 100% accurate any longer since the base class is
only a `DataFlow::Node` now... I guess we could make it a
`DataFlow::CallNode` in the Concept definition.
 2022-08-19 16:25:47 +02:00
Rasmus Wriedt Larsen
9eda630965 Ruby: Add CallNode.getKeywordArgumentIncludeHashArgument 2022-08-19 15:54:15 +02:00
Rasmus Wriedt Larsen
0ac3624342 Ruby: Implement new disablesCertificateValidation for all HTTP client models 
Sadly most alert text changed, but the two important changes are:

1. The request on RestClient.rb:19 now has an expanded alert text,
   highlighting where the origin of the value that disables certificate
   validation comes from. (in this case, it's trivial since it's the
   line right above)
2. We handle passing `false`/`OpenSSL::SSL::VERIFY_NONE` the same in the
   argument passing examples in Faraday.rb
 2022-08-19 15:46:22 +02:00
Rasmus Wriedt Larsen
1f028ac206 Ruby: Implement new disablesCertificateValidation for RestClient 2022-08-19 15:43:19 +02:00
Tom Hvitved
663096fe3a Remove redundant overrides 2022-08-19 13:57:41 +02:00
Rasmus Wriedt Larsen
4a82025087 Ruby: Base HTTP::Client::Request on shared concept 
Fixing up deprecation errors in next commit
 2022-08-18 13:42:53 +02:00
Rasmus Wriedt Larsen
e2b78df5ad Ruby: Change HTTP::Client::Request to have DataFlow::Node as base class 
Although this is a breaking change, as explained in the change-note, it
should onyl affect peopel that have created their own HTTP client
request modeling, which I assume is none.

The alternative would have been to keep the old class/module as
deprecated, and introduce a `HTTP::Client::Requestv2` class/module that
is based on `DataFlow::Node` instead. The old class could then be
deprecated in 1 year, and we could do a rename from
`HTTP::Client::Requestv2` -> `HTTP::Client::Request` at the same time.
(and then wait 1 more year before being able to delete
`HTTP::Client::Requestv2`)

All in all, I think this is the right tradeoff, given that CodeQL Ruby
is still in beta.
 2022-08-18 13:42:52 +02:00
Rasmus Wriedt Larsen
e6b4d12f94 Sync ConceptsShared 2022-08-18 13:42:52 +02:00
Tom Hvitved
08a5b5dc73 Merge pull request #10089 from hvitved/ruby/local-source-nodes 
Ruby: Reduce size of `isLocalSourceNode`
 2022-08-18 12:02:35 +02:00
Nick Rolfe
a46e2b3f2f Merge pull request #10056 from hmac/hmac/action-controller-response-body 
Ruby: Recognise Rails render calls as HTTP responses
 2022-08-18 10:02:17 +01:00
Tom Hvitved
682986c0a2 Merge pull request #10087 from hvitved/ruby/unknown-member-warning 
Ruby: Get rid of warning in `getUnknownMember`
 2022-08-18 10:50:24 +02:00
erik-krogh
473bc92e2d move the PrefixConstruction module out of the ReDoSPruning module 2022-08-18 10:07:48 +02:00
Tom Hvitved
baa646e102 Ruby: Remove unused UnknownMember from API graphs 2022-08-18 09:40:02 +02:00
Harry Maclean
8f370b2457 Update ruby/ql/lib/change-notes/2022-08-16-action-controller-response-body.md 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-08-18 10:03:52 +12:00