hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

3367 Commits

Author SHA1 Message Date
Tom Hvitved
3b7fe06858 Ruby: Simplify flow summary for fetch 2022-04-27 08:26:24 +02:00
Harry Maclean
992cc517a8 Ruby: Minor changes to InsecureDownload 2022-04-27 18:04:21 +12:00
Harry Maclean
a85811ad69 Remove unused field 2022-04-27 12:47:09 +12:00
Harry Maclean
bb3fb0325b Ruby: Add InsecureDownload query 
This query finds cases where a potentially unsafe file is downloaded
over an unsecured connection.
 2022-04-27 12:47:09 +12:00
Harry Maclean
ce7675ef43 Ruby: Identify domain in Net::HTTP requests 2022-04-27 12:47:09 +12:00
Harry Maclean
3f8b27c0cd Ruby: Add RegExpNonWordBoundary to RegExpTreeView 2022-04-27 10:12:33 +12:00
Harry Maclean
debc57b417 Ruby: Add RegExpAnchor to RegExpTreeView 2022-04-27 10:12:33 +12:00
Harry Maclean
d95f533d19 Ruby: Add getLastChild to RegExpParent 2022-04-27 10:12:33 +12:00
Nick Rolfe
649d7dd022 Merge pull request #8607 from github/nickrolfe/incomplete_sanitization 
Ruby: port of `js/incomplete-sanitization`
 2022-04-26 17:10:24 +01:00
Erik Krogh Kristensen
d389012b75 Merge branch 'main' into redundantImport 2022-04-26 14:24:51 +02:00
Anders Schack-Mulligen
59aedc2872 Merge pull request #8853 from aschackmull/dataflow/fix-join 
Dataflow: Fix join-on-config producing a CP.
 2022-04-26 09:52:50 +02:00
Mathias Vorreiter Pedersen
aca4c8727f Merge pull request #8802 from github/post-release-prep/codeql-cli-2.9.0 
Post-release preparation for codeql-cli-2.9.0
 2022-04-25 22:52:55 +01:00
Anders Schack-Mulligen
c06efa1f42 Dataflow: Sync. 2022-04-25 13:11:04 +02:00
Anders Schack-Mulligen
40a16325a9 Minor clean-up in AccessPathSyntax. 2022-04-25 12:27:48 +02:00
Alex Ford
b956616a56 Ruby: fix alert 2022-04-25 11:25:57 +01:00
Tom Hvitved
bffa8fa7cb Merge pull request #8641 from hvitved/dataflow/interpret-read-store 
Data flow: Introduce `ContentSet`
 2022-04-25 12:17:34 +02:00
Tom Hvitved
2466288656 Data flow: Simplify revFlowStore 2022-04-25 10:11:54 +02:00
Tom Hvitved
cf0a1e748a Add change notes 2022-04-25 09:17:40 +02:00
Alex Ford
e03ce8f9f2 Ruby: add experimental library to support RBI files 2022-04-24 22:48:52 +01:00
Alex Ford
e3e02c98ea Ruby: Add ExprNodes::CallableCfgNode and ExprNodes::MethodBaseCfgNode 2022-04-24 22:27:20 +01:00
Jeroen Ketema
79164056d1 Replace help.semmle.com links by codeql.github.com links 2022-04-22 20:42:11 +02:00
Tom Hvitved
bc6ee10583 Data flow: Sync files 2022-04-22 15:10:00 +02:00
Tom Hvitved
488a4ede94 Data flow: Inline getAStoreContent up-front 2022-04-22 15:09:59 +02:00
Tom Hvitved
b033f107df Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store 2022-04-22 14:35:02 +02:00
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Erik Krogh Kristensen
a96489b23d delete duplicate imports 2022-04-22 12:41:30 +02:00
Erik Krogh Kristensen
c015ef6ef4 Merge pull request #8810 from erik-krogh/rubyPathgraph 
Ruby: dont import the PathGraph module from Query.qll files
 2022-04-22 12:02:59 +02:00
Tom Hvitved
093a3879be Merge pull request #8794 from hvitved/ruby/capture-barrier-guards 
Ruby: Handle captured variables in `BarrierGuard::getAGuardedNode()`
 2022-04-22 11:47:36 +02:00
Erik Krogh Kristensen
a737350f27 RB: dont import the PathGraph module from Query.qll files 2022-04-22 11:46:06 +02:00
Tom Hvitved
be5363ea53 Merge pull request #8801 from hvitved/ruby/exclude-splat-in-taint-tracking 
Ruby: Exclude `SplatExpr` from taint tracking
 2022-04-22 11:12:05 +02:00
github-actions[bot]
1aecfc67c2 Post-release preparation for codeql-cli-2.9.0 2022-04-21 19:22:19 +00:00
Tom Hvitved
c20ce62767 Ruby: Exclude SplatExpr from taint tracking 
`SplatExpr`s are modelled using flow summaries, so there is no need to include them
explicitly in `defaultAdditionalTaintStep`.
 2022-04-21 20:27:04 +02:00
Dave Bartolomeo
f042d9bfea Fix formatting in change log 2022-04-21 10:58:26 -04:00
Dave Bartolomeo
36ca792986 Fix formatting in change log 2022-04-21 10:57:35 -04:00
Dave Bartolomeo
ab50df829e Fix formatting in change log 2022-04-21 10:57:05 -04:00
github-actions[bot]
eeaf233c29 Release preparation for version 2.9.0 2022-04-21 14:49:00 +00:00
Tom Hvitved
bd09c61504 Merge pull request #8786 from hvitved/ruby/dataflow/argument-tokens 
Ruby: Implement `Argument[any]` and `Argument[n..]`
 2022-04-21 16:31:24 +02:00
Tom Hvitved
addb92f13b Ruby: Handle captured variables in BarrierGuard::getAGuardedNode() 2022-04-21 13:25:47 +02:00
Erik Krogh Kristensen
8bd975a6ec Merge pull request #8785 from hvitved/ruby/api-graph-labels 
Ruby: Mention `newtype` constructors in API graph label classes
 2022-04-20 18:32:09 +02:00
Anders Schack-Mulligen
677c436e99 Merge pull request #8703 from aschackmull/dataflow/revert-state-in-out-barriers 
Dataflow: Revert support for flow-state based in-/out-barriers
 2022-04-20 14:54:02 +02:00
Tom Hvitved
b4542c58c2 Ruby: Implement Argument[any] and Argument[n..] 2022-04-20 13:55:18 +02:00
Tom Hvitved
501b03149f Ruby: Mention newtype constructors in API graph label classes 2022-04-20 13:37:55 +02:00
Nick Rolfe
9b6e610e24 Merge remote-tracking branch 'origin/main' into nickrolfe/incomplete_sanitization 2022-04-20 12:05:22 +01:00
Nick Rolfe
f1b8af1db9 Ruby: rename PostUpdateNode::Range to PostUpdateNodeImpl 2022-04-20 10:35:40 +01:00
Nick Rolfe
c02670aca2 Ruby: make PostUpdateNode public 2022-04-19 17:12:51 +01:00
Anders Schack-Mulligen
48fbbf2531 Dataflow: Add change notes. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
b521d64156 Dataflow: Sync. 2022-04-19 15:29:35 +02:00
Nick Rolfe
468c718da0 Ruby: simplify predicate 2022-04-19 11:32:26 +01:00
Nick Rolfe
14de91ce94 Ruby: make StringSubstitutionCal extend DataFlow::CallNode 2022-04-19 10:52:14 +01:00
Mathias Vorreiter Pedersen
91b413d59f Dataflow: Sync identical files. 2022-04-19 09:57:21 +01:00