hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 01:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,095 Commits 1,740 Branches 164 Tags
bc0681761114bb91c18636a08ff4500511dd1c8a
Commit Graph

728 Commits

Author SHA1 Message Date
Nick Rolfe
bc06817611 Add ERB comment as regression test for parsing bug 2021-08-25 12:43:33 +01:00
Nick Rolfe
9c17e00645 Merge pull request #256 from github/syncRedos 
sync ReDoSUtil.qll with python/JS
 2021-08-23 10:11:16 +01:00
Harry Maclean
e82c21d35d Don't include desugared nodes in the printed AST 
The base `PrintAstConfiguration` class already has a predicate for
filtering out desugared nodes - this change just makes use of it in the
query.

This fixes https://github.com/github/codeql-team/issues/408, which was
caused by including nodes representing the desugaring of

    a[b] = c

in the query output. This would result in multiple edges to the same
target node (one from the surface AST and another from the desugared
AST), which the VSCode AST viewer cannot handle.
 2021-08-17 15:20:30 +01:00
Arthur Baars
9b877dc6e1 Add an example snippet query 2021-08-17 11:29:44 +01:00
Tom Hvitved
394c27a279 CFG: Allow erb top-level scopes 2021-08-17 10:46:15 +02:00
Erik Krogh Kristensen
5e63b0b132 add RegExpSubPattern.getOperand 2021-08-16 12:14:53 +00:00
Erik Krogh Kristensen
8bd663a7ce sync ReDoSUtil.qll with python/JS 2021-08-16 12:04:22 +00:00
Alex Ford
4d6d6a4016 Merge pull request #236 from github/more-concepts 
Port some concepts to Concepts.qll
 2021-08-10 12:42:40 +01:00
Tom Hvitved
c0049bf161 Merge pull request #229 from github/hvitved/api-graphs/remove-mk-module 
API graphs: Remove `MkModule`
 2021-08-09 13:10:17 +02:00
Tom Hvitved
ae837d9f7a API graphs: Remove restriction on top-level constants 2021-08-09 12:59:36 +02:00
Arthur Baars
e8f6cb65b8 Merge pull request #245 from github/aibaars/tweaks 
Move UseDetect.ql to experimental for now
 2021-08-04 16:05:06 +02:00
Arthur Baars
23f423ad66 Merge pull request #242 from github/regex_parsing_fixes 
Regex parsing fixes
 2021-08-04 16:04:54 +02:00
Arthur Baars
9ca0e81953 Move UseDetect to experimental for now 2021-08-04 15:52:48 +02:00
Arthur Baars
8ded688b72 Add queries.xml for legacy tooling 2021-08-04 14:34:20 +02:00
Tom Hvitved
0eaeb3b5a6 Rename moduleImport to getTopLevelMember 2021-08-04 10:57:57 +02:00
Tom Hvitved
8451286754 API graphs: Remove MkModule 2021-08-04 10:28:30 +02:00
Alex Ford
403dee279d add Node#getALocalSource predicate 2021-08-02 15:56:36 +01:00
Alex Ford
56139ccf93 port some concepts to Concepts.qll 2021-08-02 15:56:36 +01:00
Erik Krogh Kristensen
632ad518f0 enable unicode parsing in the ruby ReDoS query 2021-08-02 07:13:41 +00:00
Arthur Baars
00a0b93172 Add erb file 2021-07-29 19:09:56 +02:00
Nick Rolfe
4007e85991 Incorporate changes from Python PR 2021-07-29 17:25:39 +01:00
Nick Rolfe
3abe047cac Fix parsing of POSIX bracket expressions. 
The docs are misleading. [[:alpha:]] is actually a character class
*containing* a POSIX bracket expression, and that means you can have
expressions like [[:alpha:][:digit:]_?!]
 2021-07-29 17:24:51 +01:00
Nick Rolfe
5d336d8e1d Make some predicates/classes/imports private 2021-07-29 17:17:11 +01:00
Arthur Baars
cc1bdf1fc3 Add charpred to RubyFile class 2021-07-29 11:48:35 +02:00
Arthur Baars
dacd3f3d19 Update dbscheme stats 2021-07-27 18:43:51 +02:00
Arthur Baars
768a751271 Add upgrade script 2021-07-27 18:43:51 +02:00
Arthur Baars
866ff7b1f6 Replace Generated module with Ruby 2021-07-27 18:43:44 +02:00
Arthur Baars
02bf895a4a Update dbscheme type references 2021-07-27 18:42:21 +02:00
Arthur Baars
2e10f8f054 Prefix dbscheme entries with language name 2021-07-27 18:17:19 +02:00
Arthur Baars
fc8f5919f3 Remove Ruby specific parts from FileSystem.qll 2021-07-27 18:17:15 +02:00
Arthur Baars
3790611ca1 Merge pull request #233 from github/tausbn/bump-typetrackingnode-changes 
Bump `codeql` submodule
 2021-07-20 13:24:30 +02:00
Nick Rolfe
ce35d74447 Move comment so it's not treated as part of the precision metadata 2021-07-19 12:29:16 +01:00
Calum Grant
46a03795c2 Add security-severity metadata 2021-07-16 14:05:54 +01:00
Taus
258f85d6d0 Add defaultImplicitTaintRead 2021-07-15 15:52:59 +00:00
Taus
dc4d353a01 Bump shared dataflow library 2021-07-15 15:08:59 +00:00
Taus
ec645725f0 Bump codeql submodule 
Syncs up the shared type tracking implementation with Python.
 2021-07-15 14:35:33 +00:00
Tom Hvitved
42c06bfde4 Merge pull request #226 from github/hvitved/const-flow 
Data flow through constants
 2021-07-14 13:21:07 +02:00
Tom Hvitved
9463927409 Address review comments 2021-07-14 11:05:55 +02:00
Nick Rolfe
1fe5162b67 Stabilise node ordering for regexp parsing test 2021-07-13 16:18:21 +01:00
Tom Hvitved
23447e6d58 Reduce size of lookupMethodOrConst 2021-07-02 14:02:26 +02:00
Tom Hvitved
bf696df788 Data flow through constants 2021-07-02 14:02:26 +02:00
Tom Hvitved
3b6e5881c8 Update constants.rb test 2021-07-02 14:02:26 +02:00
Arthur Baars
5afd3c7846 Merge pull request #213 from github/aibaars/api-graphs2 
First version of ApiGraphs
 2021-07-02 13:58:00 +02:00
Tom Hvitved
330b33638e Address review comments 2021-07-02 10:41:10 +02:00
Tom Hvitved
52529d590b Model private methods and "main objects" 2021-07-02 10:41:06 +02:00
Tom Hvitved
9de4ed4d4d Add tests for private methods 2021-07-02 10:39:49 +02:00
Tom Hvitved
c3cff3e113 Expose call graph through Call::getATarget() 2021-07-01 16:40:45 +02:00
Nick Rolfe
d99b5510e5 Merge pull request #219 from github/regex 
Add regexp parser and exponential ReDoS query
 2021-06-30 17:23:29 +01:00
Alex Ford
3f76075fe6 improve some rails framework tests 2021-06-29 13:56:28 +01:00
Alex Ford
31cbf818ab fix rb/sql-injection FPs due to not accounting for overridden ActiveRecord methods 2021-06-29 13:54:15 +01:00