hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-18 16:03:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,151 Commits 1,692 Branches 160 Tags
28a23209a58389a83b34bcfe1d1e4e9c3cd630d9
Commit Graph

1756 Commits

Author SHA1 Message Date
Harry Maclean
28a23209a5 Ruby: Identify ActionController::Metal controllers 
Subclasses of `ActionController::Metal` are stripped-down controllers.
We want to recognise them as ActionController controllers.
There are some common ActionController methods that are not available in
Metal, but these are not likely to be used anyway as they would throw an
exception, so I don't think there's much harm in including them in the
modelling.
 2022-09-28 07:10:09 +13:00
erik-krogh
7675571daa fix RegExpEscape::getValue having multiple results for some escapes 2022-09-27 13:25:23 +02:00
Anders Schack-Mulligen
9f1bbf2bbd Merge pull request #10575 from aschackmull/dataflow/cleanup-module 
Dataflow: Minor visibility cleanup
 2022-09-27 10:10:53 +02:00
Tom Hvitved
88baf0883a Merge pull request #10358 from hvitved/ruby/dataflow/call-ctx 
Ruby: Context sensitive instance method resolution
 2022-09-26 19:55:10 +02:00
Anders Schack-Mulligen
1687d08587 Dataflow: Sync. 2022-09-26 16:10:03 +02:00
Tom Hvitved
257bcefaf9 Merge pull request #10548 from hvitved/ruby/call-graph-tests 
Ruby: Add call graph tests for unsupported constructs
 2022-09-26 10:47:23 +02:00
Dave Bartolomeo
3bd456e52d Merge pull request #10565 from github/post-release-prep/codeql-cli-2.11.0 
Post-release preparation for codeql-cli-2.11.0
 2022-09-23 18:13:59 -04:00
github-actions[bot]
6cef0af5df Post-release preparation for codeql-cli-2.11.0 2022-09-23 21:01:40 +00:00
Asger F
11ba0f0bbe Merge pull request #10253 from asgerf/js/type-defs-squashed 
JS: Add generated typings to SQL models
 2022-09-23 11:34:01 +02:00
Tom Hvitved
f8d2e0e6a8 Ruby: Improve QL doc for Module::getASubClass 2022-09-23 10:40:38 +02:00
Tom Hvitved
8b424d181a Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency 
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
 2022-09-23 10:38:48 +02:00
Tom Hvitved
fa6da788dc Ruby: Add call graph test for unsupported constructs 2022-09-23 10:24:43 +02:00
github-actions[bot]
f5cf8cffa3 Release preparation for version 2.11.0 2022-09-22 20:14:12 +00:00
Dave Bartolomeo
cee0e8e137 Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Tom Hvitved
9937ae8ef9 Ruby: Call sensitive instance method resolution 2022-09-22 16:22:31 +02:00
Tom Hvitved
64978b0138 Ruby: Add data-flow test that demonstrates spurious flow 2022-09-22 15:18:42 +02:00
Tom Hvitved
ad6b870f94 Data flow: Sync files 2022-09-22 15:01:33 +02:00
Alex Ford
140458b7cc Merge pull request #9932 from alexrford/ruby/rbi-typegraph-fixes 
Ruby: RBI library changes to support models-as-data model generation
 2022-09-22 13:55:33 +01:00
Tom Hvitved
f0f4fe7286 Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update 
Ruby: Add post-update nodes for compound arguments
 2022-09-22 13:18:51 +02:00
Henry Mercer
f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Nick Rolfe
7d0bfe8f98 Merge pull request #10531 from github/nickrolfe/title-case 
Ruby: use consistent capitalization with `import ... as`
 2022-09-22 12:05:44 +01:00
Nick Rolfe
df8a182ac2 Ruby: use consistent capitalization with import ... as 2022-09-22 11:13:41 +01:00
Nick Rolfe
ee34ac5394 Merge pull request #10512 from github/nickrolfe/hash_from_trusted_xml 
Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink
 2022-09-22 10:59:49 +01:00
Tom Hvitved
ac594842c8 Merge pull request #10504 from hvitved/ruby/private-methods 
Ruby: Two fixes for `private` methods
 2022-09-22 11:54:28 +02:00
Tom Hvitved
10a584ffb9 Merge pull request #10517 from hvitved/ruby/regexp-debug 
Ruby: Add query for debugging regexp flow
 2022-09-22 11:50:50 +02:00
Tom Hvitved
47411e3548 Ruby: Add query for debugging regexp flow 2022-09-21 19:22:10 +02:00
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Alex Ford
260db1aea2 Ruby: drop getAQualifiedName predicate from ConstantAccess 2022-09-21 14:28:43 +01:00
Alex Ford
3bbb166642 Ruby: handle block param types more neatly 2022-09-21 13:52:19 +01:00
Nick Rolfe
2edbc16829 Ruby: add Hash.from_trusted_xml as an unsafe deserialization sink 2022-09-21 13:01:21 +01:00
Tom Hvitved
61e9c6f658 Ruby: Fix call graph for overridden private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
e7649fc61a Ruby: Fix ModuleBase::get(A)Method for private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
37a2b7d0b3 Ruby: Add more call graph tests for private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
a9f2e5272f Merge pull request #10376 from hvitved/ruby/no-ast-by-default 
Ruby: Do not expose AST layer through `ruby.qll`
 2022-09-21 13:15:30 +02:00
Tom Hvitved
0064451ff0 Merge pull request #10491 from hvitved/ruby/fix-bad-join 
Ruby: Fix bad join-order
 2022-09-21 11:13:09 +02:00
Tom Hvitved
59caa977d0 Ruby: Add post-update nodes for compound arguments 2022-09-21 11:02:24 +02:00
Tom Hvitved
1f4573cf25 Ruby: Add more field flow tests 2022-09-21 10:32:38 +02:00
Erik Krogh Kristensen
7e17a919ae Merge pull request #10304 from erik-krogh/rb-followMsg 
RB: make the alert messages of taint-tracking queries more consistent
 2022-09-20 22:58:31 +02:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Tom Hvitved
2677ab6b19 Ruby: Fix bad join-order 
Before
```
Evaluated relational algebra for predicate Module#fe82a56b::lookupMethodOrConst0#2#fff#antijoin_rhs@e23c32nf with tuple counts:
          118006   ~0%    {3} r1 = SCAN Module#fe82a56b::getMethodOrConst#2#fff OUTPUT In.1, In.0, In.2
        35267848   ~3%    {4} r2 = JOIN r1 WITH project#Module#fe82a56b::getMethodOrConst#2#fff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
           21883   ~0%    {5} r3 = JOIN r2 WITH Module#fe82a56b::Cached::getAPrependedModule#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.0, Lhs.1, Lhs.2
               7  ~16%    {3} r4 = JOIN r3 WITH Module#fe82a56b::getAncestors#1#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4
                          return r4
```

After
```
Evaluated relational algebra for predicate Module#fe82a56b::lookupMethodOrConst0#2#fff#antijoin_rhs@839f6a1k with tuple counts:
        118006  ~1%    {3} r1 = SCAN Module#fe82a56b::getMethodOrConst#2#fff OUTPUT In.0, In.2, In.1
           151  ~0%    {4} r2 = JOIN r1 WITH Module#fe82a56b::Cached::getAPrependedModule#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1, Lhs.2
           155  ~1%    {4} r3 = JOIN r2 WITH Module#fe82a56b::getAncestors#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.1, Lhs.2
             7  ~0%    {3} r4 = JOIN r3 WITH project#Module#fe82a56b::getMethodOrConst#2#fff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.1
                       return r4
```
 2022-09-20 16:24:39 +02:00
Tom Hvitved
647397759e Merge pull request #10336 from hvitved/ruby/call-graph-rework 
Ruby: Rework call graph implementation
 2022-09-20 15:29:40 +02:00
Nick Rolfe
30b54b2abe Merge pull request #10450 from github/nickrolfe/filesystemresolver 
Ruby: model ActionView::FileSystemResolver as a FileSystemAccess
 2022-09-20 14:21:28 +01:00
Asger F
51618b46a8 Sync ApiGraphModels.qll 2022-09-20 11:47:37 +02:00
Alex Ford
52305da5a3 Ruby: move string getAQualifiedName() up to ConstantAccess 2022-09-19 21:03:05 +01:00
Alex Ford
d00c9ea2c8 Ruby: RBI library improvements, mostly for parameter types 2022-09-19 21:03:05 +01:00
Alex Ford
8d264e7e65 Ruby: add ConstanReadAcess#getAQualifiedName() predicate 2022-09-19 21:03:05 +01:00
erik-krogh
0645b11cb1 ruby: remove unused predicate from NfaUtilsSpecific 2022-09-19 15:25:00 +02:00
Tom Hvitved
bb08e6f0fd Ruby: Three call graph fixes for singleton methods 2022-09-19 14:20:12 +02:00
Tom Hvitved
d13332cff1 Ruby: Add more call graph tests 2022-09-19 14:19:25 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00