hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,671 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

4804 Commits

Author SHA1 Message Date
Harry Maclean
e975f92091 Ruby: remove unused predicate 2022-02-02 16:26:20 +13:00
Harry Maclean
3786fbfc7d Ruby: Rewrite ActionDispatch::underscore 
This version is much shorter and hopefully performs a bit better.
 2022-02-02 16:26:20 +13:00
Harry Maclean
eff2136f52 Ruby: remove unused predicate 2022-02-02 16:26:20 +13:00
Harry Maclean
dead7a8059 Ruby: Make most of ActionDispatch private 
Any classes/predicates not used externally or in tests are now private.
Also fix some typos.
 2022-02-02 16:26:20 +13:00
Harry Maclean
fa28e55645 Add a test for ActionDispatch::underscore 
This shows how the predicate behaves, as well as a case where it goes
wrong.
 2022-02-02 16:26:20 +13:00
Harry Maclean
9c67869875 Remove ActionDispatch::capitalize 
This predicate isn't used.
 2022-02-02 16:26:20 +13:00
Harry Maclean
ad71fdbb24 Add missing documentation to ActionDispatch::Route 2022-02-02 16:26:20 +13:00
Harry Maclean
1766916fc5 Ruby: Document ActionDispatch modelling 2022-02-02 16:26:20 +13:00
Harry Maclean
314683d5fb Ruby: Improve UrlRedirect query using Rails routes 
Handlers for non-GET requests aren't vulnerable to URL redirect attacks,
because browsers won't initiate non-GET requests when you click a link.

We can use Rails routing information, if present, to filter out any
handlers for non-GET requests.
 2022-02-02 16:26:20 +13:00
Harry Maclean
751d8a7f59 Ruby: Document getACapture 2022-02-02 16:26:20 +13:00
Harry Maclean
870c6d7412 Ruby: Rails route resolution 
Add `Route` classes which model Rails routing information, typically
defined in a `routes.rb` file. We extract only the most basic
information: HTTP method, path, controller and action. This is enough to
determine whether a given controller method is a route handler, and what
HTTP method it handles, which is useful for, among other things, the URL
redirect query.
 2022-02-02 16:26:19 +13:00
Harry Maclean
ce0354acb3 Include rust-toolchain.toml in Ruby cache keys 
This ensures that if we change our Rust version, the caches will be
invalidated.
 2022-02-02 08:08:11 +13:00
Harry Maclean
9c32ab7122 rust-toolchain -> rust-toolchain.toml 2022-02-02 08:05:46 +13:00
Harry Maclean
613ecbb418 Ruby: Pin Rust to 1.54 
Add a rust-toolchain file to the Ruby directory, which instructs Rustup
to install a specific version of Rust (1.54). This will be used in CI,
so any use of language features or dependencies that don't support 1.54
will result in a CI failure.

This should ensure we have a documented minimum supported rust version
and an easy to way to update it in the future (update the rust-toolchain
file).
 2022-02-02 08:05:46 +13:00
Harry Maclean
fb00a6c61b Merge pull request #7666 from github/hmac/file-open-access 
Ruby: Add File.open as a FileSystemAccess
 2022-02-02 07:32:16 +13:00
Arthur Baars
6451a71a78 Ruby: use ruby specific cache key 2022-02-01 15:18:09 +01:00
Nick Rolfe
990e07b986 Ruby/C#: add semmle.order attribute to edges in CFG tests 2022-01-31 20:08:24 +00:00
Tom Hvitved
f2352d8272 Data flow: Inline local(Expr|Instruction)?(Flow|Taint) 
Computing a full transitive closure is often bad; by inlining all calls we are
providing more context to the QL optimizer.
 2022-01-31 14:33:41 +01:00
Arthur Baars
abf3ce6223 Ruby: expressions in pin operator ^ 2022-01-28 19:47:31 +01:00
Arthur Baars
00fb4d3776 Ruby: Values in Hash literals and keyword arguments can be omitted 2022-01-28 19:47:31 +01:00
Arthur Baars
3e2ca61c01 Ruby: support anonymous block parameters/arguments 2022-01-28 19:47:31 +01:00
Arthur Baars
b9258e78ca Ruby: non-local variables in variable reference pattern 2022-01-28 19:47:31 +01:00
Arthur Baars
966b8be5f9 Ruby: add downgrade scripts 2022-01-28 19:47:31 +01:00
Arthur Baars
e5eb01ca45 Ruby: add upgrade scripts 2022-01-28 19:47:31 +01:00
Arthur Baars
c85012460a Ruby: update dbscheme stats 2022-01-28 19:47:31 +01:00
Arthur Baars
c6a36a50c2 Ruby: regenerate dbscheme and library 2022-01-28 19:47:31 +01:00
Arthur Baars
bfbc9fe144 Ruby: update tree-sitter-ruby 2022-01-28 19:47:25 +01:00
Alex Ford
57e958c372 Ruby: missing QLDoc 2022-01-28 17:38:55 +00:00
Alex Ford
269722fa86 Ruby: rb/clear-text-logging-sensitive-data changenote 2022-01-28 17:27:05 +00:00
Alex Ford
7fec2d270b Ruby: QL format 2022-01-28 17:24:56 +00:00
Alex Ford
186623f878 Ruby: Add CleartextLogging.qhelp 2022-01-28 17:24:56 +00:00
Alex Ford
7ed447842f Ruby: cleartext logging test output 2022-01-28 17:24:56 +00:00
Alex Ford
4fc9128350 Ruby: cleartext logging - remove an unnecessary abstract class 2022-01-28 17:24:56 +00:00
Alex Ford
91ccd307e8 Ruby: Implement rb/clear-text-logging-sensitive-data 2022-01-28 17:24:56 +00:00
Alex Ford
cfb2d7ffaf Ruby: add shared SensitiveDataHeuristics.qll 2022-01-28 16:38:58 +00:00
Tom Hvitved
682163962a Data flow: Sync files 2022-01-28 13:01:24 +01:00
Nick Rolfe
8248a942ce Ruby: enable taint checking for array-flow test 2022-01-28 11:33:59 +00:00
Nick Rolfe
c0e1384f4a Ruby: move Array/Enumerable flow summaries to their own file 2022-01-28 11:33:59 +00:00
Nick Rolfe
6c0eb8beee Ruby: update array flow summaries to use getConstantValue() 2022-01-28 11:33:59 +00:00
Nick Rolfe
693ff6a904 Ruby: add flow summaries for remaining Array methods 2022-01-28 11:33:59 +00:00
Nick Rolfe
030cfa36da Ruby: add flow summaries for all remaining Enumerable methods 2022-01-28 11:33:59 +00:00
Nick Rolfe
588e60e230 Merge pull request #7775 from github/nickrolfe/graph_test_ordering 
Ruby/C#: more stable graph test ordering
 2022-01-28 11:16:02 +00:00
Arthur Baars
cada7ef1a4 Ruby: add downgrade scripts to prepare-db-upgrade.sh 2022-01-28 11:07:56 +01:00
Harry Maclean
b01f81aab3 Use modified getAPath predicate for test 2022-01-28 19:45:52 +13:00
Harry Maclean
a1b0f02e6e Ruby: Introduce API::getAnImmediateSubclass() 
class A; end
    class B < A; end
    class C < B; end

In the example above, `getMember("A").getAnImmediateSubclass()` will
select only uses of B, whereas `getMember("A").getASubclass()` will
select uses of A, B and C. This is usually the behaviour you want.
 2022-01-28 16:44:03 +13:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
Nick Rolfe
6f06263d49 Ruby: add more properties for ordering nodes in graph tests 2022-01-27 13:57:43 +00:00
Tamás Vajk
3d2cc8890a Update CHANGELOG.md 2022-01-27 11:50:13 +01:00
Tamás Vajk
cc4bb9b02f Update 0.0.8.md 2022-01-27 11:49:29 +01:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00