hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-10 17:44:03 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,451 Commits 1,739 Branches 164 Tags
5df728dd7d121c7f75704dba7bc499b33bb95dfd
Commit Graph

1008 Commits

Author SHA1 Message Date
Arthur Baars
893ca5a250 Merge pull request #353 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-13 16:33:42 +02:00
Andrew Eisenberg
0e0441743b Move tutorial directly into each qlpack 
See also https://github.com/github/codeql/pull/6862
 2021-10-13 15:28:17 +02:00
Arthur Baars
f4003406cf Apply suggestions from code review 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2021-10-13 15:11:04 +02:00
Arthur Baars
112b7a8e27 Update broken links 2021-10-13 15:03:19 +02:00
Arthur Baars
bf3d291a1c Updates after codeql file sync 2021-10-13 13:24:20 +02:00
Arthur Baars
80ac05d5c6 Bump codeql submodule to 'main' 2021-10-13 13:24:08 +02:00
Alex Ford
0d72a51334 Merge pull request #342 from github/improve-xss-isAdditionalFlowStep 
Improve `XSS::Shared::isAdditionalFlowStep` performance
 2021-10-13 12:15:52 +01:00
Arthur Baars
6a18aa4e2a Merge pull request #348 from github/rc/3.3 
Merge rc/3.3 into main
 2021-10-13 13:08:55 +02:00
Arthur Baars
287046e9b0 Merge pull request #346 from github/erik-krogh/fix-primary-class-typo 
fix typo for getAPrimaryQlClass
 2021-10-13 12:53:51 +02:00
Nick Rolfe
1c5dcecf1e Update expected output to match getAPrimaryQlClass change 2021-10-13 12:39:13 +02:00
Erik Krogh Kristensen
e1675ff055 fix typo for getAPrimaryQlClass 2021-10-13 12:39:13 +02:00
Arthur Baars
d448e208ab Merge pull request #347 from github/aibaars/bump-codeql 
Bump codeql submodule to rc/3.3
 2021-10-13 12:28:17 +02:00
Arthur Baars
8ef1af9de0 Bump codeql submodule to rc/3.3 2021-10-13 12:03:49 +02:00
Tom Hvitved
e2db11b31f Performance improvements in XSS.qll 
Various performance improvements to make sure that we never join methods
and calls (or variables and accesses) on only name (or file), but always
perform a multi-join on both values.
 2021-10-13 11:53:49 +02:00
Andrew Eisenberg
d9ab13b43d Update ql/src/qlpack.yml 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2021-10-12 13:01:03 -07:00
Andrew Eisenberg
2fca1f57c6 Add defaultSuite 
Also, change the dependencies to be in alignment with other standard qlpacks.
 2021-10-12 21:57:53 +02:00
Arthur Baars
4e79d9fad6 Merge pull request #334 from github/RasmusWL/normalize-qlpack 
Packaging: Normalize src/qlpack.yml
 2021-10-12 21:56:31 +02:00
Alex Ford
ad5c1f9b32 ql format 2021-10-12 20:43:20 +01:00
Alex Ford
d7b5e4c779 update predicate visibility 2021-10-12 20:43:20 +01:00
Alex Ford
9083cda8df improve XSS::Shared::isFlowFromHelperMethod performance 2021-10-12 20:43:20 +01:00
Alex Ford
9afc1f9275 split out isAdditionalXSSFlowStep components 2021-10-12 20:43:20 +01:00
Arthur Baars
8531174d30 Merge pull request #333 from github/hvitved/api-graphs-non-linear-rec 
API graphs: Avoid non-linear recursion
 2021-10-12 20:24:07 +02:00
Arthur Baars
80ebfed226 Merge pull request #336 from github/improve-getTemplateFile 
Improve `RenderCall#getTemplateFile` performance and accuracy
 2021-10-12 20:21:12 +02:00
Arthur Baars
06e91c1182 Merge pull request #322 from github/request-without-validation 
rb/request-without-cert-validation
 2021-10-12 20:19:11 +02:00
Nick Rolfe
ceef9762a7 Fix comment typo 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2021-10-12 17:45:34 +01:00
Arthur Baars
398ed4c0c9 Merge pull request #338 from github/aibaars/update-grammar 
Update tree-sitter-ruby
 2021-10-12 18:39:34 +02:00
Arthur Baars
bb5da92577 Update src/unsupported_feature.rb with a feature that is still unsupported 2021-10-12 18:11:00 +02:00
Arthur Baars
8c9d3b88df Update dbscheme stats 2021-10-12 17:48:59 +02:00
Arthur Baars
0dc3ea5ed1 Add test-cases for forward arguments and endless methods 2021-10-12 17:32:01 +02:00
Arthur Baars
e44064cda7 Add forward parameter/arguments to AST 2021-10-12 17:31:31 +02:00
Nick Rolfe
ecc9f07c50 Merge pull request #311 from github/nickrolfe/oj 
Consider Oj.load a sink for unsafe deserialization
 2021-10-12 16:17:08 +01:00
Alex Ford
e35ad020d5 ql format 2021-10-12 15:56:00 +01:00
Alex Ford
909cdacb1a remove cast to StringlikeLiteral 2021-10-12 15:27:26 +01:00
Alex Ford
44499cab51 replace an abstract predicate 2021-10-12 15:27:10 +01:00
Alex Ford
48f3d48a11 add some test cases for checking against spurious flow into ERB templates 2021-10-12 10:37:22 +01:00
Arthur Baars
2a7f3fbfaf Add upgrade script 2021-10-12 11:36:10 +02:00
Nick Rolfe
8e14b6582d Remove unused predicate 2021-10-11 18:15:41 +01:00
Alex Ford
7270fe0ee7 slightly limit viable template files from render calls 2021-10-11 17:12:08 +01:00
Alex Ford
cdfee1f27d better RenderCall#getTemplateFile performance and accuracy 2021-10-11 16:46:10 +01:00
Rasmus Wriedt Larsen
bca1cb141c Packaging: Normalize src/qlpack.yml 
Port of 4) from https://github.com/github/codeql/pull/6605

> Dependencies from query packs to other packs are always "*" since
these dependencies are always from source and we should get the
latest.

Compare with [C++ change](https://github.com/github/codeql/pull/6605/files#diff-0236560ca1b9c19eb7c74d8bfecd1c78005e762122f8bcdaee9eb9b20460bf9c).
 2021-10-11 14:36:14 +02:00
Arthur Baars
fac4df203a Update tree-sitter-ruby 2021-10-11 12:53:16 +02:00
Tom Hvitved
98d1ee5178 API graphs: Avoid non-linear recursion 2021-10-11 12:01:33 +02:00
Nick Rolfe
f500e5b2d7 Use Expr::getValueText 2021-10-08 16:41:06 +01:00
Alex Ford
16ab4da812 Update ql/lib/codeql/ruby/security/XSS.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-10-07 20:03:07 +01:00
Nick Rolfe
eafe22ef93 Merge remote-tracking branch 'origin/main' into nickrolfe/oj 2021-10-07 16:40:36 +01:00
Alex Ford
de01770612 update test output 2021-10-07 15:50:35 +01:00
Alex Ford
168e67dd6d deduplicate string constantQualifiedName(ConstantWriteAccess) as string ConstantWriteAccess#getQualifiedName 2021-10-07 15:30:36 +01:00
Alex Ford
5b38e06765 Rename ActiveRecordModelClass#methodMayAccessField() as ActiveRecordModelClass#getAPotentialFieldAccessMethod() 2021-10-07 15:30:36 +01:00
Alex Ford
3bdc680434 Drop a comment that is no longer relevant 2021-10-07 15:30:36 +01:00
Alex Ford
8262247ed7 Minor simplification of finderMethodName predicate 2021-10-07 15:30:36 +01:00