hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

3367 Commits

Author SHA1 Message Date
Nick Rolfe
c1515db09c Ruby: modeling of some file-related concepts for the Pathname class 2022-06-24 14:14:07 +01:00
Nick Rolfe
03d0f66247 Ruby: add flow summaries for Pathname class 2022-06-24 14:14:06 +01:00
Erik Krogh Kristensen
9bc12ed8fd sync review changes to other languages 2022-06-24 13:12:15 +02:00
Erik Krogh Kristensen
28ac47689f changes based on reviews 2022-06-24 13:11:46 +02:00
github-actions[bot]
d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
Brandon Stewart
caeef68bde Update ActiveRecord.qll 2022-06-23 12:31:05 -04:00
Brandon Stewart
173bea2579 Update ActiveRecord.qll 2022-06-23 12:18:26 -04:00
Brandon Stewart
fa622f551a Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2022-06-23 12:16:50 -04:00
Anders Schack-Mulligen
dc517a758e Autoformat 2022-06-23 14:44:40 +02:00
Erik Krogh Kristensen
724721c5c8 fix typo 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
22871138c6 simplify the recursion between TTrace and isReachableFromStartTuple 
similar to the fix made by Shack in `ExponentialBackTracking.qll`
 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
be37763125 improve performance of process() by pruning accept states early 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
bf20b7dfc5 add change note for the ReDoS renamings 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
14204be2f9 add missing qldoc 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3bea7df45d add deprecated aliases in the old locations, and use the Query.qll pattern for js/polynomial-redos 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
13482fc97b rename ReDoSUtil to NfaUtils, and rename the "performance" folder to "regexp" 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
6b0df9bdfb refactor the concretize algorithm 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dbeae9aefb make a parameterized module out of the RegexpMatching implementation 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
7fb3d81d2f add further normalization of char classses 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
3be4a86acd make ReDoSPruning into a parameterized module 2022-06-23 14:36:25 +02:00
Erik Krogh Kristensen
dc06e9df02 move predicates that depend on isReDoSCandidate into a ReDoSPruning module 2022-06-23 14:36:24 +02:00
Anders Schack-Mulligen
4a317a25d3 Dataflow: Sync. 2022-06-23 14:34:52 +02:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
Rasmus Wriedt Larsen
876ba71d9b Python/JS/Ruby: Add change-note 2022-06-22 11:14:05 +02:00
Rasmus Wriedt Larsen
2ce4b7b9fc SensitiveDataHeuristics: sync 2022-06-22 11:05:14 +02:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
24ba5cc06e Merge pull request #9025 from michaelnebel/csharp/generatedrefactor 
C#: Provenance column in Models as Data CSV format.
 2022-06-22 10:34:31 +02:00
Brandon Stewart
a2e2dcdfd5 Make ActiveRecordInstanceMethodCall Public 2022-06-21 14:44:52 -04:00
Anders Schack-Mulligen
f8f9b7d3b4 Apply suggestions from code review 2022-06-21 14:11:36 +02:00
Asger F
a1af9c3d7d Ruby: update predicate docs 2022-06-21 12:44:16 +02:00
Asger F
d15b90e21a Ruby: Add deprecation 2022-06-21 12:44:16 +02:00
Asger F
9838e2e101 Ruby: Rename getAValueReachingRhs -> getAValueReachingSink 2022-06-21 12:44:16 +02:00
Asger F
7c877c7861 Ruby: Rename getARhs -> asSink 2022-06-21 12:44:16 +02:00
Asger F
2f8086bb57 Ruby: Rename getAUse -> getAValueReachableFromSource 2022-06-21 12:44:16 +02:00
Asger F
573c5c5efe Ruby: Rename getAnImmediateUse -> asSource 2022-06-21 12:44:16 +02:00
Asger F
f2403e2610 Ruby: port API graph doc comment 2022-06-21 12:44:16 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen
a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
Arthur Baars
c5d3df087d Update tree-sitter-embeded-template 2022-06-20 17:04:27 +02:00
Michael Nebel
649757c27f Java/Ruby: Sync files. 2022-06-20 16:20:01 +02:00
Anders Schack-Mulligen
1b13790a36 Ruby: Deprecate and replace BarrierGuard class. 2022-06-20 15:46:38 +02:00
Harry Maclean
e1dcc207b4 Ruby: Model methods in Rails::Generators::Actions 
These methods are sinks for command injection.
 2022-06-20 13:36:09 +12:00
Harry Maclean
20ff4c4299 Ruby: Model ActiveRecord::Relation#touch_all 2022-06-20 13:36:02 +12:00
Harry Maclean
7dfab371f6 Ruby: Model redirect_back and redirect_back_or_to 
These are ActionController methods that redirect to the HTTP Referer,
falling back to the given location if there is no Referer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
a298f5eb5e Ruby: Recognise File.atomic_write as a file writer 
This method is an ActiveSupport extension, but there's no harm in
recognising it universally as any identically-named method is likely to
also be a file writer.
 2022-06-20 13:36:02 +12:00
Harry Maclean
0ce14fc4e5 Ruby: Recognise ActionCable logger class 2022-06-20 13:36:02 +12:00
Harry Maclean
4ecd595b73 Remove duplicate import 2022-06-20 13:36:02 +12:00
Alex Ford
5923eb4962 Merge pull request #9566 from alexrford/ruby/activerecord-findby-dynamic 
Ruby: recognize ActiveRecord `find_by_x` methods
 2022-06-17 09:39:46 +01:00