hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 14:46:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,923 Commits 1,673 Branches 157 Tags
9997326804800498982d789d4eff05abaf0d6ef3
Commit Graph

2957 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
af98ceb3c3 Merge pull request #11478 from erik-krogh/more-shell-taint 
Rb: more taint-steps for shell-command-construction
 2023-03-20 08:41:22 +01:00
Michael Nebel
282b5d4836 Merge pull request #12538 from michaelnebel/emptypredworkaround 
DataFlow: Workaround empty predicate usage in IPA branch.
 2023-03-17 10:29:19 +01:00
Tom Hvitved
d146d816a9 Ruby: Fix semantic merge conflict 2023-03-17 09:59:44 +01:00
Tom Hvitved
e69e90db4a Ruby: Remove some redundant super type qualifiers 2023-03-17 09:32:13 +01:00
Tom Hvitved
75746cbacc Merge pull request #12549 from hvitved/ruby/ssa-write-access 
Ruby: `Ssa::WriteDefinition::getWriteAccess` should return a CFG node
 2023-03-17 09:31:14 +01:00
Tom Hvitved
ee01e9ab35 Merge pull request #12554 from hvitved/ruby/clear-text-logging-hashes 
Ruby: Rely on built-in hash-flow in clear text storage query
 2023-03-17 09:21:11 +01:00
Harry Maclean
2c63dbad67 Merge pull request #11954 from hmac/sinatra 
Ruby: Model Sinatra
 2023-03-17 10:46:52 +13:00
Tom Hvitved
f35fb13723 Add change note 2023-03-16 15:18:47 +01:00
Tom Hvitved
9d3863eccc Ruby: Rely on built-in hash-flow in clear text storage query 2023-03-16 14:55:06 +01:00
Tom Hvitved
ae10e6e08f Ruby: Add a test that shows FP/FN for clear text logging query 2023-03-16 14:38:45 +01:00
Michael Nebel
3fea9e4d0b Sync files. 2023-03-16 14:12:29 +01:00
Tom Hvitved
1d0b3d4112 Ruby: Ssa::WriteDefinition::getWriteAccess should return a CFG node 2023-03-16 11:28:24 +01:00
Tom Hvitved
a13b6ed230 Merge pull request #12536 from hvitved/dataflow/call-enclosing-callable-consistency-check 
Data flow: Add consistency check for `DataFlowCall::getEnclosingCallable`
 2023-03-16 10:19:42 +01:00
Rasmus Wriedt Larsen
b3a49ab143 Merge pull request #12467 from RasmusWL/kwargs-parameter-position-fixup 
Python/Ruby: Use new parameter position for synthetic hash-splat instead
 2023-03-16 09:52:46 +01:00
Tom Hvitved
9f798902bd Data flow: Add consistency check for DataFlowCall::getEnclosingCallable 2023-03-16 08:40:53 +01:00
Henry Mercer
5de0eae992 Ruby: Update diagnostic source names for consistency 2023-03-15 12:05:09 +00:00
Henry Mercer
0de4259bff Revert "Ruby: Use rb prefix in diagnostic IDs for consistency with queries" 
This reverts commit a6509c7a37.
 2023-03-15 12:00:47 +00:00
erik-krogh
cc3efcd35e also restrict allowImplicitRead in unsafe-code-construction 2023-03-15 11:11:20 +01:00
erik-krogh
2133d1a5ab Merge branch 'main' into more-shell-taint 2023-03-15 10:54:30 +01:00
Arthur Baars
fbe9823a42 Merge branch 'main' into henrymercer/polish-diagnostics 2023-03-14 23:42:33 +01:00
Harry Maclean
aaeb8a0aa0 Merge pull request #12493 from hmac/ar-sinks 2023-03-15 07:59:07 +13:00
Henry Mercer
a6509c7a37 Ruby: Use rb prefix in diagnostic IDs for consistency with queries 2023-03-14 17:13:50 +00:00
Henry Mercer
769f9051af Ruby: Serialize severities as lowercase 2023-03-14 17:09:25 +00:00
Tom Hvitved
8dd99b951b Data flow: Exclude expectsContent nodes from lambda flow 2023-03-14 10:01:11 +01:00
erik-krogh
984a589954 don't depend on the callgraph in KernelArraySummary 2023-03-14 09:20:24 +01:00
Tom Hvitved
08557974ae Merge pull request #12499 from hvitved/ruby/more-constructor-flow 
Ruby: Add missing flow through `self.new` constructor calls
 2023-03-14 09:14:42 +01:00
erik-krogh
4307889b1f specialize allowImplicitRead in unsafe-shell-command-construction to fix performance 2023-03-14 08:42:11 +01:00
Harry Maclean
d814e15a2f Ruby: Refactor 2023-03-14 12:58:32 +13:00
erik-krogh
8b99e8af88 fix bad join by removing bad recursion 2023-03-13 17:34:11 +01:00
erik-krogh
25a6d496d9 Merge branch 'main' into HEAD 2023-03-13 17:33:06 +01:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen
0c95ab2cdc Merge pull request #12474 from hvitved/dataflow/call-back-post-update 
Data flow: Synthesize post-update nodes for callback arguments inside summarized callables
 2023-03-13 13:21:52 +01:00
Erik Krogh Kristensen
060c37b6a2 Merge pull request #12345 from erik-krogh/delOldDeps 
delete old deprecations
 2023-03-13 12:48:24 +01:00
Tom Hvitved
163bb2b94d Add change note 2023-03-13 12:45:46 +01:00
Tom Hvitved
714b61b63e Ruby: Add missing flow through self.new constructor calls 2023-03-13 12:45:46 +01:00
Anders Schack-Mulligen
c380ecbbbc Data flow: Add change notes. 2023-03-13 11:09:13 +01:00
erik-krogh
6c1ebd999e Merge branch 'main' into delOldDeps 2023-03-13 11:00:29 +01:00
Tom Hvitved
6ee231fac5 Ruby: Add more tests for flow through constructors 2023-03-13 10:52:01 +01:00
Harry Maclean
3734a544bc Ruby: Add change note 2023-03-13 21:38:45 +13:00
Harry Maclean
e80ff4efba Ruby: Fix tests and qldoc 2023-03-13 20:32:37 +13:00
Harry Maclean
071517c74b Ruby: Clean up Sinatra modeling 2023-03-13 19:25:56 +13:00
Harry Maclean
bfe42a656c Ruby: QL4QL fix 2023-03-13 19:04:46 +13:00
Harry Maclean
384e7c7a80 Jump step for sinatra callbacks 2023-03-13 19:03:32 +13:00
Harry Maclean
e65d7224db Ruby: tests, patterns, fix erb flow 2023-03-13 19:03:32 +13:00
Harry Maclean
eada3b91df Ruby: track flow from sinatra routes to erb files 2023-03-13 19:03:32 +13:00
Harry Maclean
c82b4638c6 Ruby: Import Sinatra modeling by default 2023-03-13 19:03:32 +13:00
Harry Maclean
a1fab31bfc Ruby: Model Sinatra 
Adds some very basic modeling of Sinatra applications.
We recognise the `params` call in Sinatra routes as an HTTP request
input access.
 2023-03-13 19:03:32 +13:00
Harry Maclean
9c3d141c9c Ruby: Add change note 2023-03-13 18:57:55 +13:00
Harry Maclean
fe995dd99b Ruby: ActiveRecord::Connection.execute SQL sink 2023-03-13 09:03:54 +13:00
Harry Maclean
025cd34dab Ruby: Taint flow through ActionController params 
We were not recognising "require" as returning a Parameters instance.
 2023-03-13 08:52:41 +13:00