hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,658 Commits 1,672 Branches 157 Tags
rust-ti-implementing-type-method
Commit Graph

4740 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
5ba7c13ecd fix alert-message by adding the link 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-04 13:50:25 +02:00
erik-krogh
d370b2a51e simplify the where clause of rb/kernel-open 2022-10-04 13:49:50 +02:00
Arthur Baars
ae7e6ef701 Ruby: update dependencies 2022-10-04 13:44:22 +02:00
erik-krogh
bf74481f65 add a link to the source in the alert-message for rb/kernel-open 2022-10-04 13:41:50 +02:00
Arthur Baars
88b5d4da16 Ruby: extend may have multiple arguments 2022-10-04 12:58:50 +02:00
Arthur Baars
ab3a62de3c Update ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll 2022-10-04 12:58:50 +02:00
Tom Hvitved
6e61ef10b8 Ruby: Add another dataflow copy 2022-10-04 12:58:50 +02:00
Tom Hvitved
9d7d6c29f9 Review comments 2022-10-04 12:58:50 +02:00
Tom Hvitved
77c47bc856 Ruby: Add another call graph test 2022-10-04 12:58:49 +02:00
Arthur Baars
44cc6f7350 Ruby: improve tracking of regular expressions 
There are two flavours of `match?`. If the receiver of `match?` has type String
then the argument to `match?` is a regular expression. However, if the receiver of
`match?` has type Regexp then the argument is the text.

The role of receiver and argument flips depending on the type of the receiver, this
caused a lot of false positives when looking for string-like literals that are
used as a regular expression.

This commit attempts to improve things by trying to determine whether the type of the
receiver is known to be of type Regexp. In such cases we know that the argument
is unlikely to be  regular expression.
 2022-10-04 12:58:49 +02:00
Arthur Baars
0160c374e4 Ruby: add flow summaries for Object#dup and Kernel#tap 2022-10-04 12:58:49 +02:00
Arthur Baars
5d55daa491 Ruby: use resolveConstantReadAccess instead of trackModuleAccess for 'extend' calls 
This avoids non-linear recursion at the cost of losing some results.
 2022-10-04 12:58:49 +02:00
Arthur Baars
c2b98a4761 Ruby: add support for 'extend' method 2022-10-04 12:58:49 +02:00
Arthur Baars
09bc78eafc Ruby: local dataflow step for || and && 2022-10-04 12:58:49 +02:00
Arthur Baars
e95b5468d9 Ruby: use Dataflow for Pathname instead of TypeTracking 2022-10-04 12:58:49 +02:00
Arthur Baars
f9b952f04f Ruby: Pathname use TypeTracker instead of local flow 2022-10-04 12:58:49 +02:00
Nick Rolfe
dd1b302fce Ruby: revert making inActionViewContext private 2022-10-04 11:29:09 +01:00
Nick Rolfe
a738f1d5cf Ruby: remove public abstract classes for Action{View,Controller} 2022-10-04 10:53:41 +01:00
Asger F
948594043d Ruby: share type-tracking test with array test 2022-10-04 11:15:13 +02:00
Asger F
b6231e82ec Ruby: do not treat WithoutElement[0..!] as a type filter 2022-10-04 11:14:31 +02:00
Asger F
3ccc3a2058 Ruby: move special treatment of Hash.[] into Hash.qll 2022-10-04 11:14:31 +02:00
Asger F
94d41b9fa4 Ruby: add hook for adding type-tracking steps 
fixup docs

fixup docs

fixup TypeTrackingStep
 2022-10-04 11:14:31 +02:00
Asger F
96711b2810 Ruby: improve join order in trackInstanceRec 2022-10-04 11:14:31 +02:00
Asger F
6e7aea85ef Ruby: update benign test output 
API graph tests only report the shortest path, and a new shortest path has appeared, but the old path is still there, so this is not a regression.
 2022-10-04 11:14:31 +02:00
Asger F
c220f4e103 Ruby: prune unusable summaries earlier 
Ruby: prune more aggressively
 2022-10-04 11:14:30 +02:00
Asger F
ff4ce4a151 Ruby: use Element[n..] tokens in inject and reduce 2022-10-04 11:14:30 +02:00
Asger F
fd9c1e4507 Ruby: filter out obvious module 'prepend' calls 2022-10-04 11:14:30 +02:00
Asger F
00e52ad109 Ruby: add type-tracking variant of hash-flow test 
Ruby: fixup type-tracking hash flow test

Fixup! type-tracking hash flow test result
 2022-10-04 11:14:30 +02:00
Asger F
9302271c15 Ruby: Hack special-casing of hash literals 2022-10-04 11:14:30 +02:00
Asger F
bd11946aec Ruby: support WithoutContent steps in restricted cases 
fixup ContentFilter

fixup basicWith(out)contentstep
 2022-10-04 11:14:28 +02:00
Asger F
323abf45ca Ruby: Speed up evaluateSummaryComponentStackLocal 2022-10-04 11:12:09 +02:00
Asger F
a7d764d2a7 Ruby: Improve join order when generating edges 2022-10-04 11:12:09 +02:00
Asger F
8c43ab627f Ruby: go to local source in load-store steps 2022-10-04 11:11:50 +02:00
Asger F
8b389fe5f9 Ruby: use getACallSimple in more Hash methods 2022-10-04 11:08:46 +02:00
Asger F
74c3886167 Ruby: use getACallSimple in more Array methods 2022-10-04 11:08:46 +02:00
Asger F
c06743afb5 Ruby: update benign test updates 2022-10-04 11:08:46 +02:00
Asger F
f75f27d30e Ruby: update test 2022-10-04 11:08:46 +02:00
Asger F
5b2d8b0894 Ruby: make Array.each a simple summary 2022-10-04 11:08:46 +02:00
Asger F
fbab0f50f2 Ruby: Evaluate longer summary component stacks 2022-10-04 11:08:46 +02:00
Asger F
0000a7d429 Ruby: Summarize load-store steps in type-tracking 
fixup to LoadStore
 2022-10-04 11:08:44 +02:00
Asger F
a4d4e406c6 Ruby: Summarize level steps in type tracking 2022-10-04 11:06:44 +02:00
Asger F
1c484d80aa Ruby: add some calls to .each in call graph test 2022-10-04 11:06:44 +02:00
Asger F
ab672ded6a Ruby: strip trailing whitespace in calls.rb test 2022-10-04 11:06:44 +02:00
Tom Hvitved
12536578d4 Merge pull request #10664 from hvitved/type-tracking-more-caching 
Ruby/Python: Cache more type tracking predicates
 2022-10-04 10:58:41 +02:00
Harry Maclean
42a97b26bb Merge pull request #10316 from hmac/hmac/actionview 
Ruby: Model ActionView
 2022-10-04 08:16:16 +13:00
Tom Hvitved
bc3e9339dc Ruby: Cache more type tracking predicates 2022-10-03 20:29:17 +02:00
Tom Hvitved
d52d3d7b75 Merge pull request #10644 from hvitved/ruby/prevent-reevaluation 
Ruby: Prevent reevaluation of expensive predicates
 2022-10-03 13:10:39 +02:00
Asger F
47e5623b90 Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs 
Ruby: Do not attempt to track precise hash indices for floats and complex numbers
 2022-10-03 09:23:33 +02:00
Harry Maclean
eaf6eb009b Update tests 2022-10-03 17:17:58 +13:00
Harry Maclean
e48665ad9f Fix doc 2022-10-03 14:13:12 +13:00