hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

4804 Commits

Author SHA1 Message Date
dependabot[bot]
c4bf25f33c Bump regex from 1.5.5 to 1.7.1 in /ruby 
Bumps [regex](https://github.com/rust-lang/regex) from 1.5.5 to 1.7.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.5.5...1.7.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:09 +00:00
dependabot[bot]
b1f73b59cd Bump flate2 from 1.0.22 to 1.0.25 in /ruby 
Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.22 to 1.0.25.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.22...1.0.25)

---
updated-dependencies:
- dependency-name: flate2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:03 +00:00
Harry Maclean
e6e4e29bf8 Ruby: newline 2023-01-23 21:53:52 +00:00
Harry Maclean
224db456af Ruby: Simplify isRackResponse 2023-01-23 21:53:09 +00:00
Harry Maclean
60f9635ada Ruby: Move import 2023-01-23 21:51:27 +00:00
Harry Maclean
c1207e0938 Ruby: Fix rack response tracking 
Use type tracking instead of getReturningNode, which seems to be faster
and works correctly for the cases I've tried.
 2023-01-23 21:43:04 +00:00
Erik Krogh Kristensen
240248b9cf Merge pull request #11453 from erik-krogh/unsafeHtmlConstruction 
RB: add unsafe-html-construction query
 2023-01-23 16:40:25 +01:00
Erik Krogh Kristensen
5be97f3761 Merge pull request #11909 from erik-krogh/concatCode 
Rb: recognize string concatenations as sinks for unsafe-code-construction
 2023-01-23 16:22:46 +01:00
erik-krogh
ae00518ddf remove the isAdditionalTaintStep predicate from UnsafeHtmlConstructionQuery, as it was not needed 2023-01-23 15:27:19 +01:00
erik-krogh
7c6ee5f293 Merge branch 'main' into unsafeHtmlConstruction 2023-01-23 15:01:01 +01:00
Erik Krogh Kristensen
32c4cf5769 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-23 14:58:04 +01:00
erik-krogh
800077dabe changes based on feedback 2023-01-23 14:54:36 +01:00
Alex Ford
3b10a2de11 Merge branch 'main' into rails/render_locals_shared 2023-01-23 10:00:22 +00:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Arthur Baars
99148244a4 Merge pull request #11856 from aibaars/update-grammars 
Update grammars
 2023-01-23 09:46:50 +01:00
Michael Nebel
69a42d8b1f Merge pull request #11931 from michaelnebel/csharp/refactor 
Remove the Csv postfix of some predicate names.
 2023-01-23 09:09:48 +01:00
Harry Maclean
21ce9b448a Ruby: Attempt to fix performance of AppCandidate 
`DataFlow::MethodNode.getAReturningNode` is expensive to compute.
Instead we look for rack responses which flow to the `SynthReturnNode`.
Each method has only one of these (vs many "returning" nodes) so it is
a lot faster.
I'm not sure yet whether the results are the same.
 2023-01-23 15:25:52 +13:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
Arthur Baars
2b9bc3c7e3 Ruby: write errors to json log 2023-01-20 20:11:55 +01:00
Alex Ford
8ae993185c Ruby: fix missing docs 2023-01-20 13:40:19 +00:00
Alex Ford
c986ea1070 Ruby: scope local_assigns synthetic globals to both render call and template file 2023-01-20 13:40:19 +00:00
Alex Ford
14c896215c Ruby: factor out some RenderCall methods into a helper module 2023-01-20 13:40:19 +00:00
Alex Ford
03070c9fd0 Ruby: restrict AccessLocalsKeySummary to method calls against self 2023-01-20 13:40:19 +00:00
Alex Ford
f6516db105 Ruby: correct preservesValue in AccessLocalsKeySummary 2023-01-20 13:40:19 +00:00
Alex Ford
ab72301a4c Ruby: add a change note for rails render locals dataflow 2023-01-20 13:40:19 +00:00
Alex Ford
8fec4b804f Ruby: StoredXSS test whitespace change 2023-01-20 13:40:19 +00:00
Alex Ford
fd8dd5e103 Ruby: update StoredXSS test output 2023-01-20 13:40:19 +00:00
Alex Ford
8845157d08 Ruby: slightly limit AccessLocalsKeySummary summarized callables 2023-01-20 13:40:19 +00:00
Alex Ford
b5cc1087fe Ruby: add LocalAssignsHashSyntheticGlobal#getARenderCall predicate 2023-01-20 13:40:19 +00:00
Alex Ford
022171923c Ruby: fix some ql for ql alerts 2023-01-20 13:40:19 +00:00
Alex Ford
bea110b598 Ruby: remove blank line in test file 2023-01-20 13:40:19 +00:00
Alex Ford
b78ae1608e Ruby: remove a fixed TODO 2023-01-20 13:40:19 +00:00
Alex Ford
e5fbc92856 Ruby: generalize rails flow step for accessing render locals hash in view 2023-01-20 13:40:19 +00:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Harry Maclean
16baea22c0 Ruby: doc fix 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-20 22:06:29 +13:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Arthur Baars
d5e60dfb22 Ruby: pass diagnostics::LogWriter to extractor 2023-01-19 13:53:56 +01:00
Erik Krogh Kristensen
ee9b01b5e6 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-18 22:14:46 +01:00
Arthur Baars
e85e61b6d7 Ruby: add diagnostics module 2023-01-18 16:28:16 +01:00
erik-krogh
e4d4873d0d remove the dataflow copy for regexp tracking now that type-tracking is used 2023-01-18 11:04:51 +01:00
erik-krogh
1477974bf1 the RegexExecution concept does not need to have getTerm() 2023-01-18 10:10:36 +01:00
erik-krogh
1a3c9c8305 improve performance of regular-expression type-tracking by adding an exploratory initial analysis 2023-01-18 10:10:36 +01:00
erik-krogh
b8f6feb68b delete old test 2023-01-18 10:10:36 +01:00
erik-krogh
45316b6381 rename RegExpConfiguration to RegExpTracking 2023-01-18 10:10:36 +01:00
erik-krogh
25e65e0d9f rewrite the regexp tracking DataFlow::Configuration to TypeTracking 2023-01-18 10:10:36 +01:00
erik-krogh
d0b627b018 move the implementation detail of how regular-expressions are tracked into RegExpConfiguration.qll" 2023-01-18 10:10:05 +01:00
erik-krogh
f516ccb4e2 limit the fieldFlowBranchLimit for the regexp tracker to improve performance 2023-01-18 09:31:04 +01:00
erik-krogh
2fceee4e35 track regular expressions that gets compiled with Regexp.compile 2023-01-18 09:31:04 +01:00
erik-krogh
acf28ebd98 add a RegexExecution, and use it to track regular expressions to their uses in a nice way in rb/polynomial-redos 2023-01-18 09:31:04 +01:00