hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,700 Commits 1,673 Branches 157 Tags
b18de9e6417c60b51d2371c98394f4033d2683e4
Commit Graph

266 Commits

Author SHA1 Message Date
Tom Hvitved
e258324960 Ruby: Allow for implicit array reads at all sinks during taint tracking 2023-09-14 09:40:05 +02:00
Tom Hvitved
48e2dcfa35 Ruby: Reimplement flow through captured variables using field flow 2023-09-06 11:00:55 +02:00
Tom Hvitved
a2912cd72b Ruby: Use proper PathGraph module in inline flow tests 
Gets rid of
```
PathNode is incompatible with PathNode (the type of the edge relation).
```
warnings.
 2023-09-04 20:27:34 +02:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Alex Ford
27ee72c265 Merge remote-tracking branch 'origin/main' into rb/rack-env-query-string 2023-07-17 14:11:25 +01:00
Alex Ford
ab1f341aa6 Merge pull request #13566 from alexrford/rb/rack-params 
Ruby: add `Rack::Request` params and cookies as remote input sources
 2023-07-17 14:07:20 +01:00
Asger F
86b5f0adc7 Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" 
This reverts commit 133de56ac2, reversing
changes made to 28a8e48351.
 2023-07-07 09:42:34 +02:00
Alex Ford
08784d24b4 Ruby: rack - add tests for env['QUERY_STRING'] 2023-07-05 15:49:00 +01:00
Alex Ford
bf25b07c17 Ruby: rack - request input tests 2023-07-05 12:18:52 +01:00
Alex Ford
5fafd9ecc1 Merge branch 'main' into rb/rack-extend-app-and-resp 2023-07-04 11:43:30 +01:00
Alex Ford
9d36ab9204 Merge pull request #13606 from alexrford/rb/sqlite3-getSql 
Ruby: fix sqlite3 `PreparedStatementExecution.getSql()` predicate
 2023-06-30 12:18:46 +01:00
Asger F
5d1a437e9c Revert "Ruby: overhaul API graphs" 2023-06-29 15:39:19 +02:00
Alex Ford
ede6b262cd Ruby: fix sqlite3 PreparedStatementExecution.getSql() predicate 2023-06-28 17:09:43 +01:00
Asger F
7af3d226c9 Ruby: simplify Twirp model 2023-06-28 13:20:59 +02:00
Asger F
129e6349f7 Ruby: expand Twirp test 2023-06-28 13:20:59 +02:00
Alex Ford
8fdc48753c Ruby: rack - replace RackApplication with just the rack RequestHandler 2023-06-26 15:36:37 +01:00
Alex Ford
b67b80ca2a Ruby: rack - rename App as RackApplication 2023-06-23 16:12:23 +01:00
Alex Ford
29844e61e4 Ruby: rack - test for response tracking 2023-06-23 13:16:04 +01:00
Asger F
0039cb141e Merge branch 'main' into rb/tracking-on-demand 2023-06-23 12:55:54 +02:00
Alex Ford
b8f537a437 Ruby: update rack tests 2023-06-22 13:45:44 +01:00
Alex Ford
e8079727ee Ruby: rack - extend rack tests 2023-06-22 13:45:44 +01:00
Alex Ford
24e83165ee Merge pull request #13289 from alexrford/rb/rack-redirect 
Ruby: rack - model redirect responses
 2023-06-22 13:45:02 +01:00
Alex Ford
7aec22c1e4 Ruby: rack - remove MIME modelling 2023-06-20 14:57:23 +01:00
Asger F
8539db07c4 Ruby: Update ActiveDispatch due to change in toString 2023-06-19 12:16:07 +02:00
Asger F
e3a04499f6 Ruby: minor overhaul of ActiveResource model 2023-06-19 12:15:57 +02:00
Asger F
8bc4193ce0 Ruby: minor overhaul of ActiveRecord model 
Old version had scalability issues when adding taking more interprocedural flow and inheritance into account.
 2023-06-19 12:15:44 +02:00
Jeroen Ketema
d82c3ce11a Ruby: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:23 +02:00
Alex Ford
75ccbe58ee Ruby: rack - use Mimetype rather than MimeType in predicate names for consistency with concepts 2023-06-13 12:44:29 +01:00
Alex Ford
977ceb89fd Ruby: rack - remove PotentialResponseNode#getAStatusCode 2023-06-13 12:42:46 +01:00
Anders Schack-Mulligen
0c62901a67 Ruby: Fix tests. 2023-06-09 15:39:18 +02:00
Alex Ford
397a809426 Merge remote-tracking branch 'origin/main' into rb/rack-redirect 2023-06-08 12:07:57 +01:00
Alex Ford
22b9ab43c6 Merge pull request #13259 from alexrford/rb/actiondispatch-refactor 
Ruby: Refactor and slightly expand `ActionDispatch` modelling
 2023-06-08 11:08:36 +01:00
Alex Ford
d09f6d318c Merge branch 'main' into maikypedia/sqli-sink 2023-06-01 15:02:44 +01:00
Alex Ford
4905a70e21 Ruby: update rack test output 2023-06-01 14:01:40 +01:00
Alex Ford
a5a15f3804 Ruby: restructure rack model 2023-06-01 14:01:40 +01:00
Alex Ford
b2958f87b2 ruby: rack - add redirect responses 2023-06-01 14:01:40 +01:00
Alex Ford
c3ab867595 ruby: start restructuring rack 2023-06-01 14:01:40 +01:00
Alex Ford
f8d2cbbe79 ruby: rack responses implement are HTTP responses 2023-06-01 14:01:39 +01:00
Alex Ford
c87c266871 ruby: add Rack::ResponseNode#getAStatusCode 2023-06-01 14:01:39 +01:00
Alex Ford
7d943c7621 Ruby: update test output 2023-06-01 13:50:32 +01:00
Alex Ford
9f5c73cf63 Ruby: add a test case for instantiating ActionDispatch::Request directly 2023-05-23 15:18:32 +01:00
Alex Ford
1c9e4c0f0b Ruby: test for RequestInputAccess instances in ActionDispatch 2023-05-23 15:17:38 +01:00
Maiky
3960853af0 CWE-089 Add Sequel SQL Injection Sink 2023-05-07 23:56:56 +02:00
Maiky
6a3d995b35 Add Mysql2 as SQL Injection Sink 2023-05-06 12:25:25 +02:00
Alex Ford
e7213e92cf Merge remote-tracking branch 'origin/main' into rb/sqlite3 2023-05-03 15:18:07 +01:00
Alex Ford
6e6eee2dab Ruby: add test case for instance variable flow with sqlite3 2023-05-03 15:16:16 +01:00
Anders Schack-Mulligen
09d4fe21e8 Ruby: Update more expected output. 2023-04-26 13:37:07 +02:00
Anders Schack-Mulligen
90f84bb516 Ruby: Update expected output. 2023-04-26 13:08:16 +02:00
Alex Ford
9dc04f30ac Ruby: model sqlite3 2023-04-20 15:47:14 +01:00
Asger F
c699afd07f Ruby: instantiate NetHttpRequest even if body is not accessed 2023-03-31 12:56:09 +02:00