Harry Maclean
7a01c4a974
Ruby: Add change note for filter dataflow
2023-02-21 19:28:54 +13:00
Harry Maclean
ba4d0a81d5
Ruby: Simplify filter dataflow
...
This introduces some false flow (the `ThreeController` and
`FourController` examples in `filter_flow.rb`) but is simpler and
in line with how we model flow for normal method calls.
2023-02-21 19:28:53 +13:00
Harry Maclean
0a02b45ad7
Ruby: More filter flow steps
...
Add a jump step from the last self post-update node in a method to the self parameter of the
next method.
2023-02-21 19:28:26 +13:00
Harry Maclean
fae5320c3a
Ruby: Add filter flow tests
2023-02-21 19:27:53 +13:00
Harry Maclean
04e80fa48f
Ruby: Use lookupMethod
...
The hope is that this predicate is already used elsewhere, so its cost
is amortized.
2023-02-21 19:26:36 +13:00
Harry Maclean
889d97163e
Ruby: Refactor getFilterCallable
...
Try to force a join with the filter argument string first, to reduce
tuple counts.
2023-02-21 19:26:36 +13:00
Harry Maclean
2590682262
Ruby: inline RenderCallUtils::getBaseName
...
This seems to yield a small performance increase.
2023-02-21 19:26:36 +13:00
Harry Maclean
ae3d91b546
Ruby: First draft of rails callback flow
2023-02-21 19:26:36 +13:00
Harry Maclean
6eeb711988
Ruby: Add AdditionalJumpStep class
2023-02-21 19:26:36 +13:00
Arthur Baars
f71c3301b3
Ruby: address review comment
2023-02-20 14:32:24 +01:00
Arthur Baars
6fd836d3a9
Ruby: improve wording of error messages
2023-02-20 14:32:02 +01:00
Alex Ford
774030a8db
Merge pull request #12083 from pwntester/ruby_twirp_support
...
[Ruby] Add support for Twirp framework
2023-02-20 13:16:52 +00:00
Michael Nebel
813ffa440c
Java: Consider ai-generated flow summaries to as generated summaries in dataflow.
2023-02-20 12:11:48 +01:00
Tom Hvitved
658cc33bb8
Merge pull request #12212 from hvitved/util/inline-expect-test-use-end-line
...
Util: Use end line instead of start line for actual results
2023-02-20 11:41:02 +01:00
Tom Hvitved
879eff41ea
Merge branch 'main' into util/inline-expect-test-use-end-line
2023-02-20 10:03:38 +01:00
Harry Maclean
4e07fd3eb1
Ruby: Model ApplicationController.renderer
2023-02-19 13:37:27 +13:00
gregxsunday
fe97d2a05d
fix file formatting
2023-02-17 14:01:28 +00:00
Grzegorz Niedziela
9d8c117c61
added QLDocs for ZipSlip module
2023-02-17 12:57:35 +00:00
Grzegorz Niedziela
815b5a0312
add changelog file
2023-02-17 12:50:10 +00:00
Grzegorz Niedziela
c03ba2cc13
fix docs references
2023-02-17 12:50:01 +00:00
Grzegorz Niedziela
652c7ff1ed
Push Sanitizer definition to ZipSlipCustomization.qll
2023-02-17 12:49:31 +00:00
Grzegorz Niedziela
8bbbb95a87
Make ZipSlip module classes private and push Sanitizer definition to ZipSlipCustomization.qll
2023-02-17 12:49:04 +00:00
Tom Hvitved
e9bce9f8cd
Ruby: Update test expectations
2023-02-17 13:22:28 +01:00
Arthur Baars
51f34eb3e9
Ruby: diagnostics: add support for markdown messages
2023-02-17 12:01:41 +01:00
github-actions[bot]
8eb8daa4d4
Post-release preparation for codeql-cli-2.12.3
2023-02-16 17:23:25 +00:00
Arthur Baars
006ee5aad9
Ruby: improve encoding related messages
2023-02-16 13:12:55 +01:00
github-actions[bot]
b0315119c6
Release preparation for version 2.12.3
2023-02-16 11:49:06 +00:00
gregxsunday
d1aaa9ad86
Add ZipSlip/TarSlip query for ruby
2023-02-16 11:24:15 +00:00
Alex Ford
74782bf6a2
Merge branch 'main' into ruby_twirp_support
2023-02-15 17:15:08 +00:00
Alex Ford
1556b1a728
Merge branch 'main' into js-use-shared-cryptography
2023-02-15 17:13:53 +00:00
Alex Ford
801ed1ce7c
Ruby: add Twirp.expected
2023-02-15 17:05:33 +00:00
Alex Ford
43af306d60
dynamic: more detailed qldoc for CryptographicOperation#getBlockMode()
2023-02-15 16:55:18 +00:00
Alex Ford
d4d0b91085
dynamic: switch CryptographicOperation::Range#getBlockMode() back to being an abstract predicate
2023-02-15 16:23:46 +00:00
Alex Ford
c7aaad9ed0
JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby
2023-02-15 16:23:46 +00:00
Rasmus Wriedt Larsen
c72dbc49fc
Merge pull request #12165 from RasmusWL/crypto-updates
...
Python/Ruby/JS Crypto: Add a few algorithms + block modes
2023-02-15 14:35:40 +01:00
erik-krogh
17f7ba2a8f
rewrite the taint-step for join() to a flowsummary
2023-02-15 12:34:59 +01:00
erik-krogh
d2bd70dc33
Merge branch 'main' into more-shell-taint
2023-02-15 11:35:58 +01:00
Harry Maclean
fb14920281
Merge pull request #12056 from hmac/test-refactor
2023-02-15 17:34:25 +13:00
Alvaro Muñoz
4644a88b89
address code review comments
2023-02-14 14:27:17 +01:00
Tom Hvitved
2113c3c3d9
Ruby: Remove NumberUtils.qll
2023-02-13 15:59:50 +01:00
Rasmus Wriedt Larsen
39e50f745d
Ruby: Fix .expected for CryptoAlgorithms
2023-02-13 14:21:12 +01:00
Anders Schack-Mulligen
e877b161d8
Merge pull request #12124 from hvitved/dataflow/stage1-dispatch
...
Data flow: Call context virtual dispatch pruning in stage 1
2023-02-13 13:13:43 +01:00
Arthur Baars
457a2bb2a2
Merge pull request #12093 from aibaars/oneline-match
...
Ruby: add support for one-line pattern matches
2023-02-13 12:38:28 +01:00
Erik Krogh Kristensen
2f404df17c
Merge pull request #10782 from erik-krogh/rbPoly
...
Ruby: add library input as a source for `rb/polynomial-redos`
2023-02-13 12:26:07 +01:00
Erik Krogh Kristensen
26d5fb2412
Merge pull request #11824 from erik-krogh/secondMissAnchor
...
RB: add query detecting validators that use badly anchored regular expressions on library/remote input
2023-02-13 11:26:05 +01:00
erik-krogh
634087b417
Merge branch 'main' into rbPoly
2023-02-13 10:46:00 +01:00
Rasmus Wriedt Larsen
5235964b07
sync files
2023-02-13 10:44:12 +01:00
Tom Hvitved
0b8173e2e7
Ruby: Add another data flow test
2023-02-13 09:50:50 +01:00
Tom Hvitved
f7a5a33474
Address review comment
2023-02-13 09:01:15 +01:00
Arthur Baars
ecbd768df4
Ruby: reduce number of diagnostic messages with the status_page flag
...
For now we only report real parse errors and character encoding errors. Warnings about
unexpected or missing nodes in the AST are not reported. These are typically side effects
of earlier parse errors.
2023-02-10 18:53:46 +01:00
