hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-25 12:22:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,964 Commits 1,686 Branches 158 Tags
65249dabd34edceb0209eb15e18a275d2e3f4862
Commit Graph

652 Commits

Author SHA1 Message Date
Asger Feldthaus
65249dabd3 Ruby: add warning for wrong number of columns in CSV row 2022-03-15 09:28:21 +01:00
Asger Feldthaus
f28acbf3dc Ruby: autoformat 2022-03-15 08:15:18 +01:00
Asger Feldthaus
fee32d3480 Elaborate on qldoc for API::EntryPoint 2022-03-14 17:52:07 +01:00
Asger Feldthaus
be65b9bebc Ruby: remove spurious Instance token from getExtraSuccessorFromInvoke 2022-03-14 17:39:43 +01:00
Asger Feldthaus
072ad8f4a7 Ruby: add (from model) to remote flow description 2022-03-14 17:39:17 +01:00
Asger Feldthaus
37bbd46e43 Ruby: fix broken comment 2022-03-14 17:33:57 +01:00
Asger Feldthaus
c9d7651c59 Be explicit about re-exporting 2022-03-14 17:26:30 +01:00
Asger Feldthaus
df379809df Ruby: support CSV rows of form ;any;Method[foo] 2022-03-01 14:08:21 +01:00
Asger Feldthaus
05ea33033b Ruby: add test for API::EntryPoint 2022-03-01 14:08:21 +01:00
Asger Feldthaus
bf83400bd2 Ruby: port API::EntryPoint from JS 2022-03-01 14:08:21 +01:00
Asger Feldthaus
e10e3b9466 Ruby: convert ActiveStorage::Filename model to MaD 2022-03-01 14:08:21 +01:00
Asger Feldthaus
e6a3747656 Ruby: add test for ActiveStorage.Filename.new 2022-03-01 14:08:21 +01:00
Asger Feldthaus
70c083fa64 Ruby: convert Regexp.escape model to MaD 2022-03-01 14:08:21 +01:00
Asger Feldthaus
cbd044a768 Ruby: add a code injection test for flwo through Regexp.escape 2022-03-01 14:08:21 +01:00
Asger Feldthaus
63e7c16d6b Ruby: add test with sinks and type-defs 2022-03-01 14:08:20 +01:00
Asger Feldthaus
388949f12e Ruby: support WithBlock and WithoutBlock 2022-03-01 14:08:20 +01:00
Asger Feldthaus
d6bc9c259e Ruby: add simple test case 2022-03-01 14:08:20 +01:00
Asger Feldthaus
a33e89279d Ruby: instantiate ApiGraphModels library in Ruby 2022-03-01 14:08:20 +01:00
Asger F
a8bfebaeb6 Merge pull request #8149 from asgerf/shared/use-shared-access-path-syntax 
Shared: use shared access path syntax to parse arguments in CSV rows
 2022-02-25 14:04:18 +01:00
CodeQL CI
0f125d1e8a Merge pull request #8234 from asgerf/ruby/meta-queries 
Approved by nickrolfe
 2022-02-25 12:46:15 +00:00
Asger Feldthaus
f1bfb31403 Shared: fix typo in a comment 2022-02-23 14:13:41 +01:00
Asger Feldthaus
bb9348d77f Ruby: reject ArrayElement[-n] instead of interpreting it as ArrayElement[?] 2022-02-23 14:13:41 +01:00
Asger Feldthaus
a11c6f0f8e Ruby: use AccessPathSyntax library 2022-02-23 14:13:40 +01:00
Asger Feldthaus
5cab737ef1 Shared: sync AccessPathSyntax.qll 2022-02-23 14:13:40 +01:00
Stephan Brandauer
c17d8b145a Merge pull request #8054 from asgerf/js/split-request-forgery 
JS: split request forgery query into server-side and client-side variants
 2022-02-23 10:27:16 +01:00
Asger Feldthaus
5390faeb8a Ruby: add query for measuring call graph 2022-02-22 14:42:05 +01:00
Asger Feldthaus
c7c97d5bbb Ruby: add queries for measuring taint sources and sinks 2022-02-22 14:29:47 +01:00
Asger F
02c4966109 Merge pull request #7878 from asgerf/dot-separated-access-paths 
Shared: Switch to dot-separated access paths in summary specs
 2022-02-21 13:29:09 +01:00
Alex Ford
9196b64d6e Merge pull request #8138 from github/ruby/file-write 
Ruby: Implement `FileSystemWriteAccess` concept
 2022-02-21 10:13:27 +00:00
Alex Ford
746290d903 Merge pull request #7713 from github/ruby/clear-text-logging 
Ruby: Add `rb/clear-text-logging-sensitive-data` query
 2022-02-21 10:12:33 +00:00
Asger Feldthaus
7848fcec80 Shared: sync AccessPathSyntax.qll 2022-02-21 08:21:53 +01:00
Asger Feldthaus
55ac5cb012 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
4985fbb526 Shared: update getSummaryCsv and related test output 2022-02-21 08:21:53 +01:00
Asger Feldthaus
dcc523a2b7 Shared: auto format 2022-02-21 08:21:53 +01:00
Asger Feldthaus
7fcbdbeada Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
2907d53e17 Shared: sync AccessPathSyntax.qll and FlowSummaryImpl.qll 2022-02-21 08:21:52 +01:00
Asger Feldthaus
57bf0b1432 Ruby: remove support for legacy syntax 2022-02-21 08:21:51 +01:00
Asger Feldthaus
e3605eed44 Ruby: update CSV rows to dot-separated syntax 2022-02-21 08:21:50 +01:00
Asger Feldthaus
7005d53a67 Ruby: manually rewrite DigSummary access path 2022-02-21 08:16:55 +01:00
Asger Feldthaus
6dbeb81f36 Ruby: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Harry Maclean
9a60c7e4ac Ruby: Update filename in test fixture 2022-02-21 09:43:36 +13:00
Alex Ford
6b8537c4e0 Ruby: FileSystemWriteAccess changenote 2022-02-20 20:14:01 +00:00
Alex Ford
baabe66551 Ruby: update Files.ql tests for write accesses 2022-02-20 19:28:12 +00:00
Alex Ford
12ce3d4784 Ruby: Implement FileSystemWriteAccess for IO/File API 2022-02-20 19:27:11 +00:00
Alex Ford
4f0174e89a Ruby: add FileSystemWriteAccess concept 2022-02-20 19:26:54 +00:00
Alex Ford
dd383f942f Merge remote-tracking branch 'origin/main' into ruby/clear-text-logging 2022-02-17 15:32:31 +00:00
Alex Ford
33f4fffe16 Ruby: Simplify sub!/gsub! sanitizers for cleartext logging query 2022-02-17 13:10:44 +00:00
Asger Feldthaus
69995d5750 Shared: rephrase request forgery name and description 2022-02-17 09:07:08 +01:00
Harry Maclean
bfd2c14555 Ruby: Add shim StandardLibrary.qll 
This file re-exports everything it used to define, marking each as
deprecated to warn users that they should import `Core` or `Stdlib`
instead.
 2022-02-17 20:44:04 +13:00
Harry Maclean
459f949c24 Ruby: fix old import in ActiveSupport 
codeql.ruby.frameworks.StandardLibrary is deprecated
 2022-02-17 20:44:04 +13:00