hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac-cli-injection-from-library-inputs
Commit Graph

559 Commits

Author SHA1 Message Date
Nick Rolfe
2037368f62 Ruby: make node column unique 2022-02-08 09:55:34 +00:00
Asger Feldthaus
862c3b9752 Ruby: autoformat 2022-02-08 10:22:15 +01:00
Asger Feldthaus
66b1c86402 Ruby: update qldoc for def predicate 2022-02-08 10:00:14 +01:00
Asger Feldthaus
9ac526be89 Ruby: change binding for getParameter/getKeywordParameter 2022-02-08 09:36:05 +01:00
Asger Feldthaus
073493bb2e Ruby: fix qldoc for getMethod 2022-02-08 09:28:07 +01:00
Harry Maclean
3031b39dc1 Ruby: prevent bad join in ActionController.qll 2022-02-08 12:10:23 +13:00
Nick Rolfe
e049f08c24 Ruby: update dbscheme stats 2022-02-07 12:42:34 +00:00
Nick Rolfe
b3b2bba618 Ruby: make some generated predicates final 2022-02-07 12:17:50 +00:00
Nick Rolfe
e8855c3718 Ruby: add db upgrade script 2022-02-07 12:10:36 +00:00
Nick Rolfe
388d361ec3 Ruby: put AST node locations in a single table 2022-02-07 12:10:36 +00:00
Tom Hvitved
dc09e87cb2 Ruby: Use SimpleSummarizedCallable in a few more places 2022-02-07 11:05:32 +01:00
github-actions[bot]
b4ab86c020 Post-release preparation for codeql-cli-2.8.0 2022-02-06 23:34:07 +00:00
Arthur Baars
ac03fab986 Merge pull request #7753 from aibaars/ruby-3.1 
Ruby 3.1 features
 2022-02-06 21:06:16 +01:00
Nick Rolfe
9744cf2457 Ruby: apply suggested simplification from review 2022-02-04 17:14:47 +00:00
Nick Rolfe
aaff3226c9 Ruby: prefer ...isInt(x) over x = ...getInt() 2022-02-04 17:10:22 +00:00
Nick Rolfe
45962f1cad Ruby: make this unique for each method 
Even when summaries are shared in a single class.
 2022-02-04 17:03:55 +00:00
Nick Rolfe
7a9ddc28bf Ruby: address some more feedback on array flow summaries 2022-02-04 16:33:27 +00:00
Nick Rolfe
ed00f2b0d2 Ruby: address some feedback on array flow summaries 2022-02-04 13:40:39 +00:00
Nick Rolfe
161d766ba9 Ruby: address review comments on array_flow.rb 2022-02-04 11:59:59 +00:00
Asger Feldthaus
0a0d9583b4 Ruby: rephase comment for MkDef 2022-02-04 11:37:54 +01:00
Asger Feldthaus
0189e8abb4 Ruby: autoformat 2022-02-04 11:32:31 +01:00
Asger Feldthaus
75b72361ce Ruby: add toString and locations to the new node types 2022-02-04 11:20:42 +01:00
Asger Feldthaus
7373a503f6 Ruby: Populate ArgumentPosition based on keyword arguments 2022-02-04 11:20:42 +01:00
Asger Feldthaus
5e350a0270 Ruby: Derive edge labels from {Argument,Parameter}Position 2022-02-04 11:20:42 +01:00
Asger Feldthaus
040e56623c Ruby: add getAValueReachingRhs 2022-02-04 11:20:42 +01:00
Asger Feldthaus
17dd5cd581 Ruby: remove a stray TODO 2022-02-04 11:20:42 +01:00
Asger Feldthaus
32e0f42969 Ruby: refactor Return(x) to Method(x).return 2022-02-04 11:20:39 +01:00
Asger Feldthaus
55b5f19b92 Ruby: Add def-nodes to API graphs 2022-02-04 11:06:35 +01:00
Asger Feldthaus
9c17a5ce99 Ruby: replace "instance" label with a call to new 2022-02-04 11:03:25 +01:00
Asger Feldthaus
5858732da1 Ruby: change useStep signature 2022-02-04 11:01:04 +01:00
Asger Feldthaus
e6fdd4d34a Ruby: Make hasLocalSource private/cached 2022-02-04 11:01:03 +01:00
Asger Feldthaus
9a496e647f Ruby: Drive-by fix type-tracking through params with default values 2022-02-04 11:01:03 +01:00
Harry Maclean
ab7fd89653 Merge pull request #7663 from github/hmac/api-graph-subclass 
Ruby: Add basic subclassing support to API Graphs
 2022-02-04 10:19:07 +13:00
Arthur Baars
6525035f0a Address comments 2022-02-03 13:47:03 +01:00
Tom Hvitved
6bb71f051b Merge pull request #7791 from hvitved/dataflow/inline-local-flow-star 
Data flow: Inline `local(Expr|Instruction)?(Flow|Taint)`
 2022-02-03 09:02:43 +01:00
Harry Maclean
c65ca8ff86 Model calls to constantize as code executions 
`constantize` is an ActiveSupport extension to `String` that attempts to
look up a constant with a name matching the receiver.
 2022-02-03 15:22:07 +13:00
Harry Maclean
704b58519f Ruby: Include subclasses in more API calls 
Change the behaviour of `API::getInstance()` and `API::getReturn()` to
include results on subclasses of the current API node.
 2022-02-03 11:35:59 +13:00
Harry Maclean
61cd05cfc5 Ruby: Ensure TRoute and TRouteBlock are private 2022-02-03 10:55:28 +13:00
Harry Maclean
80835a5a19 Ruby: Don't expose abstract class 
Make ActionDispatch::Route into a private class
ActionDispatch::RouteImpl, defining a new class Route which exposes the
necessary public API from RouteImpl.

Also rename getHTTPMethod to getHttpMethod.
 2022-02-03 10:41:30 +13:00
Arthur Baars
a22868ba27 Merge branch 'main' into ruby-3.1 2022-02-02 19:00:03 +01:00
Arthur Baars
3b05cb621c Address comment 2022-02-02 14:11:45 +01:00
Arthur Baars
fdcef6225b Ruby: fix QL warnings 2022-02-02 13:29:09 +01:00
Tom Hvitved
712418e5f8 Merge pull request #7781 from hvitved/dataflow/summary-stack-bottom-less-nonlinear 
Data flow: Reduce non-linear recursion in `SummaryComponentStack::bottom`
 2022-02-02 10:35:53 +01:00
Harry Maclean
5adcdf1cf8 Ruby: Minor refactor 2022-02-02 17:32:11 +13:00
Harry Maclean
8f5380122a Ruby: Cache ActionDispatch IPA types 2022-02-02 17:31:47 +13:00
Harry Maclean
749dc092ae Ruby: Attempt to mitigate potential bad join 
By joining simultaneously on controller class and name.
 2022-02-02 17:03:46 +13:00
Harry Maclean
a38bc9fe89 Ruby Fix handling of via: in ActionDispatch 2022-02-02 17:03:27 +13:00
Harry Maclean
856c3d332c Minor cleanup to ActionDispatch modelling 
`x.isStringOrSymbol(result)` is slightly terser than
`result = x.getStringOrSymbol()`.
 2022-02-02 16:26:20 +13:00
Harry Maclean
47823b5a9a Handle via: :all in Rails routes 
ActionDispatch modelling now understands that

    match "/foo", to: "foo#bar", via: :all

is equivalent to

    match "/foo",
      to: "foo#bar",
      via: [:get, :post, :put, :patch, :delete]
 2022-02-02 16:26:20 +13:00
Harry Maclean
8bdc05ddaf getValueText -> getConstantValue 2022-02-02 16:26:20 +13:00