hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-18 00:44:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,977 Commits 1,679 Branches 158 Tags
c07db098a73be1c0168ca93807bda37aeb84d0fa
Commit Graph

1730 Commits

Author SHA1 Message Date
Tom Hvitved
e8f9429b92 Merge pull request #10917 from hvitved/ruby/singleton-call-sensitivity 
Ruby: Call-context sensitivity for singleton method calls
 2022-11-01 14:13:26 +01:00
Harry Maclean
3f403f0f87 Merge pull request #10700 from hmac/activesupport 
Ruby: Model some ActiveSupport methods
 2022-10-31 11:50:44 +13:00
Erik Krogh Kristensen
93fb2930c8 Merge pull request #10968 from erik-krogh/fixRbCode 
RB: fix rb/code-injection
 2022-10-28 09:14:14 +02:00
Harry Maclean
368ce69198 Fix qldoc formatting 2022-10-28 11:31:55 +13:00
Harry Maclean
9df8edcb1c Ruby: fix formatting 2022-10-28 11:31:55 +13:00
Harry Maclean
cd34686967 Ruby: Document flow summary for Hash#extract! 2022-10-28 11:31:55 +13:00
Harry Maclean
ca7b48c3d5 Add change note 2022-10-28 11:31:55 +13:00
Harry Maclean
ef260db76e Fix singleton set literal 2022-10-28 11:31:55 +13:00
Harry Maclean
71d703f2a5 Ruby: Add ActiveSupport extensions 2022-10-28 11:31:55 +13:00
Harry Maclean
cb37a0e835 Ruby: Add summaries for Hash#deep_merge(!) 2022-10-28 11:31:55 +13:00
Harry Maclean
3dea1d6a60 Ruby: Add flow summary for Hash#except! 2022-10-28 11:31:55 +13:00
Harry Maclean
0454642220 Ruby: Model deep_dup and presence 2022-10-28 11:31:55 +13:00
Harry Maclean
9f260853ac Ruby: Model more ActiveSupport string extensions 2022-10-28 11:31:55 +13:00
Harry Maclean
b389d50943 Ruby: Identify safe_constantize 2022-10-28 11:31:54 +13:00
thiggy1342
9c1fbfd330 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-25 13:09:17 -04:00
thiggy1342
3659eaa780 add markdown file extension 2022-10-25 10:13:19 -04:00
erik-krogh
e8dce25cc2 fix rb/code-injection 2022-10-25 14:44:23 +02:00
Erik Krogh Kristensen
ef5132b0ae Merge pull request #10883 from erik-krogh/codeSink 
RB: don't flag code-injection for dynamic loading where an attacker only controls a substring
 2022-10-24 18:59:36 +02:00
thiggy1342
952ad6ea46 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-24 09:52:24 -04:00
Erik Krogh Kristensen
5ff98cd80e Merge pull request #10888 from erik-krogh/glob 
Ruby: add model for Dir.glob and other Dir methods
 2022-10-24 14:17:37 +02:00
Asger F
bcfe4ece6f Merge pull request #10918 from asgerf/rb/constant-compound-assignment 
Ruby: handle compound constant-assignment
 2022-10-24 14:07:28 +02:00
Asger F
cac2e2e2e4 Merge pull request #10928 from asgerf/rb/assumed-global-const 
Ruby: assume some global constants are defined
 2022-10-24 14:06:34 +02:00
Asger F
0ffb0f6d4d Ruby: constant lookup is unaffected by blocks 2022-10-24 13:07:21 +02:00
erik-krogh
07d90b34df use instanceof in DirPathAccess 2022-10-24 12:05:26 +02:00
Erik Krogh Kristensen
669b0c35fe fix qldoc 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-10-24 12:05:26 +02:00
erik-krogh
85cd7f9121 add model for Dir.glob and other Dir methods 2022-10-24 12:05:26 +02:00
Arthur Baars
ccaa12998d Ruby: desugar compound constant-assignments 2022-10-22 01:11:35 +02:00
Nick Rolfe
9fb436e22b Ruby: add change note for localTaintStep fix 2022-10-21 16:33:29 +01:00
Nick Rolfe
269c27757d Ruby: include value-preserving flow in localTaintStep 2022-10-21 16:17:11 +01:00
Asger F
84ae17dcbb Ruby: ensure Object is a transitive superclass 2022-10-21 15:18:59 +02:00
Arthur Baars
a56ed88db2 Merge pull request #10920 from github/post-release-prep/codeql-cli-2.11.2 
Post-release preparation for codeql-cli-2.11.2
 2022-10-21 11:58:12 +02:00
Tom Hvitved
4422327c00 Ruby: Call-context sensitivity for singleton method calls 2022-10-21 11:48:25 +02:00
Asger F
3fd2b9ad7b Ruby: add a comment 
This would have saved me some time
 2022-10-21 11:44:12 +02:00
Asger F
ee7970afcb Ruby: treat String as a builtin 2022-10-21 11:44:11 +02:00
Asger F
db58e3357b Ruby: allow speculative container qname resolution 2022-10-21 11:44:11 +02:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Tom Hvitved
db699ae314 Ruby: Refactor call graph logic for singleton methods 2022-10-21 07:27:41 +02:00
thiggy1342
4e5c1f210d Update ruby/ql/lib/change-notes/2022-10-20-expand-faraday-model-for-ssrf-sink 
Co-authored-by: Rahul Zhade <rzhade3@users.noreply.github.com>
 2022-10-20 17:33:17 -04:00
thiggy1342
244a3329e0 Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new 2022-10-20 16:37:57 -04:00
thiggy1342
4c3e3e442a Add Faraday::Connection.new as sink for SSRF query 2022-10-20 20:32:08 +00:00
Arthur Baars
a520de3986 Merge pull request #10902 from github/release-prep/2.11.2 
Release preparation for version 2.11.2
 2022-10-20 15:55:44 +02:00
Arthur Baars
45c9a0d0b1 Apply suggestions from code review 
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>
 2022-10-20 15:22:29 +02:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Tom Hvitved
faaead682e Ruby: Block for steps into self parameters in trackModuleAccess 2022-10-20 13:00:12 +02:00
erik-krogh
bb8bcd4643 fix typo 2022-10-20 10:48:02 +02:00
erik-krogh
24916f8538 rename runsImmediately to runsArbitraryCode 2022-10-20 10:10:11 +02:00
erik-krogh
226bd1f321 add flow-state support to sanitizers in code-execution, and use that to refactor the string-concatenation-sanitizer 2022-10-19 13:06:54 +02:00
erik-krogh
3e51f6fa8e use flow-states to remove FPs related to an attacker only controlling a substring in code-injection 2022-10-19 13:00:44 +02:00
erik-krogh
2a72e89090 add a runsImmediately predicate to CodeExecution (name chosen by Copilot) 2022-10-19 12:30:47 +02:00
erik-krogh
8a3e255e12 remove FPs in rb/stored-xss from spurious sources 2022-10-18 11:07:48 +02:00