hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 20:32:58 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,798 Commits 1,688 Branches 158 Tags
548d7ac37daaa0aa6b082cd1e7f8e90b9b9ae61a
Commit Graph

1003 Commits

Author SHA1 Message Date
Tom Hvitved
19043bdf38 Merge pull request #9976 from hvitved/ruby/hash-literal-summary-simplification 
Ruby: Simplify flow summaries for hash literals
 2022-08-10 08:57:33 +02:00
Erik Krogh Kristensen
d008975ff4 Merge pull request #9825 from erik-krogh/repeatedWord 
QL: add ql/repeated-word query
 2022-08-10 07:25:26 +02:00
Harry Maclean
30ff18aec8 Merge pull request #9919 from hmac/hmac/ar-associations 
Ruby: ActiveRecord associations
 2022-08-10 11:13:39 +12:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Tom Hvitved
975edac34e Merge pull request #9969 from hvitved/ruby/kwargs-missing-flow 
Ruby: Support more flow through keyword arguments
 2022-08-09 09:59:57 +02:00
Harry Maclean
22d7b046ab Ruby: Fix << 2022-08-09 15:08:17 +12:00
Harry Maclean
dc853d9728 Ruby: Model ActiveRecord associations 2022-08-09 15:08:17 +12:00
Tom Hvitved
9268437a58 Ruby: Generalize SynthHashSplatParameterNode to also work for synthesized methods 2022-08-08 14:05:06 +02:00
Tom Hvitved
d16a154f9e Address review comment 2022-08-08 10:45:55 +02:00
Anders Schack-Mulligen
3d47875b60 Dataflow: Generate shorter RA/DIL names. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Tom Hvitved
e0dadb4df6 Ruby: Simplify flow summaries for hash literals 2022-08-05 10:20:07 +02:00
Harry Maclean
74d529d3e3 Merge pull request #9918 from hmac/hmac/mime-type-match 
Ruby: Model Mime::Type
 2022-08-05 11:51:45 +12:00
Tom Hvitved
01c0d4b59f Ruby: Support more flow through keyword arguments 2022-08-04 16:20:08 +02:00
Harry Maclean
83393dc195 Ruby: Recognise more AR write accesses 
This change means we recognise calls like

```rb
User.create(params)
User.update(id, params)
```

as instances of `PersistentWriteAccess`.
 2022-08-04 17:22:46 +12:00
Harry Maclean
21b4918904 Ruby: Add getPositionalArgument 
This gets positional arguments from a call. These are arguments which
are not keyword arguments.
 2022-08-04 17:22:46 +12:00
Harry Maclean
def1b3c3b3 Ruby: QLDoc fix 2022-08-04 17:21:29 +12:00
Arthur Baars
35f7fdf24b Update ruby/ql/lib/codeql/ruby/printAst.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-08-03 12:06:47 +02:00
Arthur Baars
d8592a2b05 Ruby: PrintAST: more stable order for synthesized nodes 2022-08-03 09:02:38 +02:00
Harry Maclean
2034498690 Ruby: Fix QLDoc warnings 2022-07-29 12:20:32 +12:00
Harry Maclean
f42d33312f Ruby: Model Mime::Type 
Add type summaries to recognise instances of Mime::Type, and recognise
arguments to Mime::Type.match? and Mime::Type.=~ as regular expression
interpretations.
 2022-07-29 11:41:48 +12:00
Harry Maclean
b7be25e18f Ruby: Make isInterpretedAsRegExp extensible 
This allows frameworks to add new instances where a node is interpreted
as a regular expression. We introduce a class
RegExpInterpretation::Range that represents these nodes. In the future
we may want to make this a full Concept, but it's not necessary at the
moment.
 2022-07-29 11:39:41 +12:00
Harry Maclean
c29eb814b2 Ruby: Reorganise ActionDispatch framework 
Put routing modelling inside a Routing module.
 2022-07-29 10:44:36 +12:00
Paolo Tranquilli
9b26921cb6 Control flow: add order disambuigation customization 2022-07-28 09:11:42 +02:00
Paolo Tranquilli
ebf650c0c0 Control Flow: add more ordering for edges 2022-07-27 15:01:17 +02:00
Harry Maclean
681e58c8e0 Merge pull request #9850 from hmac/hmac/arel 
Ruby: Model Arel.sql
 2022-07-25 12:09:18 +12:00
thiggy1342
6bc2fe513d Merge branch 'main' into add-activerecord-annotate 2022-07-19 10:29:24 -04:00
Harry Maclean
7b8603c89b Ruby: Model Arel.sql 2022-07-19 11:27:15 +12:00
Nick Rolfe
eebba36b18 Merge pull request #9708 from github/nickrolfe/pathname 
Ruby: model the standard library's `Pathname` class
 2022-07-18 11:29:30 +01:00
Nick Rolfe
dbd6607875 Ruby: use ASCII dash in comment 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-18 08:54:58 +01:00
Erik Krogh Kristensen
85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
Harry Maclean
49aab51893 Ruby: Make helper predicate private 2022-07-13 18:20:27 +12:00
Harry Maclean
ea95e2e1d0 Ruby: Use InclusionTests library in barrier guards 2022-07-13 18:20:27 +12:00
Harry Maclean
b9fc82a741 Ruby: Test both old and new-style barrier guards 2022-07-13 18:20:25 +12:00
Harry Maclean
4cfaa86d5d Ruby: Update new-style barrier-guard 2022-07-13 18:20:14 +12:00
Harry Maclean
5f17d8370c Ruby: Small change to isArrayExpr 2022-07-13 18:20:14 +12:00
Harry Maclean
63dcce9a31 Ruby: Refactor isArrayConstant 2022-07-13 18:20:14 +12:00
Harry Maclean
b5a3d3c488 Ruby: Extract isArrayConstant 
This predicate might be useful elsewhere.
 2022-07-13 18:20:14 +12:00
Harry Maclean
706d1d2eee Ruby: Make StringArrayInclusion more sensitive 
We now recognise the following pattern as a barrier guard for `x`:

    values = ["foo", "bar"]

    if values.include? x
      sink x
    end
 2022-07-13 18:20:12 +12:00
thiggy1342
9a0a9491da Merge branch 'main' into add-activerecord-annotate 2022-07-12 20:13:56 -04:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
Nick Rolfe
02dd933e5f Ruby: move Pathname from core to stdlib 2022-06-30 10:08:25 +01:00
Brandon Stewart
5888325549 Merge branch 'main' into patch-1 2022-06-29 08:42:24 -04:00
Nick Rolfe
5db2f9a768 Merge remote-tracking branch 'origin/main' into nickrolfe/pathname 2022-06-29 13:16:49 +01:00
Nick Rolfe
c1302a90e0 Ruby: use MaD for more precise Pathname flow summaries 2022-06-29 13:16:18 +01:00
Jeroen Ketema
55e052af26 Merge pull request #9686 from aschackmull/dataflow/no-node-scan 
Dataflow performance: Avoid node scans
 2022-06-29 10:38:56 +02:00
Brandon Stewart
33d1aae92a Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:51:01 -04:00