hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

4944 Commits

Author SHA1 Message Date
erik-krogh
8b99e8af88 fix bad join by removing bad recursion 2023-03-13 17:34:11 +01:00
erik-krogh
25a6d496d9 Merge branch 'main' into HEAD 2023-03-13 17:33:06 +01:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
dependabot[bot]
6e75df4088 Merge pull request #12494 from github/dependabot/cargo/ruby/serde-1.0.155 2023-03-13 11:49:00 +00:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Tom Hvitved
163bb2b94d Add change note 2023-03-13 12:45:46 +01:00
Tom Hvitved
714b61b63e Ruby: Add missing flow through self.new constructor calls 2023-03-13 12:45:46 +01:00
dependabot[bot]
219bac74bf Bump serde from 1.0.154 to 1.0.155 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.154 to 1.0.155.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.154...v1.0.155)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-13 11:36:09 +00:00
Arthur Baars
e0a49e2999 Merge pull request #12486 from aibaars/windows-long-paths 
Ruby: support long paths on Windows
 2023-03-13 12:18:50 +01:00
Arthur Baars
41a53ec109 Address comments 2023-03-13 11:50:03 +01:00
Anders Schack-Mulligen
c380ecbbbc Data flow: Add change notes. 2023-03-13 11:09:13 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Tom Hvitved
6ee231fac5 Ruby: Add more tests for flow through constructors 2023-03-13 10:52:01 +01:00
Harry Maclean
3734a544bc Ruby: Add change note 2023-03-13 21:38:45 +13:00
Harry Maclean
e80ff4efba Ruby: Fix tests and qldoc 2023-03-13 20:32:37 +13:00
Harry Maclean
071517c74b Ruby: Clean up Sinatra modeling 2023-03-13 19:25:56 +13:00
Harry Maclean
bfe42a656c Ruby: QL4QL fix 2023-03-13 19:04:46 +13:00
Harry Maclean
384e7c7a80 Jump step for sinatra callbacks 2023-03-13 19:03:32 +13:00
Harry Maclean
e65d7224db Ruby: tests, patterns, fix erb flow 2023-03-13 19:03:32 +13:00
Harry Maclean
eada3b91df Ruby: track flow from sinatra routes to erb files 2023-03-13 19:03:32 +13:00
Harry Maclean
c82b4638c6 Ruby: Import Sinatra modeling by default 2023-03-13 19:03:32 +13:00
Harry Maclean
a1fab31bfc Ruby: Model Sinatra 
Adds some very basic modeling of Sinatra applications.
We recognise the `params` call in Sinatra routes as an HTTP request
input access.
 2023-03-13 19:03:32 +13:00
Harry Maclean
9c3d141c9c Ruby: Add change note 2023-03-13 18:57:55 +13:00
Harry Maclean
fe995dd99b Ruby: ActiveRecord::Connection.execute SQL sink 2023-03-13 09:03:54 +13:00
Harry Maclean
025cd34dab Ruby: Taint flow through ActionController params 
We were not recognising "require" as returning a Parameters instance.
 2023-03-13 08:52:41 +13:00
Harry Maclean
2d95b6a049 Ruby: Add count_by_sql as SQL sink 2023-03-13 08:40:32 +13:00
Harry Maclean
c97dccf0de Ruby: Add reorder as a SQL sink 
In recent versions of Rails this method doesn't seem to be vulnerable,
but it may be in previous versions. There's a slight FP risk here, but
I think it is small.
 2023-03-13 08:38:17 +13:00
Arthur Baars
c67bfff33b Ruby: strip \\?\ from display paths 2023-03-10 22:32:11 +01:00
Arthur Baars
4bfcc31ef0 Ruby: support long paths on Windows 2023-03-10 22:32:11 +01:00
Anders Schack-Mulligen
1e64748ffe Dataflow: Autoformat. 2023-03-10 15:12:19 +01:00
Anders Schack-Mulligen
289f921171 Dataflow: Sync. 2023-03-10 14:56:54 +01:00
Anders Schack-Mulligen
00f0879ff5 Dataflow: Sync. 2023-03-10 14:56:54 +01:00
Tom Hvitved
6eea906bbf Data flow: Synthesize post-update nodes for callback arguments inside summarized callables 2023-03-10 12:43:21 +01:00
Tony Torralba
8aa80882ea Sync files 2023-03-10 12:35:13 +01:00
Anders Schack-Mulligen
83569911ae Merge pull request #12230 from aschackmull/all/autoformat 
Mass autoformat with class and module declarations format fix
 2023-03-10 12:29:34 +01:00
Anders Schack-Mulligen
159d8e978c Dataflow: one more autoformat post rebase 2023-03-10 10:04:35 +01:00
Anders Schack-Mulligen
a5d229903d Ruby: Autoformat 2023-03-10 09:41:20 +01:00
Harry Maclean
9cf2acface Ruby: Make trap option title consistent with C# 2023-03-10 21:11:58 +13:00
Harry Maclean
cf64e0e85f Ruby: trap_compression -> trap.compression 
Change the trap_compression extractor option to be an object `trap` with
a nested option `compression`. This means that on the command line you
would supply the option as follows:

    codeql database create --extractor-option trap.compression=gzip

This is a little less jarring than the previous design, which would use
underscores amonst the hyphens:

    codeql database create --extractor-option trap_compression=gzip
 2023-03-10 19:18:49 +13:00
Nick Rolfe
7649772935 Expose TRAP compression option via the new extractor options feature. 2023-03-10 19:09:51 +13:00
Arthur Baars
348165205c Merge pull request #12442 from aibaars/diagnostics-tests 
Ruby: add some integration tests for diagnostic messages
 2023-03-09 21:58:42 +01:00
Mathias Vorreiter Pedersen
59402eb754 Merge pull request #12462 from MathiasVP/disable-std-order-in-fwd-flow-stage-1 
DataFlow: Disable standard order in `Stage1::fwdFlow`
 2023-03-09 15:30:05 +00:00
Alex Ford
5ef71f9d28 Merge pull request #12306 from alexrford/rb/more-expr-nodes 
Ruby: ensure that all Ast `Expr`s have a dataflow node type more precise than `ExprNode`
 2023-03-09 14:54:34 +00:00
Asger F
6e744093e2 Merge pull request #12398 from github/post-release-prep/codeql-cli-2.12.4 
Post-release preparation for codeql-cli-2.12.4
 2023-03-09 15:38:21 +01:00
Rasmus Wriedt Larsen
38fe9b71b9 Ruby: Use new parameter position for synthetic hash-splat instead 
We wanted to ensure that a callable did not have multiple parameters
with same parameter position. Originally we fixed this with
e0bd210797. This commit reverts that and
solves it by introducing a new parameter position instead.
 2023-03-09 15:05:07 +01:00
Arthur Baars
c98e0fa0b4 Ruby: fix comment 2023-03-09 13:14:57 +01:00
Arthur Baars
8096f86224 Ruby: lower severity of parse error to warning 2023-03-09 13:14:57 +01:00
Mathias Vorreiter Pedersen
1f77f77153 DataFlow: Sync identical files. 2023-03-09 10:41:15 +00:00
dependabot[bot]
060cd9fada Bump serde from 1.0.152 to 1.0.154 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.152 to 1.0.154.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.152...v1.0.154)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-09 04:06:43 +00:00