hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

3367 Commits

Author SHA1 Message Date
Arthur Baars
09bc78eafc Ruby: local dataflow step for || and && 2022-10-04 12:58:49 +02:00
Arthur Baars
e95b5468d9 Ruby: use Dataflow for Pathname instead of TypeTracking 2022-10-04 12:58:49 +02:00
Arthur Baars
f9b952f04f Ruby: Pathname use TypeTracker instead of local flow 2022-10-04 12:58:49 +02:00
Nick Rolfe
dd1b302fce Ruby: revert making inActionViewContext private 2022-10-04 11:29:09 +01:00
Nick Rolfe
a738f1d5cf Ruby: remove public abstract classes for Action{View,Controller} 2022-10-04 10:53:41 +01:00
Asger F
b6231e82ec Ruby: do not treat WithoutElement[0..!] as a type filter 2022-10-04 11:14:31 +02:00
Asger F
3ccc3a2058 Ruby: move special treatment of Hash.[] into Hash.qll 2022-10-04 11:14:31 +02:00
Asger F
94d41b9fa4 Ruby: add hook for adding type-tracking steps 
fixup docs

fixup docs

fixup TypeTrackingStep
 2022-10-04 11:14:31 +02:00
Asger F
96711b2810 Ruby: improve join order in trackInstanceRec 2022-10-04 11:14:31 +02:00
Asger F
c220f4e103 Ruby: prune unusable summaries earlier 
Ruby: prune more aggressively
 2022-10-04 11:14:30 +02:00
Asger F
ff4ce4a151 Ruby: use Element[n..] tokens in inject and reduce 2022-10-04 11:14:30 +02:00
Asger F
fd9c1e4507 Ruby: filter out obvious module 'prepend' calls 2022-10-04 11:14:30 +02:00
Asger F
9302271c15 Ruby: Hack special-casing of hash literals 2022-10-04 11:14:30 +02:00
Asger F
bd11946aec Ruby: support WithoutContent steps in restricted cases 
fixup ContentFilter

fixup basicWith(out)contentstep
 2022-10-04 11:14:28 +02:00
Asger F
323abf45ca Ruby: Speed up evaluateSummaryComponentStackLocal 2022-10-04 11:12:09 +02:00
Asger F
a7d764d2a7 Ruby: Improve join order when generating edges 2022-10-04 11:12:09 +02:00
Asger F
8c43ab627f Ruby: go to local source in load-store steps 2022-10-04 11:11:50 +02:00
Asger F
8b389fe5f9 Ruby: use getACallSimple in more Hash methods 2022-10-04 11:08:46 +02:00
Asger F
74c3886167 Ruby: use getACallSimple in more Array methods 2022-10-04 11:08:46 +02:00
Asger F
5b2d8b0894 Ruby: make Array.each a simple summary 2022-10-04 11:08:46 +02:00
Asger F
fbab0f50f2 Ruby: Evaluate longer summary component stacks 2022-10-04 11:08:46 +02:00
Asger F
0000a7d429 Ruby: Summarize load-store steps in type-tracking 
fixup to LoadStore
 2022-10-04 11:08:44 +02:00
Asger F
a4d4e406c6 Ruby: Summarize level steps in type tracking 2022-10-04 11:06:44 +02:00
Tom Hvitved
12536578d4 Merge pull request #10664 from hvitved/type-tracking-more-caching 
Ruby/Python: Cache more type tracking predicates
 2022-10-04 10:58:41 +02:00
Harry Maclean
42a97b26bb Merge pull request #10316 from hmac/hmac/actionview 
Ruby: Model ActionView
 2022-10-04 08:16:16 +13:00
Tom Hvitved
bc3e9339dc Ruby: Cache more type tracking predicates 2022-10-03 20:29:17 +02:00
Tom Hvitved
d52d3d7b75 Merge pull request #10644 from hvitved/ruby/prevent-reevaluation 
Ruby: Prevent reevaluation of expensive predicates
 2022-10-03 13:10:39 +02:00
Asger F
47e5623b90 Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs 
Ruby: Do not attempt to track precise hash indices for floats and complex numbers
 2022-10-03 09:23:33 +02:00
Harry Maclean
e48665ad9f Fix doc 2022-10-03 14:13:12 +13:00
Harry Maclean
236b628ee2 Ruby: Constrain parameters flow properly 2022-10-03 14:06:06 +13:00
Harry Maclean
32baf67b07 Fix change note month 2022-10-03 09:46:01 +13:00
Harry Maclean
5c20039e09 Ruby: Slightly improve class name 2022-10-03 09:46:01 +13:00
Harry Maclean
fa1ae26fab Add change note 2022-10-03 09:46:01 +13:00
Harry Maclean
a5998fbe4d Ruby: Model ActionController::Parameters 
Add flow summaries for methods on ActionController::Parameters,
which mostly propagate taint from receiver to return value.
 2022-10-03 09:45:59 +13:00
Harry Maclean
ba83b7c6c7 Merge pull request #10599 from hmac/hmac/actioncontroller-datastreaming 
Ruby: Model send_file
 2022-10-03 09:44:05 +13:00
Alex Ford
5c32c8badf Merge pull request #10560 from alexrford/ruby/yaml-load_file 
Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization
 2022-10-02 20:19:10 +01:00
Tom Hvitved
292bc67125 Merge pull request #10620 from hvitved/ruby/call-graph-protected-methods 
Ruby: Account for `protected` methods in call graph
 2022-09-30 19:31:36 +02:00
Tom Hvitved
32d002ed60 Merge pull request #10627 from hvitved/ruby/synthesis-reduce-non-linear-rec 
Ruby: Reduce size of input predicate for non-linear recursion
 2022-09-30 15:36:21 +02:00
Tom Hvitved
3ec43dbd16 Ruby: Do not attempt to track precise hash indices for floats and complex numbers 2022-09-30 14:57:50 +02:00
Tom Hvitved
e5d884a905 Ruby: Cache predicates in ApiGraphModels::ModelOutput 2022-09-30 14:56:55 +02:00
Tom Hvitved
299339f817 Ruby: Expose relevant predicates from internal/Module.qll and make sure they are cached 2022-09-30 14:56:55 +02:00
Asger F
6e1914ad01 Merge pull request #10375 from asgerf/rb/summarize-loads-v2 
Ruby: type-tracking and API edges through simple library callables
 2022-09-30 14:25:17 +02:00
Nick Rolfe
ef8ec0878a Merge pull request #10641 from github/nickrolfe/a_an 
JS/Python/Ruby: s/a HTML/an HTML/
 2022-09-30 12:17:15 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00
Michael Nebel
82294c1349 Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr 
Ruby: Postupdate notes for assignment expressions.
 2022-09-30 10:00:02 +02:00
Harry Maclean
4a39bc8f47 Merge pull request #10598 from hmac/hmac/actioncontroller-metal 
Ruby: Identify ActionController::Metal controllers
 2022-09-30 13:07:03 +13:00
Tom Hvitved
a5fbe751f1 Ruby: Reduce size of input predicate for non-linear recursion 
Before, we would be recursive in all of `MethodCall::getMethodName`:

```
Evaluated named local Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi in 9803ms on iteration 14 (size: 31006941).
Evaluated relational algebra for predicate Synthesis#d9ff06b1::AssignOperationDesugar::SetterAssignOperation::getCallKind#ffff#shared#3@Synthesi on iteration 14 running pipeline main with tuple counts:
          256419  ~1%    {2} r1 = SCAN Call#841c84e8::MethodCall::getMethodName#0#dispred#ff#prev_delta OUTPUT In.1, In.0
        31006941  ~8%    {4} r2 = JOIN r1 WITH Synthesis#d9ff06b1::MethodCallKind#ffff#prev ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Rhs.2, Rhs.3
                         return r2
```

Now, we have restricted that to only the relevant method names.
 2022-09-29 15:59:11 +02:00
Asger F
ae60b0ae6d Ruby: ensure pruning works with startInContent 2022-09-29 15:54:51 +02:00
Michael Nebel
999eb19c3d Ruby: Support postupdate notes for assignment expressions. 2022-09-29 14:12:20 +02:00
Asger F
f1de5a2ffd Ruby: Restrict summaries and type trackers to relevant contents 2022-09-29 14:10:09 +02:00