hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-10 04:01:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,260 Commits 1,689 Branches 160 Tags
655aa700bc25636bd8a334bcb8c19ccc9a09fcff
Commit Graph

2175 Commits

Author SHA1 Message Date
Tom Hvitved
ee9163aa40 Ruby: Fix flow steps into phi nodes 
- Add missing flow from post-update nodes into phi nodes.
- Prevent flow from reads into phi nodes when use-use flow is prohibited.
 2022-11-01 16:33:06 +01:00
Tom Hvitved
e8f9429b92 Merge pull request #10917 from hvitved/ruby/singleton-call-sensitivity 
Ruby: Call-context sensitivity for singleton method calls
 2022-11-01 14:13:26 +01:00
Asger F
2619f3f667 Ruby: include overridden methods in getAnInstanceSelf 2022-11-01 08:32:55 +01:00
Asger F
ab4e341e65 Ruby: fix handling of namespaces with no 'self' 2022-10-31 14:05:11 +01:00
Asger F
9da5ec79c5 Ruby: Drive-by fix a QL4QL alert 2022-10-31 14:05:11 +01:00
Asger F
e549f15b1c Ruby: fix implicit 'this' 2022-10-31 14:05:11 +01:00
Asger F
b4b34cc994 Ruby: port part of ActionController model 2022-10-31 13:33:41 +01:00
Asger F
12ce46e4b1 Ruby: port part of Railties model 2022-10-31 13:33:41 +01:00
Asger F
38955d1761 Ruby: port part of the Rails model 2022-10-31 13:33:41 +01:00
Asger F
0a8f39fe96 Ruby: recover some incomplete capture flow 2022-10-31 13:33:41 +01:00
Asger F
ff02ba5965 Ruby: include SSA param input step for flowsTo 2022-10-31 13:33:41 +01:00
Asger F
017157820a Ruby: make ParameterNode extend LocalSourceNode 2022-10-31 13:33:41 +01:00
Asger F
b632e21ba0 Ruby: add ConstRef 2022-10-31 13:33:41 +01:00
Harry Maclean
0dd63c007e Ruby: Add change note 2022-10-31 11:53:22 +13:00
Harry Maclean
fd61a5253d Ruby: Recognise try/try! as code executions 2022-10-31 11:53:22 +13:00
Harry Maclean
3f403f0f87 Merge pull request #10700 from hmac/activesupport 
Ruby: Model some ActiveSupport methods
 2022-10-31 11:50:44 +13:00
Asger F
06ec03de74 Ruby: add convenience-accessors for ConstantValue 2022-10-28 15:16:14 +02:00
Asger F
046e669c78 Ruby: add getAncestorExpr 2022-10-28 15:16:14 +02:00
Asger F
77d1788619 Ruby: add data flow versions of ArrayLiteral, HashLiteral, Pair 2022-10-28 15:16:14 +02:00
Asger F
2546d09fe2 Ruby: add SetterCallNode 2022-10-28 15:16:14 +02:00
Asger F
515b8366d2 Ruby: add getAnAncestor, getADescendent 2022-10-28 15:16:14 +02:00
Asger F
c8f7519cee Ruby: add Module.getNamespaceOrTopLevel 2022-10-28 15:16:14 +02:00
Asger F
1f644a9c1d Ruby: add getEnclosingToplevel 2022-10-28 15:16:14 +02:00
Asger F
436cc60138 Ruby: update some uses of getConstantValue() 2022-10-28 15:16:14 +02:00
Asger F
156964bfc9 Ruby: add getEnclosingModule and getNestedModule 2022-10-28 15:16:14 +02:00
Asger F
67772bbc43 Ruby: Accessors for attributes and elements 2022-10-28 15:16:14 +02:00
Asger F
8976ba5583 Ruby: Add CallableNode, MethodNode, and accessors 2022-10-28 15:16:13 +02:00
Erik Krogh Kristensen
93fb2930c8 Merge pull request #10968 from erik-krogh/fixRbCode 
RB: fix rb/code-injection
 2022-10-28 09:14:14 +02:00
Harry Maclean
368ce69198 Fix qldoc formatting 2022-10-28 11:31:55 +13:00
Harry Maclean
9df8edcb1c Ruby: fix formatting 2022-10-28 11:31:55 +13:00
Harry Maclean
cd34686967 Ruby: Document flow summary for Hash#extract! 2022-10-28 11:31:55 +13:00
Harry Maclean
ca7b48c3d5 Add change note 2022-10-28 11:31:55 +13:00
Harry Maclean
ef260db76e Fix singleton set literal 2022-10-28 11:31:55 +13:00
Harry Maclean
71d703f2a5 Ruby: Add ActiveSupport extensions 2022-10-28 11:31:55 +13:00
Harry Maclean
cb37a0e835 Ruby: Add summaries for Hash#deep_merge(!) 2022-10-28 11:31:55 +13:00
Harry Maclean
3dea1d6a60 Ruby: Add flow summary for Hash#except! 2022-10-28 11:31:55 +13:00
Harry Maclean
0454642220 Ruby: Model deep_dup and presence 2022-10-28 11:31:55 +13:00
Harry Maclean
9f260853ac Ruby: Model more ActiveSupport string extensions 2022-10-28 11:31:55 +13:00
Harry Maclean
b389d50943 Ruby: Identify safe_constantize 2022-10-28 11:31:54 +13:00
Dave Bartolomeo
23b572e9b7 Use ${workspace} for intra-workspace dependencies 
Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release.

Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.
 2022-10-26 16:40:01 -04:00
thiggy1342
9c1fbfd330 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-25 13:09:17 -04:00
thiggy1342
3659eaa780 add markdown file extension 2022-10-25 10:13:19 -04:00
erik-krogh
e8dce25cc2 fix rb/code-injection 2022-10-25 14:44:23 +02:00
Erik Krogh Kristensen
ef5132b0ae Merge pull request #10883 from erik-krogh/codeSink 
RB: don't flag code-injection for dynamic loading where an attacker only controls a substring
 2022-10-24 18:59:36 +02:00
erik-krogh
aafef382dc refactor StringPercentCall#getFormatArgument 2022-10-24 18:57:24 +02:00
thiggy1342
952ad6ea46 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-24 09:52:24 -04:00
Asger F
ac4cac889f Ruby: add DataFlow::ModuleNode 
sdf
 2022-10-24 15:35:17 +02:00
Asger F
65add15416 Ruby: add getALocalUse() 
This is the inverse of getALocalSource()
 2022-10-24 15:35:17 +02:00
Asger F
aab1e1f5b4 Ruby: add some helpers at the AST level 2022-10-24 15:35:17 +02:00
Erik Krogh Kristensen
5ff98cd80e Merge pull request #10888 from erik-krogh/glob 
Ruby: add model for Dir.glob and other Dir methods
 2022-10-24 14:17:37 +02:00