4804 Commits

Author	SHA1	Message	Date
Henry Mercer	b96160f0f3	Merge pull request #11783 from github/henrymercer/specify-baseline-languages ... Specify language names in extractor packs	2023-01-04 10:42:18 +00:00
Harry Maclean	4d228bcddf	Ruby: Recognise more string-valued variables ... This increases the sensitivity of our barrier guards.	2023-01-04 11:45:10 +13:00
Harry Maclean	9944252c43	Ruby: Add test for barrier guards ... This demonstrates that we are missing a guard when a case branch compares against a string-valued variable rather than a string literal.	2023-01-04 11:45:10 +13:00
Harry Maclean	698a679c78	Ruby: add test	2023-01-04 11:45:10 +13:00
Harry Maclean	0fbb6bf608	Ruby: Make array inclusion barrier more sensitive	2023-01-04 11:45:09 +13:00
Aditya Sharad	9988c19a42	Merge branch 'main' into tutorial/library-pack	2023-01-03 14:08:37 -08:00
Calum Grant	ad55706527	Merge branch 'main' into calumgrant/remove-lgtm	2023-01-03 10:27:30 +00:00
erik-krogh	3811eae679	simplify the qhelp for unsafe-code-construction ... The `send()` example is not flagged by any current query, so it was weird talking about it as "vulnerable".	2023-01-02 13:33:56 +01:00
Erik Krogh Kristensen	79a2b6d0b0	use any() instead of this = this ... Co-authored-by: Arthur Baars <aibaars@github.com>	2023-01-02 10:49:54 +01:00
erik-krogh	99dc0a8356	fix binding	2023-01-02 10:30:28 +01:00
erik-krogh	3815a5a096	fix qhelp syntax	2023-01-02 10:19:05 +01:00
Harry Maclean	a6571a05ab	Ruby: Include send example in qhelp	2022-12-28 11:34:55 +13:00
Harry Maclean	d3812f5906	Ruby: Add another code injection example to qhelp	2022-12-28 11:20:56 +13:00
Harry Maclean	b70ca77afc	Merge pull request #10899 from hmac/flow-summary-docs ... Ruby: Document flow summary syntax	2022-12-28 10:47:38 +13:00
Henry Mercer	6be790929d	Specify language names in extractor packs	2022-12-23 13:15:04 +00:00
erik-krogh	b3dd50bc36	inline Location into the shared implementation of InlineExpectationsTest	2022-12-22 11:09:43 +01:00
Rasmus Lerchedahl Petersen	0d6c643d77	ruby: use shared inline tests ... - remove from identical-files	2022-12-22 10:20:07 +01:00
Arthur Baars	98c5b81456	Merge pull request #11723 from aibaars/alert-suppression ... CodeQL alert suppression	2022-12-21 10:59:57 +01:00
Arthur Baars	035ad65e43	AlertSuppression: move library into util folder	2022-12-21 10:39:57 +01:00
Jami	c9258effb6	Merge pull request #11572 from jcogs33/jcogs33/model-top-jdk-apis ... Java: model top 100 JDK APIs	2022-12-20 09:13:53 -05:00
Erik Krogh Kristensen	b1e6a86a4b	Merge pull request #11757 from erik-krogh/treesitter-qldoc ... QL/RB: make top TreeSitter.qll comment into a qldoc	2022-12-20 13:36:31 +01:00
erik-krogh	2ff23a6fc0	make top TreeSitter.qll comment into a qldoc	2022-12-20 11:39:06 +01:00
Aditya Sharad	ed29b3e4d6	Shared packs: Depend on codeql/tutorial from all language libraries ... This allows `import tutorial` from queries targeting any language, just like before, while removing the duplicate copies of `tutorial.qll`.	2022-12-19 15:52:11 -08:00
Arthur Baars	a8be5d7274	AlertSuppression: add change notes	2022-12-19 17:02:52 +01:00
Arthur Baars	0f313231bc	AlertSuppression: add more tests	2022-12-19 16:43:11 +01:00
Calum Grant	0894059d33	Ruby: Remove reference to LGTM	2022-12-19 15:15:43 +00:00
Arthur Baars	c176606be5	AlertSuppression: allow //lgtm comments to scope over the next line	2022-12-19 16:10:26 +01:00
Arthur Baars	016c7a8ca7	Merge pull request #11719 from aibaars/alert-suppression-shared ... Shared AlertSuppression library	2022-12-19 16:04:44 +01:00
Erik Krogh Kristensen	f136651384	Merge pull request #11575 from erik-krogh/kernelLoad ... Rb: add Kernel methods as sinks to path-injection	2022-12-19 15:09:21 +01:00
erik-krogh	d0af30b40a	cleanup the implementation of toString() for `SuperCall	2022-12-19 14:28:01 +01:00
Arthur Baars	06736e3e91	Add .gitattributes for Windows test files	2022-12-19 12:39:01 +01:00
Arthur Baars	621a108846	Ruby: use shared AlertSuppression.qll	2022-12-19 12:26:06 +01:00
erik-krogh	db49cfb723	Merge branch 'main' into kernelLoad	2022-12-19 09:46:25 +01:00
erik-krogh	35e8d6afd4	move getACommonTld into a utility module without parameters	2022-12-18 17:23:45 +01:00
erik-krogh	ba7321ac5c	add qldoc to RegExpCharEscape	2022-12-18 17:23:45 +01:00
erik-krogh	26c5480ee6	share {js,rb}/regex/missing-regexp-anchor	2022-12-18 17:23:41 +01:00
turbo	1e5426fca2	Create security-experimental suite helper and all language suite implementations	2022-12-18 15:44:08 +01:00
erik-krogh	355499ea52	move getACommonTld to the shared pack	2022-12-17 17:26:18 +01:00
erik-krogh	f67d0bc8c0	put the shared HostnameRegexp code in the shared regex pack	2022-12-17 17:26:18 +01:00
Jami	ff652f7dee	Merge branch 'main' into jcogs33/model-top-jdk-apis	2022-12-16 15:32:50 -05:00
Henry Mercer	30451ee950	Merge pull request #11681 from github/henrymercer/mergeback-3.8 ... Merge `rc/3.8` back to `main`	2022-12-16 17:43:12 +00:00
Tom Hvitved	e629568eda	Merge pull request #11720 from hvitved/ruby/call-sensitive-initialize-bug-fix ... Ruby: Fix bug in call-sensitivity logic for `initialize` calls	2022-12-16 16:36:31 +01:00
Tom Hvitved	5fba5e4895	Merge pull request #11718 from hvitved/ruby/self-allocate ... Ruby: Recognize custom `self.new` methods that return `self.allocate`	2022-12-16 14:46:08 +01:00
Tom Hvitved	bfc257147c	Ruby: Fix bug in call-sensitivity logic for initialize calls	2022-12-16 11:17:15 +01:00
Tom Hvitved	e45edcc159	Merge pull request #11674 from hvitved/dataflow/param-context ... Data flow: Track callable in flow-through pruning	2022-12-16 09:25:15 +01:00
Tom Hvitved	accf4ca364	Ruby: Recognize custom self.new methods that return self.allocate	2022-12-16 09:23:36 +01:00
Tom Hvitved	b64083d08e	Ruby: Add more call graph tests	2022-12-16 09:21:00 +01:00
Jami Cogswell	f01ee9e4c2	Java: remove PR-merging comment	2022-12-15 22:56:15 -05:00
Jami	fd63348549	Merge pull request #11585 from jcogs33/jcogs33/mad-metrics-query ... Java: add MaD metrics query	2022-12-15 19:26:51 -05:00
Tom Hvitved	f8571dd0b6	Data flow: Work around functionality-induced misoptimization	2022-12-15 15:29:14 +01:00