Arthur Baars
5865b51a94
Ruby: build extractor using cross
2023-01-13 10:25:27 +01:00
Arthur Baars
dc6f5f60d1
Ruby: update stats
2023-01-13 10:22:42 +01:00
Arthur Baars
28c9b52dce
Ruby: add change note
2023-01-13 10:22:42 +01:00
Arthur Baars
46063c7d04
Ruby: update expected output
2023-01-13 10:22:41 +01:00
Arthur Baars
c4ec674057
Ruby: support anonymous (hash)splat parameters/arguments
2023-01-13 10:22:41 +01:00
Arthur Baars
4d3e2bb814
Ruby: upgrade/downgrade scripts
2023-01-13 10:22:41 +01:00
Arthur Baars
290167e1a3
Ruby: re-generated dbscheme/library
2023-01-13 10:22:41 +01:00
Arthur Baars
3a887d1c92
Ruby: update tree-sitter-{ruby, embedded-template}
2023-01-13 10:22:41 +01:00
Arthur Baars
af8cb65b2e
Merge pull request #11877 from aibaars/ql-ql-cross
...
QL/Ruby: include OS version in cache keys for Rust binaries
2023-01-12 20:02:25 +01:00
Arthur Baars
e29e077a03
Ruby/QL4QL: include OS version in cache keys
2023-01-12 15:47:10 +01:00
Michael Nebel
18a815ca8b
Merge pull request #11721 from michaelnebel/csharpjava/refactorprovenance
...
C#/Java: Re-factor provenance related predicates.
2023-01-12 10:50:31 +01:00
Harry Maclean
33a1469a56
Ruby: Add change note
2023-01-12 16:29:00 +13:00
Harry Maclean
8219465389
Ruby: fix missing doc
2023-01-12 11:35:35 +13:00
Harry Maclean
0626d693f5
Ruby: Recognise rack applications
...
This is a basic first step in modelling rack apps. We recognise classes
that look like rack applications and then treat the argument to `call`
in the same way that we treat `request.env` in ActionController classes.
This finds a TP in CVE-2021-43840.
2023-01-12 11:28:31 +13:00
Pierre
c3116b3f0f
Merge branch 'main' into turbo/experimental/combined
2023-01-11 18:02:55 +01:00
Michael Nebel
7e4f7a0c17
C#: Address review comments and sync files.
2023-01-11 16:29:24 +01:00
Michael Nebel
67cbe38255
Sync files.
2023-01-11 16:20:55 +01:00
Michael Nebel
c01361a1fd
Ruby: Re-factor provenance related predicates for summarized callable.
2023-01-11 16:20:55 +01:00
Michael Nebel
ea173f9516
Sync files.
2023-01-11 16:20:55 +01:00
Tony Torralba
c9d1cd97fb
Ruby: Remove omittable exists variables
2023-01-10 13:39:49 +01:00
Erik Krogh Kristensen
f2658a0936
apply suggestions from doc review
...
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com >
2023-01-10 12:56:22 +01:00
Arthur Baars
664fdc3b2a
Merge pull request #11815 from aibaars/too-many-fields
...
Ruby: use record_parse_error_for_node to report extractor error
2023-01-09 15:40:19 +01:00
Erik Krogh Kristensen
5157d4df7b
Merge pull request #11581 from erik-krogh/stdin
...
Rb: add stdin as source for unsafe-deserialization
2023-01-09 13:57:47 +01:00
yoff
c01ce955ba
Merge pull request #11778 from yoff/shared/inline-tests
...
Shared: Inline test expectations
2023-01-09 13:21:18 +01:00
erik-krogh
d67e756f42
make the import of Gem private
2023-01-09 09:13:01 +01:00
Harry Maclean
5b117084db
Merge pull request #11534 from hmac/array-inclusion-barrier-guard-constant
...
Ruby: Make array inclusion barrier more sensitive
2023-01-09 20:57:09 +13:00
github-actions[bot]
cdb8f67601
Post-release preparation for codeql-cli-2.12.0
2023-01-06 10:36:34 +00:00
erik-krogh
0a1769657d
add change-note
2023-01-06 09:09:09 +01:00
erik-krogh
19d2b49562
drive-by: make Base64.decode64(..) into a flowsummary that is shared with all queries
2023-01-06 09:04:37 +01:00
erik-krogh
1a27441cfb
drive-by: delete code-execution sinks from unsafe-deserialization, we risked duplicate alerts
2023-01-06 09:04:36 +01:00
erik-krogh
0e6028a7f3
add stdin as source for unsafe-deserialization
2023-01-06 09:04:36 +01:00
erik-krogh
f98ff65b11
use eval() instead of send() in test
2023-01-05 20:04:04 +01:00
Erik Krogh Kristensen
d9176541c6
Apply suggestions from code review
...
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com >
2023-01-05 20:02:54 +01:00
Jeroen Ketema
de37f3b7d5
Properly indent code block in change log
2023-01-05 18:38:33 +01:00
Jeroen Ketema
170242f79c
Apply suggestions from code review
2023-01-05 17:57:19 +01:00
Nick Rolfe
6e07076151
tweak wording in 2.12 release notes
2023-01-05 16:46:44 +00:00
github-actions[bot]
b6a8193785
Release preparation for version 2.12.0
2023-01-05 16:32:14 +00:00
Rasmus Lerchedahl Petersen
c3b3c05cf3
Revert "Merge pull request #37 from erik-krogh/shared/inline-tests"
...
This reverts commit 65fe9abcfe08e9d3391f
2023-01-05 09:19:43 +01:00
Arthur Baars
799e0c1bcc
Ruby: use record_parse_error_for_node to report extractor error
2023-01-04 17:35:47 +01:00
Aditya Sharad
ed73875fac
Merge pull request #11747 from adityasharad/tutorial/library-pack
...
Tutorial: Move QL detective tutorial library into shared `codeql/tutorial` library pack
2023-01-04 08:24:53 -08:00
Henry Mercer
b96160f0f3
Merge pull request #11783 from github/henrymercer/specify-baseline-languages
...
Specify language names in extractor packs
2023-01-04 10:42:18 +00:00
Harry Maclean
4d228bcddf
Ruby: Recognise more string-valued variables
...
This increases the sensitivity of our barrier guards.
2023-01-04 11:45:10 +13:00
Harry Maclean
9944252c43
Ruby: Add test for barrier guards
...
This demonstrates that we are missing a guard when a case branch
compares against a string-valued variable rather than a string literal.
2023-01-04 11:45:10 +13:00
Harry Maclean
698a679c78
Ruby: add test
2023-01-04 11:45:10 +13:00
Harry Maclean
0fbb6bf608
Ruby: Make array inclusion barrier more sensitive
2023-01-04 11:45:09 +13:00
Aditya Sharad
9988c19a42
Merge branch 'main' into tutorial/library-pack
2023-01-03 14:08:37 -08:00
Calum Grant
ad55706527
Merge branch 'main' into calumgrant/remove-lgtm
2023-01-03 10:27:30 +00:00
erik-krogh
3811eae679
simplify the qhelp for unsafe-code-construction
...
The `send()` example is not flagged by any current query, so it was weird talking about it as "vulnerable".
2023-01-02 13:33:56 +01:00
Erik Krogh Kristensen
79a2b6d0b0
use any() instead of this = this
...
Co-authored-by: Arthur Baars <aibaars@github.com >
2023-01-02 10:49:54 +01:00
erik-krogh
99dc0a8356
fix binding
2023-01-02 10:30:28 +01:00
