hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,806 Commits 1,673 Branches 157 Tags
24aa16c919ca152e247a62fc699f2ff2ccc8ce71
Commit Graph

3094 Commits

Author SHA1 Message Date
Alex Ford
24aa16c919 Ruby: update rb/sensitive-get-query test output 2023-03-27 09:44:55 +01:00
Alex Ford
15c9e7666a Ruby: convert rb/sensitive-get-query into a @kind problem 2023-03-27 09:42:10 +01:00
Tom Hvitved
a13b6ed230 Merge pull request #12536 from hvitved/dataflow/call-enclosing-callable-consistency-check 
Data flow: Add consistency check for `DataFlowCall::getEnclosingCallable`
 2023-03-16 10:19:42 +01:00
Rasmus Wriedt Larsen
b3a49ab143 Merge pull request #12467 from RasmusWL/kwargs-parameter-position-fixup 
Python/Ruby: Use new parameter position for synthetic hash-splat instead
 2023-03-16 09:52:46 +01:00
Tom Hvitved
9f798902bd Data flow: Add consistency check for DataFlowCall::getEnclosingCallable 2023-03-16 08:40:53 +01:00
Arthur Baars
fe34ec1378 Ruby: fix formatting errors 2023-03-15 13:45:06 +01:00
Henry Mercer
5de0eae992 Ruby: Update diagnostic source names for consistency 2023-03-15 12:05:09 +00:00
Henry Mercer
0de4259bff Revert "Ruby: Use rb prefix in diagnostic IDs for consistency with queries" 
This reverts commit a6509c7a37.
 2023-03-15 12:00:47 +00:00
Arthur Baars
fbe9823a42 Merge branch 'main' into henrymercer/polish-diagnostics 2023-03-14 23:42:33 +01:00
Harry Maclean
604d5f0c71 Merge pull request #12510 from hmac/merge-ruby-extractor 
Ruby: Merge extractor crates
 2023-03-15 09:41:07 +13:00
Harry Maclean
6dcc884fe1 Ruby: Small doc change 
This is primarily to bust the actions cache, to test a change in the
ruby-build workflow.
 2023-03-15 08:42:24 +13:00
Harry Maclean
aaeb8a0aa0 Merge pull request #12493 from hmac/ar-sinks 2023-03-15 07:59:07 +13:00
Henry Mercer
a6509c7a37 Ruby: Use rb prefix in diagnostic IDs for consistency with queries 2023-03-14 17:13:50 +00:00
Henry Mercer
769f9051af Ruby: Serialize severities as lowercase 2023-03-14 17:09:25 +00:00
Tom Hvitved
8dd99b951b Data flow: Exclude expectsContent nodes from lambda flow 2023-03-14 10:01:11 +01:00
Tom Hvitved
08557974ae Merge pull request #12499 from hvitved/ruby/more-constructor-flow 
Ruby: Add missing flow through `self.new` constructor calls
 2023-03-14 09:14:42 +01:00
Harry Maclean
999b12f78b Ruby: better errors in generator 
Provide more context if a file cannot be opened by the generator.
 2023-03-14 18:12:01 +13:00
Harry Maclean
7ee7a0df34 Ruby: fix prefix in create-extractor-pack scripts 2023-03-14 18:12:01 +13:00
Harry Maclean
d814e15a2f Ruby: Refactor 2023-03-14 12:58:32 +13:00
Harry Maclean
f3272239bd Ruby: Format rust files 2023-03-14 12:31:50 +13:00
Harry Maclean
cd9927cf66 Ruby: Update create-extractor-pack 2023-03-14 12:23:09 +13:00
Harry Maclean
e070bd512e Ruby: Move some support files to new extractor 2023-03-14 12:07:39 +13:00
Harry Maclean
194edd76e5 Ruby: Put all binaries in same directory 2023-03-14 12:03:46 +13:00
Harry Maclean
a7e276343e Ruby: Update .gitignore for moved extractor 2023-03-14 12:03:03 +13:00
Harry Maclean
f53c31398c Ruby: Fix imports in extractor 2023-03-14 12:02:11 +13:00
Harry Maclean
15bd825805 Ruby: finish reorganising extractor files 2023-03-14 11:49:18 +13:00
Harry Maclean
6f23111320 Ruby: Remove old Cargo.toml files 2023-03-14 11:47:21 +13:00
Harry Maclean
983b84276b Ruby: Lift extractor binaries 2023-03-14 11:45:46 +13:00
Harry Maclean
1a71c3f174 Ruby: Merge extractor crates 
This just moves the files, so as not to confuse git when we make changes
to them.
 2023-03-14 11:43:17 +13:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
dependabot[bot]
6e75df4088 Merge pull request #12494 from github/dependabot/cargo/ruby/serde-1.0.155 2023-03-13 11:49:00 +00:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Tom Hvitved
163bb2b94d Add change note 2023-03-13 12:45:46 +01:00
Tom Hvitved
714b61b63e Ruby: Add missing flow through self.new constructor calls 2023-03-13 12:45:46 +01:00
dependabot[bot]
219bac74bf Bump serde from 1.0.154 to 1.0.155 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.154 to 1.0.155.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.154...v1.0.155)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-03-13 11:36:09 +00:00
Arthur Baars
e0a49e2999 Merge pull request #12486 from aibaars/windows-long-paths 
Ruby: support long paths on Windows
 2023-03-13 12:18:50 +01:00
Arthur Baars
41a53ec109 Address comments 2023-03-13 11:50:03 +01:00
Anders Schack-Mulligen
c380ecbbbc Data flow: Add change notes. 2023-03-13 11:09:13 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Tom Hvitved
6ee231fac5 Ruby: Add more tests for flow through constructors 2023-03-13 10:52:01 +01:00
Harry Maclean
9c3d141c9c Ruby: Add change note 2023-03-13 18:57:55 +13:00
Harry Maclean
fe995dd99b Ruby: ActiveRecord::Connection.execute SQL sink 2023-03-13 09:03:54 +13:00
Harry Maclean
025cd34dab Ruby: Taint flow through ActionController params 
We were not recognising "require" as returning a Parameters instance.
 2023-03-13 08:52:41 +13:00
Harry Maclean
2d95b6a049 Ruby: Add count_by_sql as SQL sink 2023-03-13 08:40:32 +13:00
Harry Maclean
c97dccf0de Ruby: Add reorder as a SQL sink 
In recent versions of Rails this method doesn't seem to be vulnerable,
but it may be in previous versions. There's a slight FP risk here, but
I think it is small.
 2023-03-13 08:38:17 +13:00
Arthur Baars
c67bfff33b Ruby: strip \\?\ from display paths 2023-03-10 22:32:11 +01:00
Arthur Baars
4bfcc31ef0 Ruby: support long paths on Windows 2023-03-10 22:32:11 +01:00
Anders Schack-Mulligen
1e64748ffe Dataflow: Autoformat. 2023-03-10 15:12:19 +01:00
Anders Schack-Mulligen
289f921171 Dataflow: Sync. 2023-03-10 14:56:54 +01:00