hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-21 01:13:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
57,729 Commits 1,693 Branches 161 Tags
3b8b33a94de439776a32ed0f29b012500511d0ee
Commit Graph

54 Commits

Author SHA1 Message Date
Tom Hvitved
e96cbeb00a Ruby: Adjust locations of synthesized nodes 2023-08-14 14:37:47 +02:00
Tom Hvitved
77fca277fe Ruby: Improve desugaring of for loops 2023-08-10 13:22:01 +02:00
Harry Maclean
72356d1515 Ruby: track flow from *args to positional params 
This models flow in the following case:

    def foo(x, y)
      sink x # 1
      sink y # 2
    end

    args = [source 1, source 2]
    foo(*args)

We do this by introducing a SynthSplatParameterNode which accepts
content from the splat argument, if one is given at the callsite.
From this node we add read steps to each positional parameter.
 2023-08-09 15:01:40 +01:00
Alex Ford
f437a6f729 Merge branch 'main' into maikypedia/ldap-injection 2023-07-31 16:00:41 +01:00
Alex Ford
558238a9be Ruby: update TaintStep test output 2023-07-31 16:00:27 +01:00
Alex Ford
082f26bcb1 Ruby: update TaintStep.ql output 2023-07-05 12:19:55 +01:00
Michael Nebel
0665f4f004 Ruby: Update TaintStep expected test output. 2023-07-03 14:36:06 +02:00
Jeroen Ketema
d82c3ce11a Ruby: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:23 +02:00
Anders Schack-Mulligen
0c62901a67 Ruby: Fix tests. 2023-06-09 15:39:18 +02:00
Tom Hvitved
cee70883f0 Merge pull request #12964 from hvitved/ruby/remove-synth-returns 
Ruby: Remove canonical return nodes
 2023-06-08 10:07:48 +02:00
Alex Ford
6fa9e13a2e Ruby: update TaintStep output 2023-06-01 16:27:20 +01:00
Alex Ford
7d943c7621 Ruby: update test output 2023-06-01 13:50:32 +01:00
Alex Ford
baabd2d1fa Merge pull request #12832 from maikypedia/maikypedia/pg-sqli 
Ruby: Add SQL Injection Sinks
 2023-05-26 11:36:17 +01:00
Alex Ford
609319da20 ruby: update TaintStep.ql test output 2023-05-25 17:53:01 +01:00
Tom Hvitved
13ada1e6ad Ruby: Remove canonical return nodes 2023-05-24 11:11:50 +02:00
Asger F
6d1a4451fb Ruby: update a test expectation 2023-05-24 10:15:51 +02:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Tom Hvitved
b816c79248 Ruby: Include all assignments in data flow paths 2023-03-24 10:09:30 +01:00
Alex Ford
e84b08409c Ruby: test fixes 2023-03-17 12:08:38 +00:00
Tom Hvitved
1d0b3d4112 Ruby: Ssa::WriteDefinition::getWriteAccess should return a CFG node 2023-03-16 11:28:24 +01:00
erik-krogh
1a27441cfb drive-by: delete code-execution sinks from unsafe-deserialization, we risked duplicate alerts 2023-01-06 09:04:36 +01:00
Peter Stöckli
d2c8e70be1 Adjust expected file for TaintStep (due to changes to File.join) 2022-12-09 09:57:19 +01:00
Arthur Baars
d862972d5e Ruby: Add use-use stress test 2022-12-07 15:28:51 +01:00
Arthur Baars
f11f2cb1a0 Ruby: Update tests 2022-12-07 15:28:50 +01:00
Asger F
22316ee4fe Ruby: merge package/type columns 2022-11-23 11:17:42 +01:00
Tom Hvitved
32f60fd112 Ruby: Add more local flow tests for use-use flow 2022-11-15 11:45:31 +01:00
Tom Hvitved
e18442069b Ruby: Fix SSA entry definitions for self in top-level 2022-11-10 15:08:17 +01:00
Asger F
859dc7beb7 Merge pull request #11024 from asgerf/rb/data-flow-layer-capture2 
Ruby: expand DataFlow API
 2022-11-09 15:06:03 +01:00
Asger F
43769ad464 Ruby: update test output 2022-11-08 19:20:57 +01:00
Asger F
0a8f39fe96 Ruby: recover some incomplete capture flow 2022-10-31 13:33:41 +01:00
Nick Rolfe
269c27757d Ruby: include value-preserving flow in localTaintStep 2022-10-21 16:17:11 +01:00
Nick Rolfe
5319216c18 Ruby: add test of TaintTracking::localFlowStep 2022-10-21 16:04:04 +01:00
Arthur Baars
0160c374e4 Ruby: add flow summaries for Object#dup and Kernel#tap 2022-10-04 12:58:49 +02:00
Arthur Baars
09bc78eafc Ruby: local dataflow step for || and && 2022-10-04 12:58:49 +02:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
Tom Hvitved
1e1b2e284d Ruby: Cleanup flow through self 2022-03-09 13:17:11 +01:00
Arthur Baars
0cef887683 Ruby: address comments 2022-01-24 11:27:26 +01:00
Arthur Baars
e9a01f9e8f Ruby: fix test case 2022-01-24 10:31:08 +01:00
Arthur Baars
fcec8a8388 Address comments 2022-01-24 10:31:08 +01:00
Arthur Baars
26a0167d6d Ruby: add taint step test for hash patterns 2022-01-24 10:31:06 +01:00
Arthur Baars
49c452239e Ruby: add taint steps from case value to variables in patterns 2022-01-24 10:10:22 +01:00
Tom Hvitved
8c18aaae74 Ruby: Prepare for data flow through arrays 2021-12-22 15:35:34 +01:00
Tom Hvitved
27f786b41e Merge pull request #7442 from hvitved/ruby/dataflow/keyword-params 
Ruby: Data flow for keyword arguments/parameters
 2021-12-22 15:23:22 +01:00
Arthur Baars
6c7114804e Ruby: remove CaseExprChildMapping::getBranch 2021-12-20 19:21:36 +01:00
Tom Hvitved
1e27ddf7c7 Ruby: Data flow for keyword arguments/parameters 2021-12-17 15:42:29 +01:00
Tom Hvitved
413375992d Ruby: Flatten nested statements inside desugared for loops 2021-11-17 09:05:37 +01:00
Tom Hvitved
945bb7459a Ruby: Update expected test output 2021-11-17 09:05:37 +01:00
Alex Ford
8603609698 Update test output to account for for-loop -> each desugaring 2021-11-17 09:05:36 +01:00
Harry Maclean
aa8607009b Update test fixtures 2021-10-22 10:56:34 +01:00
Harry Maclean
c437fd50a4 Update test fixtures 
Some of these look a bit suspicious, so need to double check them before
merging.
 2021-10-20 10:39:36 +01:00