hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,174 Commits 1,742 Branches 166 Tags
836c47abb3f5da34bbba457fbcd37c3ca1da8cfe
Commit Graph

509 Commits

Author SHA1 Message Date
Harry Maclean
b4b91e84a3 Ruby: Fix ConstantAccessCfgNode.getValueText 
The superclass definition uses SSA, which doesn't track constants.
 2022-01-06 12:25:19 +13:00
Alex Ford
f935df9865 Merge pull request #7313 from github/ruby/rails-cookie-config 
Ruby: Add `rb/weak-cookie-configuration` query
 2022-01-05 15:20:40 +00:00
Alex Ford
da8c745bd8 Ruby: Restrict Rails Setting nodes to SetterMethodCalls 2022-01-05 14:11:07 +00:00
Anders Schack-Mulligen
ef714f7328 Dataflow: Sync 2022-01-05 14:25:35 +01:00
Arthur Baars
e96fcf8568 Merge pull request #7498 from github/dependabot/cargo/ruby/generator/clap-3.0 
Update clap requirement from 2.33 to 3.0 in /ruby/generator
 2022-01-05 12:24:42 +01:00
Alex Ford
712972cb82 Ruby: formatting 2022-01-04 16:41:23 +00:00
Alex Ford
36ea360b25 Ruby: behaviour -> behavior 2022-01-04 15:43:38 +00:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Erik Krogh Kristensen
b9964799f3 Merge pull request #7458 from erik-krogh/modelling 
QL: add "modelling/modeling" to `ql/non-us-spelling`
 2022-01-04 13:33:54 +01:00
Alex Ford
dadaf25262 Merge branch 'main' into ruby/rails-cookie-config 2022-01-04 12:04:44 +00:00
Tom Hvitved
1f8a291d6f Merge pull request #7198 from hvitved/ruby/dataflow/arrays 
Ruby: Flow through arrays/enumerables
 2022-01-04 10:37:08 +01:00
yoff
5ba70ff3b6 Merge pull request #7369 from RasmusWL/filter-tag-cwe 
JS/Py/Ruby: Add more CWEs to bad-tag-filter queries
 2022-01-04 10:11:03 +01:00
Dave Bartolomeo
5f5af4a29e Move change notes to correct location 
A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.
 2022-01-03 18:21:16 -05:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
dependabot[bot]
b74af00b2b Update clap requirement from 2.33 to 3.0 in /ruby/generator 
Updates the requirements on [clap](https://github.com/clap-rs/clap) to permit the latest version.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/clap_generate-v3.0.0-rc.0...clap_complete-v3.0.0)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
 2022-01-03 16:12:45 +00:00
Alex Ford
7d3932dc8d Merge remote-tracking branch 'origin/main' into ruby/rails-cookie-config 2021-12-22 17:54:03 +00:00
Alex Ford
7f01be7067 Ruby: use new changenote format for rb/weak-cookie-configuration 2021-12-22 17:47:44 +00:00
Alex Ford
d977e8a473 Ruby: remove unnecessary custom transitive version of getReceiver 2021-12-22 17:47:44 +00:00
Alex Ford
9821c4a06c Ruby: behaviour -> behavior 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-12-22 17:47:44 +00:00
Alex Ford
2cd02157c9 Ruby: fix import 2021-12-22 17:47:44 +00:00
Alex Ford
db967bde89 Ruby: add a change note for rb/weak-cookie-configuration 2021-12-22 17:47:44 +00:00
Alex Ford
71c5711eb3 Ruby: add some rb/weak-cookie-configuration tests 2021-12-22 17:47:44 +00:00
Alex Ford
8976469d9b Ruby: Model some Rails cookie configuration settings 2021-12-22 17:47:44 +00:00
Alex Ford
5ce6e63590 Ruby: Tidy Rails.qll to make adding new settings modeling easier 2021-12-22 17:47:44 +00:00
Alex Ford
737f7332bc Ruby: add rb/weak-cookie-configuration query 2021-12-22 17:47:44 +00:00
Alex Ford
8a3d1fe174 Ruby: add CookieSecurityConfigurationSetting concept 2021-12-22 17:47:43 +00:00
Alex Ford
0cbf136e21 Merge pull request #7273 from github/ruby/crypto-algorithms 
Ruby: add CryptoAlgorithms library
 2021-12-22 17:42:59 +00:00
Alex Ford
3da98ecb73 Bump a date 2021-12-22 16:38:16 +00:00
Alex Ford
a2104de8a0 Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll 2021-12-22 16:38:15 +00:00
Alex Ford
f16d77615d Remove unused isStrongBlockMode predicate from CryptoAlgorithms.qll 2021-12-22 16:38:15 +00:00
Alex Ford
df0da980ea Update ruby/ql/lib/codeql/ruby/security/OpenSSL.qll 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-12-22 16:38:15 +00:00
Alex Ford
27a40fb5cf Ruby: OpenSSL QLDoc fixes 2021-12-22 16:38:15 +00:00
Alex Ford
97c75de771 Ruby: OpenSSL and CryptoAlgorithms test update 2021-12-22 16:38:15 +00:00
Alex Ford
e6bc45ee3b Ruby: Base OpenSSL supported algorithms on OpenSSL 1.1.1 and LibreSSL 3.4.1 2021-12-22 16:38:15 +00:00
Alex Ford
d3af687767 Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames 
Strong encryption algorithms: ARIA, IDEA, SEED, SM4
Strong block modes: CBC, CFB, CTR, OFB
 2021-12-22 16:38:15 +00:00
Alex Ford
bdb2d8ba16 Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version 2021-12-22 16:38:15 +00:00
Alex Ford
0303c279e2 Ruby: add empty ruby file to avoid DataFlowConsistency failure 2021-12-22 16:38:15 +00:00
Alex Ford
1156581b52 Ruby: add CryptoAlgorithms library 2021-12-22 16:38:15 +00:00
Jeff Gran
accfd482d4 autoformat file 2021-12-22 08:44:35 -07:00
Jeff Gran
6acb87d542 add change-notes 2021-12-22 08:42:07 -07:00
Jeff Gran
f21398ce84 changed the name of one of the constants for a better test case 2021-12-22 08:42:07 -07:00
Jeff Gran
445c420a3d rerun test --learn with rebuilt ruby extractor 2021-12-22 08:42:04 -07:00
Jeff Gran
07c7de5cfd run test --learn, add a few more constants to constant.rb test case 2021-12-22 08:36:07 -07:00
Jeff Gran
7c032f6cb4 fix docs, fix deprecations 2021-12-22 08:35:55 -07:00
Jeff Gran
f35e866799 Capitalize "Gets" 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2021-12-22 08:35:55 -07:00
Jeff Gran
0c698996aa use resolveConstanteWriteAccess instead, add a few more test cases 2021-12-22 08:35:55 -07:00
Jeff Gran
3df7793803 add more test cases, fix bug by adding getFullName() predicate 2021-12-22 08:35:55 -07:00
Jeff Gran
8e46eeb88c fix expectations to expect the correct values 2021-12-22 08:35:52 -07:00
Tom Hvitved
55492ef348 Ruby: Update expected test output after rebase 2021-12-22 15:56:20 +01:00