hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-15 12:04:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,217 Commits 1,733 Branches 164 Tags
599dc28ffa47d61ba469a303c4ea3418cc89d19b
Commit Graph

25 Commits

Author SHA1 Message Date
Harry Maclean
d046fb0591 Separate open3 pipeline methods 
These have a slightly different structure than the other open3 methods.
 2021-09-17 17:02:17 +01:00
Harry Maclean
cbc14ccda9 Make KernelSystemCall more specific 
Test that calls to`system` on modules other than `Kernel` are excluded,
such as in this example:

    module Foo
      def self.system(*args); end
    end

    # This is not a call to Kernel.system
    Foo.system("bar")
 2021-09-17 17:02:17 +01:00
Harry Maclean
fb23a2e3bf Add SubshellHeredocExecution 
This is a form of command execution:

    result = <<`EOF`
    echo foo bar #{baz}
    EOF
 2021-09-17 17:02:17 +01:00
Harry Maclean
799ef4e4c9 Add barrier guards for CLI injection 2021-09-17 17:02:17 +01:00
Harry Maclean
a8f0bce1d1 Add SystemCommandExecution concept 
A SystemCommandExecution is a method call or builtin that executes a
system command, either directly or via a subshell.
 2021-09-17 17:02:17 +01:00
Alex Ford
d84731bcc7 Add a library for working with the ERB AST 2021-08-31 16:24:38 +01:00
Arthur Baars
ac2c315839 Fix merge conflicts during rebase 2021-08-26 18:48:53 -04:00
Alex Ford
9571e7bccc drop ViewComponent parts from the ActionView library 2021-08-26 14:45:47 +01:00
Alex Ford
4a4b2445dc Clean up how we map between Rails actions and default associated template files 2021-08-26 04:57:15 +01:00
Alex Ford
abc283ee8a remove ErbFile refs 2021-08-24 17:22:35 +01:00
Alex Ford
e403fc77d3 tests 2021-08-24 17:21:22 +01:00
Alex Ford
d628716c42 extend ActionController tests 2021-08-24 17:21:22 +01:00
Alex Ford
41ff10c908 extend modelling of ActionController, and start modelling ActionView 2021-08-24 17:21:22 +01:00
Alex Ford
3f76075fe6 improve some rails framework tests 2021-06-29 13:56:28 +01:00
Alex Ford
b27891b14e update ActiveRecord test output 2021-06-24 18:12:26 +01:00
Alex Ford
7415503772 update ActiveRecord test output 2021-06-24 18:12:25 +01:00
Alex Ford
6e5665da8c Make ActiveRecord model flag more potentially dangerous SQL executions 2021-06-24 18:12:25 +01:00
Alex Ford
5941eb2be4 model some ActionController user input sources (params) 2021-06-23 14:11:38 +01:00
Alex Ford
214532516b try to avoid a future merge conflict 2021-06-17 14:41:51 +01:00
Alex Ford
bf43a77df5 Include some more types of expressions as possible active record SQL sink arguments 2021-06-15 12:41:42 +01:00
Alex Ford
c1b9952517 account for chained method calls when constructing ActiveRecord SQL queries 2021-06-15 11:39:48 +01:00
Alex Ford
f8a77b9854 format QL 2021-06-15 11:39:48 +01:00
Alex Ford
57c04266e3 rename SqlExecutingMethodCall as PotentiallyUnsafeSqlExecutingMethodCall 2021-06-15 11:39:48 +01:00
Alex Ford
2d4bb61789 limit SqlExecutingMethodCall to those that are called with a StringlikeLiteral argument 2021-06-15 11:39:48 +01:00
Alex Ford
c641d12259 add shell ActiveRecord library tests 2021-06-15 11:39:48 +01:00