284 Commits

Author	SHA1	Message	Date
Arthur Baars	078a2aa03b	Update AST library	2021-11-25 13:24:51 +01:00
Arthur Baars	ec0bd24b64	Update diagnostic tests	2021-11-25 12:55:50 +01:00
Arthur Baars	5b560b12e9	Create upgrade script	2021-11-25 12:55:43 +01:00
Tom Hvitved	6cb00992e8	Data flow: Introduce ConsistencyConfiguration class	2021-11-25 10:01:47 +01:00
Arthur Baars	5d0dfe8c04	Re-generate library and dbscheme	2021-11-24 17:18:04 +01:00
Erik Krogh Kristensen	3bab8c6d1d	Merge pull request #7173 from erik-krogh/getRubyInSync ... JS/PY/RB: get ReDoSUtil in sync for ruby	2021-11-24 15:20:23 +01:00
Anders Schack-Mulligen	7ca3407c86	Dataflow: Sync.	2021-11-24 14:43:00 +01:00
Michael Nebel	b9d0a60ce7	C#: Addressed review comments from hvitved	2021-11-24 14:35:52 +01:00
Rasmus Wriedt Larsen	2a5e0a3b77	Merge pull request #7145 from RasmusWL/remove-owasp-tags ... Python/Ruby: Remove owasp tags	2021-11-24 13:56:48 +01:00
Michael Nebel	a3ca9ad27d	C#: Sync flow summary implementation files and implement specific parts for ruby and java	2021-11-24 12:09:20 +01:00
Erik Krogh Kristensen	87a1ccd428	Merge branch 'main' into getRubyInSync	2021-11-23 20:20:37 +01:00
Nick Rolfe	1a90b388a9	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-23 15:42:05 +00:00
Tom Hvitved	83d204d7a8	Merge pull request #7218 from hvitved/ssa/fix-consistency-tests ... Ruby: Fix SSA consistency tests + CFG bug	2021-11-23 16:24:41 +01:00
Tom Hvitved	4d918b5e5f	Ruby: Fix CFG splitting logic for ensure blocks with loops	2021-11-23 15:21:43 +01:00
Alex Ford	055641e684	Merge pull request #7062 from github/ruby/rails-csrf ... Ruby: Add `rb/csrf-protection-disabled` query	2021-11-23 13:46:42 +00:00
Tom Hvitved	e185e9080c	Shared SSA: Fix consistency tests	2021-11-23 13:30:23 +01:00
Erik Krogh Kristensen	b2e40ac603	fix typo in test ... Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-11-23 13:09:22 +01:00
Nick Rolfe	e5f473052d	Ruby: add Regexp.{compile,quote} to regex injection test	2021-11-23 11:05:41 +00:00
Tom Hvitved	9d072a12ed	Merge pull request #7098 from github/ruby/desugar-for-1 ... Ruby: Desugar `for` loops as calls to `each`	2021-11-23 11:35:49 +01:00
Tom Hvitved	dcca5d28bb	Merge pull request #7172 from hvitved/ruby/ensure-split-cp ... Ruby: Remove CP in `EnsureSplitImpl::exit/3`	2021-11-23 11:02:23 +01:00
Anders Schack-Mulligen	a68b55b099	Merge pull request #7208 from hvitved/ruby/restrict-use-use ... Ruby: Restrict use-use flow	2021-11-23 09:33:43 +01:00
Nick Rolfe	13459c8afc	Ruby: add Regexp.compile as sink for regexp injection query	2021-11-22 17:43:55 +00:00
Nick Rolfe	4b42c4447b	Ruby: handle Regexp.quote wherever we handle Regexp.escape	2021-11-22 17:12:01 +00:00
Nick Rolfe	5b11cfe006	Ruby: fix up import path	2021-11-22 17:10:46 +00:00
Nick Rolfe	752b126862	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-22 17:05:27 +00:00
Alex Ford	68c3c16ab3	Ruby: enable forgery protection checks for development environments	2021-11-22 15:00:32 +00:00
Tom Hvitved	da39f15a9d	Ruby: Move localFlowStepCommon into LocalFlow and make localSsaFlowStep private	2021-11-22 15:24:24 +01:00
Harry Maclean	6f22867af9	Merge pull request #7015 from github/hmac/ssrf ... Ruby: Add Server-Side Request Forgery query	2021-11-22 12:41:39 +00:00
Tom Hvitved	fc64faefcf	Ruby: Restrict use-use flow	2021-11-22 13:05:17 +01:00
Erik Krogh Kristensen	9f08acab7e	Merge pull request #7170 from erik-krogh/qldocStyle ... Ruby: use A/An/The to start qlDoc for classes	2021-11-19 17:34:35 +01:00
Harry Maclean	06000781e9	Ruby: Document PairCfgNode::getKey/getValue	2021-11-19 14:54:06 +00:00
Nick Rolfe	f63c768d9f	Ruby: parse \G, \b, and \B anchors as special characters, not escapes	2021-11-19 14:20:51 +00:00
Tom Hvitved	47fd64fc44	Merge pull request #7130 from hvitved/cfg/dead-end-consistency ... Shared CFG: Add "dead end" consistency query	2021-11-19 13:49:53 +01:00
Tom Hvitved	2b2ff7717e	Merge pull request #7179 from hvitved/ruby/shared-ssa-consistency ... Ruby: Move SSA consistency queries into shared SSA library	2021-11-19 13:49:25 +01:00
Erik Krogh Kristensen	75586b0cf6	Apply suggestions from code review ... Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-11-19 13:23:01 +01:00
Harry Maclean	90a9688310	Ruby: update CFG fixture	2021-11-19 11:31:14 +00:00
Harry Maclean	8fc7e4be43	Ruby: Increase precision of SSRF query	2021-11-19 11:28:09 +00:00
Harry Maclean	c297a68acf	Model more of the RestClient API ... We now handle this form: RestClient::Request.execute(url: "http://example.com")	2021-11-19 11:28:09 +00:00
Harry Maclean	e2ef780c55	Add base_uri note to HTTParty modelling	2021-11-19 11:28:09 +00:00
Harry Maclean	38ff584307	Model more Faraday behaviour ... You can instantiate a Faraday connection by passing a URL as an keyword argument: conn = Faraday.new(url: "http://example.com")	2021-11-19 11:28:09 +00:00
Harry Maclean	f933d24031	Fix comment	2021-11-19 11:28:09 +00:00
Harry Maclean	e87a4531d8	Remove redundant imports	2021-11-19 11:28:08 +00:00
Harry Maclean	ac20eafecc	Add qhelp for Ruby SSRF	2021-11-19 11:28:08 +00:00
Harry Maclean	2bba31eb02	Update metadata of Ruby SSRF query	2021-11-19 11:28:08 +00:00
Harry Maclean	dc464879a2	Add a query for server-side request forgery	2021-11-19 11:28:08 +00:00
Harry Maclean	cd33e4d394	Make string interpolation sanitizer reusable	2021-11-19 11:28:08 +00:00
Harry Maclean	b6ce37b241	Add getURL to HTTP::Client::Request ... This member predicate gets dataflow nodes which contribute to the URL of the request. Also consolidate the identical tests for each HTTP client.	2021-11-19 11:28:08 +00:00
Harry Maclean	8fd8c9b04d	Fix CallExprCfgNode.getKeywordArgument ... This predicate now produces results.	2021-11-19 11:28:08 +00:00
Harry Maclean	0caea17118	Add a test for CallCfgNodes ... This test shows that `CallCfgNode.getKeywordArgument(string keyword)` doesn't return any results.	2021-11-19 11:28:07 +00:00
Anders Schack-Mulligen	1f3f7e9ccc	Merge pull request #7169 from erik-krogh/useMatches ... use matches instead of regexpMatch/prefix/suffix	2021-11-19 11:42:47 +01:00