codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Alex Ford	6adfea2365	Merge pull request #7163 from github/ruby/file-reader-extend Ruby: Extend `FileSystemReadAccess` to include more potential sources of input from the filesystem	2021-12-05 23:32:43 +00:00
Arthur Baars	51998294ad	Ruby: add AST classes for parenthesized patterns	2021-12-03 18:13:53 +01:00
Nick Rolfe	5a2ef8321c	Merge pull request #7120 from github/nickrolfe/regexp_g_anchor Ruby/Python: parse anchors in regexes as special characters	2021-12-03 15:24:38 +00:00
Tom Hvitved	50dd4e7ee7	Ruby: Add CFG test for `\|\|`	2021-12-03 09:16:11 +01:00
Nick Rolfe	05415768c9	Merge remote-tracking branch 'origin/main' into nickrolfe/regexp_g_anchor	2021-12-02 12:07:13 +00:00
Dave Bartolomeo	2dfcd1dd9c	Add `groups` property Also removed versions from test packs	2021-11-29 14:15:53 -05:00
Arthur Baars	1e026ef45e	AST: merge Case and CaseMatch classes	2021-11-29 16:00:17 +01:00
Arthur Baars	f8a62c4c82	Address comments	2021-11-29 15:06:16 +01:00
Arthur Baars	8b0bc677f4	Remove PatternGuard class	2021-11-25 13:50:19 +01:00
Arthur Baars	dca1e34cd8	Temporarily allow CFG inconsistencies	2021-11-25 13:42:59 +01:00
Arthur Baars	16e1e97ff0	Add test data for case-in expressions	2021-11-25 13:25:33 +01:00
Arthur Baars	af4c3122ca	Test case for **nil parameter	2021-11-25 13:25:00 +01:00
Arthur Baars	ec0bd24b64	Update diagnostic tests	2021-11-25 12:55:50 +01:00
Erik Krogh Kristensen	87a1ccd428	Merge branch 'main' into getRubyInSync	2021-11-23 20:20:37 +01:00
Nick Rolfe	1a90b388a9	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-23 15:42:05 +00:00
Tom Hvitved	83d204d7a8	Merge pull request #7218 from hvitved/ssa/fix-consistency-tests Ruby: Fix SSA consistency tests + CFG bug	2021-11-23 16:24:41 +01:00
Tom Hvitved	4d918b5e5f	Ruby: Fix CFG splitting logic for `ensure` blocks with loops	2021-11-23 15:21:43 +01:00
Alex Ford	055641e684	Merge pull request #7062 from github/ruby/rails-csrf Ruby: Add `rb/csrf-protection-disabled` query	2021-11-23 13:46:42 +00:00
Erik Krogh Kristensen	b2e40ac603	fix typo in test Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2021-11-23 13:09:22 +01:00
Nick Rolfe	e5f473052d	Ruby: add Regexp.{compile,quote} to regex injection test	2021-11-23 11:05:41 +00:00
Tom Hvitved	9d072a12ed	Merge pull request #7098 from github/ruby/desugar-for-1 Ruby: Desugar `for` loops as calls to `each`	2021-11-23 11:35:49 +01:00
Nick Rolfe	752b126862	Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection	2021-11-22 17:05:27 +00:00
Alex Ford	68c3c16ab3	Ruby: enable forgery protection checks for development environments	2021-11-22 15:00:32 +00:00
Nick Rolfe	f63c768d9f	Ruby: parse \G, \b, and \B anchors as special characters, not escapes	2021-11-19 14:20:51 +00:00
Harry Maclean	90a9688310	Ruby: update CFG fixture	2021-11-19 11:31:14 +00:00
Harry Maclean	c297a68acf	Model more of the `RestClient` API We now handle this form: RestClient::Request.execute(url: "http://example.com")	2021-11-19 11:28:09 +00:00
Harry Maclean	38ff584307	Model more Faraday behaviour You can instantiate a Faraday connection by passing a URL as an keyword argument: conn = Faraday.new(url: "http://example.com")	2021-11-19 11:28:09 +00:00
Harry Maclean	ac20eafecc	Add qhelp for Ruby SSRF	2021-11-19 11:28:08 +00:00
Harry Maclean	2bba31eb02	Update metadata of Ruby SSRF query	2021-11-19 11:28:08 +00:00
Harry Maclean	dc464879a2	Add a query for server-side request forgery	2021-11-19 11:28:08 +00:00
Harry Maclean	b6ce37b241	Add getURL to HTTP::Client::Request This member predicate gets dataflow nodes which contribute to the URL of the request. Also consolidate the identical tests for each HTTP client.	2021-11-19 11:28:08 +00:00
Harry Maclean	8fd8c9b04d	Fix CallExprCfgNode.getKeywordArgument This predicate now produces results.	2021-11-19 11:28:08 +00:00
Harry Maclean	0caea17118	Add a test for CallCfgNodes This test shows that `CallCfgNode.getKeywordArgument(string keyword)` doesn't return any results.	2021-11-19 11:28:07 +00:00
Erik Krogh Kristensen	ee858d840e	get ReDoSUtil in sync for ruby	2021-11-18 16:49:34 +01:00
Erik Krogh Kristensen	1cca377e7d	Merge pull request #6561 from erik-krogh/htmlReg JS/Py/Ruby: add a bad-tag-filter query	2021-11-18 09:39:13 +01:00
Alex Ford	12a3251649	Ruby: extend FileSystemReadAccess and restructure some Files.qll classes	2021-11-17 23:01:18 +00:00
Tom Hvitved	de72a765e0	Ruby: Update expected CFG test output (reordering)	2021-11-17 13:44:55 +01:00
Tom Hvitved	08c778241d	Ruby: Adopt to changes after rebase	2021-11-17 09:17:32 +01:00
Tom Hvitved	413375992d	Ruby: Flatten nested statements inside desugared `for` loops	2021-11-17 09:05:37 +01:00
Tom Hvitved	92453bd2c5	Ruby: Rewrite `break_ensure.rb` CFG test to use `while` loops instead of `for` loops	2021-11-17 09:05:37 +01:00
Tom Hvitved	945bb7459a	Ruby: Update expected test output	2021-11-17 09:05:37 +01:00
Alex Ford	8603609698	Update test output to account for for-loop -> each desugaring	2021-11-17 09:05:36 +01:00
Tom Hvitved	7cfc696d62	Merge pull request #7141 from hvitved/ruby/synthesis-realnode-recursion Ruby: Eliminate unnecessary recursion through `RealNode`	2021-11-17 09:03:30 +01:00
Anders Schack-Mulligen	c70d384d28	Merge pull request #7045 from aschackmull/dataflow/hidden-ret-subpaths Data flow: Support hidden return nodes in subpaths predicate	2021-11-16 15:04:51 +01:00
Tom Hvitved	9e8e2e2b48	Ruby: Update CFG test output (some nodes have been reordered)	2021-11-16 12:45:24 +01:00
Tom Hvitved	03ae58830a	Ruby: Add missing CFG entry for `ForwardParameter`	2021-11-15 16:28:17 +01:00
Tom Hvitved	3ce41015bb	Ruby: Add CFG test for forward parameters	2021-11-15 16:25:06 +01:00
Tom Hvitved	34fdf11b4b	Ruby: Update expected test output	2021-11-10 15:11:13 +01:00
Alex Ford	25da904314	test cases for rb/csrf-protection-disabled	2021-11-04 19:56:56 +00:00
Tom Hvitved	3544c85445	Ruby: Make the target of `basicStoreStep` the post-update node	2021-11-04 14:21:22 +01:00

... 4 5 6 7 8

367 Commits