hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1063 Commits

Author SHA1 Message Date
Tom Hvitved
007d08ea63 Ruby: Add another variable capture test 2024-02-22 09:39:01 +01:00
Joe Farebrother
e36b9f4d3c Add tests and change note 2024-02-15 15:26:20 +00:00
Peter Stöckli
2f7b946c9f Ruby: add sources on request object of Rails 2024-02-13 15:52:18 +01:00
Harry Maclean
3d9f9afa77 Merge pull request #15566 from hmac/hmac-actioncontroller-regex 
Ruby: Fix ActionController path regex
 2024-02-12 14:14:57 +00:00
Harry Maclean
99497e5f3c Merge pull request #15521 from hmac/hmac-ar-connection 
Ruby: Recognise more ActiveRecord connections
 2024-02-12 14:06:50 +00:00
Tom Hvitved
37d774176b Ruby: Fix SSA inconsistency 2024-02-09 14:49:26 +01:00
Tom Hvitved
1ea7717714 Capture flow: Take overwrites in nested scopes into account 2024-02-09 14:49:23 +01:00
Tom Hvitved
0c43ad45b4 Ruby: Add another captured variable data flow test 2024-02-09 14:48:36 +01:00
Anders Schack-Mulligen
35a3aa0a09 Ruby: Add empty provenance column to expected files. 2024-02-09 11:32:08 +01:00
Harry Maclean
3a90d78c36 Ruby: Fix Rails view file regex 
This picks up non-nested template files correctly.
 2024-02-09 09:41:43 +00:00
Harry Maclean
48890b446d Ruby: Add more actioncontroller tests 2024-02-09 09:31:35 +00:00
Harry Maclean
f792b58421 Ruby: Recognise more ActiveRecord connections 2024-02-05 16:45:59 +00:00
Tom Hvitved
8972133d4b Merge pull request #15498 from hvitved/ruby/ctx-sensitivity-test 
Ruby: Add another dataflow test
 2024-02-01 12:46:53 +01:00
Tom Hvitved
792f302bd4 Ruby: Add another dataflow test 2024-02-01 10:52:06 +01:00
Harry Maclean
4cfdf8b7a3 Ruby: Add test case for view without ERB template 2024-01-30 20:30:59 +01:00
Tom Hvitved
d2d017dd64 Ruby: Model flow through ViewComponent render methods 2024-01-30 20:30:58 +01:00
Tom Hvitved
817a2b71a8 Add more tests 2024-01-30 20:30:58 +01:00
Harry Maclean
5b3a2b35b7 Update expected file 2024-01-30 20:30:58 +01:00
Harry Maclean
75a37486c9 Add WIP query for erb flow 2024-01-30 20:30:58 +01:00
Harry Maclean
bf3b86b402 Add test for erb flow 2024-01-30 20:30:58 +01:00
Tom Hvitved
2d95ac9d5f Merge pull request #15468 from hvitved/ruby/ctx-sensitivity-rework 2024-01-30 20:27:43 +01:00
Harry Maclean
f230e618a3 Ruby: Update tests 2024-01-30 09:43:56 +00:00
Tom Hvitved
503d2f7b95 Ruby: Rework mayBenefitFromCallContext 2024-01-30 09:57:29 +01:00
Tom Hvitved
295198744b Ruby: Handle captured yield calls 2024-01-10 14:25:15 +01:00
Tom Hvitved
55be4c39ef Ruby: Add data flow call sensitivity test 2024-01-10 14:25:12 +01:00
Tom Hvitved
c9cf2a899c Merge pull request #15260 from hvitved/dataflow/may-benefit-from-cctx-simplify 
Data flow: Remove column from `mayBenefitFromCallContext`
 2024-01-10 11:43:15 +01:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
Arthur Baars
20022b6f3a Add test case 2024-01-05 14:39:30 +01:00
Tom Hvitved
25a676ac6a Ruby: Model simple pattern matching as value steps instead of taint steps 2023-12-14 20:18:24 +01:00
Tom Hvitved
0e81577269 Ruby: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:43 +01:00
Tom Hvitved
dde83b6415 Merge pull request #14709 from hvitved/ruby/shared-type-tracking 
Ruby: Adopt shared type tracking library
 2023-12-05 20:12:06 +01:00
Tom Hvitved
9eaebfcf60 Merge pull request #14859 from hvitved/ruby/missing-flow-tests 
Ruby: Add tests illustrating missing flow
 2023-11-24 14:57:15 +01:00
Tom Hvitved
8ccce5891d Ruby: Add tests illustrating missing flow 2023-11-24 14:28:04 +01:00
Harry Maclean
288fbfd2ec Ruby: Add test for missing block flow 2023-11-22 09:59:55 +00:00
Tom Hvitved
6ce8e0510f Ruby: Adopt shared type tracking library 2023-11-20 16:03:24 +01:00
Tom Hvitved
b2f1022e5c Ruby: Prune irrelevant data flow nodes and edges 2023-11-16 13:52:07 +01:00
Tom Hvitved
75f42f4614 Merge pull request #14783 from hvitved/ruby/hash-array-literal 
Ruby: Include more nodes in `{Hash,Array}LiteralCfgNode`
 2023-11-16 13:51:35 +01:00
Tom Hvitved
2c23dacca1 Ruby: Add more hash/array literal tests 2023-11-16 12:58:53 +01:00
Tom Hvitved
475d8da342 Ruby: Include more nodes in {Hash,Array}LiteralCfgNode 2023-11-14 13:50:46 +01:00
Tom Hvitved
f1b67ade9b Ruby: Include name of variable in UninitializedDefinition.toString 2023-11-14 11:33:59 +01:00
Tom Hvitved
14cfb82a8c Ruby: Summarized type-tracking stores should target post-update nodes 2023-10-30 10:47:29 +01:00
Harry Maclean
1297acf5b1 Merge pull request #14216 from hmac/hmac-graphql-enum 
Ruby: Restrict GraphQL remote flow sources
 2023-10-13 11:31:50 +01:00
erik-krogh
57c757c0a6 Ruby: delete outdated deprecation in test code 2023-10-09 09:14:55 +02:00
Tom Hvitved
c570083163 Ruby: Improve performance of flow through (hash) splats 2023-09-27 11:49:31 +02:00
Harry Maclean
dc2acf5a39 Merge pull request #14090 from hmac/splat-flow-4 
Ruby: More splat flow (alternative)
 2023-09-27 10:22:57 +01:00
Harry Maclean
2214caef4b Ruby: Identify named graphql params as sources 2023-09-22 17:54:55 +01:00
Harry Maclean
18dac9ab8a Ruby: Handle GraphQL array types 2023-09-18 16:00:56 +01:00
Harry Maclean
5706bc6205 Ruby: Model GraphQL InputObject arguments 2023-09-14 19:02:39 +01:00
Harry Maclean
57ae1ee3e9 Ruby: Add test for GraphQL remote flow sources 2023-09-14 13:46:52 +01:00
Harry Maclean
20f1a74202 Ruby: Restrict GraphQL remote flow sources 
Previously we considered any splat parameter in a graphql resolver to be
a remote flow source. Now we limit that to reads of the parameter which
yield scalar types (e.g. String), as defined by the GraphQL schema.

This should reduce GraphQL false positives.
 2023-09-14 12:14:56 +01:00