hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 16:36:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,385 Commits 1,714 Branches 163 Tags
3043ac850cdfed9bdb25e1b0c177fb26791105df
Commit Graph

71 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
6815a13a00 Merge pull request #6931 from hvitved/dataflow/restrict-derived-summaries 
Data flow: Restrict derived flow summaries
 2021-11-18 15:31:55 +01:00
Erik Krogh Kristensen
1cca377e7d Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Alex Ford
08b6a17097 Merge pull request #7151 from github/ruby/methodcallnode 
Ruby: add `getMethodName` predicate to `DataFlow::CallNode` class
 2021-11-17 14:40:07 +00:00
Tom Hvitved
4eacbd1cbe Ruby: Sync files 2021-11-17 10:49:51 +01:00
Arthur Baars
7c2841f058 Ruby: QL generator: use qualified imports 2021-11-17 10:37:44 +01:00
Tom Hvitved
7cfc696d62 Merge pull request #7141 from hvitved/ruby/synthesis-realnode-recursion 
Ruby: Eliminate unnecessary recursion through `RealNode`
 2021-11-17 09:03:30 +01:00
Alex Ford
c8cdbfa352 ruby: push getMethodName into DataFlow::CallNode 2021-11-16 17:11:26 +00:00
Alex Ford
286c894f34 ruby: add DataFlow::MethodCallNode class 2021-11-16 15:39:47 +00:00
Anders Schack-Mulligen
c70d384d28 Merge pull request #7045 from aschackmull/dataflow/hidden-ret-subpaths 
Data flow: Support hidden return nodes in subpaths predicate
 2021-11-16 15:04:51 +01:00
Tom Hvitved
e7b091086d Ruby: Eliminate unnecessary recursion through RealNode 2021-11-16 12:24:17 +01:00
Tom Hvitved
3a8e2db3ab Merge pull request #7121 from hvitved/ruby/lookup-const-anti-join 2021-11-16 11:32:55 +01:00
Tom Hvitved
03ae58830a Ruby: Add missing CFG entry for ForwardParameter 2021-11-15 16:28:17 +01:00
Tom Hvitved
723ac818d9 Shared CFG: Update breakInvariant4 consistency test 2021-11-15 11:43:49 +01:00
Tom Hvitved
19e6da517b Ruby: Fix bad join-order in resolveConstant 
```
[2021-11-09 11:35:47] (99s) Starting to evaluate predicate Module::Cached::resolveConstant#ff#antijoin_rhs/3@f6dcd6
[2021-11-09 11:35:58] (111s) Tuple counts for Module::Cached::resolveConstant#ff#antijoin_rhs/3@f6dcd6 after 11.5s:
                      165960683 ~0%     {4} r1 = JOIN Module::Cached::resolveConstant#ff#shared WITH Module::constantDefinition0#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 'arg1', Lhs.0 'arg0', Lhs.2 'arg2'

                      0         ~0%     {3} r2 = JOIN r1 WITH Module::ClassDeclaration::getSuperclassExpr_dispred#ff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1', Lhs.3 'arg2'

                      0         ~0%     {3} r3 = JOIN r1 WITH Constant::ConstantAccess::getScopeExpr_dispred#ff ON FIRST 2 OUTPUT Lhs.2 'arg0', Lhs.1 'arg1', Lhs.3 'arg2'

                      0         ~0%     {3} r4 = r2 UNION r3
                                        return r4
```
 2021-11-12 14:08:11 +01:00
Anders Schack-Mulligen
7ffd9b4f9e Dataflow: Include read/store steps when finding non-hidden return. 2021-11-11 11:26:21 +01:00
Anders Schack-Mulligen
6d9fb3ca43 Dataflow: Sync. 2021-11-10 15:11:13 +01:00
Tom Hvitved
7178a98e45 Ruby: Rename pruneUseNode{Fwd,Rev} 2021-11-09 15:16:36 +01:00
Tom Hvitved
30251740e3 Ruby: Prune nodes before computing trackUseNode 2021-11-09 15:16:36 +01:00
Tom Hvitved
8195ebf4b3 Merge pull request #7059 from hvitved/ruby/basic-store-step-postupdate 
Ruby: Fix `basicStoreStep`
 2021-11-09 15:16:07 +01:00
Anders Schack-Mulligen
e0b121cd90 Merge pull request #7047 from hvitved/csharp/ssa/dominance-frontier 
Shared SSA: Improved dominance frontier calculation
 2021-11-08 08:50:46 +01:00
Tom Hvitved
3544c85445 Ruby: Make the target of basicStoreStep the post-update node 2021-11-04 14:21:22 +01:00
Tom Hvitved
1101b1054d Ruby: Make target of basicStoreStep a normal data flow node 2021-11-04 14:20:07 +01:00
Erik Krogh Kristensen
02f500b9c2 Merge branch 'main' into htmlReg 2021-11-04 12:58:42 +01:00
Tom Hvitved
16d96d2ad3 Ruby: Remove Node::getEnclosingCallable and ParameterNode::isParameterOf 2021-11-03 15:59:29 +01:00
Tom Hvitved
df6962143d Shared SSA: Sync files 2021-11-03 14:21:50 +01:00
Tom Hvitved
ab37ae6613 Merge pull request #7036 from hvitved/ruby/truncate-get-value-text 
Ruby: Truncate concatenated strings in `getValueText`
 2021-11-03 10:57:43 +01:00
Mathias Vorreiter Pedersen
4a2894a707 Merge pull request #7025 from MathiasVP/nomagic-parameterCand 
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
 2021-11-02 20:40:44 +00:00
Tom Hvitved
8b287a7846 Ruby: Truncate concatenated strings in getValueText 2021-11-02 18:19:49 +01:00
Anders Schack-Mulligen
7d0152f3c0 Merge pull request #6932 from aschackmull/dataflow/flow-features 
Dataflow: Add support for call context restrictions on sources/sinks.
 2021-11-02 13:24:17 +01:00
Mathias Vorreiter Pedersen
6f4107ff23 Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma. 2021-11-02 11:37:40 +00:00
Tom Hvitved
302373d154 Merge pull request #6858 from hvitved/python/type-tracker-changes 
Python: Type tracker changes
 2021-11-02 11:47:01 +01:00
CodeQL CI
5d62aa5b29 Merge pull request #6994 from erik-krogh/redundant-cast 
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
 2021-11-02 03:45:48 -07:00
Tom Hvitved
fe80c4a17b Ruby: Sync files 2021-11-02 11:16:46 +01:00
Anders Schack-Mulligen
5951ae79b9 Dataflow: Add language specific predicates. 2021-10-29 11:11:35 +02:00
Anders Schack-Mulligen
00df6798b1 Dataflow: Sync 2021-10-29 11:00:23 +02:00
Erik Krogh Kristensen
15c90adec5 remove redundant cast where the type is enforced by an equality comparison 2021-10-28 18:08:20 +02:00
Erik Krogh Kristensen
e75448ebb0 remove redundant inline casts 2021-10-28 16:35:53 +02:00
Anders Schack-Mulligen
6eabb610b4 Dataflow: Sync Ruby 2021-10-27 13:58:30 +02:00
Erik Krogh Kristensen
8a4b043cb1 fix imports 2021-10-26 15:39:45 +02:00
Erik Krogh Kristensen
97264b5dda add the bad tag filter query to ruby 2021-10-26 15:25:12 +02:00
Erik Krogh Kristensen
c15ddf6e92 update ReDoSUtil in ruby 2021-10-26 15:03:09 +02:00
Erik Krogh Kristensen
2ddf445caf move ruby files to match file structure from js/py 2021-10-26 14:54:12 +02:00
Mathias Vorreiter Pedersen
67fd38f328 C#/Ruby: Use a 'noinline' instead of a 'only_bind_into'. 2021-10-26 09:41:52 +01:00
Mathias Vorreiter Pedersen
4b137ede0e Ruby: Sync identical files. 2021-10-25 22:03:44 +01:00
Tom Hvitved
f020b2e437 Merge pull request #335 from github/hmac/self-flow 2021-10-22 19:14:20 +02:00
Nick Rolfe
3851a27fc1 Merge pull request #358 from github/external-control-file-path 
Add rb/path-injection query
 2021-10-22 15:38:39 +01:00
Tom Hvitved
61d7cdeec0 Data flow: Assign empty locations to summary nodes 2021-10-22 14:48:33 +02:00
Harry Maclean
87df3a0a99 Minor refactor 2021-10-22 11:44:38 +01:00
Nick Rolfe
d4cee73720 Add taint summaries for ActiveStorage::Filename 2021-10-22 11:15:42 +01:00
Harry Maclean
336bd15d2f Override isCapturedAccess for self variables 
Many `self` reads are synthesised from method calls with an implicit
`self` receiver. Synthesised nodes have no `toGenerated` result, which
the default definition of `isCapturedAccess` uses to determine if a
variable's scope matches the access's scope.

Hence we override the definition to properly identify accesses like the
call `puts` (below) as captured reads of a `self` variable defined in a
parent scope.

In other words, `puts x` is short for `self.puts x` and the `self`
refers to its value in the scope of the module `Foo`.

```ruby
module Foo
  MY_PROC = -> (x) { puts x }
end
```

We also have to update the SSA `SelfDefinition` to exclude captured
`self` variables.
 2021-10-22 10:56:34 +01:00