codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00

Author	SHA1	Message	Date
Grzegorz Niedziela	4ab6a7bdfd	Merge branch 'github:main' into main	2023-02-23 10:50:15 +00:00
Tom Hvitved	bd5ae88a9a	Ruby: Move `FileSystem.qll` implementation into shared `util` pack	2023-02-23 10:21:04 +01:00
Tom Hvitved	c3679d0661	Fix bad join	2023-02-21 19:28:55 +13:00
Tom Hvitved	9880952e72	Revert "Ruby: Fix performance of Filter.getAnAction" This reverts commit f6c863c13bc840cba983ed12232725b8a8552cb4.	2023-02-21 19:28:55 +13:00
Harry Maclean	710ddb1f96	Ruby: Fix performance of Filter.getAnAction Only look at the current class and the immediate superclass. This will miss some edge cases but is much faster.	2023-02-21 19:28:54 +13:00
Harry Maclean	2bc7d4e1ee	Ruby: Clean up	2023-02-21 19:28:54 +13:00
Harry Maclean	7a01c4a974	Ruby: Add change note for filter dataflow	2023-02-21 19:28:54 +13:00
Harry Maclean	ba4d0a81d5	Ruby: Simplify filter dataflow This introduces some false flow (the `ThreeController` and `FourController` examples in `filter_flow.rb`) but is simpler and in line with how we model flow for normal method calls.	2023-02-21 19:28:53 +13:00
Harry Maclean	0a02b45ad7	Ruby: More filter flow steps Add a jump step from the last self post-update node in a method to the self parameter of the next method.	2023-02-21 19:28:26 +13:00
Harry Maclean	04e80fa48f	Ruby: Use lookupMethod The hope is that this predicate is already used elsewhere, so its cost is amortized.	2023-02-21 19:26:36 +13:00
Harry Maclean	889d97163e	Ruby: Refactor getFilterCallable Try to force a join with the filter argument string first, to reduce tuple counts.	2023-02-21 19:26:36 +13:00
Harry Maclean	2590682262	Ruby: inline RenderCallUtils::getBaseName This seems to yield a small performance increase.	2023-02-21 19:26:36 +13:00
Harry Maclean	ae3d91b546	Ruby: First draft of rails callback flow	2023-02-21 19:26:36 +13:00
Harry Maclean	6eeb711988	Ruby: Add AdditionalJumpStep class	2023-02-21 19:26:36 +13:00
Alex Ford	774030a8db	Merge pull request #12083 from pwntester/ruby_twirp_support [Ruby] Add support for Twirp framework	2023-02-20 13:16:52 +00:00
Michael Nebel	813ffa440c	Java: Consider ai-generated flow summaries to as generated summaries in dataflow.	2023-02-20 12:11:48 +01:00
Harry Maclean	4e07fd3eb1	Ruby: Model ApplicationController.renderer	2023-02-19 13:37:27 +13:00
gregxsunday	fe97d2a05d	fix file formatting	2023-02-17 14:01:28 +00:00
Grzegorz Niedziela	9d8c117c61	added QLDocs for ZipSlip module	2023-02-17 12:57:35 +00:00
Grzegorz Niedziela	652c7ff1ed	Push Sanitizer definition to ZipSlipCustomization.qll	2023-02-17 12:49:31 +00:00
Grzegorz Niedziela	8bbbb95a87	Make ZipSlip module classes private and push Sanitizer definition to ZipSlipCustomization.qll	2023-02-17 12:49:04 +00:00
github-actions[bot]	8eb8daa4d4	Post-release preparation for codeql-cli-2.12.3	2023-02-16 17:23:25 +00:00
github-actions[bot]	b0315119c6	Release preparation for version 2.12.3	2023-02-16 11:49:06 +00:00
gregxsunday	d1aaa9ad86	Add ZipSlip/TarSlip query for ruby	2023-02-16 11:24:15 +00:00
Alex Ford	74782bf6a2	Merge branch 'main' into ruby_twirp_support	2023-02-15 17:15:08 +00:00
Alex Ford	1556b1a728	Merge branch 'main' into js-use-shared-cryptography	2023-02-15 17:13:53 +00:00
Alex Ford	43af306d60	dynamic: more detailed qldoc for CryptographicOperation#getBlockMode()	2023-02-15 16:55:18 +00:00
Alex Ford	d4d0b91085	dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate	2023-02-15 16:23:46 +00:00
Alex Ford	c7aaad9ed0	JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby	2023-02-15 16:23:46 +00:00
Rasmus Wriedt Larsen	c72dbc49fc	Merge pull request #12165 from RasmusWL/crypto-updates Python/Ruby/JS Crypto: Add a few algorithms + block modes	2023-02-15 14:35:40 +01:00
erik-krogh	17f7ba2a8f	rewrite the taint-step for join() to a flowsummary	2023-02-15 12:34:59 +01:00
erik-krogh	d2bd70dc33	Merge branch 'main' into more-shell-taint	2023-02-15 11:35:58 +01:00
Alvaro Muñoz	4644a88b89	address code review comments	2023-02-14 14:27:17 +01:00
Tom Hvitved	2113c3c3d9	Ruby: Remove `NumberUtils.qll`	2023-02-13 15:59:50 +01:00
Anders Schack-Mulligen	e877b161d8	Merge pull request #12124 from hvitved/dataflow/stage1-dispatch Data flow: Call context virtual dispatch pruning in stage 1	2023-02-13 13:13:43 +01:00
Arthur Baars	457a2bb2a2	Merge pull request #12093 from aibaars/oneline-match Ruby: add support for one-line pattern matches	2023-02-13 12:38:28 +01:00
Erik Krogh Kristensen	2f404df17c	Merge pull request #10782 from erik-krogh/rbPoly Ruby: add library input as a source for `rb/polynomial-redos`	2023-02-13 12:26:07 +01:00
Erik Krogh Kristensen	26d5fb2412	Merge pull request #11824 from erik-krogh/secondMissAnchor RB: add query detecting validators that use badly anchored regular expressions on library/remote input	2023-02-13 11:26:05 +01:00
erik-krogh	634087b417	Merge branch 'main' into rbPoly	2023-02-13 10:46:00 +01:00
Rasmus Wriedt Larsen	5235964b07	sync files	2023-02-13 10:44:12 +01:00
Tom Hvitved	f7a5a33474	Address review comment	2023-02-13 09:01:15 +01:00
Arthur Baars	679f02c274	Address comments	2023-02-10 18:08:30 +01:00
Arthur Baars	07947e6528	Address comments	2023-02-09 12:02:14 +01:00
Arthur Baars	78ad9d67b4	Address comments	2023-02-08 13:40:46 +01:00
Tom Hvitved	8e8897b08b	Data flow: Sync files	2023-02-07 15:15:04 +01:00
Tom Hvitved	10534b62c9	Data flow: Call context virtual dispatch pruning in stage 1	2023-02-07 15:14:27 +01:00
Tom Hvitved	984729f9b0	Merge pull request #12117 from hvitved/ruby/delay-location-to-string Ruby: Avoid computing `Location::toString` in full	2023-02-07 12:42:03 +01:00
Alvaro Muñoz	642a138eaa	Update Twirp.qll	2023-02-07 10:44:48 +01:00
Tom Hvitved	c0e3186607	Ruby: Avoid computing `Location::toString` in full	2023-02-07 10:06:47 +01:00
Mathias Vorreiter Pedersen	00fe448e3a	Merge pull request #12072 from aschackmull/dataflow/stage3-perf Dataflow: Fix join in `fwdFlowRead` (take 2)	2023-02-06 10:43:11 +00:00

... 22 23 24 25 26 ...

3367 Commits