hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,113 Commits 1,672 Branches 157 Tags
14a1aa0c11060b787da869eb35e7ef3b97245118
Commit Graph

501 Commits

Author SHA1 Message Date
Nick Rolfe
588e60e230 Merge pull request #7775 from github/nickrolfe/graph_test_ordering 
Ruby/C#: more stable graph test ordering
 2022-01-28 11:16:02 +00:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
Nick Rolfe
6f06263d49 Ruby: add more properties for ordering nodes in graph tests 2022-01-27 13:57:43 +00:00
Tom Hvitved
280023c45a Address review comments 2022-01-27 09:44:41 +01:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Tom Hvitved
dd27ed8392 Ruby: Desugar hash literals 
```rb
{ a: 1, **splat, b: 2 }
```

becomes

```rb
::Hash.[](a: 1, **splat, b: 2)
```
 2022-01-26 13:53:18 +01:00
Tom Hvitved
39436828de Ruby: Add internal/Literal.qll for internal implementation details 2022-01-26 13:48:26 +01:00
Arthur Baars
948ebe4b4c Merge pull request #7568 from aibaars/ruby-pattern-matching-taint 
Ruby: taint steps for pattern matches
 2022-01-26 10:27:47 +01:00
Tom Hvitved
28e03a8aae Merge pull request #7738 from hvitved/ruby/action-controller-perf 
Ruby: Fix bad join in `ActionControllerHelperMethod`
 2022-01-26 09:48:21 +01:00
Tom Hvitved
2c27a07ead Merge pull request #7726 from hvitved/ruby/any-array-element-content 
Ruby: Introduce `TAnyArrayElementContent`
 2022-01-26 09:48:01 +01:00
Arthur Baars
941f230c94 Merge pull request #7729 from github/hmac/bump-clap 
Ruby extractor: bump clap
 2022-01-26 08:12:47 +01:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Tom Hvitved
49488fa0a0 Ruby: Fix bad join in ActionControllerHelperMethod 
```
[2022-01-25 12:35:14] (234s) Tuple counts for ActionController::ActionControllerHelperMethod#class#ff/2@ef816fil after 1.5s:
                      7685     ~0%     {3} r1 = JOIN ActionController::ActionControllerContextCall#ff#shared WITH Method::Method::getName_dispred#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'controllerClass', Lhs.0 'this'
                      13198    ~0%     {3} r2 = JOIN r1 WITH Constant::ConstantValue::getStringOrSymbol_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1 'controllerClass', Lhs.2 'this', Rhs.1
                      15835365 ~4%     {5} r3 = JOIN r2 WITH AST::AstNode::getEnclosingModule_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, "helper_method", Lhs.0 'controllerClass', Lhs.1 'this', Lhs.2
                      12943    ~1%     {4} r4 = JOIN r3 WITH Call::MethodCall::getMethodName_dispred#ff ON FIRST 2 OUTPUT Lhs.4, Lhs.2 'controllerClass', Lhs.3 'this', Lhs.0
                      1146184  ~0%     {4} r5 = JOIN r4 WITH Expr::Expr::getConstantValue_dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.1 'controllerClass', Lhs.2 'this'
                      212      ~0%     {2} r6 = JOIN r5 WITH project#Call::Call::getArgument_dispred#fff ON FIRST 2 OUTPUT Lhs.3 'this', Lhs.2 'controllerClass'
                                       return r6
```

Joining on enclosing module and name simultaneously yields a much better join.
 2022-01-25 13:00:13 +01:00
Tom Hvitved
67962cb93d Ruby: Fix bad join in access predicate 
Joining on variable name alone is a bad thing:

```
[2022-01-25 11:13:20] (228s) Tuple counts for Variable::Cached::access#ff#shared/3@868b54tu after 3m37s:
                      112554    ~0%     {3} r1 = JOIN Variable::VariableReal::getNameImpl_dispred#ff WITH Variable::VariableReal::getDeclaringScopeImpl_dispred#ff ON FIRST 1 OUTPUT Lhs.1, Lhs.0 'arg2', Rhs.1 'arg1'
                      561015756 ~1%     {3} r2 = JOIN r1 WITH Variable::variableName#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.2 'arg1', Lhs.1 'arg2'
                                        return r2
```

This change ensures that we join on name and scope simultaneously.
 2022-01-25 11:37:38 +01:00
Tom Hvitved
0299b4603f Merge pull request #7677 from hvitved/ruby/constant-value 
Ruby: Replace `getValueText` with `getConstantValue`
 2022-01-25 10:31:02 +01:00
Harry Maclean
962d0213b5 Ruby extractor: stop using deprecated function 2022-01-25 22:04:24 +13:00
dependabot[bot]
6543b1a3a9 Update clap requirement from 2.33 to 3.0 
Updates the requirements on [clap](https://github.com/clap-rs/clap) to permit the latest version.

Apply this update in both the generator and extractor.
 2022-01-25 16:53:39 +13:00
Tom Hvitved
66a24c5c49 Ruby: Introduce TAnyArrayElementContent 2022-01-24 20:25:05 +01:00
Tom Hvitved
cc712c20cb Ruby: Use bitShiftLeft instead of pow in parseInteger 2022-01-24 16:06:35 +01:00
Tom Hvitved
6efa595478 Merge pull request #7688 from hvitved/dataflow/required-component-stack 
Data flow: Restructure `RequiredSummaryComponentStack`
 2022-01-24 15:10:08 +01:00
Tom Hvitved
2a972dc045 Address review comments 2022-01-24 14:27:42 +01:00
Tom Hvitved
64f19637d4 Address review comments 2022-01-24 13:33:18 +01:00
Arthur Baars
78b4d7cbb5 Ruby: remove redundant cast 2022-01-24 11:27:31 +01:00
Arthur Baars
0cef887683 Ruby: address comments 2022-01-24 11:27:26 +01:00
Arthur Baars
5df1f7a0c3 Ruby: use CfgNodes classes to implement case value to pattern variable taint steps 2022-01-24 10:31:08 +01:00
Arthur Baars
7d7e9ba9e1 Ruby: add CasePattern classes to CfgNodes 2022-01-24 10:31:08 +01:00
Arthur Baars
e9a01f9e8f Ruby: fix test case 2022-01-24 10:31:08 +01:00
Arthur Baars
634c8cd060 Ruby: Generalize CfgNodes::ChildMapping 2022-01-24 10:31:08 +01:00
Arthur Baars
fcec8a8388 Address comments 2022-01-24 10:31:08 +01:00
Arthur Baars
ab4935fe68 Ruby: fix some alerts 2022-01-24 10:31:08 +01:00
Arthur Baars
7630b277b8 Ruby: update AST and CFG test data 2022-01-24 10:31:08 +01:00
Arthur Baars
26a0167d6d Ruby: add taint step test for hash patterns 2022-01-24 10:31:06 +01:00
Arthur Baars
49c452239e Ruby: add taint steps from case value to variables in patterns 2022-01-24 10:10:22 +01:00
Arthur Baars
77a3e4bd61 Ruby: CFG: fix completion of AsPattern variable 2022-01-24 10:10:22 +01:00
Tom Hvitved
85e1cda81b Ruby: Distinguish symbols from strings in ConstantValue 2022-01-21 19:16:12 +01:00
Harry Maclean
8e40899dfd Merge pull request #7419 from github/hmac/const-get 2022-01-22 07:01:09 +13:00
Harry Maclean
2fa18801aa Merge pull request #7665 from github/hmac/barrier-guard-array-const 2022-01-22 06:59:51 +13:00
Erik Krogh Kristensen
b75c316c27 fix non-us spelling 2022-01-21 11:46:33 +01:00
Erik Krogh Kristensen
f500bccbe4 add explicit this to member call 2022-01-21 11:46:33 +01:00
Tom Hvitved
cba733136c Data flow: Sync 2022-01-21 09:42:16 +01:00
Tom Hvitved
aa9cfebc65 Ruby: Replace getValueText with getConstantValue 2022-01-21 09:19:19 +01:00
Erik Krogh Kristensen
a77b2b0209 Merge pull request #7668 from erik-krogh/simplify-casts 
simplify expressions that could be type-casts
 2022-01-20 15:20:18 +01:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
github-actions[bot]
4ce8ccc52b Release preparation for version 2.7.6 2022-01-20 08:21:18 +00:00
Harry Maclean
6bae03a7cc Ruby: Update string const barrier guard 
This change recognises guards like `FOO.include?`, where `FOO` is an array
constant.
 2022-01-20 17:34:12 +13:00
Harry Maclean
13a0ece25c Ruby: Add test case: array constant barrier guard 
This guard isn't yet recognised as a `StringConstArrayInclusionCall`.
 2022-01-20 17:07:01 +13:00
Alex Ford
0aab670b17 Ruby: add missing example rails action 2022-01-19 13:47:00 +00:00
Tom Hvitved
cb098df4ea Merge pull request #7334 from github/hmac/regexp-interpolations 
Ruby: Resolve simple string interpolations
 2022-01-19 14:43:58 +01:00