hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-31 15:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
34,784 Commits 1,684 Branches 159 Tags
17005dde2dfb9fe749f4eaf0b3be59c1e60baf82
Commit Graph

780 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ff73dbc35c delete redundant imports 2022-04-22 12:55:28 +02:00
Erik Krogh Kristensen
a96489b23d delete duplicate imports 2022-04-22 12:41:30 +02:00
Erik Krogh Kristensen
c015ef6ef4 Merge pull request #8810 from erik-krogh/rubyPathgraph 
Ruby: dont import the PathGraph module from Query.qll files
 2022-04-22 12:02:59 +02:00
Tom Hvitved
093a3879be Merge pull request #8794 from hvitved/ruby/capture-barrier-guards 
Ruby: Handle captured variables in `BarrierGuard::getAGuardedNode()`
 2022-04-22 11:47:36 +02:00
Erik Krogh Kristensen
a737350f27 RB: dont import the PathGraph module from Query.qll files 2022-04-22 11:46:06 +02:00
Tom Hvitved
be5363ea53 Merge pull request #8801 from hvitved/ruby/exclude-splat-in-taint-tracking 
Ruby: Exclude `SplatExpr` from taint tracking
 2022-04-22 11:12:05 +02:00
Tom Hvitved
c20ce62767 Ruby: Exclude SplatExpr from taint tracking 
`SplatExpr`s are modelled using flow summaries, so there is no need to include them
explicitly in `defaultAdditionalTaintStep`.
 2022-04-21 20:27:04 +02:00
Tom Hvitved
bd09c61504 Merge pull request #8786 from hvitved/ruby/dataflow/argument-tokens 
Ruby: Implement `Argument[any]` and `Argument[n..]`
 2022-04-21 16:31:24 +02:00
Tom Hvitved
addb92f13b Ruby: Handle captured variables in BarrierGuard::getAGuardedNode() 2022-04-21 13:25:47 +02:00
Erik Krogh Kristensen
8bd975a6ec Merge pull request #8785 from hvitved/ruby/api-graph-labels 
Ruby: Mention `newtype` constructors in API graph label classes
 2022-04-20 18:32:09 +02:00
Anders Schack-Mulligen
677c436e99 Merge pull request #8703 from aschackmull/dataflow/revert-state-in-out-barriers 
Dataflow: Revert support for flow-state based in-/out-barriers
 2022-04-20 14:54:02 +02:00
Tom Hvitved
b4542c58c2 Ruby: Implement Argument[any] and Argument[n..] 2022-04-20 13:55:18 +02:00
Tom Hvitved
501b03149f Ruby: Mention newtype constructors in API graph label classes 2022-04-20 13:37:55 +02:00
Nick Rolfe
f1b8af1db9 Ruby: rename PostUpdateNode::Range to PostUpdateNodeImpl 2022-04-20 10:35:40 +01:00
Nick Rolfe
c02670aca2 Ruby: make PostUpdateNode public 2022-04-19 17:12:51 +01:00
Anders Schack-Mulligen
48fbbf2531 Dataflow: Add change notes. 2022-04-19 15:29:35 +02:00
Anders Schack-Mulligen
b521d64156 Dataflow: Sync. 2022-04-19 15:29:35 +02:00
Mathias Vorreiter Pedersen
91b413d59f Dataflow: Sync identical files. 2022-04-19 09:57:21 +01:00
Harry Maclean
c3f1fba985 Merge pull request #8598 from hmac/hmac/insecure-dep-resolution 
Ruby: Add rb/insecure-dependency query
 2022-04-14 02:09:44 +02:00
Edoardo Pirovano
f25618eed6 Bump minor version of all packs 2022-04-08 15:38:58 +01:00
Edoardo Pirovano
ce82c54b94 Merge branch 'main' into edoardo/3.5-mergeback 2022-04-08 15:30:58 +01:00
Anders Schack-Mulligen
7beed570f2 Dataflow: Sync. 2022-04-07 13:53:48 +02:00
Michael Nebel
72d4c97463 Merge pull request #8628 from michaelnebel/csharp/generatedkind 
C#: Introduce generated flag as a part of the kind column for flow summaries
 2022-04-07 08:43:30 +02:00
Alex Ford
ccd7bb5e70 Merge pull request #8421 from alexrford/ruby/weak-cryptographic-algorithm 
Ruby: Add `rb/weak-cryptographic-algorithm` query
 2022-04-05 14:34:45 +01:00
Michael Nebel
784327c183 Java/Ruby: Hardcode generated flag to false. 2022-04-05 08:55:12 +02:00
Michael Nebel
de76df3988 C#: Only use generated summaries, if no handwritten model exist for a particular dataflow callable. 2022-04-05 08:55:12 +02:00
Michael Nebel
3fe941aae2 C#: Add missing empty ext column in generated summaries. 2022-04-04 15:58:35 +02:00
Tom Hvitved
50dc3820c6 Merge pull request #8589 from hvitved/regex/speedup-concretise 2022-04-03 17:56:07 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
Chris Smowton
28fa49dcd6 dataflow -> data-flow 2022-04-01 13:22:58 +01:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Chris Smowton
3b0bd3bc0f Improve wording 2022-04-01 11:31:31 +01:00
Chris Smowton
99026a6071 Improve wording of isAdditionalFlow/TaintStep qldoc 2022-04-01 11:07:27 +01:00
Harry Maclean
5814db19d5 Ruby: Fix bug in rb/insecure-dependency query 
Only look at the first component of strings for the prefix.

Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-04-01 15:35:21 +13:00
Alex Ford
8b0ebbfecc Ruby: replace use of deprecated getStringOrSymbol() 2022-03-31 17:21:17 +01:00
Alex Ford
882f78c6f9 Merge remote-tracking branch 'origin/main' into ruby/weak-cryptographic-algorithm 2022-03-31 17:17:46 +01:00
Alex Ford
2b66dfa93e Ruby: replace a range field with instanceof 2022-03-31 15:39:11 +01:00
Tom Hvitved
46d69cf544 Regex: Further tweaks to concretise computations 2022-03-31 12:52:43 +02:00
Tom Hvitved
5052452ef9 SuperlinearBackTracking: Speedup concretise 2022-03-31 12:52:42 +02:00
Tom Hvitved
7efe698e56 Address review comment 2022-03-31 12:52:42 +02:00
Tom Hvitved
20f4d5a584 ExponentialBackTracking: Speedup concretise 2022-03-31 12:52:42 +02:00
Arthur Baars
15c54f6100 Merge pull request #8354 from aibaars/incomplete-url-string-sanitization 
Incomplete url string sanitization
 2022-03-31 10:59:51 +02:00
Ian Lynagh
46c27dd20f Merge pull request #8514 from github/post-release-prep/codeql-cli-2.8.4 
Post-release preparation for codeql-cli-2.8.4
 2022-03-30 16:36:14 +01:00
Nick Rolfe
10b75bff76 Ruby: undo accidental revert of 13be9919 2022-03-30 16:02:12 +01:00
Arthur Baars
031d183bdf Merge pull request #8532 from aibaars/regex-refactor-2 
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
 2022-03-30 16:38:47 +02:00
Nick Rolfe
a274af2b16 Merge pull request #7985 from github/nickrolfe/constant_regexp 
Ruby: separate constant propagation of regexps from strings
 2022-03-30 11:37:33 +01:00
Harry Maclean
167bda2d4e Ruby: Add QLDoc for InsecureDependencyQuery.qll 2022-03-30 13:50:12 +13:00
Harry Maclean
37cedda63a Ruby: Add InsecureDependencyResolution query 
This query looks for places in a Gemfile where URLs with insecure
protocols (HTTP or FTP) are specified.
 2022-03-30 13:39:15 +13:00
Tom Hvitved
f429dafb09 Address review comments 2022-03-29 10:23:59 +02:00
Tom Hvitved
15ef8c1d8f Ruby: Cache ConstantReadAccess::getValue 2022-03-29 10:23:54 +02:00