hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,671 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

1619 Commits

Author SHA1 Message Date
Jeff Gran
07c7de5cfd run test --learn, add a few more constants to constant.rb test case 2021-12-22 08:36:07 -07:00
Jeff Gran
0c698996aa use resolveConstanteWriteAccess instead, add a few more test cases 2021-12-22 08:35:55 -07:00
Jeff Gran
3df7793803 add more test cases, fix bug by adding getFullName() predicate 2021-12-22 08:35:55 -07:00
Jeff Gran
8e46eeb88c fix expectations to expect the correct values 2021-12-22 08:35:52 -07:00
Tom Hvitved
55492ef348 Ruby: Update expected test output after rebase 2021-12-22 15:56:20 +01:00
Tom Hvitved
3a30f58f74 Address review comments 2021-12-22 15:56:20 +01:00
Tom Hvitved
400802c5ce Ruby: Add flow summaries for Array/Enumerable methods 2021-12-22 15:56:20 +01:00
Tom Hvitved
8c18aaae74 Ruby: Prepare for data flow through arrays 2021-12-22 15:35:34 +01:00
Tom Hvitved
27f786b41e Merge pull request #7442 from hvitved/ruby/dataflow/keyword-params 
Ruby: Data flow for keyword arguments/parameters
 2021-12-22 15:23:22 +01:00
Nick Rolfe
9e259b67bb Merge pull request #7305 from github/nickrolfe/user-controlled-bypass 
Ruby: query to find user-controlled bypass of sensitive actions
 2021-12-21 17:20:20 +00:00
Arthur Baars
a7aff11140 Merge pull request #7394 from aibaars/ruby-cfg-expr-post 
Ruby: CFG: make all expressions "post-order" nodes
 2021-12-21 16:36:42 +01:00
Nick Rolfe
5db80dac51 Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass 2021-12-21 15:26:08 +00:00
Arthur Baars
a86ba3b14e Ruby: rename WhenExpr to WhenClause 2021-12-21 12:31:24 +01:00
Arthur Baars
6c7114804e Ruby: remove CaseExprChildMapping::getBranch 2021-12-20 19:21:36 +01:00
Arthur Baars
7644d60dae Revert "Ruby: CFG: make WhenExpr post-order" 
This reverts commit cff63fa7d7.
 2021-12-20 18:57:25 +01:00
Alex Ford
313e0c63fd Merge pull request #7399 from github/ruby/stdlib-logger 
Ruby: Model what is written to the log from stdlib `Logger` methods
 2021-12-20 09:52:29 +00:00
Tom Hvitved
1e27ddf7c7 Ruby: Data flow for keyword arguments/parameters 2021-12-17 15:42:29 +01:00
Arthur Baars
46144fe0a3 Ruby: InClause and WhenClause are no longer Expr 2021-12-17 14:04:25 +01:00
Arthur Baars
974ad070d1 Revert "Ruby: CFG make in-clause post-order" 
This reverts commit 1343ed58a21eec2954876d8d42e877a382ba89c8.
 2021-12-17 14:04:25 +01:00
Arthur Baars
ba89653dff Ruby: CFG: make RescueClause post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
db4b781fef Ruby: CFG: make RescueModifier post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
cff63fa7d7 Ruby: CFG: make WhenExpr post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
a9286e897b Ruby: CFG make in-clause post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
f49605569b Ruby: CFG make more expressions post-order 2021-12-17 12:21:18 +01:00
Arthur Baars
a4ea7129c2 Ruby: CFG: make 'case' a PostOrder node 2021-12-17 12:21:18 +01:00
Nick Rolfe
dba26a92e9 Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass 2021-12-16 15:05:01 +00:00
Tom Hvitved
e9ef53c31b Merge pull request #7390 from hvitved/ruby/deprecate-pattern-classes 
Ruby: Deprecate `Pattern` classes
 2021-12-16 14:36:13 +01:00
Tom Hvitved
c6696adfde Ruby: Add test case that would make old module resolution library diverge 2021-12-15 15:18:42 +01:00
Harry Maclean
062f7fe390 Merge pull request #7340 from github/hmac/private-methods 
Ruby: handle private module methods
 2021-12-15 21:07:49 +13:00
Alex Ford
5fa6ecc5f1 Ruby: Model what is written to the log from stdlib Logger methods 2021-12-14 17:39:12 +00:00
Tom Hvitved
10b2a0a54a Ruby: Add test for nested destructured parameters 2021-12-14 15:04:40 +01:00
Tom Hvitved
9ea8b20e77 Ruby: Deprecate Pattern classes 2021-12-14 15:04:40 +01:00
Harry Maclean
6223b166c2 Update test fixtures 
At the same time, rename some classes in `private.rb` so they don't
interact with identically-named modules in `calls.rb`.
 2021-12-13 16:24:25 +13:00
Harry Maclean
e1d290d4c0 Ruby: Don't count private methods as Rails actions 
Private instance methods on ActionController classes aren't valid
request handlers. Routing to them will raise an exception.
 2021-12-13 15:36:55 +13:00
Nick Rolfe
b80a84c156 Merge pull request #7341 from github/nickrolfe/cookies 2021-12-10 19:52:23 +00:00
Andrew Eisenberg
66c1629974 Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb 
Post-release preparation 2.7.3
 2021-12-10 09:59:45 -08:00
Nick Rolfe
a4da528812 Ruby: query to find user-controlled bypass of sensitive actions 2021-12-10 11:41:09 +00:00
Arthur Baars
a7b3f1370f Ruby: CFG: add test case 2021-12-09 15:23:26 +01:00
Tom Hvitved
b887165005 Ruby: Code review suggestions 2021-12-09 15:23:26 +01:00
Arthur Baars
660e52f2bf Ruby: CFG: make VariableReferencePattern a PreOrder node 2021-12-09 15:23:26 +01:00
Arthur Baars
aacba0b522 Ruby: CFG: add test cases for pattern matching 2021-12-09 15:23:26 +01:00
Arthur Baars
d17c055139 CFG 2021-12-09 15:23:25 +01:00
Arthur Baars
44a615839d Add test case with rest variable and no prefix elements 2021-12-09 15:23:25 +01:00
Arthur Baars
f08eb8e616 Revert "Temporarily allow CFG inconsistencies" 
This reverts commit dca1e34cd8.
 2021-12-09 15:23:25 +01:00
Nick Rolfe
d46564caa6 Ruby: treat ActionController#cookies as a remote flow source 2021-12-09 12:13:17 +00:00
Nick Rolfe
f6a8b9a7e5 Ruby: add cookies call to frameworks test 2021-12-09 12:07:04 +00:00
Harry Maclean
8df5aaa797 Ruby: Model private class methods 
`Module#private_class_method` takes a symbol representing the name of a
method in the current module scope and makes that module private. This
is similar to `private`, but applies only to class (singleton) methods.
Unlike `private`, it must be called with an argument, and does not
change the ambient visibility for any subsequent method definitions.

    class Foo
      def public
      end

      def private1
      end
      private_class_method :private1

      # This alternate form works because method definition
      # returns its name as a symbol:

      private_class_method def private2
      end
    end
 2021-12-09 18:15:25 +13:00
Harry Maclean
e811ba1150 Ruby: handle private module methods 
`private` can be used in both classes and modules.
 2021-12-09 18:13:29 +13:00
Tom Hvitved
5735bb698d Ruby: Hide desugared nodes in data-flow paths 2021-12-08 09:00:16 +01:00
Tom Hvitved
5183290439 Merge pull request #7315 from hvitved/ruby/inline-flow-test 
Ruby: Add `InlineFlowTest.qll`
 2021-12-07 16:29:34 +01:00