hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-04 17:21:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,273 Commits 1,691 Branches 159 Tags
2a57b00a131e7bbe148e0f5e8d0dde9753a3e7cd
Commit Graph

1006 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
4ff823c36b Merge pull request #11366 from p-/p--ruby-kernel-open-addition 
Ruby: Add additional sinks to the `rb/kernel-open` query
 2022-12-12 15:56:01 +01:00
Harry Maclean
6c8896d83f Merge pull request #11337 from hmac/actionmailbox 
Ruby: Model ActionMailbox
 2022-12-12 10:29:23 +13:00
Peter Stöckli
d2c8e70be1 Adjust expected file for TaintStep (due to changes to File.join) 2022-12-09 09:57:19 +01:00
Peter Stöckli
03fff2709b Add suggestions to fix FileJoinSanitizer 2022-12-09 09:42:44 +01:00
Peter Stöckli
0d8c82009c Merge branch 'main' into p--ruby-kernel-open-addition 2022-12-09 07:54:56 +01:00
Tom Hvitved
35938067fe Merge pull request #11517 from aibaars/phi-reads-in-data-flow-graph 
Ruby: Include SSA "phi reads" in DataFlow::Node
 2022-12-07 18:58:44 +01:00
Arthur Baars
898a4006b0 Merge pull request #10747 from aibaars/ruby-more-flow 
Ruby: also treat included/prepended modules as subclasses
 2022-12-07 15:49:00 +01:00
Arthur Baars
d862972d5e Ruby: Add use-use stress test 2022-12-07 15:28:51 +01:00
Arthur Baars
f11f2cb1a0 Ruby: Update tests 2022-12-07 15:28:50 +01:00
Tom Hvitved
b171dc9b7b Merge pull request #11477 from hvitved/ruby/call-ctx-rewrite 
Ruby: Rework call-context sensitivity logic
 2022-12-06 07:39:29 +01:00
Arthur Baars
889eea92c2 Merge branch 'main' into ruby-more-flow 2022-12-05 11:13:46 +01:00
Arthur Baars
83423854d2 Merge pull request #11339 from aibaars/active_support_enumerable 
Ruby: Active support enumerable
 2022-12-05 11:02:19 +01:00
Asger F
2d578c1a73 Merge branch 'main' into merge-package-type-columns 2022-12-02 10:00:44 +01:00
Harry Maclean
91421528df Ruby: Update test 2022-12-01 09:01:03 +13:00
Arthur Baars
0f2cb440b0 Ruby: add flow summary for Enumerable#sole 2022-11-30 11:57:35 +01:00
Arthur Baars
5517cfa6c0 Ruby: add flow summary for Enumerable#pluck 2022-11-30 11:57:35 +01:00
Arthur Baars
207ba86d51 Ruby: add flow summary for Enumerable#pick 2022-11-30 11:57:29 +01:00
Tom Hvitved
bfbe5bdfb8 Ruby: Add data flow test that illustrates spurious flow 2022-11-30 11:01:32 +01:00
Harry Maclean
dab7970087 Ruby: Model JSON.pretty_generate 2022-11-30 13:18:45 +13:00
Harry Maclean
14a19d23a6 Ruby: Fix typo in documentation 
This import isn't needed.
 2022-11-30 13:18:45 +13:00
Harry Maclean
67257671ea Ruby: Remove redundant dataflow test 2022-11-30 13:18:44 +13:00
Harry Maclean
1bd2dd0a6e Ruby: update test fixture 2022-11-30 13:17:46 +13:00
Harry Maclean
eff763d127 Ruby: Model to_json ActiveSupport extension 2022-11-30 13:17:44 +13:00
Harry Maclean
5259d4af63 Ruby: Model various JSON methods 2022-11-30 13:15:18 +13:00
Harry Maclean
0a98559fcb Ruby: Add flow summaries for ActiveSupport::JSON 2022-11-30 13:15:16 +13:00
Harry Maclean
aed4325ee3 Ruby: Remove unused class 2022-11-30 11:50:35 +13:00
Harry Maclean
b66ea6ed72 Ruby: Simplify ActionMailbox modeling 2022-11-30 11:46:21 +13:00
Harry Maclean
71f2d8f6d8 Ruby: Model ActionMailbox#inbound_mail 2022-11-30 11:46:21 +13:00
Harry Maclean
eac5aa26ee Ruby: Model remote input for ActionMailbox 2022-11-30 11:46:21 +13:00
Harry Maclean
375403fb9d Merge pull request #11114 from hmac/case-barrier-guard-3 
Ruby: Add case string comparison barrier guard
 2022-11-30 11:21:07 +13:00
erik-krogh
7dcb813ff3 remove two more claseses of FPs in rb/non-constant-kernel-open 2022-11-29 12:49:23 +01:00
Peter Stöckli
6b1865d2ca Merge branch 'main' into p--ruby-kernel-open-addition 2022-11-29 10:19:36 +01:00
Peter Stöckli
5b6dd786c3 Add changes for NonConstantKernelOpenQuery 2022-11-29 10:00:57 +01:00
Peter Stöckli
d8752a0b12 Add additional sinks to the rb/kernel-open query 2022-11-29 10:00:56 +01:00
Erik Krogh Kristensen
0cd50aac40 Merge pull request #11398 from erik-krogh/splat-stuff 
Rb: add some more flow through splat parameters
 2022-11-28 22:31:25 +01:00
Nick Rolfe
8a94cabdbf Merge pull request #11250 from github/nickrolfe/stack-trace-exposure 
Ruby: add stack-trace exposure query
 2022-11-28 10:45:59 +00:00
erik-krogh
0c2ff98dc2 add flow from the first splat argument to the first splat parameter 2022-11-28 09:54:05 +01:00
erik-krogh
d5725255fe add failing test for splat parameter flow 2022-11-28 09:53:03 +01:00
Alex Ford
893c8763bb Ruby: model ActiveSupport json_escape flow 2022-11-24 15:33:08 +00:00
Nick Rolfe
50b10be2db Ruby: StackTraceExposure: add test for a specific rescue type 2022-11-24 14:08:34 +00:00
Nick Rolfe
1c407a28cd Apply suggestions from code review 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-11-24 14:02:32 +00:00
Asger F
22316ee4fe Ruby: merge package/type columns 2022-11-23 11:17:42 +01:00
Erik Krogh Kristensen
b4661f4a59 Merge pull request #11245 from erik-krogh/rb-redosMod 
Ruby: use the shared regex pack
 2022-11-21 15:34:20 +01:00
Tom Hvitved
2fac505221 Ruby: Update expected test output 2022-11-21 12:52:27 +01:00
Arthur Baars
4e88b8453a Ruby: add flow summary for Enumerable#index_with 2022-11-17 16:22:32 +01:00
Tom Hvitved
f24fa402f3 Adjust CFG 2022-11-17 10:32:28 +01:00
Harry Maclean
a6f6936719 Merge pull request #11058 from hmac/actioncontroller-logger 
Ruby: Model various ActionController methods
 2022-11-17 08:21:00 +13:00
Tom Hvitved
67b6a82cf1 Merge pull request #11198 from hvitved/ssa/expose-phi-reads 
SSA: Expose phi-read nodes
 2022-11-16 15:11:58 +01:00
Erik Krogh Kristensen
7d4ea47611 Merge pull request #10855 from erik-krogh/formatTaint 
Ruby: taint-steps for printf calls - and add a `AdditionalTaintStep` class
 2022-11-16 12:08:45 +01:00
Harry Maclean
ed3270fb04 Ruby: Update for upstream changes 2022-11-16 14:06:32 +13:00