1607 Commits

Author	SHA1	Message	Date
Tony Torralba	c9d1cd97fb	Ruby: Remove omittable exists variables	2023-01-10 13:39:49 +01:00
Erik Krogh Kristensen	5157d4df7b	Merge pull request #11581 from erik-krogh/stdin ... Rb: add stdin as source for unsafe-deserialization	2023-01-09 13:57:47 +01:00
yoff	c01ce955ba	Merge pull request #11778 from yoff/shared/inline-tests ... Shared: Inline test expectations	2023-01-09 13:21:18 +01:00
erik-krogh	19d2b49562	drive-by: make Base64.decode64(..) into a flowsummary that is shared with all queries	2023-01-06 09:04:37 +01:00
erik-krogh	1a27441cfb	drive-by: delete code-execution sinks from unsafe-deserialization, we risked duplicate alerts	2023-01-06 09:04:36 +01:00
erik-krogh	0e6028a7f3	add stdin as source for unsafe-deserialization	2023-01-06 09:04:36 +01:00
erik-krogh	f98ff65b11	use eval() instead of send() in test	2023-01-05 20:04:04 +01:00
Rasmus Lerchedahl Petersen	c3b3c05cf3	Revert "Merge pull request #37 from erik-krogh/shared/inline-tests" ... This reverts commit 65fe9abcfe, reversing changes made to 08e9d3391f.	2023-01-05 09:19:43 +01:00
Harry Maclean	4d228bcddf	Ruby: Recognise more string-valued variables ... This increases the sensitivity of our barrier guards.	2023-01-04 11:45:10 +13:00
Harry Maclean	9944252c43	Ruby: Add test for barrier guards ... This demonstrates that we are missing a guard when a case branch compares against a string-valued variable rather than a string literal.	2023-01-04 11:45:10 +13:00
Harry Maclean	698a679c78	Ruby: add test	2023-01-04 11:45:10 +13:00
Harry Maclean	0fbb6bf608	Ruby: Make array inclusion barrier more sensitive	2023-01-04 11:45:09 +13:00
Erik Krogh Kristensen	79a2b6d0b0	use any() instead of this = this ... Co-authored-by: Arthur Baars <aibaars@github.com>	2023-01-02 10:49:54 +01:00
erik-krogh	99dc0a8356	fix binding	2023-01-02 10:30:28 +01:00
Harry Maclean	b70ca77afc	Merge pull request #10899 from hmac/flow-summary-docs ... Ruby: Document flow summary syntax	2022-12-28 10:47:38 +13:00
erik-krogh	b3dd50bc36	inline Location into the shared implementation of InlineExpectationsTest	2022-12-22 11:09:43 +01:00
Rasmus Lerchedahl Petersen	0d6c643d77	ruby: use shared inline tests ... - remove from identical-files	2022-12-22 10:20:07 +01:00
Arthur Baars	0f313231bc	AlertSuppression: add more tests	2022-12-19 16:43:11 +01:00
Arthur Baars	c176606be5	AlertSuppression: allow //lgtm comments to scope over the next line	2022-12-19 16:10:26 +01:00
Arthur Baars	016c7a8ca7	Merge pull request #11719 from aibaars/alert-suppression-shared ... Shared AlertSuppression library	2022-12-19 16:04:44 +01:00
Arthur Baars	06736e3e91	Add .gitattributes for Windows test files	2022-12-19 12:39:01 +01:00
erik-krogh	db49cfb723	Merge branch 'main' into kernelLoad	2022-12-19 09:46:25 +01:00
Tom Hvitved	e629568eda	Merge pull request #11720 from hvitved/ruby/call-sensitive-initialize-bug-fix ... Ruby: Fix bug in call-sensitivity logic for `initialize` calls	2022-12-16 16:36:31 +01:00
Tom Hvitved	bfc257147c	Ruby: Fix bug in call-sensitivity logic for initialize calls	2022-12-16 11:17:15 +01:00
Tom Hvitved	accf4ca364	Ruby: Recognize custom self.new methods that return self.allocate	2022-12-16 09:23:36 +01:00
Tom Hvitved	b64083d08e	Ruby: Add more call graph tests	2022-12-16 09:21:00 +01:00
Tom Hvitved	d7e44a5426	Merge pull request #10714 from hvitved/ruby/initialize ... Ruby: Model flow through `initialize` constructors	2022-12-15 13:42:59 +01:00
Alex Ford	1b49bfe605	Merge pull request #11497 from alexrford/ruby/rails_globalid ... Ruby: model `rails/globalid` component	2022-12-15 10:35:15 +00:00
Alex Ford	2af5925f38	Ruby: improve coverage of GlobalID::Identification modelling	2022-12-14 15:21:19 +00:00
Tom Hvitved	5d9c64ba6f	Ruby: Model flow through initialize constructors	2022-12-14 12:57:39 +01:00
Tom Hvitved	9a7628c988	Ruby: Add data flow tests for constructors	2022-12-14 12:57:39 +01:00
erik-krogh	ccf520a5cd	Merge branch 'main' into unsafeCodeConstruction	2022-12-13 18:31:49 +01:00
Erik Krogh Kristensen	4ff823c36b	Merge pull request #11366 from p-/p--ruby-kernel-open-addition ... Ruby: Add additional sinks to the `rb/kernel-open` query	2022-12-12 15:56:01 +01:00
Harry Maclean	6c8896d83f	Merge pull request #11337 from hmac/actionmailbox ... Ruby: Model ActionMailbox	2022-12-12 10:29:23 +13:00
Peter Stöckli	d2c8e70be1	Adjust expected file for TaintStep (due to changes to File.join)	2022-12-09 09:57:19 +01:00
Peter Stöckli	03fff2709b	Add suggestions to fix FileJoinSanitizer	2022-12-09 09:42:44 +01:00
Peter Stöckli	0d8c82009c	Merge branch 'main' into p--ruby-kernel-open-addition	2022-12-09 07:54:56 +01:00
erik-krogh	1a6e16f292	Merge branch 'main' into kernelLoad	2022-12-08 15:41:48 +01:00
Tom Hvitved	35938067fe	Merge pull request #11517 from aibaars/phi-reads-in-data-flow-graph ... Ruby: Include SSA "phi reads" in DataFlow::Node	2022-12-07 18:58:44 +01:00
Arthur Baars	898a4006b0	Merge pull request #10747 from aibaars/ruby-more-flow ... Ruby: also treat included/prepended modules as subclasses	2022-12-07 15:49:00 +01:00
Arthur Baars	d862972d5e	Ruby: Add use-use stress test	2022-12-07 15:28:51 +01:00
Arthur Baars	f11f2cb1a0	Ruby: Update tests	2022-12-07 15:28:50 +01:00
erik-krogh	8ab31bbe1c	have getMethodName return the method being called for super-calls	2022-12-07 14:09:36 +01:00
erik-krogh	8f0c0f3c17	add support for super calls to Kernel	2022-12-06 14:25:51 +01:00
erik-krogh	66946ebf6a	add Kernel methods as sinks to path-injection	2022-12-06 14:09:15 +01:00
Tom Hvitved	b171dc9b7b	Merge pull request #11477 from hvitved/ruby/call-ctx-rewrite ... Ruby: Rework call-context sensitivity logic	2022-12-06 07:39:29 +01:00
Arthur Baars	889eea92c2	Merge branch 'main' into ruby-more-flow	2022-12-05 11:13:46 +01:00
Arthur Baars	83423854d2	Merge pull request #11339 from aibaars/active_support_enumerable ... Ruby: Active support enumerable	2022-12-05 11:02:19 +01:00
Asger F	2d578c1a73	Merge branch 'main' into merge-package-type-columns	2022-12-02 10:00:44 +01:00
Harry Maclean	91421528df	Ruby: Update test	2022-12-01 09:01:03 +13:00