Tom Hvitved
1ea7717714
Capture flow: Take overwrites in nested scopes into account
2024-02-09 14:49:23 +01:00
Tom Hvitved
0c43ad45b4
Ruby: Add another captured variable data flow test
2024-02-09 14:48:36 +01:00
Anders Schack-Mulligen
35a3aa0a09
Ruby: Add empty provenance column to expected files.
2024-02-09 11:32:08 +01:00
Harry Maclean
3a90d78c36
Ruby: Fix Rails view file regex
...
This picks up non-nested template files correctly.
2024-02-09 09:41:43 +00:00
Harry Maclean
48890b446d
Ruby: Add more actioncontroller tests
2024-02-09 09:31:35 +00:00
Koen Vlaswinkel
e596862074
Merge pull request #15541 from github/koesie10/ruby-access-path-constructor-returnvalue
...
Ruby: Remove `ReturnValue` as access path for constructors
2024-02-08 16:25:34 +01:00
Dave Bartolomeo
92bd550c55
Merge pull request #15531 from github/post-release-prep/codeql-cli-2.16.2
...
Post-release preparation for codeql-cli-2.16.2
2024-02-08 05:58:17 -08:00
Koen Vlaswinkel
87eb1ab103
Ruby: Include ReturnValue and exclude self for constructors
2024-02-08 13:40:10 +01:00
Koen Vlaswinkel
8646bffaea
Ruby: Remove ReturnValue as access path for constructors
2024-02-07 14:35:19 +01:00
Henry Mercer
e71f0fc1ba
Add supported build modes to extractor metadata
2024-02-06 19:51:13 +00:00
github-actions[bot]
b5139078d0
Post-release preparation for codeql-cli-2.16.2
2024-02-06 19:22:35 +00:00
Koen Vlaswinkel
8361efca4d
Merge pull request #15503 from github/koesie10/ruby-access-paths
...
Ruby: Add query for access paths in model editor
2024-02-06 10:12:26 +01:00
github-actions[bot]
c1b35fbf47
Release preparation for version 2.16.2
2024-02-05 17:58:57 +00:00
Harry Maclean
f792b58421
Ruby: Recognise more ActiveRecord connections
2024-02-05 16:45:59 +00:00
Koen Vlaswinkel
6a098120e3
Rename details to node
2024-02-05 16:33:29 +01:00
Koen Vlaswinkel
49dbad96f9
Switch from details string to DataFlow::Node
2024-02-05 16:33:01 +01:00
Jim Ockers
e477909200
Merge branch 'main' into ockers/certification_not_certificate
2024-02-02 15:39:29 -08:00
James Ockers
9f7f9fcc6e
Updating change-notes to reflect what will be the visible change to end users
2024-02-02 11:38:17 -08:00
Koen Vlaswinkel
f83d2a7d55
Ruby: Avoid using toString where possible
2024-02-02 14:18:21 +01:00
Koen Vlaswinkel
ac1ebf27a7
Ruby: Rename suggestion predicates
2024-02-02 14:18:16 +01:00
Koen Vlaswinkel
8853acb4dd
Ruby: Add query for access paths in model editor
2024-02-01 16:20:00 +01:00
Tom Hvitved
8972133d4b
Merge pull request #15498 from hvitved/ruby/ctx-sensitivity-test
...
Ruby: Add another dataflow test
2024-02-01 12:46:53 +01:00
Tom Hvitved
792f302bd4
Ruby: Add another dataflow test
2024-02-01 10:52:06 +01:00
Koen Vlaswinkel
ce4d8d6b51
Merge pull request #15490 from github/koesie10/ruby-model-constructor-on-new
...
Ruby: Model constructors in endpoint query on new instead of initialize
2024-02-01 09:31:49 +01:00
Harry Maclean
06334eee2e
Merge pull request #14554 from maikypedia/maikypedia/insecure-randomness
...
Ruby: Add Insecure Randomness Query
2024-01-31 17:16:32 +00:00
Koen Vlaswinkel
d5f0a5ce72
Use predicate for isConstructor
2024-01-31 14:19:14 +01:00
Koen Vlaswinkel
c1aaf5a574
Ruby: Model constructors in endpoint query on new
2024-01-31 13:54:48 +01:00
Tom Hvitved
e7676a00d2
Merge pull request #15370 from hvitved/ruby/erb-flow
...
Ruby: Model flow through `ViewComponent` render methods
2024-01-31 13:24:10 +01:00
Koen Vlaswinkel
817fd8c097
Ruby: Move TestFile to modeling Util module
...
The TestFile class in the ModelEditor module is more accurate than the
existing RelevantFile class in the Util module, so this moves the
TestFile class to Util and redefines RelevantFile in terms of the
TestFile.
2024-01-31 11:53:30 +01:00
Koen Vlaswinkel
b51379b533
Ruby: Only model relevant files for type models
2024-01-31 11:30:16 +01:00
Harry Maclean
a298a395e6
Merge pull request #15473 from github/koesie10/ruby-model-only-public-methods
...
Ruby: Only generate models for public methods
2024-01-31 09:27:27 +00:00
James Ockers
0f1e21aa09
Adding per-language change-notes
2024-01-30 17:28:34 -08:00
James Ockers
eb5e0123d6
exclude certification from maybeCertificate() regexes
2024-01-30 13:16:18 -08:00
Harry Maclean
4cfdf8b7a3
Ruby: Add test case for view without ERB template
2024-01-30 20:30:59 +01:00
Tom Hvitved
803513acc6
Add change note
2024-01-30 20:30:58 +01:00
Tom Hvitved
d2d017dd64
Ruby: Model flow through ViewComponent render methods
2024-01-30 20:30:58 +01:00
Tom Hvitved
817a2b71a8
Add more tests
2024-01-30 20:30:58 +01:00
Harry Maclean
557b49cfc5
Ruby: Add basic modeling for ViewComponent
2024-01-30 20:30:58 +01:00
Harry Maclean
5b3a2b35b7
Update expected file
2024-01-30 20:30:58 +01:00
Harry Maclean
75a37486c9
Add WIP query for erb flow
2024-01-30 20:30:58 +01:00
Harry Maclean
bf3b86b402
Add test for erb flow
2024-01-30 20:30:58 +01:00
Tom Hvitved
2d95ac9d5f
Merge pull request #15468 from hvitved/ruby/ctx-sensitivity-rework
2024-01-30 20:27:43 +01:00
Arthur Baars
4591560692
Merge pull request #14544 from p-/p--oj-ox-unsafe-deser
...
Ruby: additional unsafe deserialization sinks for ox and one for oj
2024-01-30 19:28:32 +01:00
Peter Stöckli
fb075a9e88
Rename 2023-10-19-unsafe-deserialization-sinks.md to 2024-01-30-unsafe-deserialization-sinks.md
2024-01-30 17:31:33 +01:00
Sid Shankar
f557110d9b
Merge pull request #15465 from sidshank/sidshank/rename-file-name-for-extracted-files-diagnostic
...
JS/TS/Python/Ruby: Renames diagnostic query files and tests
2024-01-30 10:19:00 -05:00
Koen Vlaswinkel
0442631c68
Ruby: Only generate models for public methods
2024-01-30 16:07:34 +01:00
Koen Vlaswinkel
8aa3542d13
Merge pull request #15470 from github/koesie10/add-summary-neutral-ruby-supported
...
Ruby: Correctly report supported status of summary and neutral models
2024-01-30 15:46:45 +01:00
Peter Stöckli
1947dee46a
Merge branch 'main' into p--oj-ox-unsafe-deser
2024-01-30 15:33:39 +01:00
Peter Stöckli
9596aebee3
Format: getValue now on one line
2024-01-30 15:22:16 +01:00
Peter Stöckli
3c8bc96ab5
replace occurence of AssignExprCfgNode for Oj as well
2024-01-30 15:17:37 +01:00
