hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

92 Commits

Author SHA1 Message Date
Tom Hvitved
3fd93b460f Merge pull request #8935 from hvitved/ruby/typetracker-kw-test 2022-04-28 18:22:51 +02:00
Tom Hvitved
29f1c533a9 Ruby: Add type tracker tests for flow through keyword/positional parameters 2022-04-28 11:34:12 +02:00
Tom Hvitved
d1c9d68e14 Ruby: Generalize ArrayElementContent to ElementContent 2022-04-27 11:53:21 +02:00
Tom Hvitved
3b7fe06858 Ruby: Simplify flow summary for fetch 2022-04-27 08:26:24 +02:00
Tom Hvitved
b033f107df Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store 2022-04-22 14:35:02 +02:00
Tom Hvitved
093a3879be Merge pull request #8794 from hvitved/ruby/capture-barrier-guards 
Ruby: Handle captured variables in `BarrierGuard::getAGuardedNode()`
 2022-04-22 11:47:36 +02:00
Tom Hvitved
be5363ea53 Merge pull request #8801 from hvitved/ruby/exclude-splat-in-taint-tracking 
Ruby: Exclude `SplatExpr` from taint tracking
 2022-04-22 11:12:05 +02:00
Tom Hvitved
c20ce62767 Ruby: Exclude SplatExpr from taint tracking 
`SplatExpr`s are modelled using flow summaries, so there is no need to include them
explicitly in `defaultAdditionalTaintStep`.
 2022-04-21 20:27:04 +02:00
Tom Hvitved
addb92f13b Ruby: Handle captured variables in BarrierGuard::getAGuardedNode() 2022-04-21 13:25:47 +02:00
Tom Hvitved
325b451288 Ruby: Add barrier guards test involving captured variables 2022-04-21 13:25:40 +02:00
Tom Hvitved
b4542c58c2 Ruby: Implement Argument[any] and Argument[n..] 2022-04-20 13:55:18 +02:00
Tom Hvitved
725d76e934 Ruby: Implement ContentSet 2022-04-04 13:51:44 +02:00
Tom Hvitved
a5040fd0ce Ruby: Add data-flow test for reverse array stores 2022-04-04 13:51:43 +02:00
Asger F
f22df765ed Merge pull request #8533 from asgerf/mad-receiver-token 
JS/Ruby: Represent non-positional arguments with Argument/Parameter tokens
 2022-03-28 15:28:52 +02:00
Asger Feldthaus
0b30ecf36a Ruby: add select clause back to Summaries.ql 2022-03-28 13:57:50 +02:00
Asger Feldthaus
8e2ffc2508 Ruby: add the inline test expectations 2022-03-25 11:31:22 +01:00
Asger Feldthaus
5703f63afa Ruby: use InlineFlowTest in Summaries.ql test 2022-03-25 11:18:52 +01:00
Asger Feldthaus
ce54eb3c78 Ruby: Add Argument[foo:] syntax for keyword arguments 2022-03-23 18:06:12 +01:00
Asger Feldthaus
6d84baf276 Ruby: Support self,block in Argument/Parameter tokens 2022-03-23 18:06:12 +01:00
Arthur Baars
06a99c3987 Ruby: fix location of setter-call argument 2022-03-23 12:55:52 +01:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Asger Feldthaus
2ca45ef9f9 Ruby: support BlockArgument in identifying access path 2022-03-16 12:51:14 +01:00
Asger Feldthaus
71f195d1e0 Ruby: add test for Receiver in summary 2022-03-16 12:37:21 +01:00
Asger Feldthaus
7f8205684e Ruby: verify tokens in identifying access path 2022-03-15 10:25:59 +01:00
Asger Feldthaus
65249dabd3 Ruby: add warning for wrong number of columns in CSV row 2022-03-15 09:28:21 +01:00
Tom Hvitved
37f5db5baa Ruby: Reduce captureFlow(In|Out) 
When there is flow in/out of a block through a captured variable, we can restrict
the calls that give rise to the flow to the method calls to which the blocks
belong.
 2022-03-10 10:21:51 +01:00
Tom Hvitved
1e1b2e284d Ruby: Cleanup flow through self 2022-03-09 13:17:11 +01:00
Arthur Baars
200a965fda Update expected output 2022-03-07 11:51:54 +01:00
Tom Hvitved
9c4c35141a Ruby: Update type tracker test 2022-03-07 11:51:54 +01:00
Harry Maclean
37dac186a8 Ruby: String.try_convert isn't value-preserving 
`String.try_convert` can convert arbitrary objects to strings, which
obviously isn't value-preserving.
 2022-03-02 13:31:59 +13:00
Asger Feldthaus
df379809df Ruby: support CSV rows of form ;any;Method[foo] 2022-03-01 14:08:21 +01:00
Asger Feldthaus
05ea33033b Ruby: add test for API::EntryPoint 2022-03-01 14:08:21 +01:00
Asger Feldthaus
63e7c16d6b Ruby: add test with sinks and type-defs 2022-03-01 14:08:20 +01:00
Asger Feldthaus
388949f12e Ruby: support WithBlock and WithoutBlock 2022-03-01 14:08:20 +01:00
Asger Feldthaus
d6bc9c259e Ruby: add simple test case 2022-03-01 14:08:20 +01:00
Harry Maclean
fc351fbd64 Ruby: Remove value-flow for name-matched summaries 
String summaries that are identified by name only should not specify
value-preserving flow as this can cause spurious flow in cases where
they are applied to different but identically-named methods.
 2022-02-24 16:15:15 +13:00
Harry Maclean
d180a55b3a Ruby: Fix value/taint flow in String summaries 2022-02-22 16:41:16 +13:00
Harry Maclean
f07ae35b87 Ruby: Fix bug with String flow summaries 
Split summaries for methods with optional block parmaters into separate
classes. Also model the `exclusive` argument to `String#upto`.
 2022-02-22 16:41:16 +13:00
Harry Maclean
379de5581d Ruby: Disable summaries that clash with Array 
Some String methods are named identically to Array methods, and this
leads to overlapping flow summaries. These adversely affect the original
Array flow summaries.
 2022-02-22 16:41:15 +13:00
Harry Maclean
fef46e1ee4 Ruby: Add flow summaries for String methods 2022-02-22 16:41:15 +13:00
Asger Feldthaus
e3605eed44 Ruby: update CSV rows to dot-separated syntax 2022-02-21 08:21:50 +01:00
Asger Feldthaus
6dbeb81f36 Ruby: use AccessPathSyntax.qll to parse input/output summary specs 2022-02-21 08:16:55 +01:00
Erik Krogh Kristensen
9739929795 convert the ruby ApiGraphs to use IPA labels 2022-02-10 17:54:19 +01:00
CodeQL CI
a57ee019c2 Merge pull request #7819 from asgerf/asgerf/ruby-def-nodes 
Approved by hvitved
 2022-02-10 12:37:34 +00:00
Tom Hvitved
0bd8411cb6 Ruby: Hide more SSA nodes from data-flow path explanations 2022-02-09 15:31:10 +01:00
Nick Rolfe
1eba8277ee Merge pull request #7614 from github/nickrolfe/array_flow_summaries 
Ruby: add more Array/Enumerable flow summaries
 2022-02-09 09:57:59 +00:00
Asger Feldthaus
2b36703bfb Ruby: add def= tags to API graph test 2022-02-08 10:20:25 +01:00
Nick Rolfe
45962f1cad Ruby: make this unique for each method 
Even when summaries are shared in a single class.
 2022-02-04 17:03:55 +00:00
Nick Rolfe
7a9ddc28bf Ruby: address some more feedback on array flow summaries 2022-02-04 16:33:27 +00:00
Nick Rolfe
ed00f2b0d2 Ruby: address some feedback on array flow summaries 2022-02-04 13:40:39 +00:00