hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,699 Commits 1,703 Branches 162 Tags
853bf2ae4eda2f20aa03df78dae47b0db2a8d658
Commit Graph

230 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
0c62901a67 Ruby: Fix tests. 2023-06-09 15:39:18 +02:00
Alex Ford
22b9ab43c6 Merge pull request #13259 from alexrford/rb/actiondispatch-refactor 
Ruby: Refactor and slightly expand `ActionDispatch` modelling
 2023-06-08 11:08:36 +01:00
Alex Ford
d09f6d318c Merge branch 'main' into maikypedia/sqli-sink 2023-06-01 15:02:44 +01:00
Alex Ford
7d943c7621 Ruby: update test output 2023-06-01 13:50:32 +01:00
Alex Ford
9f5c73cf63 Ruby: add a test case for instantiating ActionDispatch::Request directly 2023-05-23 15:18:32 +01:00
Alex Ford
1c9e4c0f0b Ruby: test for RequestInputAccess instances in ActionDispatch 2023-05-23 15:17:38 +01:00
Maiky
3960853af0 CWE-089 Add Sequel SQL Injection Sink 2023-05-07 23:56:56 +02:00
Maiky
6a3d995b35 Add Mysql2 as SQL Injection Sink 2023-05-06 12:25:25 +02:00
Alex Ford
e7213e92cf Merge remote-tracking branch 'origin/main' into rb/sqlite3 2023-05-03 15:18:07 +01:00
Alex Ford
6e6eee2dab Ruby: add test case for instance variable flow with sqlite3 2023-05-03 15:16:16 +01:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Anders Schack-Mulligen
90f84bb516 Ruby: Update expected output. 2023-04-26 13:08:16 +02:00
Alex Ford
9dc04f30ac Ruby: model sqlite3 2023-04-20 15:47:14 +01:00
Asger F
c699afd07f Ruby: instantiate NetHttpRequest even if body is not accessed 2023-03-31 12:56:09 +02:00
Asger F
504a0f8112 Ruby: Add test where response body is not referenced 2023-03-31 12:55:49 +02:00
Asger F
209aebad61 Ruby: Update HttpClients.ql not assume all predicates have results 2023-03-31 11:12:45 +02:00
Tom Hvitved
b816c79248 Ruby: Include all assignments in data flow paths 2023-03-24 10:09:30 +01:00
Erik Krogh Kristensen
af98ceb3c3 Merge pull request #11478 from erik-krogh/more-shell-taint 
Rb: more taint-steps for shell-command-construction
 2023-03-20 08:41:22 +01:00
Tom Hvitved
d146d816a9 Ruby: Fix semantic merge conflict 2023-03-17 09:59:44 +01:00
erik-krogh
25a6d496d9 Merge branch 'main' into HEAD 2023-03-13 17:33:06 +01:00
Harry Maclean
e80ff4efba Ruby: Fix tests and qldoc 2023-03-13 20:32:37 +13:00
Harry Maclean
071517c74b Ruby: Clean up Sinatra modeling 2023-03-13 19:25:56 +13:00
Harry Maclean
384e7c7a80 Jump step for sinatra callbacks 2023-03-13 19:03:32 +13:00
Harry Maclean
e65d7224db Ruby: tests, patterns, fix erb flow 2023-03-13 19:03:32 +13:00
erik-krogh
b0797a2559 Merge branch 'main' into more-shell-taint 2023-02-27 18:27:09 +01:00
Harry Maclean
ba4d0a81d5 Ruby: Simplify filter dataflow 
This introduces some false flow (the `ThreeController` and
`FourController` examples in `filter_flow.rb`) but is simpler and
in line with how we model flow for normal method calls.
 2023-02-21 19:28:53 +13:00
Harry Maclean
0a02b45ad7 Ruby: More filter flow steps 
Add a jump step from the last self post-update node in a method to the self parameter of the
next method.
 2023-02-21 19:28:26 +13:00
Harry Maclean
fae5320c3a Ruby: Add filter flow tests 2023-02-21 19:27:53 +13:00
Harry Maclean
ae3d91b546 Ruby: First draft of rails callback flow 2023-02-21 19:26:36 +13:00
Alex Ford
774030a8db Merge pull request #12083 from pwntester/ruby_twirp_support 
[Ruby] Add support for Twirp framework
 2023-02-20 13:16:52 +00:00
Harry Maclean
4e07fd3eb1 Ruby: Model ApplicationController.renderer 2023-02-19 13:37:27 +13:00
Alex Ford
74782bf6a2 Merge branch 'main' into ruby_twirp_support 2023-02-15 17:15:08 +00:00
Alex Ford
801ed1ce7c Ruby: add Twirp.expected 2023-02-15 17:05:33 +00:00
erik-krogh
17f7ba2a8f rewrite the taint-step for join() to a flowsummary 2023-02-15 12:34:59 +01:00
Alvaro Muñoz
4644a88b89 address code review comments 2023-02-14 14:27:17 +01:00
Harry Maclean
43ce26e4d0 Ruby: re-add Eval.rb 2023-02-07 09:37:26 +13:00
Harry Maclean
02b09ca9f7 Ruby: Remove unused test files 2023-02-04 14:42:59 +13:00
Harry Maclean
cfb3bc9dce Ruby: Remove unused test file 2023-02-04 14:30:56 +13:00
Harry Maclean
0711326619 Ruby: Move PosixSpawn tests to their own directory 2023-02-04 14:30:23 +13:00
Harry Maclean
dbbef0534b Ruby: Move Core tests into core directory 2023-02-04 14:28:25 +13:00
Harry Maclean
b5d98d9011 Ruby: Move GraphQL test to their own directory 2023-02-04 14:25:38 +13:00
Harry Maclean
6c816d5602 Ruby: Move ActionDispatch tests to own directory 2023-02-04 14:19:08 +13:00
Harry Maclean
58d7af4018 Ruby: Move ActionView tests into their own dir 
This ensures that changes to unrelated test files don't affect these
tests.
 2023-02-04 14:19:08 +13:00
Alvaro Muñoz
dd31be43e0 Support for Twirp framework 2023-02-03 09:35:22 +01:00
Harry Maclean
c99a096c9b Ruby: Update test fixtures 2023-01-31 11:27:19 +13:00
Harry Maclean
708e303c01 Ruby: Model except: with a const argument 2023-01-30 21:17:31 +13:00
Harry Maclean
246ad46eb1 Ruby: Account for filter skip ordering 
A `skip_*_filter :foo` call only has an effect if there was an earlier
call that registered `:foo` as a filter.
 2023-01-30 18:50:30 +13:00
Harry Maclean
a164e76a5d Ruby: Model actioncontroller filter overrides 
If a filter is registered twice with the same name, the last
registration wins.
 2023-01-30 18:05:22 +13:00
Harry Maclean
fb86ef4aac Ruby: Model ActionController filters 
ActionController filters provide a way to register callbacks that run
before, after or around an action (i.e. HTTP request handler). They run
in the same class context as the action, so can get/set instance
variables and generally interact with the action in arbitrary ways.

In order to track flow between filters and actions, we have to model the
callback chain. This commit does that. A later change will add dataflow
steps to actually track flow through the chain.
 2023-01-30 17:41:36 +13:00
Harry Maclean
e6e4e29bf8 Ruby: newline 2023-01-23 21:53:52 +00:00