Tom Hvitved
|
be5363ea53
|
Merge pull request #8801 from hvitved/ruby/exclude-splat-in-taint-tracking
Ruby: Exclude `SplatExpr` from taint tracking
|
2022-04-22 11:12:05 +02:00 |
|
Tom Hvitved
|
c20ce62767
|
Ruby: Exclude SplatExpr from taint tracking
`SplatExpr`s are modelled using flow summaries, so there is no need to include them
explicitly in `defaultAdditionalTaintStep`.
|
2022-04-21 20:27:04 +02:00 |
|
Tom Hvitved
|
bd09c61504
|
Merge pull request #8786 from hvitved/ruby/dataflow/argument-tokens
Ruby: Implement `Argument[any]` and `Argument[n..]`
|
2022-04-21 16:31:24 +02:00 |
|
Erik Krogh Kristensen
|
8bd975a6ec
|
Merge pull request #8785 from hvitved/ruby/api-graph-labels
Ruby: Mention `newtype` constructors in API graph label classes
|
2022-04-20 18:32:09 +02:00 |
|
Anders Schack-Mulligen
|
677c436e99
|
Merge pull request #8703 from aschackmull/dataflow/revert-state-in-out-barriers
Dataflow: Revert support for flow-state based in-/out-barriers
|
2022-04-20 14:54:02 +02:00 |
|
Tom Hvitved
|
b4542c58c2
|
Ruby: Implement Argument[any] and Argument[n..]
|
2022-04-20 13:55:18 +02:00 |
|
Tom Hvitved
|
501b03149f
|
Ruby: Mention newtype constructors in API graph label classes
|
2022-04-20 13:37:55 +02:00 |
|
Nick Rolfe
|
f1b8af1db9
|
Ruby: rename PostUpdateNode::Range to PostUpdateNodeImpl
|
2022-04-20 10:35:40 +01:00 |
|
Nick Rolfe
|
c02670aca2
|
Ruby: make PostUpdateNode public
|
2022-04-19 17:12:51 +01:00 |
|
Anders Schack-Mulligen
|
b521d64156
|
Dataflow: Sync.
|
2022-04-19 15:29:35 +02:00 |
|
Mathias Vorreiter Pedersen
|
91b413d59f
|
Dataflow: Sync identical files.
|
2022-04-19 09:57:21 +01:00 |
|
Harry Maclean
|
c3f1fba985
|
Merge pull request #8598 from hmac/hmac/insecure-dep-resolution
Ruby: Add rb/insecure-dependency query
|
2022-04-14 02:09:44 +02:00 |
|
Anders Schack-Mulligen
|
7beed570f2
|
Dataflow: Sync.
|
2022-04-07 13:53:48 +02:00 |
|
Michael Nebel
|
72d4c97463
|
Merge pull request #8628 from michaelnebel/csharp/generatedkind
C#: Introduce generated flag as a part of the kind column for flow summaries
|
2022-04-07 08:43:30 +02:00 |
|
Alex Ford
|
ccd7bb5e70
|
Merge pull request #8421 from alexrford/ruby/weak-cryptographic-algorithm
Ruby: Add `rb/weak-cryptographic-algorithm` query
|
2022-04-05 14:34:45 +01:00 |
|
Michael Nebel
|
784327c183
|
Java/Ruby: Hardcode generated flag to false.
|
2022-04-05 08:55:12 +02:00 |
|
Michael Nebel
|
de76df3988
|
C#: Only use generated summaries, if no handwritten model exist for a particular dataflow callable.
|
2022-04-05 08:55:12 +02:00 |
|
Michael Nebel
|
3fe941aae2
|
C#: Add missing empty ext column in generated summaries.
|
2022-04-04 15:58:35 +02:00 |
|
Tom Hvitved
|
50dc3820c6
|
Merge pull request #8589 from hvitved/regex/speedup-concretise
|
2022-04-03 17:56:07 +02:00 |
|
Chris Smowton
|
28fa49dcd6
|
dataflow -> data-flow
|
2022-04-01 13:22:58 +01:00 |
|
Chris Smowton
|
3b0bd3bc0f
|
Improve wording
|
2022-04-01 11:31:31 +01:00 |
|
Chris Smowton
|
99026a6071
|
Improve wording of isAdditionalFlow/TaintStep qldoc
|
2022-04-01 11:07:27 +01:00 |
|
Harry Maclean
|
5814db19d5
|
Ruby: Fix bug in rb/insecure-dependency query
Only look at the first component of strings for the prefix.
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
|
2022-04-01 15:35:21 +13:00 |
|
Alex Ford
|
8b0ebbfecc
|
Ruby: replace use of deprecated getStringOrSymbol()
|
2022-03-31 17:21:17 +01:00 |
|
Alex Ford
|
882f78c6f9
|
Merge remote-tracking branch 'origin/main' into ruby/weak-cryptographic-algorithm
|
2022-03-31 17:17:46 +01:00 |
|
Alex Ford
|
2b66dfa93e
|
Ruby: replace a range field with instanceof
|
2022-03-31 15:39:11 +01:00 |
|
Tom Hvitved
|
46d69cf544
|
Regex: Further tweaks to concretise computations
|
2022-03-31 12:52:43 +02:00 |
|
Tom Hvitved
|
5052452ef9
|
SuperlinearBackTracking: Speedup concretise
|
2022-03-31 12:52:42 +02:00 |
|
Tom Hvitved
|
7efe698e56
|
Address review comment
|
2022-03-31 12:52:42 +02:00 |
|
Tom Hvitved
|
20f4d5a584
|
ExponentialBackTracking: Speedup concretise
|
2022-03-31 12:52:42 +02:00 |
|
Arthur Baars
|
15c54f6100
|
Merge pull request #8354 from aibaars/incomplete-url-string-sanitization
Incomplete url string sanitization
|
2022-03-31 10:59:51 +02:00 |
|
Nick Rolfe
|
10b75bff76
|
Ruby: undo accidental revert of 13be9919
|
2022-03-30 16:02:12 +01:00 |
|
Arthur Baars
|
031d183bdf
|
Merge pull request #8532 from aibaars/regex-refactor-2
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
|
2022-03-30 16:38:47 +02:00 |
|
Nick Rolfe
|
a274af2b16
|
Merge pull request #7985 from github/nickrolfe/constant_regexp
Ruby: separate constant propagation of regexps from strings
|
2022-03-30 11:37:33 +01:00 |
|
Harry Maclean
|
167bda2d4e
|
Ruby: Add QLDoc for InsecureDependencyQuery.qll
|
2022-03-30 13:50:12 +13:00 |
|
Harry Maclean
|
37cedda63a
|
Ruby: Add InsecureDependencyResolution query
This query looks for places in a Gemfile where URLs with insecure
protocols (HTTP or FTP) are specified.
|
2022-03-30 13:39:15 +13:00 |
|
Asger F
|
e5f2b830f3
|
Merge pull request #8577 from asgerf/fix-mad-warning
JS/Ruby: Fix regexp in MaD checking
|
2022-03-28 15:29:16 +02:00 |
|
Asger F
|
f22df765ed
|
Merge pull request #8533 from asgerf/mad-receiver-token
JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
|
2022-03-28 15:28:52 +02:00 |
|
Nick Rolfe
|
9406aa2f29
|
Merge remote-tracking branch 'origin/main' into nickrolfe/constant_regexp
|
2022-03-28 13:05:34 +01:00 |
|
Arthur Baars
|
85c4daa2bf
|
Address comments
|
2022-03-28 13:15:32 +02:00 |
|
Asger Feldthaus
|
d5bcd14733
|
Sync ApiGraphModels.qll
|
2022-03-28 12:43:55 +02:00 |
|
Nick Rolfe
|
a9eac19dac
|
Ruby: address review feedback
|
2022-03-28 11:19:24 +01:00 |
|
Arthur Baars
|
b103679d8a
|
JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll
|
2022-03-28 12:17:26 +02:00 |
|
Arthur Baars
|
af1d949d06
|
Merge pull request #8489 from aibaars/regex-refactor
Ruby: refactor regex libraries
|
2022-03-28 12:17:00 +02:00 |
|
Arthur Baars
|
accdd9499a
|
Ruby: drop unused predicates that do not exist in Python variant
|
2022-03-28 11:32:52 +02:00 |
|
Nick Rolfe
|
034fce0682
|
Ruby: show constant value type in tests
|
2022-03-25 08:25:07 +00:00 |
|
Nick Rolfe
|
0613fda57f
|
Ruby: separate constant propagation of regexps from strings
|
2022-03-24 17:46:58 +00:00 |
|
Tom Hvitved
|
e12b6df118
|
Merge pull request #8484 from hvitved/ruby/constant-value-rework
Ruby: Rework `getConstantValue` implementation
|
2022-03-24 14:32:31 +01:00 |
|
Rasmus Wriedt Larsen
|
98c0d73ffe
|
Merge pull request #8524 from RasmusWL/ruby-update-ssrf-concept
Ruby: Minor change of SSRF concept
|
2022-03-24 13:48:06 +01:00 |
|
Arthur Baars
|
eef0da09bb
|
Ruby: move RegExpTreeView.qll out of 'internal'
|
2022-03-24 11:37:03 +01:00 |
|