hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

4944 Commits

Author SHA1 Message Date
Arthur Baars
ebf0bb889b Ruby: add some integration tests for diagnostic messages 2023-03-08 16:35:43 +01:00
Arthur Baars
2d6f3ed6c2 Address comments 2023-03-08 13:10:03 +01:00
Maiky
5a9a90d00b Move query to experimental 2023-03-08 11:50:04 +01:00
Maiky
d9d63bbdc6 Change ERB to Erb 2023-03-08 10:41:24 +01:00
Maiky
3e1808d92e Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-03-08 10:30:43 +01:00
Maiky
cd49175fae Update ruby/ql/src/queries/security/cwe-094/TemplateInjection.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2023-03-08 10:27:57 +01:00
Maiky
cbb031ee14 Update ruby/ql/src/queries/security/cwe-094/TemplateInjection.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2023-03-08 10:27:39 +01:00
Arthur Baars
858aa9ae63 Ruby: add some links to diagnostic messages 2023-03-07 17:55:13 +01:00
Arthur Baars
78a802359e Remove references to 'ruby' in generic extractor code 2023-03-07 13:38:48 +01:00
Tom Hvitved
b6a709df50 Ruby: Rewrite Stored XSS query to use new data flow interface 2023-03-07 07:23:27 +01:00
Mathias Vorreiter Pedersen
92ad099c1b DataFlow: Remove bindingsets, remove the call column, and swap parameter and argument columns. 2023-03-06 13:47:59 +00:00
Mathias Vorreiter Pedersen
3bf28cc752 DataFlow: Sync identical files. 2023-03-06 13:46:21 +00:00
Mathias Vorreiter Pedersen
e6b6369a21 Ruby: Add stub. 2023-03-06 13:44:59 +00:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Arthur Baars
d2ab40c184 Merge pull request #12208 from gregxsunday/main 
Add ZipSlip and TarSlip query to ruby
 2023-03-06 10:40:06 +01:00
Anders Schack-Mulligen
557cb17f4d Dataflow: Minor perf fix for single config wrapper. 2023-03-06 10:24:33 +01:00
dependabot[bot]
f93b304578 Bump serde_json from 1.0.93 to 1.0.94 in /ruby 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.93 to 1.0.94.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.93...v1.0.94)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-06 04:15:01 +00:00
Dave Bartolomeo
e169702165 Merge branch 'main' into post-release-prep/codeql-cli-2.12.4 2023-03-04 09:20:44 -05:00
github-actions[bot]
af61b45785 Post-release preparation for codeql-cli-2.12.4 2023-03-04 14:16:55 +00:00
github-actions[bot]
462da63970 Release preparation for version 2.12.4 2023-03-03 14:11:51 +00:00
Kasper Svendsen
fe65fb8743 Merge pull request #12360 from kaspersv/kaspersv/actioncontroller-prevent-bad-join 
ActionController: Prevent bad join
 2023-03-03 13:38:33 +01:00
Anders Schack-Mulligen
0addcfa7c5 Dataflow: Fix some perf issues. 2023-03-03 11:45:32 +01:00
erik-krogh
a928f4c9ef add change-notes 2023-03-03 09:23:10 +01:00
erik-krogh
f96d6accbb delete old deprecations 2023-03-03 09:23:02 +01:00
Anders Schack-Mulligen
b34f99f716 Dataflow: Add change notes. 2023-03-02 16:01:29 +01:00
Arthur Baars
9e5ef9cf9d Merge pull request #12216 from aibaars/diagnostics-2 
Ruby: improve diagnostic messages
 2023-03-02 10:30:58 +01:00
Kasper Svendsen
9cac4bbe0f ActionController: Prevent bad join 2023-03-02 10:02:08 +01:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
erik-krogh
6cd4cd332d remove redundant imports 2023-03-01 16:25:01 +01:00
Arthur Baars
2c611d3fef Address review comments 2023-03-01 13:30:02 +01:00
erik-krogh
31336b09c4 add summary for the Array method on Kernel 2023-03-01 12:53:13 +01:00
Tom Hvitved
16fa8b2914 Merge pull request #12051 from hmac/actioncontroller-filter-flow-steps 
Ruby: flow steps for ActionController filters
 2023-03-01 10:51:09 +01:00
Tom Hvitved
92359e539b Fix another bad join 
Before
```
[2023-03-01 08:19:51] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 in 6751ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@6718c917 with tuple counts:
         3872025  ~3%    {2} r1 = JOIN _CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_DataFlowPrivate#462ff392::Cached::TExprNode#ff#shared WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         3637917  ~0%    {2} r2 = JOIN r1 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1
          679799  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Method#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1
         3069328  ~0%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        22039083  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10051483  ~0%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~5%    {3} r7 = JOIN r6 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10057538  ~5%    {3} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprNodes::SelfVariableAccessCfgNode#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
        10057538  ~0%    {3} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
        10033937  ~1%    {3} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
           83281  ~2%    {2} r11 = JOIN r10 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
                         return r11
```

After
```
[2023-03-01 08:31:20] Evaluated non-recursive predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q in 161ms (size: 83265).
Evaluated relational algebra for predicate Filters#b57b2328::Filters::selfPostUpdate#2#ff@06d73c6q with tuple counts:
         23680  ~2%    {1} r1 = SCAN Method#8b49e67f::Method#ff OUTPUT In.0
         23680  ~2%    {1} r2 = STREAM DEDUP r1
         23680  ~0%    {2} r3 = JOIN r2 WITH Method#8b49e67f::Callable#f ON FIRST 1 OUTPUT Lhs.0, Lhs.0
         54790  ~4%    {3} r4 = JOIN r3 WITH Variable#1965ffe5::Variable::getDeclaringScope#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0
        202490  ~0%    {3} r5 = JOIN r4 WITH Variable#1965ffe5::VariableAccess::getVariable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
         98332  ~5%    {3} r6 = JOIN r5 WITH Variable#9f7d933a::SelfVariableAccessImpl#class#f ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2
         83491  ~1%    {2} r7 = JOIN r6 WITH Statement#f35022d0::Stmt::getCfgScope#0#dispred#ff ON FIRST 2 OUTPUT Lhs.0, Lhs.2
         83584  ~0%    {2} r8 = JOIN r7 WITH CfgNodes#ace8e412::ExprCfgNode::getExpr#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83584  ~0%    {2} r9 = JOIN r8 WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         83265  ~2%    {2} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::PostUpdateNode::getPreUpdateNode#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1
                       return r10
```
 2023-03-01 08:34:07 +01:00
erik-krogh
36b33765a5 use allowImplicitRead instead of a taint-step from elements to the array 2023-02-28 16:09:52 +01:00
Arthur Baars
6c57823232 Merge branch 'main' into diagnostics-2 2023-02-27 19:00:03 +01:00
erik-krogh
b0797a2559 Merge branch 'main' into more-shell-taint 2023-02-27 18:27:09 +01:00
Anders Schack-Mulligen
bf650c755c Dataflow: Sync changes to all languages. 2023-02-27 14:30:05 +01:00
Alex Ford
7c85448cba Merge pull request #12080 from alexrford/js-use-shared-cryptography 
JS: Use shared `CryptographicOperation` concept
 2023-02-27 12:26:38 +00:00
Maikypedia
44997d6b5f Change query id 2023-02-25 15:51:04 +01:00
Maikypedia
61fe3704c0 Remove unused imports 2023-02-25 15:43:48 +01:00
Maikypedia
dd1f7cc1d2 Remove missed file 2023-02-25 15:35:16 +01:00
Maikypedia
ff50513441 Add initial query for Ruby SSTI 2023-02-25 15:33:23 +01:00
Alex Ford
a54ca38e31 Ruby: DataFlow::CallableNode extends DataFlow::StmtSequenceNode 2023-02-24 16:40:35 +00:00
Alex Ford
e948e22186 Ruby: all Exprs have a corresponding DataFlow::Node that is more specific than just DataFlow::ExprNode 2023-02-24 16:40:35 +00:00
Grzegorz Niedziela
48007d14d5 move tests to experimental as well and fix .qlref reference 2023-02-24 10:38:21 +00:00
gregxsunday
34b441c3cc move query to experimental folder 2023-02-23 12:12:04 +00:00
gregxsunday
5a85fa12c7 add block test cases and update tests 2023-02-23 12:09:22 +00:00
gregxsunday
f9b5846675 add detection of sources directly used with blocks 2023-02-23 12:09:12 +00:00
Grzegorz Niedziela
4ab6a7bdfd Merge branch 'github:main' into main 2023-02-23 10:50:15 +00:00
Tom Hvitved
bd5ae88a9a Ruby: Move FileSystem.qll implementation into shared util pack 2023-02-23 10:21:04 +01:00