hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-20 14:34:04 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,151 Commits 1,741 Branches 165 Tags
031a73ff0faaf6ba2ceefe6dc0a044afc0a8299a
Commit Graph

275 Commits

Author SHA1 Message Date
Tom Hvitved
031a73ff0f Add API graph test that exhibits a missing edge 2021-09-01 16:56:09 +02:00
Tom Hvitved
4677a0832f Adopt shared CFG library 2021-08-31 13:42:41 +02:00
Arthur Baars
ac2c315839 Fix merge conflicts during rebase 2021-08-26 18:48:53 -04:00
Alex Ford
9571e7bccc drop ViewComponent parts from the ActionView library 2021-08-26 14:45:47 +01:00
Alex Ford
4a4b2445dc Clean up how we map between Rails actions and default associated template files 2021-08-26 04:57:15 +01:00
Alex Ford
abc283ee8a remove ErbFile refs 2021-08-24 17:22:35 +01:00
Alex Ford
e403fc77d3 tests 2021-08-24 17:21:22 +01:00
Alex Ford
d628716c42 extend ActionController tests 2021-08-24 17:21:22 +01:00
Alex Ford
41ff10c908 extend modelling of ActionController, and start modelling ActionView 2021-08-24 17:21:22 +01:00
Tom Hvitved
394c27a279 CFG: Allow erb top-level scopes 2021-08-17 10:46:15 +02:00
Tom Hvitved
c0049bf161 Merge pull request #229 from github/hvitved/api-graphs/remove-mk-module 
API graphs: Remove `MkModule`
 2021-08-09 13:10:17 +02:00
Tom Hvitved
ae837d9f7a API graphs: Remove restriction on top-level constants 2021-08-09 12:59:36 +02:00
Arthur Baars
23f423ad66 Merge pull request #242 from github/regex_parsing_fixes 
Regex parsing fixes
 2021-08-04 16:04:54 +02:00
Tom Hvitved
8451286754 API graphs: Remove MkModule 2021-08-04 10:28:30 +02:00
Arthur Baars
00a0b93172 Add erb file 2021-07-29 19:09:56 +02:00
Nick Rolfe
3abe047cac Fix parsing of POSIX bracket expressions. 
The docs are misleading. [[:alpha:]] is actually a character class
*containing* a POSIX bracket expression, and that means you can have
expressions like [[:alpha:][:digit:]_?!]
 2021-07-29 17:24:51 +01:00
Tom Hvitved
42c06bfde4 Merge pull request #226 from github/hvitved/const-flow 
Data flow through constants
 2021-07-14 13:21:07 +02:00
Tom Hvitved
9463927409 Address review comments 2021-07-14 11:05:55 +02:00
Nick Rolfe
1fe5162b67 Stabilise node ordering for regexp parsing test 2021-07-13 16:18:21 +01:00
Tom Hvitved
23447e6d58 Reduce size of lookupMethodOrConst 2021-07-02 14:02:26 +02:00
Tom Hvitved
bf696df788 Data flow through constants 2021-07-02 14:02:26 +02:00
Tom Hvitved
3b6e5881c8 Update constants.rb test 2021-07-02 14:02:26 +02:00
Arthur Baars
5afd3c7846 Merge pull request #213 from github/aibaars/api-graphs2 
First version of ApiGraphs
 2021-07-02 13:58:00 +02:00
Tom Hvitved
330b33638e Address review comments 2021-07-02 10:41:10 +02:00
Tom Hvitved
52529d590b Model private methods and "main objects" 2021-07-02 10:41:06 +02:00
Tom Hvitved
9de4ed4d4d Add tests for private methods 2021-07-02 10:39:49 +02:00
Tom Hvitved
c3cff3e113 Expose call graph through Call::getATarget() 2021-07-01 16:40:45 +02:00
Nick Rolfe
d99b5510e5 Merge pull request #219 from github/regex 
Add regexp parser and exponential ReDoS query
 2021-06-30 17:23:29 +01:00
Alex Ford
3f76075fe6 improve some rails framework tests 2021-06-29 13:56:28 +01:00
Nick Rolfe
ba7021086b Merge remote-tracking branch 'origin/main' into regex 2021-06-25 15:00:26 +01:00
Nick Rolfe
6142029fdc Recognise \t as not escaping t 2021-06-25 12:46:25 +01:00
Nick Rolfe
a77e7761fd Make \h and \H character class escapes 2021-06-25 12:27:39 +01:00
Arthur Baars
efde1f86d9 Fix test case 2021-06-25 10:59:10 +02:00
Nick Rolfe
9ec503a3a5 Merge remote-tracking branch 'origin/main' into regex 2021-06-24 18:16:13 +01:00
Alex Ford
b27891b14e update ActiveRecord test output 2021-06-24 18:12:26 +01:00
Alex Ford
7415503772 update ActiveRecord test output 2021-06-24 18:12:25 +01:00
Alex Ford
6e5665da8c Make ActiveRecord model flag more potentially dangerous SQL executions 2021-06-24 18:12:25 +01:00
Nick Rolfe
17a59ef824 Add basic test for regex parsing 2021-06-24 18:06:08 +01:00
Nick Rolfe
51b0ffdaf8 Fix printAst to support adding edges in AstDesugar test 2021-06-24 17:14:23 +01:00
Arthur Baars
6bed50a86b Rename predicate with snake cased name 2021-06-24 11:59:13 +02:00
Tom Hvitved
9438885776 Merge pull request #216 from github/hvitved/synthesis-location 
AST synthesis: Move location information into a separate predicate
 2021-06-23 16:50:17 +02:00
Alex Ford
5941eb2be4 model some ActionController user input sources (params) 2021-06-23 14:11:38 +01:00
Tom Hvitved
1dde5b8ef9 AST synthesis: Move location information into a separate predicate 2021-06-23 08:46:07 +02:00
Arthur Baars
f18e5030e0 Address comments by @tausbn 2021-06-22 17:25:34 +02:00
Alex Ford
dbf1805c8b Merge pull request #196 from github/active-record-1 
Start modelling some potential SQL fragment sinks in ActiveRecord
 2021-06-22 16:05:26 +01:00
Arthur Baars
f0c83288a7 Add test case for ApiGraph 2021-06-21 19:37:41 +02:00
Nick Rolfe
65aa97c07c Use RegExp prefix instead of Regex, for consistency with other languages. 2021-06-18 15:56:19 +01:00
Alex Ford
214532516b try to avoid a future merge conflict 2021-06-17 14:41:51 +01:00
Alex Ford
bf43a77df5 Include some more types of expressions as possible active record SQL sink arguments 2021-06-15 12:41:42 +01:00
Alex Ford
c1b9952517 account for chained method calls when constructing ActiveRecord SQL queries 2021-06-15 11:39:48 +01:00