hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
46,719 Commits 1,673 Branches 157 Tags
c660ea100b422fb05ca733dbc1b832edd06ba58c
Commit Graph

924 Commits

Author SHA1 Message Date
Nick Rolfe
b39e2ef71c Ruby: add stacktrace exposure query 2022-11-14 12:26:40 +00:00
Nick Rolfe
e3ebf1c668 Merge pull request #11187 from github/nickrolfe/actioncable 
Ruby: add ActionCable channel RPC params as remote flow sources
 2022-11-11 11:32:13 +00:00
Tom Hvitved
bda4b52395 Merge pull request #11206 from hvitved/ruby/self-toplevel-def 
Ruby: Fix SSA entry definitions for `self` in top-level
 2022-11-10 17:01:59 +01:00
Tom Hvitved
e18442069b Ruby: Fix SSA entry definitions for self in top-level 2022-11-10 15:08:17 +01:00
Erik Krogh Kristensen
5d2ab8adfb Merge pull request #11191 from erik-krogh/arrJoin 
RB: add join(" ") calls as a sink for rb/shell-command-constructed-from-input
 2022-11-10 14:20:42 +01:00
erik-krogh
88de299e12 add join(" ") calls as a sink for rb/shell-command-constructed-from-input 2022-11-09 21:46:25 +01:00
Nick Rolfe
eb2a487433 Ruby: update expected test output 2022-11-09 17:38:33 +00:00
Nick Rolfe
0d9aa0cdac Ruby: fix clashing method names from merge conflict 2022-11-09 17:06:43 +00:00
Nick Rolfe
c8c53cb424 Merge remote-tracking branch 'origin/main' into nickrolfe/active_support_flow_summaries 2022-11-09 17:02:05 +00:00
Nick Rolfe
db20e7d143 Ruby: add ActionCable channel RPC params as remote-flow sources 2022-11-09 14:16:04 +00:00
Asger F
859dc7beb7 Merge pull request #11024 from asgerf/rb/data-flow-layer-capture2 
Ruby: expand DataFlow API
 2022-11-09 15:06:03 +01:00
Nick Rolfe
97e939ae2b Ruby: refine summaries for Hash#reverse_merge etc. 
- revert the changes to the taint summaries specific to ActionController
  params
- make the general flow summaries value-preserving and use
  WithElement[any]
 2022-11-09 11:56:07 +00:00
Asger F
43769ad464 Ruby: update test output 2022-11-08 19:20:57 +01:00
Nick Rolfe
a9ff0bdbbf Ruby: accept changed test output 2022-11-08 17:36:31 +00:00
Nick Rolfe
04575674db Ruby: generalise summaries for ActiveSupport Hash extensions 2022-11-08 15:48:20 +00:00
Asger F
271de66f01 Ruby: rename getConst -> getConstant 2022-11-08 16:41:04 +01:00
Tom Hvitved
edde3defed Merge pull request #11153 from hvitved/ruby/basic-block-at-conditions 
Ruby: Split basic blocks around constant conditionals
 2022-11-08 13:35:52 +01:00
Tom Hvitved
f0b9ca4bf9 Ruby: Add more guards tests 2022-11-08 11:09:54 +01:00
Asger F
a75c50620c Ruby: update more SSA test output 2022-11-08 11:03:24 +01:00
Erik Krogh Kristensen
c82410fd16 Merge pull request #10680 from erik-krogh/unsafeRbCmd 
RB: add an unsafe-shell-command-construction query
 2022-11-08 09:22:33 +01:00
Tom Hvitved
7ba0682297 Ruby: Split basic blocks around constant conditionals 2022-11-08 09:07:23 +01:00
Tom Hvitved
c86f597153 Ruby: Add test for disjunctive guard 2022-11-08 09:01:22 +01:00
Harry Maclean
d392cdaab6 Merge pull request #11022 from hmac/try-code-injection 
Ruby: try/try! as code execution
 2022-11-08 09:42:52 +13:00
Asger F
edc5d8d644 Ruby: update test output 2022-11-07 14:17:50 +01:00
Asger F
a213e9e55d Merge pull request #1 from hvitved/rb/data-flow-layer-capture2 
Ruby: Make sure to always generate SSA definitions for namespace self-variables
 2022-11-07 14:12:48 +01:00
Asger F
f991991474 Ruby: fix incomplete renaming of getCanonicalEnclosing/Nested module 2022-11-07 14:04:10 +01:00
Tom Hvitved
2737255705 Ruby: Make sure to always generate SSA definitions for namespace self-variables 2022-11-07 14:02:09 +01:00
Asger F
a39cefe40f Ruby: fix broken test 2022-11-07 14:01:11 +01:00
Arthur Baars
98f4c29913 Ruby: weak crypto: do not report weak hash algorithms 
Weak hash algorithms such as MD5 and SHA1 are often
used in non security sensitive contexts and reporting
all uses is far too noisy.
 2022-11-04 15:58:50 +01:00
erik-krogh
f3741ff1e4 changes based on review 2022-11-03 09:41:05 +01:00
Dave Bartolomeo
499f20f6e8 Merge pull request #11004 from dbartol/dbartol/use-workspace-versions 2022-11-02 20:02:48 -04:00
Tom Hvitved
46631d6eaf Merge pull request #10931 from hvitved/ruby/fix-flow-into-phis 
Ruby: Fix flow steps into phi nodes
 2022-11-02 21:07:06 +01:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Tom Hvitved
ee9163aa40 Ruby: Fix flow steps into phi nodes 
- Add missing flow from post-update nodes into phi nodes.
- Prevent flow from reads into phi nodes when use-use flow is prohibited.
 2022-11-01 16:33:06 +01:00
Tom Hvitved
a191edfbd5 Ruby: Add data flow tests that illustrate problems with flow into SSA phi nodes 2022-11-01 16:32:46 +01:00
Tom Hvitved
e8f9429b92 Merge pull request #10917 from hvitved/ruby/singleton-call-sensitivity 
Ruby: Call-context sensitivity for singleton method calls
 2022-11-01 14:13:26 +01:00
Arthur Baars
aba87a139d Merge pull request #10668 from aibaars/ruby-deps 
Ruby: update dependencies
 2022-11-01 13:55:42 +01:00
erik-krogh
84a7fddd95 remove explicit versions in lock files, as the dependencies are all installed locally 2022-11-01 09:09:26 +01:00
Asger F
056b1e8d63 Ruby: add some basic tests 2022-10-31 14:05:11 +01:00
Asger F
9be2512050 Ruby: rename one of the PostsController2 classes 
These had the same name and ended up being unified
 2022-10-31 13:33:41 +01:00
Asger F
b4b34cc994 Ruby: port part of ActionController model 2022-10-31 13:33:41 +01:00
Asger F
9f59b6b439 Update type-tracking test 2022-10-31 13:33:41 +01:00
Asger F
0a8f39fe96 Ruby: recover some incomplete capture flow 2022-10-31 13:33:41 +01:00
Asger F
b29ac5249e Ruby: add type-tracking inline test in global flow test 2022-10-31 13:33:41 +01:00
Asger F
4ed61c13f8 Ruby: add some captured-variable flow tests 2022-10-31 13:33:41 +01:00
Harry Maclean
fd61a5253d Ruby: Recognise try/try! as code executions 2022-10-31 11:53:22 +13:00
Harry Maclean
3f403f0f87 Merge pull request #10700 from hmac/activesupport 
Ruby: Model some ActiveSupport methods
 2022-10-31 11:50:44 +13:00
Asger F
436cc60138 Ruby: update some uses of getConstantValue() 2022-10-28 15:16:14 +02:00
Rasmus Wriedt Larsen
8628ff5e52 Merge pull request #10999 from RasmusWL/inline-fail-tag 
InlineExpectationsTest: Fail if missing `getARelevantTag`
 2022-10-28 10:35:49 +02:00
Erik Krogh Kristensen
93fb2930c8 Merge pull request #10968 from erik-krogh/fixRbCode 
RB: fix rb/code-injection
 2022-10-28 09:14:14 +02:00