4872 Commits

Author	SHA1	Message	Date
Asger F	948594043d	Ruby: share type-tracking test with array test	2022-10-04 11:15:13 +02:00
Asger F	b6231e82ec	Ruby: do not treat WithoutElement[0..!] as a type filter	2022-10-04 11:14:31 +02:00
Asger F	3ccc3a2058	Ruby: move special treatment of Hash.[] into Hash.qll	2022-10-04 11:14:31 +02:00
Asger F	94d41b9fa4	Ruby: add hook for adding type-tracking steps ... fixup docs fixup docs fixup TypeTrackingStep	2022-10-04 11:14:31 +02:00
Asger F	96711b2810	Ruby: improve join order in trackInstanceRec	2022-10-04 11:14:31 +02:00
Asger F	6e7aea85ef	Ruby: update benign test output ... API graph tests only report the shortest path, and a new shortest path has appeared, but the old path is still there, so this is not a regression.	2022-10-04 11:14:31 +02:00
Asger F	c220f4e103	Ruby: prune unusable summaries earlier ... Ruby: prune more aggressively	2022-10-04 11:14:30 +02:00
Asger F	ff4ce4a151	Ruby: use Element[n..] tokens in inject and reduce	2022-10-04 11:14:30 +02:00
Asger F	fd9c1e4507	Ruby: filter out obvious module 'prepend' calls	2022-10-04 11:14:30 +02:00
Asger F	00e52ad109	Ruby: add type-tracking variant of hash-flow test ... Ruby: fixup type-tracking hash flow test Fixup! type-tracking hash flow test result	2022-10-04 11:14:30 +02:00
Asger F	9302271c15	Ruby: Hack special-casing of hash literals	2022-10-04 11:14:30 +02:00
Asger F	bd11946aec	Ruby: support WithoutContent steps in restricted cases ... fixup ContentFilter fixup basicWith(out)contentstep	2022-10-04 11:14:28 +02:00
Asger F	323abf45ca	Ruby: Speed up evaluateSummaryComponentStackLocal	2022-10-04 11:12:09 +02:00
Asger F	a7d764d2a7	Ruby: Improve join order when generating edges	2022-10-04 11:12:09 +02:00
Asger F	8c43ab627f	Ruby: go to local source in load-store steps	2022-10-04 11:11:50 +02:00
Asger F	8b389fe5f9	Ruby: use getACallSimple in more Hash methods	2022-10-04 11:08:46 +02:00
Asger F	74c3886167	Ruby: use getACallSimple in more Array methods	2022-10-04 11:08:46 +02:00
Asger F	c06743afb5	Ruby: update benign test updates	2022-10-04 11:08:46 +02:00
Asger F	f75f27d30e	Ruby: update test	2022-10-04 11:08:46 +02:00
Asger F	5b2d8b0894	Ruby: make Array.each a simple summary	2022-10-04 11:08:46 +02:00
Asger F	fbab0f50f2	Ruby: Evaluate longer summary component stacks	2022-10-04 11:08:46 +02:00
Asger F	0000a7d429	Ruby: Summarize load-store steps in type-tracking ... fixup to LoadStore	2022-10-04 11:08:44 +02:00
Asger F	a4d4e406c6	Ruby: Summarize level steps in type tracking	2022-10-04 11:06:44 +02:00
Asger F	1c484d80aa	Ruby: add some calls to .each in call graph test	2022-10-04 11:06:44 +02:00
Asger F	ab672ded6a	Ruby: strip trailing whitespace in calls.rb test	2022-10-04 11:06:44 +02:00
Tom Hvitved	12536578d4	Merge pull request #10664 from hvitved/type-tracking-more-caching ... Ruby/Python: Cache more type tracking predicates	2022-10-04 10:58:41 +02:00
Harry Maclean	42a97b26bb	Merge pull request #10316 from hmac/hmac/actionview ... Ruby: Model ActionView	2022-10-04 08:16:16 +13:00
Tom Hvitved	bc3e9339dc	Ruby: Cache more type tracking predicates	2022-10-03 20:29:17 +02:00
Tom Hvitved	d52d3d7b75	Merge pull request #10644 from hvitved/ruby/prevent-reevaluation ... Ruby: Prevent reevaluation of expensive predicates	2022-10-03 13:10:39 +02:00
Asger F	47e5623b90	Merge pull request #10639 from hvitved/ruby/dataflow/known-element-no-floats-complexs ... Ruby: Do not attempt to track precise hash indices for floats and complex numbers	2022-10-03 09:23:33 +02:00
Harry Maclean	eaf6eb009b	Update tests	2022-10-03 17:17:58 +13:00
Harry Maclean	e48665ad9f	Fix doc	2022-10-03 14:13:12 +13:00
Harry Maclean	236b628ee2	Ruby: Constrain parameters flow properly	2022-10-03 14:06:06 +13:00
Harry Maclean	32baf67b07	Fix change note month	2022-10-03 09:46:01 +13:00
Harry Maclean	5c20039e09	Ruby: Slightly improve class name	2022-10-03 09:46:01 +13:00
Harry Maclean	fa1ae26fab	Add change note	2022-10-03 09:46:01 +13:00
Harry Maclean	a5998fbe4d	Ruby: Model ActionController::Parameters ... Add flow summaries for methods on ActionController::Parameters, which mostly propagate taint from receiver to return value.	2022-10-03 09:45:59 +13:00
Harry Maclean	ba83b7c6c7	Merge pull request #10599 from hmac/hmac/actioncontroller-datastreaming ... Ruby: Model send_file	2022-10-03 09:44:05 +13:00
Alex Ford	5c32c8badf	Merge pull request #10560 from alexrford/ruby/yaml-load_file ... Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization	2022-10-02 20:19:10 +01:00
Tom Hvitved	292bc67125	Merge pull request #10620 from hvitved/ruby/call-graph-protected-methods ... Ruby: Account for `protected` methods in call graph	2022-09-30 19:31:36 +02:00
Tom Hvitved	dd7458acc8	Ruby: Add more call graph tests for protected methods	2022-09-30 16:24:34 +02:00
Tom Hvitved	32d002ed60	Merge pull request #10627 from hvitved/ruby/synthesis-reduce-non-linear-rec ... Ruby: Reduce size of input predicate for non-linear recursion	2022-09-30 15:36:21 +02:00
Tom Hvitved	3ec43dbd16	Ruby: Do not attempt to track precise hash indices for floats and complex numbers	2022-09-30 14:57:50 +02:00
Tom Hvitved	e5d884a905	Ruby: Cache predicates in ApiGraphModels::ModelOutput	2022-09-30 14:56:55 +02:00
Tom Hvitved	299339f817	Ruby: Expose relevant predicates from internal/Module.qll and make sure they are cached	2022-09-30 14:56:55 +02:00
Asger F	6e1914ad01	Merge pull request #10375 from asgerf/rb/summarize-loads-v2 ... Ruby: type-tracking and API edges through simple library callables	2022-09-30 14:25:17 +02:00
Nick Rolfe	ef8ec0878a	Merge pull request #10641 from github/nickrolfe/a_an ... JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 12:17:15 +01:00
Nick Rolfe	ed74e0aad1	JS/Python/Ruby: s/a HTML/an HTML/	2022-09-30 10:37:52 +01:00
Michael Nebel	82294c1349	Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr ... Ruby: Postupdate notes for assignment expressions.	2022-09-30 10:00:02 +02:00
Harry Maclean	4a39bc8f47	Merge pull request #10598 from hmac/hmac/actioncontroller-metal ... Ruby: Identify ActionController::Metal controllers	2022-09-30 13:07:03 +13:00