hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,788 Commits 1,672 Branches 157 Tags
c7aaad9ed0e7bda3f9847b6443df7b64d343f2dc
Commit Graph

2895 Commits

Author SHA1 Message Date
Alex Ford
c7aaad9ed0 JS: avoid adding a deprecated CryptographicOperation#getInput to py/ruby 2023-02-15 16:23:46 +00:00
Alex Ford
7768026e70 Merge branch 'main' into js-use-shared-cryptography 2023-02-03 15:18:30 +00:00
Alex Ford
6c35feaa98 ConceptsShared: add a default implementation of BlockMode CryptographicOperation#getBlockMode() for compatibility with external code 2023-02-03 14:39:32 +00:00
Alex Ford
b968b59afc CryptoAlgorithms: make CryptographicAlgorithm#matchesName hold only if that algorithm is the most specific match 2023-02-03 14:15:32 +00:00
Mathias Vorreiter Pedersen
4e7ca1a175 Merge pull request #12082 from github/post-release-prep/codeql-cli-2.12.2 
Post-release preparation for codeql-cli-2.12.2
 2023-02-03 09:40:57 +00:00
Arthur Baars
9a4cec7691 Merge pull request #11956 from aibaars/json-log 
Ruby: structured logging
 2023-02-03 09:54:49 +01:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
Alex Ford
1435ef1862 CryptoAlgorithms: make CryptographicAlgorithm#matchesName split on underscores 2023-02-02 20:30:30 +00:00
Alex Ford
e5dfbe2c8d ConceptsShared: Add BlockMode#matchesString(string) predicate 2023-02-02 20:27:52 +00:00
Alex Ford
61095b3c58 ConceptsShared: Add deprecated DataFlow::Node CryptographicOperation#getInput() predicate 2023-02-02 20:27:05 +00:00
Jeroen Ketema
3cf5107b45 Apply suggestions from code review 2023-02-02 15:48:29 +01:00
github-actions[bot]
a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
Arthur Baars
a46061541b Ruby: address review comment 2023-02-01 09:59:05 +01:00
Arthur Baars
fa81d9da18 Apply suggestions from code review 
Co-authored-by: Harry Maclean <hmac@github.com>
 2023-02-01 09:47:39 +01:00
Harry Maclean
da45d3aa7f Ruby: Fix string comparison barrier guard 
`strNode` was not properly restricted for some cases.
 2023-02-01 14:40:53 +13:00
Harry Maclean
0d68d88741 Merge pull request #11934 from hmac/actioncontroller-filters 2023-02-01 09:10:30 +13:00
Arthur Baars
57012714d6 Ruby: serialize timestamps as ISO8601 2023-01-31 14:32:29 +01:00
dependabot[bot]
7f22c4c474 Bump clap from 3.0.12 to 3.0.14 in /ruby 
Bumps [clap](https://github.com/clap-rs/clap) from 3.0.12 to 3.0.14.
- [Release notes](https://github.com/clap-rs/clap/releases)
- [Changelog](https://github.com/clap-rs/clap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/clap-rs/clap/compare/v3.0.12...v3.0.14)

---
updated-dependencies:
- dependency-name: clap
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-31 12:49:34 +00:00
Arthur Baars
d944c2bd79 Ruby: address comments 2023-01-31 10:22:12 +01:00
Harry Maclean
c99a096c9b Ruby: Update test fixtures 2023-01-31 11:27:19 +13:00
Harry Maclean
69ed00cdf1 Ruby: QL4QL fix 2023-01-31 11:06:32 +13:00
erik-krogh
f04a9cb523 Merge branch 'main' into rbRegConcept 2023-01-30 11:05:40 +01:00
Arthur Baars
907ebb723e Merge branch 'main' into json-log 2023-01-30 10:49:42 +01:00
Harry Maclean
f7cdd430a2 Ruby: Small fix 2023-01-30 21:55:19 +13:00
Harry Maclean
7778524e08 Ruby: Refactor 2023-01-30 21:52:59 +13:00
Harry Maclean
5e9210fcea Ruby: use getAnAncestor 2023-01-30 21:21:38 +13:00
Harry Maclean
708e303c01 Ruby: Model except: with a const argument 2023-01-30 21:17:31 +13:00
Harry Maclean
28716866d8 Ruby: getAction -> getAnAction 2023-01-30 18:52:47 +13:00
Harry Maclean
246ad46eb1 Ruby: Account for filter skip ordering 
A `skip_*_filter :foo` call only has an effect if there was an earlier
call that registered `:foo` as a filter.
 2023-01-30 18:50:30 +13:00
Harry Maclean
a164e76a5d Ruby: Model actioncontroller filter overrides 
If a filter is registered twice with the same name, the last
registration wins.
 2023-01-30 18:05:22 +13:00
Harry Maclean
28c3bd3e2f Ruby: QL4QL fix 2023-01-30 17:41:36 +13:00
Harry Maclean
fb86ef4aac Ruby: Model ActionController filters 
ActionController filters provide a way to register callbacks that run
before, after or around an action (i.e. HTTP request handler). They run
in the same class context as the action, so can get/set instance
variables and generally interact with the action in arbitrary ways.

In order to track flow between filters and actions, we have to model the
callback chain. This commit does that. A later change will add dataflow
steps to actually track flow through the chain.
 2023-01-30 17:41:36 +13:00
Mathias Vorreiter Pedersen
95b15825f9 DataFlow: Sync identical files. 2023-01-27 16:24:31 +00:00
dependabot[bot]
295152cd32 Merge pull request #11992 from github/dependabot/cargo/ruby/serde-1.0.152 2023-01-26 10:17:56 +00:00
dependabot[bot]
bf02340a6a Merge pull request #11982 from github/dependabot/cargo/ruby/num_cpus-1.14.0 2023-01-26 10:13:09 +00:00
dependabot[bot]
6e69acdd7e Bump serde from 1.0.131 to 1.0.152 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.131 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.131...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:08:58 +00:00
Harry Maclean
07a7a213b3 Merge pull request #11871 from hmac/rack 2023-01-26 08:40:30 +13:00
Alex Ford
3dd9392f5e Merge pull request #11869 from alexrford/rails/render_locals_shared 
Ruby: Rails - generalize rails flow step for accessing render locals hash in view
 2023-01-25 12:07:26 +00:00
erik-krogh
54b0350cac add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS 2023-01-25 10:24:11 +01:00
dependabot[bot]
531c0559a0 Bump num_cpus from 1.13.0 to 1.14.0 in /ruby 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 08:48:08 +00:00
Arthur Baars
358ae7529b Merge pull request #11973 from github/dependabot/cargo/ruby/serde_json-1.0.91 
Bump serde_json from 1.0.72 to 1.0.91 in /ruby
 2023-01-25 09:45:32 +01:00
Arthur Baars
068b71bc3d Merge pull request #11972 from github/dependabot/cargo/ruby/regex-1.7.1 
Bump regex from 1.5.5 to 1.7.1 in /ruby
 2023-01-25 09:44:57 +01:00
dependabot[bot]
fd22c7c73e Bump serde_json from 1.0.72 to 1.0.91 in /ruby 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.72 to 1.0.91.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.72...v1.0.91)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:13 +00:00
dependabot[bot]
c4bf25f33c Bump regex from 1.5.5 to 1.7.1 in /ruby 
Bumps [regex](https://github.com/rust-lang/regex) from 1.5.5 to 1.7.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.5.5...1.7.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:09 +00:00
dependabot[bot]
b1f73b59cd Bump flate2 from 1.0.22 to 1.0.25 in /ruby 
Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.22 to 1.0.25.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.22...1.0.25)

---
updated-dependencies:
- dependency-name: flate2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:03 +00:00
Harry Maclean
e6e4e29bf8 Ruby: newline 2023-01-23 21:53:52 +00:00
Harry Maclean
224db456af Ruby: Simplify isRackResponse 2023-01-23 21:53:09 +00:00
Harry Maclean
60f9635ada Ruby: Move import 2023-01-23 21:51:27 +00:00
Harry Maclean
c1207e0938 Ruby: Fix rack response tracking 
Use type tracking instead of getReturningNode, which seems to be faster
and works correctly for the cases I've tried.
 2023-01-23 21:43:04 +00:00
Erik Krogh Kristensen
240248b9cf Merge pull request #11453 from erik-krogh/unsafeHtmlConstruction 
RB: add unsafe-html-construction query
 2023-01-23 16:40:25 +01:00