hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,284 Commits 1,672 Branches 157 Tags
792f302bd4dee4c7558e2ce5bbea7edb51f9896f
Commit Graph

372 Commits

Author SHA1 Message Date
Tom Hvitved
792f302bd4 Ruby: Add another dataflow test 2024-02-01 10:52:06 +01:00
Tom Hvitved
2d95ac9d5f Merge pull request #15468 from hvitved/ruby/ctx-sensitivity-rework 2024-01-30 20:27:43 +01:00
Harry Maclean
f230e618a3 Ruby: Update tests 2024-01-30 09:43:56 +00:00
Tom Hvitved
503d2f7b95 Ruby: Rework mayBenefitFromCallContext 2024-01-30 09:57:29 +01:00
Tom Hvitved
295198744b Ruby: Handle captured yield calls 2024-01-10 14:25:15 +01:00
Tom Hvitved
55be4c39ef Ruby: Add data flow call sensitivity test 2024-01-10 14:25:12 +01:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
Tom Hvitved
25a676ac6a Ruby: Model simple pattern matching as value steps instead of taint steps 2023-12-14 20:18:24 +01:00
Tom Hvitved
0e81577269 Ruby: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:43 +01:00
Tom Hvitved
dde83b6415 Merge pull request #14709 from hvitved/ruby/shared-type-tracking 
Ruby: Adopt shared type tracking library
 2023-12-05 20:12:06 +01:00
Tom Hvitved
9eaebfcf60 Merge pull request #14859 from hvitved/ruby/missing-flow-tests 
Ruby: Add tests illustrating missing flow
 2023-11-24 14:57:15 +01:00
Tom Hvitved
8ccce5891d Ruby: Add tests illustrating missing flow 2023-11-24 14:28:04 +01:00
Harry Maclean
288fbfd2ec Ruby: Add test for missing block flow 2023-11-22 09:59:55 +00:00
Tom Hvitved
6ce8e0510f Ruby: Adopt shared type tracking library 2023-11-20 16:03:24 +01:00
Tom Hvitved
b2f1022e5c Ruby: Prune irrelevant data flow nodes and edges 2023-11-16 13:52:07 +01:00
Tom Hvitved
75f42f4614 Merge pull request #14783 from hvitved/ruby/hash-array-literal 
Ruby: Include more nodes in `{Hash,Array}LiteralCfgNode`
 2023-11-16 13:51:35 +01:00
Tom Hvitved
2c23dacca1 Ruby: Add more hash/array literal tests 2023-11-16 12:58:53 +01:00
Tom Hvitved
475d8da342 Ruby: Include more nodes in {Hash,Array}LiteralCfgNode 2023-11-14 13:50:46 +01:00
Tom Hvitved
f1b67ade9b Ruby: Include name of variable in UninitializedDefinition.toString 2023-11-14 11:33:59 +01:00
Tom Hvitved
14cfb82a8c Ruby: Summarized type-tracking stores should target post-update nodes 2023-10-30 10:47:29 +01:00
erik-krogh
57c757c0a6 Ruby: delete outdated deprecation in test code 2023-10-09 09:14:55 +02:00
Tom Hvitved
c570083163 Ruby: Improve performance of flow through (hash) splats 2023-09-27 11:49:31 +02:00
Harry Maclean
dc2acf5a39 Merge pull request #14090 from hmac/splat-flow-4 
Ruby: More splat flow (alternative)
 2023-09-27 10:22:57 +01:00
Tom Hvitved
97ed5b8afb Ruby: Improvments to splat flow 
- Only step through a `SynthSplatParameterElementNode` when there is a splat parameter
  at index > 0.
- Model read+stores via `SynthSplatArgumentElementNode` as a single read-store
  step in type tracking.
 2023-09-14 09:26:42 +01:00
Harry Maclean
bf51cbad88 Ruby: Update test fixture 2023-09-14 09:26:38 +01:00
Tom Hvitved
e11a4b63e9 Ruby: Remove SynthSplatArgParameterNode 2023-09-14 09:26:38 +01:00
Harry Maclean
5a6a52b767 Ruby: Use fewer SynthSplatArgumentElementNodes 
In cases such as

    def f(x, *y); end

    f(*[1, 2])

we don't need any `SynthSplatArgumentElementNodes`. We get flow from the
splat argument to a `SynthSplatParameterNode` via `parameterMatch`, then
from element 0 of the synth splat to the positional param `x` via a
read step.

We add a read step from element 1 to `SynthSplatParameterElementNode(1)`.
From there we get flow to element 0 of `*y` via an existing store step.
 2023-09-14 09:26:38 +01:00
Harry Maclean
4c1beea465 Ruby: Address review comments 2023-09-14 09:26:33 +01:00
Harry Maclean
3c8683428b Ruby: Model more splat flow (alternative approach) 2023-09-14 08:55:59 +01:00
Harry Maclean
ef63ea8399 Ruby: Update fixture 2023-09-14 08:54:48 +01:00
Harry Maclean
7ebd51163e Ruby: Handle more splat arg flow 
Allow flow from a splat argument to a positional parameter in cases
where there are positional arguments left of the splat. For example:

    def foo(x, y, z); end

    foo(1, *[2, 3])
 2023-09-14 08:54:48 +01:00
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Tom Hvitved
48e2dcfa35 Ruby: Reimplement flow through captured variables using field flow 2023-09-06 11:00:55 +02:00
Tom Hvitved
5d1c399371 Ruby: Add more data-flow tests for captured variables 2023-09-06 10:34:34 +02:00
Tom Hvitved
a2912cd72b Ruby: Use proper PathGraph module in inline flow tests 
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
 2023-09-04 20:27:34 +02:00
Tom Hvitved
89e9d25f02 Ruby: Hide desugared assignments from data flow path graph 2023-08-31 14:04:57 +02:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Harry Maclean
842da58269 Ruby: Update test fixture 2023-08-23 09:59:04 +01:00
Harry Maclean
fb4b774c0d Merge pull request #13967 from hmac/remove-splat-all 
Ruby: Remove isSplatAll
 2023-08-23 09:40:06 +01:00
Harry Maclean
414ae76ae1 Ruby: Add another splat flow test 2023-08-21 16:21:55 +01:00
Harry Maclean
c615f183c1 Ruby: Add test for spurious splat flow 
We don't yet properly model splat flow when a positional argument
follows a splat argument.
 2023-08-21 16:11:10 +01:00
Tom Hvitved
deaa37d9d3 Ruby: Include more (hash)splat flow in type tracking 2023-08-18 14:07:12 +02:00
Tom Hvitved
da05e3e0e8 Ruby: Add more type tracking tests 2023-08-18 13:51:29 +02:00
Harry Maclean
222aa41bbf Merge pull request #13938 from hmac/splat-flow-2 
Ruby: More precise flow into splat parameters
 2023-08-18 12:07:58 +01:00
Tom Hvitved
44b734e120 Merge pull request #13955 from hvitved/ruby/type-tracking-capture-insensitive 
Ruby: Make type tracking flow-insensitive for captured variables
 2023-08-15 11:42:41 +02:00
Tom Hvitved
061575ff77 Merge pull request #13937 from hvitved/ruby/for-loop-desugar 
Ruby: Improve desugaring of `for` loops
 2023-08-14 20:12:12 +02:00
Tom Hvitved
e96cbeb00a Ruby: Adjust locations of synthesized nodes 2023-08-14 14:37:47 +02:00
Tom Hvitved
c084a9b27a Ruby: Make type tracking flow-insensitive for captured variables 2023-08-14 13:44:37 +02:00
Harry Maclean
6011d26823 Ruby: Restrict parameter nodes 2023-08-11 15:14:32 +01:00
Tom Hvitved
b28f60ccd2 Ruby: Add test for documenting missing flow through destructured parameters 2023-08-10 20:22:11 +02:00