codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00

Author	SHA1	Message	Date
Nick Rolfe	269c27757d	Ruby: include value-preserving flow in localTaintStep	2022-10-21 16:17:11 +01:00
Asger F	84ae17dcbb	Ruby: ensure Object is a transitive superclass	2022-10-21 15:18:59 +02:00
Arthur Baars	a56ed88db2	Merge pull request #10920 from github/post-release-prep/codeql-cli-2.11.2 Post-release preparation for codeql-cli-2.11.2	2022-10-21 11:58:12 +02:00
Tom Hvitved	4422327c00	Ruby: Call-context sensitivity for singleton method calls	2022-10-21 11:48:25 +02:00
Asger F	3fd2b9ad7b	Ruby: add a comment This would have saved me some time	2022-10-21 11:44:12 +02:00
Asger F	ee7970afcb	Ruby: treat String as a builtin	2022-10-21 11:44:11 +02:00
Asger F	db58e3357b	Ruby: allow speculative container qname resolution	2022-10-21 11:44:11 +02:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00
Tom Hvitved	db699ae314	Ruby: Refactor call graph logic for singleton methods	2022-10-21 07:27:41 +02:00
thiggy1342	4e5c1f210d	Update ruby/ql/lib/change-notes/2022-10-20-expand-faraday-model-for-ssrf-sink Co-authored-by: Rahul Zhade <rzhade3@users.noreply.github.com>	2022-10-20 17:33:17 -04:00
thiggy1342	244a3329e0	Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new	2022-10-20 16:37:57 -04:00
thiggy1342	4c3e3e442a	Add Faraday::Connection.new as sink for SSRF query	2022-10-20 20:32:08 +00:00
Arthur Baars	a520de3986	Merge pull request #10902 from github/release-prep/2.11.2 Release preparation for version 2.11.2	2022-10-20 15:55:44 +02:00
Arthur Baars	45c9a0d0b1	Apply suggestions from code review Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2022-10-20 15:22:29 +02:00
github-actions[bot]	9a0848bbc4	Release preparation for version 2.11.2	2022-10-20 11:05:19 +00:00
Tom Hvitved	faaead682e	Ruby: Block for steps into `self` parameters in `trackModuleAccess`	2022-10-20 13:00:12 +02:00
erik-krogh	bb8bcd4643	fix typo	2022-10-20 10:48:02 +02:00
erik-krogh	c13e8e4f48	Merge branch 'main' into formatTaint	2022-10-20 10:46:16 +02:00
erik-krogh	7797211118	Merge branch 'main' into unsafeRbCmd	2022-10-20 10:34:17 +02:00
erik-krogh	24916f8538	rename `runsImmediately` to `runsArbitraryCode`	2022-10-20 10:10:11 +02:00
erik-krogh	226bd1f321	add flow-state support to sanitizers in code-execution, and use that to refactor the string-concatenation-sanitizer	2022-10-19 13:06:54 +02:00
erik-krogh	3e51f6fa8e	use flow-states to remove FPs related to an attacker only controlling a substring in code-injection	2022-10-19 13:00:44 +02:00
erik-krogh	2a72e89090	add a runsImmediately predicate to CodeExecution (name chosen by Copilot)	2022-10-19 12:30:47 +02:00
erik-krogh	8a3e255e12	remove FPs in rb/stored-xss from spurious sources	2022-10-18 11:07:48 +02:00
erik-krogh	5a98f66bef	simplify the modeling of html_safe. Any call to html_safe is now considered an XSS sink	2022-10-18 10:43:22 +02:00
Tom Hvitved	19bcd287cb	Merge pull request #10867 from hvitved/ruby/orm-tracking-redundant-additional-step Ruby: Remove redundant additional flow step from `OrmTracking::Configuration`	2022-10-18 10:03:51 +02:00
Tom Hvitved	d362296f1c	Merge pull request #10864 from hvitved/ruby/get-a-barrier-node-join-fix Ruby: Fix bad join-order in `BarrierGuard::getABarrierNode`	2022-10-18 10:03:02 +02:00
Tom Hvitved	1266d248ed	Ruby: Remove redundant additional flow step from `OrmTracking::Configuration`	2022-10-18 09:33:29 +02:00
Tom Hvitved	6c765a95ff	Ruby: Fix bad join-order in `BarrierGuard::getABarrierNode` Before ``` Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@6c9d334e with tuple counts: 0 ~0% {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0 554860 ~0% {2} r2 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 1 ~0% {1} r3 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1 1 ~0% {1} r4 = r1 UNION r3 7 ~0% {1} r5 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1 3045081 ~1% {3} r6 = JOIN DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1 3045081 ~1% {3} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1 554860 ~1% {3} r8 = JOIN r7 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2 1462917146 ~0% {3} r9 = JOIN r8 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1 5082692 ~1% {4} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Rhs.2, Lhs.1 33 ~0% {1} r11 = JOIN r10 WITH BarrierGuards#2462899b::stringConstArrayInclusionCall#3#fff ON FIRST 3 OUTPUT Lhs.3 57 ~0% {1} r12 = JOIN r10 WITH BarrierGuards#2462899b::stringConstCompare#3#fff ON FIRST 3 OUTPUT Lhs.3 90 ~0% {1} r13 = r11 UNION r12 97 ~0% {1} r14 = r5 UNION r13 98 ~0% {1} r15 = r4 UNION r14 return r15 ``` After ``` [2022-10-17 20:35:01] Evaluated non-recursive predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar in 65ms (size: 98). Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar with tuple counts: 0 ~0% {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0 33 ~0% {1} r2 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3 33 ~0% {1} r3 = r1 UNION r2 57 ~1% {1} r4 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3 554860 ~0% {2} r5 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 1 ~0% {1} r6 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1 7 ~0% {1} r7 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1 8 ~0% {1} r8 = r6 UNION r7 65 ~2% {1} r9 = r4 UNION r8 98 ~1% {1} r10 = r3 UNION r9 return r10 ```	2022-10-17 20:39:30 +02:00
erik-krogh	f09e3bd3ac	add String#% as a printf like call	2022-10-17 13:51:43 +02:00
Arthur Baars	f7ff2cdc0d	Merge branch 'main' into actiondispatch-response	2022-10-17 13:22:17 +02:00
erik-krogh	d4919d04ba	add a taint-step for format-calls	2022-10-17 13:16:38 +02:00
erik-krogh	f222cc1f3e	refactor the existing taint-step for string interpolation into StringFormatters.qll	2022-10-17 13:16:38 +02:00
erik-krogh	6de1abcb0e	add a returnsFormatted predicate to the printf model, similar to the JS implementation	2022-10-17 13:16:38 +02:00
erik-krogh	a2b924bbdf	move model of printf style calls to StringFormatters.qll	2022-10-17 13:16:34 +02:00
erik-krogh	dbf2673a91	add returnsFormatted predicate to PrintfStyleCall (similar to JS)	2022-10-17 12:15:31 +02:00
erik-krogh	46627a737e	add an AdditionalTaintStep class for Ruby	2022-10-17 12:15:30 +02:00
Erik Krogh Kristensen	122d188f1d	Merge pull request #10832 from erik-krogh/passRb RB: add model for the `Digest` and `OpenSSL::Digest` modules	2022-10-17 10:02:33 +02:00
erik-krogh	191efdf6e0	replace `getMethod("new").getReturn()` with `getInstance()`	2022-10-17 09:35:44 +02:00
Anders Schack-Mulligen	6ef5fac239	Merge pull request #10814 from aschackmull/dataflow/synth-global Dataflow: Add support for synthetic global fields in MaD.	2022-10-17 08:34:26 +02:00
Harry Maclean	eddb8493d8	Apply suggestions from code review Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2022-10-17 09:34:44 +13:00
Harry Maclean	0e6322d673	Ruby: Restrict XSS header sinks Not all header writes are relevant to XSS. Restrict these to just content-type and access-control-allow-origin.	2022-10-17 09:34:44 +13:00
Harry Maclean	8ae86cf443	Ruby: Consider header writes as XSS sinks	2022-10-17 08:17:37 +13:00
Harry Maclean	73ca595b56	Ruby: Model ActionDispatch::Response	2022-10-17 08:17:37 +13:00
Arthur Baars	ae0c9b76e0	Merge pull request #10843 from aibaars/fix-self Ruby: fix self variables in blocks	2022-10-15 00:48:14 +02:00
Alex Ford	2c5129e720	Merge pull request #10369 from alexrford/rb/sensitive-get-query Ruby: add `rb/sensitive-get-query` query	2022-10-14 22:34:47 +01:00
Arthur Baars	a8fdda65fb	Ruby: fix self variables in blocks	2022-10-14 16:02:39 +02:00
Asger F	8cb4f230d8	Merge branch 'main' into rb/fix-spurious-singleton-calls	2022-10-14 15:52:38 +02:00
Tom Hvitved	407f7072e4	Merge pull request #10829 from hvitved/ruby/call-graph-perf Ruby: Call graph performance improvements	2022-10-14 15:24:27 +02:00
erik-krogh	5f826d0eef	fix typo	2022-10-14 14:43:51 +02:00

... 32 33 34 35 36 ...

3367 Commits