hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

1619 Commits

Author SHA1 Message Date
Harry Maclean
4bc9096446 Ruby: Add case string comparison barrier guard 
This recognises barriers of the form

    STRINGS = ["foo", "bar"]

    case foo
    when "some string literal"
      foo
    when *["other", "strings"]
      foo
    when *STRINGS
      foo
    end

where the reads of `foo` inside each `when` are guarded by the comparison
of `foo` with the string literals.

We don't yet recognise this construct:

    case foo
    when "foo", "bar"
      foo
    end

This is due to a limitation in the shared barrier guard logic.
 2022-11-09 15:03:13 +13:00
Asger F
43769ad464 Ruby: update test output 2022-11-08 19:20:57 +01:00
Nick Rolfe
a9ff0bdbbf Ruby: accept changed test output 2022-11-08 17:36:31 +00:00
Nick Rolfe
04575674db Ruby: generalise summaries for ActiveSupport Hash extensions 2022-11-08 15:48:20 +00:00
Asger F
271de66f01 Ruby: rename getConst -> getConstant 2022-11-08 16:41:04 +01:00
Tom Hvitved
edde3defed Merge pull request #11153 from hvitved/ruby/basic-block-at-conditions 
Ruby: Split basic blocks around constant conditionals
 2022-11-08 13:35:52 +01:00
Tom Hvitved
f0b9ca4bf9 Ruby: Add more guards tests 2022-11-08 11:09:54 +01:00
Asger F
a75c50620c Ruby: update more SSA test output 2022-11-08 11:03:24 +01:00
Erik Krogh Kristensen
c82410fd16 Merge pull request #10680 from erik-krogh/unsafeRbCmd 
RB: add an unsafe-shell-command-construction query
 2022-11-08 09:22:33 +01:00
Tom Hvitved
7ba0682297 Ruby: Split basic blocks around constant conditionals 2022-11-08 09:07:23 +01:00
Tom Hvitved
c86f597153 Ruby: Add test for disjunctive guard 2022-11-08 09:01:22 +01:00
Harry Maclean
d392cdaab6 Merge pull request #11022 from hmac/try-code-injection 
Ruby: try/try! as code execution
 2022-11-08 09:42:52 +13:00
erik-krogh
860c3c443c update expected output of the queries (some sorting changed due to locations being used slightly differently in the shared pack) 2022-11-07 14:34:20 +01:00
Asger F
edc5d8d644 Ruby: update test output 2022-11-07 14:17:50 +01:00
Asger F
a213e9e55d Merge pull request #1 from hvitved/rb/data-flow-layer-capture2 
Ruby: Make sure to always generate SSA definitions for namespace self-variables
 2022-11-07 14:12:48 +01:00
Asger F
f991991474 Ruby: fix incomplete renaming of getCanonicalEnclosing/Nested module 2022-11-07 14:04:10 +01:00
Tom Hvitved
2737255705 Ruby: Make sure to always generate SSA definitions for namespace self-variables 2022-11-07 14:02:09 +01:00
Asger F
a39cefe40f Ruby: fix broken test 2022-11-07 14:01:11 +01:00
Arthur Baars
98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00
erik-krogh
f3741ff1e4 changes based on review 2022-11-03 09:41:05 +01:00
Dave Bartolomeo
499f20f6e8 Merge pull request #11004 from dbartol/dbartol/use-workspace-versions 2022-11-02 20:02:48 -04:00
Tom Hvitved
46631d6eaf Merge pull request #10931 from hvitved/ruby/fix-flow-into-phis 
Ruby: Fix flow steps into phi nodes
 2022-11-02 21:07:06 +01:00
erik-krogh
6bc12e8f2b Merge branch 'main' into formatTaint 2022-11-02 13:39:30 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Tom Hvitved
ee9163aa40 Ruby: Fix flow steps into phi nodes 
- Add missing flow from post-update nodes into phi nodes.
- Prevent flow from reads into phi nodes when use-use flow is prohibited.
 2022-11-01 16:33:06 +01:00
Tom Hvitved
a191edfbd5 Ruby: Add data flow tests that illustrate problems with flow into SSA phi nodes 2022-11-01 16:32:46 +01:00
Tom Hvitved
e8f9429b92 Merge pull request #10917 from hvitved/ruby/singleton-call-sensitivity 
Ruby: Call-context sensitivity for singleton method calls
 2022-11-01 14:13:26 +01:00
Arthur Baars
aba87a139d Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
erik-krogh
84a7fddd95 remove explicit versions in lock files, as the dependencies are all installed locally 2022-11-01 09:09:26 +01:00
Asger F
056b1e8d63 Ruby: add some basic tests 2022-10-31 14:05:11 +01:00
Asger F
9be2512050 Ruby: rename one of the PostsController2 classes 
These had the same name and ended up being unified
 2022-10-31 13:33:41 +01:00
Asger F
b4b34cc994 Ruby: port part of ActionController model 2022-10-31 13:33:41 +01:00
Asger F
9f59b6b439 Update type-tracking test 2022-10-31 13:33:41 +01:00
Asger F
0a8f39fe96 Ruby: recover some incomplete capture flow 2022-10-31 13:33:41 +01:00
Asger F
b29ac5249e Ruby: add type-tracking inline test in global flow test 2022-10-31 13:33:41 +01:00
Asger F
4ed61c13f8 Ruby: add some captured-variable flow tests 2022-10-31 13:33:41 +01:00
Harry Maclean
fd61a5253d Ruby: Recognise try/try! as code executions 2022-10-31 11:53:22 +13:00
Harry Maclean
3f403f0f87 Merge pull request #10700 from hmac/activesupport 
Ruby: Model some ActiveSupport methods
 2022-10-31 11:50:44 +13:00
Asger F
436cc60138 Ruby: update some uses of getConstantValue() 2022-10-28 15:16:14 +02:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Erik Krogh Kristensen
93fb2930c8 Merge pull request #10968 from erik-krogh/fixRbCode 
RB: fix rb/code-injection
 2022-10-28 09:14:14 +02:00
Harry Maclean
5e781f24b6 Ruby: Remove duplicate test 
This is already tested in hash-flow.
 2022-10-28 11:31:55 +13:00
Harry Maclean
4ec527a9ea Ruby: Explain difference between flow tests 
The type-tracking flow tests document the difference in sensitivity
between type-tracking and dataflow, so failures in that test are
expected.
 2022-10-28 11:31:55 +13:00
Harry Maclean
6e8446b6ae Fix tests 2022-10-28 11:31:55 +13:00
Harry Maclean
71d703f2a5 Ruby: Add ActiveSupport extensions 2022-10-28 11:31:55 +13:00
Harry Maclean
cb37a0e835 Ruby: Add summaries for Hash#deep_merge(!) 2022-10-28 11:31:55 +13:00
Harry Maclean
3dea1d6a60 Ruby: Add flow summary for Hash#except! 2022-10-28 11:31:55 +13:00
Harry Maclean
0454642220 Ruby: Model deep_dup and presence 2022-10-28 11:31:55 +13:00
Harry Maclean
9f260853ac Ruby: Model more ActiveSupport string extensions 2022-10-28 11:31:55 +13:00
Harry Maclean
b389d50943 Ruby: Identify safe_constantize 2022-10-28 11:31:54 +13:00