hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

4740 Commits

Author SHA1 Message Date
Michael Nebel
58fcbc136c Ruby: Re-factor getComponent. 2023-05-26 12:25:00 +02:00
Asger F
1c7f6dc32e Ruby: add meta-query for calls to summarized callables 2023-05-26 11:34:23 +02:00
Maiky
026d94c457 Add LDAP Injection query (incomplete) 2023-05-25 22:51:25 +02:00
Alex Ford
609319da20 ruby: update TaintStep.ql test output 2023-05-25 17:53:01 +01:00
Asger F
9e8cef5e1b Ruby: fix type-tracking flow-through for new->initialize calls 2023-05-25 15:03:38 +02:00
Asger F
93678e5d36 Ruby: fix name of super calls in singleton methods 2023-05-25 15:03:34 +02:00
erik-krogh
9f5bf8fb22 also fix the first code-block 2023-05-25 13:56:29 +02:00
erik-krogh
765076bcba fix whitespace in the samples in ReDoS.qhelp 2023-05-25 13:28:39 +02:00
Sim4n6
52dd247a81 Removed redundant cast 2023-05-25 11:55:13 +01:00
Sim4n6
09c97ce0da Added one more example to the qhelp 2023-05-25 09:41:22 +01:00
Sim4n6
7d68f6afc9 added ActiveSupport::Multibyte::Chars normalize() sink 2023-05-25 09:21:55 +01:00
Sim4n6
d772bb213a Added three more Unicode Normalization sinks 2023-05-25 03:10:00 +01:00
Maiky
40450a2792 typo 2023-05-24 17:02:48 +02:00
github-actions[bot]
d2e192020b Post-release preparation for codeql-cli-2.13.3 2023-05-24 11:26:12 +00:00
Tom Hvitved
13ada1e6ad Ruby: Remove canonical return nodes 2023-05-24 11:11:50 +02:00
Tom Hvitved
deee314370 Python/Ruby: Optimize join-order in TypeTracker::[small]step 2023-05-24 11:11:07 +02:00
Tom Hvitved
05f3934042 Merge pull request #13251 from hvitved/ruby/call-graph-self-param 
Ruby: Include both `self` parameters and SSA definitions in call graph construction
 2023-05-24 11:10:34 +02:00
Asger F
818753e922 Merge pull request #13265 from asgerf/rb/delete-name-clash 
Ruby: fix some name clashes between summarized callables
 2023-05-24 11:08:56 +02:00
Tom Hvitved
b486a4d52c Merge pull request #13255 from hvitved/ruby/ssa-param-capture-input 
Ruby: Include underlying SSA parameter definition in `localFlowSsaParamCaptureInput`
 2023-05-24 10:40:54 +02:00
Asger F
8bd6f6c450 Ruby: change note 2023-05-24 10:22:22 +02:00
Asger F
6d1a4451fb Ruby: update a test expectation 2023-05-24 10:15:51 +02:00
Maiky
27c1e47ece Update ruby/ql/lib/change-notes/2023-05-06-pg.md 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-05-24 01:44:51 +02:00
Maiky
8dca585207 Expected 2023-05-23 20:04:34 +02:00
Maiky
ad5355a04a Pg Library, change note and Frameworks.qll 2023-05-23 19:49:03 +02:00
Arthur Baars
e33f3a6668 Merge pull request #13154 from aibaars/sync-dbscheme-py 
JS/Ruby/QL/Python: sync dbscheme fragments
 2023-05-23 19:14:29 +02:00
Sim4n6
90c174de4e Updated the .expected file accordingly 2023-05-23 17:36:50 +01:00
Asger F
0592c8ba99 Ruby: avoid name clash for "assoc" summary 2023-05-23 17:34:19 +02:00
Asger F
50a7b21928 Ruby: fix a name clash for summaries called "delete" 2023-05-23 16:49:17 +02:00
Alex Ford
9ccfec0571 Ruby: move actiondispatch components to an internal subdirectory 2023-05-23 15:26:52 +01:00
Alex Ford
9f5c73cf63 Ruby: add a test case for instantiating ActionDispatch::Request directly 2023-05-23 15:18:32 +01:00
Alex Ford
1c9e4c0f0b Ruby: test for RequestInputAccess instances in ActionDispatch 2023-05-23 15:17:38 +01:00
Alex Ford
c2f5bacc47 Ruby: consider more calls to e.g. ActionDispatch::Request#params as remote input sources 2023-05-23 14:50:16 +01:00
Alex Ford
27729af088 Ruby: move ActionDispatch::Request logic out of ActionController.qll 2023-05-23 14:49:57 +01:00
Alex Ford
9b4914c3f6 Ruby: split ActionDispatch modelling into multiple component files 2023-05-23 14:48:45 +01:00
Tom Hvitved
eaa84cb819 Ruby: Include underlying SSA parameter definition in localFlowSsaParamCaptureInput 2023-05-23 13:56:29 +02:00
Tom Hvitved
349de77474 Ruby: Include both self parameters and SSA definitions in call graph construction 2023-05-23 12:28:06 +02:00
erik-krogh
c7e21ee9ae add really long regex as a test-case 2023-05-23 09:56:06 +02:00
Erik Krogh Kristensen
50cb5ea184 Merge pull request #13164 from erik-krogh/polyQhelp 
ReDoS: add another example to the qhelp in poly-redos, showing how to just limit the length of the input
 2023-05-23 09:25:15 +02:00
github-actions[bot]
7aa23cf11d Release preparation for version 2.13.3 2023-05-22 20:47:00 +00:00
Arthur Baars
bec2b7fef9 QL/Ruby: update dbscheme stats 2023-05-22 19:37:58 +02:00
Arthur Baars
294cc930e6 Ruby: add upgrade/downgrade scripts 2023-05-22 19:37:51 +02:00
Arthur Baars
d2bc66e393 QL: switch to shared YAML extractor 2023-05-22 19:28:59 +02:00
Arthur Baars
6d7e95a142 QL/Ruby: included shared extractor code in cache key 2023-05-22 19:28:59 +02:00
Arthur Baars
9f83dd5c7a Tree-sitter extractor: extract shared dbscheme fragments into 'prefix.dbscheme' 2023-05-22 19:28:51 +02:00
Tom Hvitved
20efe81f10 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Asger F <asgerf@github.com>
 2023-05-22 12:43:05 +02:00
Tom Hvitved
33be52f0b7 Ruby: Allow for flow out of callbacks passed to summarized methods in type tracking 2023-05-22 11:01:08 +02:00
erik-krogh
710b309142 apply suggestions from doc review 2023-05-21 22:18:48 +02:00
erik-krogh
10bf17c33e Merge branch 'main' into polyQhelp 2023-05-21 22:17:06 +02:00
Tom Hvitved
128168a7e7 Ruby: Allow for flow through callbacks to summarized methods in type tracking 2023-05-21 20:51:45 +02:00
Sim4n6
97e8e0bd8e Add String Manipulation Method Calls & CGI.escapeHTML() support 2023-05-21 11:52:29 +01:00