hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 18:20:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,501 Commits 1,673 Branches 157 Tags
57ae1ee3e992ffac09d915d4c4d59ba7203401fc
Commit Graph

3603 Commits

Author SHA1 Message Date
Harry Maclean
57ae1ee3e9 Ruby: Add test for GraphQL remote flow sources 2023-09-14 13:46:52 +01:00
Harry Maclean
1526fff085 Ruby: Add missing doc comments 2023-09-14 13:46:37 +01:00
Harry Maclean
20f1a74202 Ruby: Restrict GraphQL remote flow sources 
Previously we considered any splat parameter in a graphql resolver to be
a remote flow source. Now we limit that to reads of the parameter which
yield scalar types (e.g. String), as defined by the GraphQL schema.

This should reduce GraphQL false positives.
 2023-09-14 12:14:56 +01:00
Tom Hvitved
a2912cd72b Ruby: Use proper PathGraph module in inline flow tests 
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
 2023-09-04 20:27:34 +02:00
Tom Hvitved
4a1163b38c Merge pull request #14109 from hvitved/ruby/hide-desugared-assignments-in-dataflow 2023-09-04 19:59:33 +02:00
Alex Ford
11e5565344 Merge branch 'main' into add-cwe-208 2023-09-04 12:45:49 +01:00
Tom Hvitved
89e9d25f02 Ruby: Hide desugared assignments from data flow path graph 2023-08-31 14:04:57 +02:00
Tom Hvitved
50db6916c8 Ruby: Get rid of unused EmptinessSuccessor 2023-08-31 13:17:05 +02:00
Tom Hvitved
73370e7282 Merge pull request #14100 from hvitved/dataflow/consistency-pack 
Data flow: Add consistency checks to shared ql pack
 2023-08-31 11:47:40 +02:00
Tom Hvitved
c4b626a416 Ruby: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Tom Hvitved
7e77c77d92 Ruby: Update expected test output 2023-08-30 13:33:48 +02:00
Brandon Stewart
56f0387613 Merge branch 'main' into add-cwe-208 2023-08-29 13:09:59 -04:00
Jeroen Ketema
0d1fd88729 Merge pull request #14050 from jketema/inline-6 
Consolidate all `InlineFlowTest` libraries in the dataflow qlpack
 2023-08-29 09:30:35 +02:00
Dave Bartolomeo
3343b78015 Merge pull request #14074 from github/post-release-prep/codeql-cli-2.14.3 
Post-release preparation for codeql-cli-2.14.3
 2023-08-28 13:34:10 -04:00
github-actions[bot]
3eba77421a Post-release preparation for codeql-cli-2.14.3 2023-08-28 15:53:49 +00:00
Alex Ford
9957e2683b Merge pull request #13313 from maikypedia/maikypedia/ldap-improper-auth 
Ruby: Add Improper LDAP Authentication query (CWE-287)
 2023-08-25 20:52:34 +01:00
Alex Ford
ae635c609f Ruby: autoformat 2023-08-25 17:11:07 +01:00
Maiky
ffd618d6cc Revert "Add "" and nil as sources" 
This reverts commit 664c1eba72.
 2023-08-25 15:23:55 +02:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Harry Maclean
54c2221f35 Merge pull request #14033 from hmac/excon-bugfix 
Ruby: Fix bug in excon model
 2023-08-23 14:24:53 +01:00
Harry Maclean
d18ca3f5d7 Ruby: Fix bug in excon model 
If a codebase included a definition for `Excon.new`, we matched
connection nodes to unrelated request nodes.
 2023-08-23 12:55:36 +01:00
Harry Maclean
842da58269 Ruby: Update test fixture 2023-08-23 09:59:04 +01:00
Harry Maclean
fb4b774c0d Merge pull request #13967 from hmac/remove-splat-all 
Ruby: Remove isSplatAll
 2023-08-23 09:40:06 +01:00
Maiky
664c1eba72 Add "" and nil as sources 2023-08-22 18:10:33 +02:00
Maiky
f301e46175 Remove isEmptyPassword predicate 2023-08-22 12:23:32 +02:00
Tom Hvitved
5192d7c137 Merge pull request #13997 from hvitved/ruby/type-tracking-splats 
Ruby: Include more (hash) splat flow in type tracking
 2023-08-22 11:33:39 +02:00
Tom Hvitved
3f54ecbcc2 Update ruby/ql/lib/codeql/ruby/typetracking/TypeTrackerSpecific.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2023-08-22 11:18:12 +02:00
Michael Nebel
ce6fd8ac5f Merge pull request #13432 from michaelnebel/updateissupported 
Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.
 2023-08-22 08:39:38 +02:00
Harry Maclean
414ae76ae1 Ruby: Add another splat flow test 2023-08-21 16:21:55 +01:00
Harry Maclean
c615f183c1 Ruby: Add test for spurious splat flow 
We don't yet properly model splat flow when a positional argument
follows a splat argument.
 2023-08-21 16:11:10 +01:00
Jeroen Ketema
2d0f73d7c2 Merge pull request #13881 from jketema/shared-taint-tracking 
Introduce shared taint tracking library
 2023-08-21 12:45:49 +02:00
Michael Nebel
106ba11e10 Address review comments. 2023-08-21 09:59:02 +02:00
Michael Nebel
d66fe08661 Add QLDoc for the getKind predicate. 2023-08-21 09:59:02 +02:00
Michael Nebel
4c06fbdc65 Ruby: Sync files and make manual changes. 2023-08-21 09:59:01 +02:00
github-actions[bot]
098dfb4242 Release preparation for version 2.14.3 2023-08-18 14:48:15 +00:00
Tom Hvitved
deaa37d9d3 Ruby: Include more (hash)splat flow in type tracking 2023-08-18 14:07:12 +02:00
Tom Hvitved
da05e3e0e8 Ruby: Add more type tracking tests 2023-08-18 13:51:29 +02:00
Harry Maclean
0bbda992fb Ruby: Remove isSplatAll arg/parameter position 
This is equivalent to isSplat(0).
 2023-08-18 12:09:04 +01:00
Harry Maclean
222aa41bbf Merge pull request #13938 from hmac/splat-flow-2 
Ruby: More precise flow into splat parameters
 2023-08-18 12:07:58 +01:00
Tom Hvitved
da8005dbd3 Code review suggestions 2023-08-17 09:26:58 +02:00
Jeroen Ketema
33e8310625 Merge branch 'main' into shared-taint-tracking 2023-08-17 00:14:25 +02:00
Maiky
5f502ec6bb rename change-note 2023-08-16 15:32:53 +02:00
Tom Hvitved
44b734e120 Merge pull request #13955 from hvitved/ruby/type-tracking-capture-insensitive 
Ruby: Make type tracking flow-insensitive for captured variables
 2023-08-15 11:42:41 +02:00
Erik Krogh Kristensen
6a3b9e10eb Merge pull request #13914 from erik-krogh/escape-unicode 
ReDoS: escape unicode chars in the output for the ReDoS queries
 2023-08-15 11:21:21 +02:00
Tom Hvitved
061575ff77 Merge pull request #13937 from hvitved/ruby/for-loop-desugar 
Ruby: Improve desugaring of `for` loops
 2023-08-14 20:12:12 +02:00
Arthur Baars
77db0cf547 Merge pull request #13334 from aibaars/print-cfg-2 
Ruby: printCfg: only show graph for selected CfgScope
 2023-08-14 18:24:20 +02:00
Tom Hvitved
e96cbeb00a Ruby: Adjust locations of synthesized nodes 2023-08-14 14:37:47 +02:00
Tom Hvitved
c084a9b27a Ruby: Make type tracking flow-insensitive for captured variables 2023-08-14 13:44:37 +02:00
Harry Maclean
d45e9101ba Ruby: Add change note 2023-08-14 11:20:58 +01:00
Harry Maclean
ca5456a54a Ruby: Remove duplicate disjuncts 2023-08-14 09:45:57 +01:00