codeql

mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00

Author	SHA1	Message	Date
Nick Rolfe	ed93233917	Remove unnecessary spaces in TRAP output	2021-06-17 16:16:06 +01:00
Alex Ford	7439ab5635	remove recvCls field from ActiveRecordModelClassMethodCall	2021-06-17 14:42:42 +01:00
Alex Ford	214532516b	try to avoid a future merge conflict	2021-06-17 14:41:51 +01:00
Alex Ford	762656ee60	Add QLDoc to ActiveRecord.qll	2021-06-17 14:41:51 +01:00
Alex Ford	12a0af1d28	Tidy up PotentiallyUnsafeSqlExecutingMethodCall characteristic predicate Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-06-17 14:39:40 +01:00
Tom Hvitved	41ed9f3e1b	Data flow: Fix inconsistencies	2021-06-17 10:48:32 +02:00
Tom Hvitved	00e544189e	Data flow: Add consistency queries	2021-06-17 10:26:56 +02:00
Tom Hvitved	ad54f2e1f4	Bump `codeql` submodule	2021-06-17 10:24:19 +02:00
Tom Hvitved	872c7edfc8	Merge pull request #207 from github/bump-codeql Bump `codeql` submodule	2021-06-16 12:33:40 +02:00
Tom Hvitved	84d79ccae9	Bump `codeql` submodule	2021-06-16 11:55:38 +02:00
Alex Ford	bf43a77df5	Include some more types of expressions as possible active record SQL sink arguments	2021-06-15 12:41:42 +01:00
Alex Ford	ea21c591af	remove accidentally unbound variable	2021-06-15 11:39:48 +01:00
Alex Ford	c1b9952517	account for chained method calls when constructing ActiveRecord SQL queries	2021-06-15 11:39:48 +01:00
Alex Ford	f8a77b9854	format QL	2021-06-15 11:39:48 +01:00
Alex Ford	57c04266e3	rename SqlExecutingMethodCall as PotentiallyUnsafeSqlExecutingMethodCall	2021-06-15 11:39:48 +01:00
Alex Ford	2d4bb61789	limit SqlExecutingMethodCall to those that are called with a StringlikeLiteral argument	2021-06-15 11:39:48 +01:00
Alex Ford	2c15b60998	add ActiveRecord find_by_sql as an SQL executing method call	2021-06-15 11:39:48 +01:00
Alex Ford	c641d12259	add shell ActiveRecord library tests	2021-06-15 11:39:48 +01:00
Alex Ford	5b7df8578a	cleanup ActiveRecord.qll	2021-06-15 11:39:48 +01:00
Alex Ford	7488d072d8	Model some SQL fragment sinks in ActiveRecord model classes	2021-06-15 11:39:48 +01:00
Alex Ford	743deee9ce	add a class to represent ActiveRecord models	2021-06-15 11:39:48 +01:00
Alex Ford	7d3eaf40ff	add base SqlExecution concepts	2021-06-15 11:39:48 +01:00
Tom Hvitved	3a37e321d5	Merge pull request #205 from github/hvitved/taint-tracking Initial taint-tracking library	2021-06-15 09:30:59 +02:00
Tom Hvitved	5a9521372b	Merge pull request #206 from github/tausbn/fix-identical-files	2021-06-15 07:31:07 +02:00
Taus	2bbcbb2200	Bump submodule pointer	2021-06-14 19:04:22 +00:00
Tom Hvitved	302b485f4c	Merge pull request #204 from github/hvitved/cfg-nodes-perf Improve performance of `ExprChildMapping::reachesBasicBlock()`	2021-06-14 20:14:17 +02:00
Taus	068b980517	Update `identical-files.json` As of https://github.com/github/codeql/pull/6063 we have now started using the shared type tracking library in Python as well. 🎉	2021-06-14 19:01:24 +02:00
Tom Hvitved	8aa337ab01	Initial taint-tracking library	2021-06-14 14:19:34 +02:00
Tom Hvitved	b154c936c3	Improve performance of `ExprChildMapping::reachesBasicBlock()` Since all expressions are now post-order, the logic of `reachesBasicBlock` can be simplified, and performance can be improved as well.	2021-06-14 11:58:24 +02:00
Arthur Baars	88fb3c7097	Merge pull request #203 from github/aibaars/pack-qhelp-samples Query pack: include .rb and .erb sample files from queries directory	2021-06-11 13:50:17 +02:00
Arthur Baars	909e6d5a62	Query pack: include .rb and .erb sample files from queries directory These are required by the qhelp files.	2021-06-11 13:42:43 +02:00
Arthur Baars	78a6ed43c3	Merge pull request #202 from github/aibaars-patch-2 HardCodedCredentials: fix query metadata comment	2021-06-11 12:05:44 +02:00
Arthur Baars	661d6e8e38	HardCodedCredentials: fix query metadata comment	2021-06-11 11:59:46 +02:00
Tom Hvitved	8860b8adf0	Merge pull request #198 from github/hvitved/desugar-compound-assignment	2021-06-10 19:39:54 +02:00
Alex Ford	f74dff560b	Merge pull request #187 from github/hardcoded-credentials Add rb/hardcoded-credentials query	2021-06-10 16:12:32 +01:00
Alex Ford	8839d4c584	limit additional flow steps in rb/hardcoded-credentials to string concatenation	2021-06-10 14:59:28 +01:00
Alex Ford	fe45dadd55	set precision to high for rb/hardcoded-credentials	2021-06-10 14:52:26 +01:00
Alex Ford	e26afe91b5	move rb/hardcoded-credential alert location to the source	2021-06-07 14:53:04 +01:00
Alex Ford	5d79a8cec0	account for keyword args in rb/hardcoded-credentials and simplify query	2021-06-07 14:49:49 +01:00
Tom Hvitved	962768e7c0	Disambiguate `toString`s for nested synthetic local variables	2021-06-04 19:20:11 +02:00
Tom Hvitved	82fbc03889	Merge pull request #200 from github/hvitved/dataflow/call-sensitivity Data flow: Call-sensitive resolution of lambda/block calls	2021-06-04 16:25:13 +02:00
Alex Ford	ec326bfcb7	Merge pull request #201 from github/perm-file-report-source Report rb/weak-file-permission alerts at source rather than sink and improve alert message	2021-06-04 14:52:48 +01:00
Alex Ford	8a3ffb6dca	add missing toString	2021-06-04 13:25:03 +01:00
Alex Ford	b2d36babc4	report rb/weak-file-permission alerts at source rather than sink and improve alert message	2021-06-04 13:10:18 +01:00
Nick Rolfe	523a0b1f12	Merge pull request #197 from github/upgrade-pack	2021-06-04 13:03:39 +01:00
Nick Rolfe	6203c9019a	Remove reference to deleted upgrades qlpack from manifest	2021-06-04 12:15:36 +01:00
Tom Hvitved	61e35ddae1	Data flow: Call-sensitive resolution of lambda/block calls	2021-06-04 12:58:38 +02:00
Tom Hvitved	77146e4e04	Data flow: Reduce caching These predicates are now cached in the shared implementation.	2021-06-04 12:53:47 +02:00
Tom Hvitved	f9eecfb59f	Bump `codeql` submodule	2021-06-04 12:52:05 +02:00
Tom Hvitved	6678ac0347	Desugar compound assignments	2021-06-04 10:39:06 +02:00

... 3 4 5 6 7 ...

1126 Commits