hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

4731 Commits

Author SHA1 Message Date
Harry Maclean
5f17d8370c Ruby: Small change to isArrayExpr 2022-07-13 18:20:14 +12:00
Harry Maclean
63dcce9a31 Ruby: Refactor isArrayConstant 2022-07-13 18:20:14 +12:00
Harry Maclean
b5a3d3c488 Ruby: Extract isArrayConstant 
This predicate might be useful elsewhere.
 2022-07-13 18:20:14 +12:00
Harry Maclean
301914d80c Ruby: Add an extra barrier guard test 2022-07-13 18:20:14 +12:00
Harry Maclean
706d1d2eee Ruby: Make StringArrayInclusion more sensitive 
We now recognise the following pattern as a barrier guard for `x`:

    values = ["foo", "bar"]

    if values.include? x
      sink x
    end
 2022-07-13 18:20:12 +12:00
thiggy1342
7129002573 tweak tests more 2022-07-13 00:33:58 +00:00
thiggy1342
b3f1a513d1 Update tests 2022-07-13 00:25:43 +00:00
thiggy1342
9a0a9491da Merge branch 'main' into add-activerecord-annotate 2022-07-12 20:13:56 -04:00
thiggy1342
2566ae9889 Merge branch 'main' into experimental-strong-params 2022-07-12 20:12:51 -04:00
thiggy1342
db5f63b208 add tests 2022-07-12 23:14:16 +00:00
thiggy1342
7facc63699 remove predicate 2022-07-12 22:59:48 +00:00
thiggy1342
74d6061082 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-12 17:15:54 -04:00
Erik Krogh Kristensen
8e52fc97fc changes based on review by Shack 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
aae3e2ddde other changes based on Esbens review 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Nick Rolfe
217c9a8aaf Fix typo in changenote 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-12 08:50:58 +01:00
Nick Rolfe
a3628b06f1 Ruby: fix markup in changenote 2022-07-11 17:23:45 +01:00
Nick Rolfe
032aa56dc3 Ruby: add change note for system command execution sink bug 2022-07-11 17:00:07 +01:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
thiggy1342
ad7c3e7217 Merge branch 'main' into experimental-manually-check-request-verb 2022-07-11 10:20:07 -04:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00
thiggy1342
e8e8da1b31 fix lib test expect for ActionController 2022-07-08 19:01:01 +00:00
thiggy1342
5d3232c614 refactor to use data flow 2022-07-08 18:53:24 +00:00
thiggy1342
96e66c4a50 move tests 2022-07-08 18:39:04 +00:00
thiggy1342
0435105d16 Merge remote-tracking branch 'upstream/main' into experimental-strong-params 2022-07-08 18:36:09 +00:00
thiggy1342
6aab970a9e refactor query to use cfg and dataflow 2022-07-08 18:32:54 +00:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
11e39aa030 Add changelog 2022-07-07 21:40:16 +00:00
thiggy1342
940254d251 update framework tests 2022-07-07 19:39:59 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Nick Rolfe
02dd933e5f Ruby: move Pathname from core to stdlib 2022-06-30 10:08:25 +01:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Andrew Eisenberg
a3f4d1bf66 Move contextual queries from src to lib 
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
 2022-06-29 07:51:26 -07:00
Brandon Stewart
5888325549 Merge branch 'main' into patch-1 2022-06-29 08:42:24 -04:00
Nick Rolfe
5db2f9a768 Merge remote-tracking branch 'origin/main' into nickrolfe/pathname 2022-06-29 13:16:49 +01:00
Nick Rolfe
c1302a90e0 Ruby: use MaD for more precise Pathname flow summaries 2022-06-29 13:16:18 +01:00
Erik Krogh Kristensen
2e295e4a04 filter out potential misparses from rb/suspicious-regexp-range 2022-06-29 13:16:28 +02:00
Jeroen Ketema
55e052af26 Merge pull request #9686 from aschackmull/dataflow/no-node-scan 
Dataflow performance: Avoid node scans
 2022-06-29 10:38:56 +02:00
Brandon Stewart
c7b4133fbe Merge branch 'main' into patch-1 2022-06-28 09:46:46 -04:00
Brandon Stewart
33d1aae92a Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:51:01 -04:00
Brandon Stewart
1dc26a0ca3 Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:50:54 -04:00
Arthur Baars
6e836c7eb8 Merge pull request #9706 from aibaars/update-tree-sitter-ruby-2 
Ruby: update tree-sitter-ruby
 2022-06-28 14:14:15 +02:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Asger F
cc57cb8af5 Merge branch 'main' into post-release-prep/codeql-cli-2.10.0 2022-06-27 20:37:25 +02:00
Brandon Stewart
99ae1b3f0d Merge branch 'main' into patch-1 2022-06-27 10:12:26 -04:00
Brandon Stewart
52290fd4ae run codeql query format 2022-06-27 10:01:40 -04:00
Arthur Baars
051b865230 Ruby: update tree-sitter-ruby 2022-06-27 13:03:04 +02:00