codeql

mirror of https://github.com/github/codeql.git synced 2026-01-21 02:14:45 +01:00

Author	SHA1	Message	Date
Alvaro Muñoz	9146407f23	Add `[]` to the list of methods returning an `ActionController::Parameters"	2024-01-05 15:14:11 +01:00
Harry Maclean	c96be39474	Merge pull request #15048 from hmac/hmac-model-editor-ruby-modules Ruby: Model editor improvements	2024-01-03 12:53:43 +00:00
yoff	e0c027f13c	Merge pull request #14848 from hvitved/python/shared-type-tracking Python: Adopt shared type tracking library	2023-12-18 21:14:42 +01:00
Tom Hvitved	020a049d30	Merge pull request #15103 from hvitved/ruby/simple-pattern-flow Ruby: Model simple pattern matching as value steps instead of taint steps	2023-12-18 08:49:11 +01:00
Tom Hvitved	25a676ac6a	Ruby: Model simple pattern matching as value steps instead of taint steps	2023-12-14 20:18:24 +01:00
Anders Schack-Mulligen	a1068ce2f9	Dataflow: deprecate references	2023-12-14 15:05:33 +01:00
Tom Hvitved	84aa9f17a0	Python/Ruby: Use `SummaryTypeTracker` from `typetracking` pack	2023-12-14 13:25:18 +01:00
Tom Hvitved	a46964dfe8	Address review comments	2023-12-12 13:55:52 +01:00
Tom Hvitved	cdf59e1e1d	Ruby: Cache more predicates	2023-12-11 10:15:17 +01:00
Tom Hvitved	0e81577269	Ruby: Use `FlowSummaryImpl` from `dataflow` pack	2023-12-10 11:25:43 +01:00
Harry Maclean	e6df264865	Ruby: Report module declarations to model editor This allows us to render type relations between modules/classes, not just methods.	2023-12-08 14:16:49 +00:00
Harry Maclean	c1c258f567	Ruby: Include ancestors in type model generation	2023-12-08 14:16:49 +00:00
Anders Schack-Mulligen	64eb4ff753	Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api Data Flow: Deprecate old data flow api.	2023-12-08 14:27:25 +01:00
Harry Maclean	1dc0a063b0	Merge pull request #14679 from hmac/hmac-model-editor-ruby Ruby: Experimental model editor support	2023-12-08 11:03:38 +00:00
Tom Hvitved	dde83b6415	Merge pull request #14709 from hvitved/ruby/shared-type-tracking Ruby: Adopt shared type tracking library	2023-12-05 20:12:06 +01:00
Tom Hvitved	c6e805faef	Ruby: Add more deprecation comments	2023-12-05 14:57:15 +01:00
Harry Maclean	d630773575	Merge pull request #14627 from alexrford/rb/update_all_sink Ruby: refine `ActiveRecord` `update_all` as an SQL sink	2023-12-04 13:02:14 +00:00
Anders Schack-Mulligen	67f0529cda	Dataflow: Sync.	2023-12-04 12:36:57 +01:00
Harry Maclean	f40f2db3ab	Ruby: Fix name of url-redirection sink model	2023-11-27 11:25:37 +00:00
Harry Maclean	e9277a56a9	Ruby: Add sinks from external models	2023-11-27 09:18:00 +00:00
Harry Maclean	ad608341ab	Ruby: Handle alternative gemspec names Gemspecs are sometimes named via the first argument to `Gem::Specification.new`: ```rb Gem::Specification.new 'sinatra' do \|s\| # ... end ```	2023-11-27 09:18:00 +00:00
Harry Maclean	78125a701d	Ruby: Model Editor support Add experimental support for the CodeQL Model Editor.	2023-11-27 09:17:59 +00:00
Tom Hvitved	1a6886cf99	SSA: Add locations to ease debugging	2023-11-22 08:37:02 +01:00
Tom Hvitved	6ce8e0510f	Ruby: Adopt shared type tracking library	2023-11-20 16:03:24 +01:00
Tom Hvitved	b2f1022e5c	Ruby: Prune irrelevant data flow nodes and edges	2023-11-16 13:52:07 +01:00
Tom Hvitved	75f42f4614	Merge pull request #14783 from hvitved/ruby/hash-array-literal Ruby: Include more nodes in `{Hash,Array}LiteralCfgNode`	2023-11-16 13:51:35 +01:00
Tom Hvitved	475d8da342	Ruby: Include more nodes in `{Hash,Array}LiteralCfgNode`	2023-11-14 13:50:46 +01:00
Tom Hvitved	f1b67ade9b	Ruby: Include name of variable in `UninitializedDefinition.toString`	2023-11-14 11:33:59 +01:00
Rasmus Wriedt Larsen	43d9d2ceb7	Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.	2023-11-08 14:29:24 +01:00
Geoffrey White	e8a466a02c	Update dead link.	2023-11-07 09:26:07 +00:00
Tom Hvitved	3c86aad16d	Merge pull request #14628 from hvitved/ruby/type-tracking-store-post-update Ruby: Summarized type-tracking stores should target post-update nodes	2023-11-01 13:54:21 +01:00
Tom Hvitved	0c5b528d54	Address review comments	2023-11-01 11:32:57 +01:00
Harry Maclean	083be305e1	Shared: Add neutralModel extensible predicate The neutralModel extensible predicate already exists in Java and C#, so this change brings the dynamic languages more in line with static languages. The Model Editor uses this predicate to mark endpoints as "not interesting" from a data flow perspective.	2023-10-30 11:31:57 +00:00
Tom Hvitved	14cfb82a8c	Ruby: Summarized type-tracking stores should target post-update nodes	2023-10-30 10:47:29 +01:00
Alex Ford	8db23dc775	Ruby: refine ActiveRecord update_all as an SQL sink	2023-10-30 09:47:16 +00:00
Max Schaefer	f42bd28ca9	Port changes to Ruby.	2023-10-26 15:06:45 +01:00
Alex Ford	16c5edd3ca	Ruby: add a query and script for autogenerating typeModel and summaryModel data extensions entries	2023-10-25 15:52:02 +01:00
Alex Ford	66d230a207	ruby: qlformat	2023-10-16 12:45:46 +01:00
Alex Ford	3dd042c38a	Merge remote-tracking branch 'origin/main' into maikypedia/ruby-jwt	2023-10-16 12:42:19 +01:00
Maiky	e204100701	Resolve conflict in `Concepts.qll`	2023-10-15 10:37:10 +02:00
Harry Maclean	1297acf5b1	Merge pull request #14216 from hmac/hmac-graphql-enum Ruby: Restrict GraphQL remote flow sources	2023-10-13 11:31:50 +01:00
Asger F	89bd00a4ec	Ruby: port queries to ConfigSig-style	2023-10-11 10:06:19 +02:00
erik-krogh	e0fefce2a3	Ruby: delete various deprecated predicates	2023-10-09 09:14:54 +02:00
erik-krogh	0d992a3d1f	delete old deprecated aliases of various regex libraries	2023-10-09 09:14:54 +02:00
erik-krogh	4bc4e0845d	delete the deprecated `isBarrierGuard` predicate from the shared dataflow library, and its uses	2023-10-07 21:48:49 +02:00
Asger F	0d96ed8aee	Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers Shared: add in/out barriers with flow state	2023-09-28 11:07:23 +02:00
Anders Schack-Mulligen	68d05eb342	Ruby: Minor simplification.	2023-09-28 08:58:55 +02:00
Tom Hvitved	c570083163	Ruby: Improve performance of flow through (hash) splats	2023-09-27 11:49:31 +02:00
Harry Maclean	dc2acf5a39	Merge pull request #14090 from hmac/splat-flow-4 Ruby: More splat flow (alternative)	2023-09-27 10:22:57 +01:00
Anders Schack-Mulligen	06cb277eb0	Merge pull request #14299 from aschackmull/dataflow/more-defaults Dataflow: Make use of defaults for language-specific hooks.	2023-09-25 11:19:44 +02:00

1 2 3 4 5 ...

2582 Commits