hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-31 04:38:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,316 Commits 1,723 Branches 164 Tags
3b9eba2afc44ca2ea1030fea4a14dc8b8f96df4e
Commit Graph

564 Commits

Author SHA1 Message Date
Owen Mansel-Chan
1950fd33db Ruby: Inline expectation should have space before $ 2026-03-04 13:11:41 +00:00
Owen Mansel-Chan
6001c735ff Ruby: Inline expectation should have space after $ 
This was a regex-find-replace from `# \$(?! )` (using a negative lookahead) to `# $ `.
 2026-03-04 12:45:06 +00:00
Owen Mansel-Chan
1d6b8c5120 Use postprocessing queries for unrelated test 
Need to do this because the model numbering was changing. At the same
time we may as well use inline expectations.
 2026-02-18 13:49:53 +00:00
Owen Mansel-Chan
eb7f1989c7 Reinstate ql model for String#shellescape 2026-02-17 22:27:15 +00:00
Owen Mansel-Chan
de5470a85c Add MaD barriers for Shellwords.escape and shellescape 
Note that this will only block flow for queries that use the kind `command-injection`.
 2026-02-17 22:27:13 +00:00
Owen Mansel-Chan
b3681f7a0c Model flow through Shellwords escape and shellescape 2026-02-17 22:27:11 +00:00
Owen Mansel-Chan
6294c3b3b8 Remove Shellwords sanitizer in ql 
Note that some sanitizers had no effect because flow through those functions wasn't modeled.
 2026-02-17 22:27:10 +00:00
Arthur Baars
5d3ec35e29 Remove non-breaking spaces from code 2025-09-05 09:41:15 +02:00
Jeroen Ketema
52bbfa30d2 Ruby: update expected test results 2025-07-04 15:32:07 +02:00
Nora Dimitrijević
89f1ee0301 Ruby: add meta/TaintedNodes.ql test 2025-06-26 13:22:07 +02:00
Nora Dimitrijević
92a48cdc2b Ruby: convert InsecureDownload test to .qlref 2025-06-24 14:57:59 +02:00
Nora Dimitrijević
e32982057c Ruby: convert CommandInjection test to .qlref 2025-06-24 14:57:54 +02:00
yoff
3fcd46ec6c Apply suggestions from code review 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2025-05-13 16:57:32 +02:00
yoff
774b1820c2 ruby: also insert capturedExitRead-nodes by exceptional exits 2025-05-13 15:11:00 +02:00
yoff
73bae1627b ruby: test for DeadStore and captured variables 2025-05-13 15:08:01 +02:00
yoff
2477233508 ruby: only report on method calls 
Interviewing a Ruby developer, I learned that
dealing with nil is common practice.
So alerts are mostly useful, if we can point to a place where this has gone wrong.
 2025-04-11 15:01:57 +02:00
yoff
b641d5f177 ruby: fix FP 2025-04-11 13:22:42 +02:00
yoff
6e2cfab7b2 ruby: add test for for 
found during triage
 2025-04-11 12:46:25 +02:00
yoff
53c88da91b ruby: refine query for uninitialised local variables 
- there are places where uninitialised reads are intentional
- there are also some places where they are impossible
 2025-04-11 03:07:19 +02:00
yoff
1ca25b2ccb ruby: add test of rb/uninitialized-local-variable 2025-04-11 03:00:05 +02:00
yoff
385598d46d ruby: remove some FPs from rb/useless-assignment-to-local 2025-04-07 13:28:05 +02:00
yoff
b205fedef4 ruby: add tests 2025-04-07 13:27:27 +02:00
yoff
0912e3b024 ruby: use inline expectation tests 2025-02-11 12:51:25 +01:00
yoff
921104306a ruby: clean up logic and add test 
use the CFG more than the AST
 2025-02-07 23:43:27 +01:00
yoff
58fb592822 ruby: add tests 2025-02-07 13:50:27 +01:00
Tom Hvitved
978a816f11 Ruby: Track types in data flow 2025-01-06 13:26:10 +01:00
Asger F
be939dca29 Merge pull request #14350 from asgerf/shared/deduplicate-path-graph 
Shared: Add DataFlow::DeduplicatePathGraph
 2024-12-18 14:04:29 +01:00
Michael Nebel
138e294dae Ruby: Update all test util paths to point to the new location. 2024-12-12 13:54:37 +01:00
Asger F
f9c0ba3826 Ruby: use DeduplicatePathGraph in CodeInjection query 2024-12-11 11:48:15 +01:00
Jeroen Ketema
ca40b60e62 Ruby: update expected test results 2024-12-03 19:18:46 +01:00
Tom Hvitved
5b5ca05e87 Ruby: Post-processing query for inline test expectations 2024-10-29 13:35:33 +01:00
Geoffrey White
86cc2dc5a1 Ruby: Add rb/diagnostics/extraction-warnings so that we don't miss anything we had before. 2024-10-03 17:40:17 +01:00
Geoffrey White
1ea94faccf Ruby: Make similar changes to differentiate extraction errors and warnings, and mostly restore original behaviour. 2024-10-03 17:39:56 +01:00
Tom Hvitved
f287216060 Update expected test output 2024-09-24 14:21:38 +02:00
Tom Hvitved
ed9008a064 Update expected test output 2024-09-18 13:51:02 +02:00
Tom Hvitved
c92c96fa78 Data flow: Compute local big step relation per stage 2024-08-26 09:15:27 +02:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
Alex Ford
9fb657c4c4 Merge pull request #16781 from alexrford/rb/weak-sensitive-data-hashing 
Add `rb/weak-sensitive-data-hashing` query port
 2024-07-25 14:11:42 +01:00
Alex Ford
51f3f15e42 Ruby: remove outdated test comment 2024-06-18 17:51:49 +01:00
Alex Ford
d994959720 Ruby: add tests for rb/weak-sensitive-data-hashing 2024-06-18 17:47:32 +01:00
Joe Farebrother
07f03be8cc Add unit tests 2024-06-12 15:11:35 +01:00
Arthur Baars
4ee80653e2 Merge pull request #16471 from Sim4n6/ruby-UBV 
Ruby: Add some method calls as a Source
 2024-06-12 12:42:08 +02:00
Sim4n6
7c0ce6486b Rerun the test learn 2024-06-10 12:21:10 +01:00
Anders Schack-Mulligen
5d51b5b97b Ruby: Add support for pretty-printed provenace in tests. Convert one test. 2024-06-07 11:47:48 +02:00
Tom Hvitved
ad99158838 Ruby: Fix/accept extraction errors 2024-06-04 12:55:44 +02:00
Anders Schack-Mulligen
bbebdfea8d Merge pull request #16511 from aschackmull/dataflow/configuration-provenance 
Dataflow: Add provenance for configuration-specific steps.
 2024-05-22 14:07:10 +02:00
Alex Ford
8119a27540 Merge pull request #16185 from alexrford/rb/conditions-arr0 
Ruby: ActiveRecord - refine `conditions` argument as an SQLi sink
 2024-05-22 12:19:10 +01:00
Anders Schack-Mulligen
012b861ffb Ruby: Accept qltest .expected file changes. 2024-05-22 10:08:59 +02:00
Anders Schack-Mulligen
c4ae18649e Ruby: Accept qltest .expected file changes (interesting). 2024-05-22 10:08:59 +02:00
am0o0
dcadda23cd update expected file 2024-05-16 15:15:27 +02:00