hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,012 Commits 1,672 Branches 157 Tags
42259ef8d1ad5f5e2ee663d65384f6430b96d24e
Commit Graph

2499 Commits

Author SHA1 Message Date
github-actions[bot]
e105c13e77 Release preparation for version 2.11.4 2022-11-17 16:40:45 +00:00
Harry Maclean
a6f6936719 Merge pull request #11058 from hmac/actioncontroller-logger 
Ruby: Model various ActionController methods
 2022-11-17 08:21:00 +13:00
Tom Hvitved
67b6a82cf1 Merge pull request #11198 from hvitved/ssa/expose-phi-reads 
SSA: Expose phi-read nodes
 2022-11-16 15:11:58 +01:00
Anders Schack-Mulligen
94bca4399a Merge pull request #11183 from aschackmull/dataflow/groupflow 
Dataflow: Introduce support for src/sink grouping in path results.
 2022-11-16 12:59:01 +01:00
Erik Krogh Kristensen
7d4ea47611 Merge pull request #10855 from erik-krogh/formatTaint 
Ruby: taint-steps for printf calls - and add a `AdditionalTaintStep` class
 2022-11-16 12:08:45 +01:00
Harry Maclean
ed3270fb04 Ruby: Update for upstream changes 2022-11-16 14:06:32 +13:00
Harry Maclean
2e2fcd49bf Ruby: Consider Object#inspect a log sanitizer 
The behaviour of `Object#inspect` depends on whether it has been
overridden by a subclass, but it will typically produce output on a
single line. Calling `inspect` on a String will replace newlines with
`\n`, which is then safe for interpolation into a log line.
 2022-11-16 13:46:51 +13:00
Harry Maclean
762ebad66e Ruby: Add change note 2022-11-16 13:46:51 +13:00
Harry Maclean
d0521f15f1 Ruby: Update tests 2022-11-16 13:46:51 +13:00
Harry Maclean
d2c0250b41 Ruby: Model ActionDispatch::Request#body_stream 2022-11-16 13:46:51 +13:00
Harry Maclean
9f357837fa Ruby: Model send_data as an HTTP response 2022-11-16 13:46:51 +13:00
Harry Maclean
5cfc494e16 Ruby: Test render inside redirect_to 
This test shows that we correctly identify redirect_to and render calls
inside respond_to blocks.
 2022-11-16 13:46:51 +13:00
Harry Maclean
155b64d3fc Ruby: Add test for render calls 2022-11-16 13:46:51 +13:00
Harry Maclean
b7e14311be Ruby: Model ActionController logger 2022-11-16 13:46:50 +13:00
Harry Maclean
27681ac987 Ruby: Move ActionController tests to own directory 2022-11-16 13:46:49 +13:00
Tom Hvitved
67f31ffdf0 Ruby: Add tests for phi reads 2022-11-15 11:45:32 +01:00
Tom Hvitved
32f60fd112 Ruby: Add more local flow tests for use-use flow 2022-11-15 11:45:31 +01:00
Nick Rolfe
8d854e0a6b Merge pull request #11252 from github/nickrolfe/active_support_enumerable 
Ruby: add flow summary for Enumerable#index_by
 2022-11-15 10:40:42 +00:00
Tom Hvitved
b242bd6468 Merge pull request #11080 from github/revert-11074-revert-10576-ssa/consistency-queries 
Revert "Revert "SSA: Turn consistency predicates into `query` predicates""
 2022-11-14 14:43:58 +01:00
Nick Rolfe
c80fbff648 Ruby: add changenote for Enumerable#index_by flow summary 2022-11-14 12:47:50 +00:00
Nick Rolfe
83b3312467 Merge pull request #11207 from github/nickrolfe/arel-sql 
Ruby: add `SqlConstruction` concept, and implement it for calls to `Arel.sql`
 2022-11-14 10:21:37 +00:00
Nick Rolfe
0dadf0bbb4 Ruby: add flow summary for Enumerable#index_by 2022-11-14 10:01:24 +00:00
Rasmus Wriedt Larsen
ddbcdcb4ba Merge pull request #11160 from RasmusWL/dataflow-consistency-read-store 
DataFlow: Add read/store stepIsLocal consistency checks
 2022-11-11 14:51:45 +01:00
Nick Rolfe
be60a871a3 Ruby: tweak comment 2022-11-11 12:01:23 +00:00
Nick Rolfe
e3ebf1c668 Merge pull request #11187 from github/nickrolfe/actioncable 
Ruby: add ActionCable channel RPC params as remote flow sources
 2022-11-11 11:32:13 +00:00
Erik Krogh Kristensen
90382c4d1c Merge pull request #11178 from erik-krogh/passcode 
JS/RB/PY: Recognize `passcode` as sensitive
 2022-11-10 17:58:34 +01:00
Tom Hvitved
bda4b52395 Merge pull request #11206 from hvitved/ruby/self-toplevel-def 
Ruby: Fix SSA entry definitions for `self` in top-level
 2022-11-10 17:01:59 +01:00
Nick Rolfe
20f76e50c3 Ruby: actually call the isPublic() predicate I added 2022-11-10 15:53:04 +00:00
Nick Rolfe
b91b3148a4 Ruby: add missing qldoc comments for SQL injection query 2022-11-10 15:26:42 +00:00
Nick Rolfe
511fb97273 Ruby: remove redundant import 2022-11-10 14:30:06 +00:00
Nick Rolfe
0337ccb93a Ruby: add change notes for Arel.sql / SqlConstruction changes 2022-11-10 14:11:14 +00:00
Nick Rolfe
5a15558355 Ruby: treat an Arel.sql call as a SqlConstruction 2022-11-10 14:11:14 +00:00
Tom Hvitved
e18442069b Ruby: Fix SSA entry definitions for self in top-level 2022-11-10 15:08:17 +01:00
Erik Krogh Kristensen
5d2ab8adfb Merge pull request #11191 from erik-krogh/arrJoin 
RB: add join(" ") calls as a sink for rb/shell-command-constructed-from-input
 2022-11-10 14:20:42 +01:00
Nick Rolfe
c9d34947b7 Ruby: add SqlConstruction concept 2022-11-10 12:17:56 +00:00
Michael Nebel
9c6875ec0f Merge pull request #10777 from michaelnebel/csharp/generatedataextensions 
C#: Generate data extension files
 2022-11-10 13:08:31 +01:00
Nick Rolfe
4a98ef064e Ruby: use the 'customizations' pattern for the SQL injection query 2022-11-10 11:51:47 +00:00
Nick Rolfe
2b5e2ed282 Ruby: factor out some code into a helper predicate 2022-11-10 11:41:52 +00:00
erik-krogh
88de299e12 add join(" ") calls as a sink for rb/shell-command-constructed-from-input 2022-11-09 21:46:25 +01:00
Nick Rolfe
eb2a487433 Ruby: update expected test output 2022-11-09 17:38:33 +00:00
Nick Rolfe
0d9aa0cdac Ruby: fix clashing method names from merge conflict 2022-11-09 17:06:43 +00:00
Nick Rolfe
c8c53cb424 Merge remote-tracking branch 'origin/main' into nickrolfe/active_support_flow_summaries 2022-11-09 17:02:05 +00:00
Nick Rolfe
cfde7e9edc Ruby: more accurate modeling of which ActionCable channel methods become endpoints 2022-11-09 16:14:11 +00:00
Nick Rolfe
611ed93e39 Ruby: add is{Public,Protected,Private} to DataFlow::MethodNode 2022-11-09 15:18:16 +00:00
Nick Rolfe
199b3f4d71 Ruby: add change note for ActionCable channel remote flow sources 2022-11-09 14:18:44 +00:00
Nick Rolfe
db20e7d143 Ruby: add ActionCable channel RPC params as remote-flow sources 2022-11-09 14:16:04 +00:00
Asger F
859dc7beb7 Merge pull request #11024 from asgerf/rb/data-flow-layer-capture2 
Ruby: expand DataFlow API
 2022-11-09 15:06:03 +01:00
Anders Schack-Mulligen
b3b7711149 Dataflow: Sync. 2022-11-09 14:23:15 +01:00
Nick Rolfe
97e939ae2b Ruby: refine summaries for Hash#reverse_merge etc. 
- revert the changes to the taint summaries specific to ActionController
  params
- make the general flow summaries value-preserving and use
  WithElement[any]
 2022-11-09 11:56:07 +00:00
erik-krogh
c8b7eccc6f sync files 2022-11-09 11:31:13 +01:00