hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,288 Commits 1,673 Branches 157 Tags
ad8335d6f3b498c8a70f4ffdaaae214d018acb7e
Commit Graph

1452 Commits

Author SHA1 Message Date
thiggy1342
f54fc1a88d Merge branch 'main' into add-activerecord-annotate 2022-07-20 10:26:44 -04:00
thiggy1342
6bc2fe513d Merge branch 'main' into add-activerecord-annotate 2022-07-19 10:29:24 -04:00
Asger F
b9bdee6651 Merge branch 'main' into post-release-prep/codeql-cli-2.10.1 2022-07-19 16:24:35 +02:00
thiggy1342
962155fd61 fix changenotes 2022-07-19 00:33:04 +00:00
Arthur Baars
c9e5206396 Ruby: skip .git folder 2022-07-18 15:26:38 +02:00
Nick Rolfe
eebba36b18 Merge pull request #9708 from github/nickrolfe/pathname 
Ruby: model the standard library's `Pathname` class
 2022-07-18 11:29:30 +01:00
Nick Rolfe
dbd6607875 Ruby: use ASCII dash in comment 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-07-18 08:54:58 +01:00
Harry Maclean
cc5f59f313 Merge pull request #9138 from hmac/hmac/array-inclusion-guard-local-flow 
Ruby: Make StringArrayInclusion more sensitive
 2022-07-18 10:11:49 +12:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
thiggy1342
8ca7d7d775 update change note 2022-07-14 00:22:38 +00:00
thiggy1342
f5301aa478 Merge branch 'main' into add-activerecord-annotate 2022-07-13 14:35:44 -04:00
Erik Krogh Kristensen
9e2e32f037 Merge pull request #9322 from erik-krogh/fixAutoBuild 
QL/RB: fix the QL-for-QL and ruby autobuilders
 2022-07-13 14:39:59 +02:00
Harry Maclean
1fa2144716 Ruby: Update test fixtures 2022-07-13 21:02:08 +12:00
Erik Krogh Kristensen
c4f44bb67f sync files 2022-07-13 10:01:26 +02:00
Erik Krogh Kristensen
047b14e310 get the autobuilders to work after introducing test-cases 2022-07-13 09:50:55 +02:00
Erik Krogh Kristensen
eb0340dcb6 get excludes to work properly 2022-07-13 09:50:55 +02:00
Erik Krogh Kristensen
2850b35a04 update, and fix, the autobuilders by using the new --also-match option 2022-07-13 09:48:29 +02:00
Harry Maclean
49aab51893 Ruby: Make helper predicate private 2022-07-13 18:20:27 +12:00
Harry Maclean
ea95e2e1d0 Ruby: Use InclusionTests library in barrier guards 2022-07-13 18:20:27 +12:00
Harry Maclean
b9fc82a741 Ruby: Test both old and new-style barrier guards 2022-07-13 18:20:25 +12:00
Harry Maclean
4cfaa86d5d Ruby: Update new-style barrier-guard 2022-07-13 18:20:14 +12:00
Harry Maclean
5f17d8370c Ruby: Small change to isArrayExpr 2022-07-13 18:20:14 +12:00
Harry Maclean
63dcce9a31 Ruby: Refactor isArrayConstant 2022-07-13 18:20:14 +12:00
Harry Maclean
b5a3d3c488 Ruby: Extract isArrayConstant 
This predicate might be useful elsewhere.
 2022-07-13 18:20:14 +12:00
Harry Maclean
301914d80c Ruby: Add an extra barrier guard test 2022-07-13 18:20:14 +12:00
Harry Maclean
706d1d2eee Ruby: Make StringArrayInclusion more sensitive 
We now recognise the following pattern as a barrier guard for `x`:

    values = ["foo", "bar"]

    if values.include? x
      sink x
    end
 2022-07-13 18:20:12 +12:00
thiggy1342
9a0a9491da Merge branch 'main' into add-activerecord-annotate 2022-07-12 20:13:56 -04:00
Nick Rolfe
217c9a8aaf Fix typo in changenote 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-12 08:50:58 +01:00
Nick Rolfe
a3628b06f1 Ruby: fix markup in changenote 2022-07-11 17:23:45 +01:00
Nick Rolfe
032aa56dc3 Ruby: add change note for system command execution sink bug 2022-07-11 17:00:07 +01:00
Nick Rolfe
6632dfaf88 Ruby: fix another SystemCommandExecution::isShellInterpreted implementation 2022-07-11 16:53:30 +01:00
Nick Rolfe
348ad95fc0 Ruby: fix defining every dataflow node as a command execution sink 2022-07-11 15:06:27 +01:00
thiggy1342
e8e8da1b31 fix lib test expect for ActionController 2022-07-08 19:01:01 +00:00
thiggy1342
bd50fd7f1e format fix 2022-07-08 17:20:41 +00:00
thiggy1342
11e39aa030 Add changelog 2022-07-07 21:40:16 +00:00
thiggy1342
940254d251 update framework tests 2022-07-07 19:39:59 +00:00
thiggy1342
b4869158f2 expand query tests for cwe-089 2022-07-07 19:23:57 +00:00
thiggy1342
2f1cfa816f Add annotate arguments as sqli sink 2022-07-07 19:23:06 +00:00
Nick Rolfe
02dd933e5f Ruby: move Pathname from core to stdlib 2022-06-30 10:08:25 +01:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Andrew Eisenberg
a3f4d1bf66 Move contextual queries from src to lib 
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
 2022-06-29 07:51:26 -07:00
Brandon Stewart
5888325549 Merge branch 'main' into patch-1 2022-06-29 08:42:24 -04:00
Nick Rolfe
5db2f9a768 Merge remote-tracking branch 'origin/main' into nickrolfe/pathname 2022-06-29 13:16:49 +01:00
Nick Rolfe
c1302a90e0 Ruby: use MaD for more precise Pathname flow summaries 2022-06-29 13:16:18 +01:00
Jeroen Ketema
55e052af26 Merge pull request #9686 from aschackmull/dataflow/no-node-scan 
Dataflow performance: Avoid node scans
 2022-06-29 10:38:56 +02:00
Brandon Stewart
c7b4133fbe Merge branch 'main' into patch-1 2022-06-28 09:46:46 -04:00
Brandon Stewart
33d1aae92a Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:51:01 -04:00
Brandon Stewart
1dc26a0ca3 Update ruby/ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2022-06-28 08:50:54 -04:00