hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,465 Commits 1,703 Branches 162 Tags
cf7ebe2fa8ecff70da0435f5b82f75252237059c
Commit Graph

661 Commits

Author SHA1 Message Date
erik-krogh
0c2ff98dc2 add flow from the first splat argument to the first splat parameter 2022-11-28 09:54:05 +01:00
erik-krogh
d5725255fe add failing test for splat parameter flow 2022-11-28 09:53:03 +01:00
Alex Ford
893c8763bb Ruby: model ActiveSupport json_escape flow 2022-11-24 15:33:08 +00:00
Tom Hvitved
2fac505221 Ruby: Update expected test output 2022-11-21 12:52:27 +01:00
Harry Maclean
a6f6936719 Merge pull request #11058 from hmac/actioncontroller-logger 
Ruby: Model various ActionController methods
 2022-11-17 08:21:00 +13:00
Tom Hvitved
67b6a82cf1 Merge pull request #11198 from hvitved/ssa/expose-phi-reads 
SSA: Expose phi-read nodes
 2022-11-16 15:11:58 +01:00
Erik Krogh Kristensen
7d4ea47611 Merge pull request #10855 from erik-krogh/formatTaint 
Ruby: taint-steps for printf calls - and add a `AdditionalTaintStep` class
 2022-11-16 12:08:45 +01:00
Harry Maclean
ed3270fb04 Ruby: Update for upstream changes 2022-11-16 14:06:32 +13:00
Harry Maclean
d0521f15f1 Ruby: Update tests 2022-11-16 13:46:51 +13:00
Harry Maclean
d2c0250b41 Ruby: Model ActionDispatch::Request#body_stream 2022-11-16 13:46:51 +13:00
Harry Maclean
9f357837fa Ruby: Model send_data as an HTTP response 2022-11-16 13:46:51 +13:00
Harry Maclean
5cfc494e16 Ruby: Test render inside redirect_to 
This test shows that we correctly identify redirect_to and render calls
inside respond_to blocks.
 2022-11-16 13:46:51 +13:00
Harry Maclean
155b64d3fc Ruby: Add test for render calls 2022-11-16 13:46:51 +13:00
Harry Maclean
b7e14311be Ruby: Model ActionController logger 2022-11-16 13:46:50 +13:00
Harry Maclean
27681ac987 Ruby: Move ActionController tests to own directory 2022-11-16 13:46:49 +13:00
Tom Hvitved
67f31ffdf0 Ruby: Add tests for phi reads 2022-11-15 11:45:32 +01:00
Tom Hvitved
32f60fd112 Ruby: Add more local flow tests for use-use flow 2022-11-15 11:45:31 +01:00
Nick Rolfe
8d854e0a6b Merge pull request #11252 from github/nickrolfe/active_support_enumerable 
Ruby: add flow summary for Enumerable#index_by
 2022-11-15 10:40:42 +00:00
Nick Rolfe
83b3312467 Merge pull request #11207 from github/nickrolfe/arel-sql 
Ruby: add `SqlConstruction` concept, and implement it for calls to `Arel.sql`
 2022-11-14 10:21:37 +00:00
Nick Rolfe
0dadf0bbb4 Ruby: add flow summary for Enumerable#index_by 2022-11-14 10:01:24 +00:00
Nick Rolfe
e3ebf1c668 Merge pull request #11187 from github/nickrolfe/actioncable 
Ruby: add ActionCable channel RPC params as remote flow sources
 2022-11-11 11:32:13 +00:00
Nick Rolfe
5a15558355 Ruby: treat an Arel.sql call as a SqlConstruction 2022-11-10 14:11:14 +00:00
Tom Hvitved
e18442069b Ruby: Fix SSA entry definitions for self in top-level 2022-11-10 15:08:17 +01:00
Nick Rolfe
eb2a487433 Ruby: update expected test output 2022-11-09 17:38:33 +00:00
Nick Rolfe
0d9aa0cdac Ruby: fix clashing method names from merge conflict 2022-11-09 17:06:43 +00:00
Nick Rolfe
c8c53cb424 Merge remote-tracking branch 'origin/main' into nickrolfe/active_support_flow_summaries 2022-11-09 17:02:05 +00:00
Nick Rolfe
db20e7d143 Ruby: add ActionCable channel RPC params as remote-flow sources 2022-11-09 14:16:04 +00:00
Asger F
859dc7beb7 Merge pull request #11024 from asgerf/rb/data-flow-layer-capture2 
Ruby: expand DataFlow API
 2022-11-09 15:06:03 +01:00
Nick Rolfe
97e939ae2b Ruby: refine summaries for Hash#reverse_merge etc. 
- revert the changes to the taint summaries specific to ActionController
  params
- make the general flow summaries value-preserving and use
  WithElement[any]
 2022-11-09 11:56:07 +00:00
Asger F
43769ad464 Ruby: update test output 2022-11-08 19:20:57 +01:00
Nick Rolfe
a9ff0bdbbf Ruby: accept changed test output 2022-11-08 17:36:31 +00:00
Nick Rolfe
04575674db Ruby: generalise summaries for ActiveSupport Hash extensions 2022-11-08 15:48:20 +00:00
Asger F
271de66f01 Ruby: rename getConst -> getConstant 2022-11-08 16:41:04 +01:00
Tom Hvitved
edde3defed Merge pull request #11153 from hvitved/ruby/basic-block-at-conditions 
Ruby: Split basic blocks around constant conditionals
 2022-11-08 13:35:52 +01:00
Tom Hvitved
f0b9ca4bf9 Ruby: Add more guards tests 2022-11-08 11:09:54 +01:00
Asger F
a75c50620c Ruby: update more SSA test output 2022-11-08 11:03:24 +01:00
Tom Hvitved
7ba0682297 Ruby: Split basic blocks around constant conditionals 2022-11-08 09:07:23 +01:00
Tom Hvitved
c86f597153 Ruby: Add test for disjunctive guard 2022-11-08 09:01:22 +01:00
Harry Maclean
d392cdaab6 Merge pull request #11022 from hmac/try-code-injection 
Ruby: try/try! as code execution
 2022-11-08 09:42:52 +13:00
Asger F
edc5d8d644 Ruby: update test output 2022-11-07 14:17:50 +01:00
Asger F
a213e9e55d Merge pull request #1 from hvitved/rb/data-flow-layer-capture2 
Ruby: Make sure to always generate SSA definitions for namespace self-variables
 2022-11-07 14:12:48 +01:00
Asger F
f991991474 Ruby: fix incomplete renaming of getCanonicalEnclosing/Nested module 2022-11-07 14:04:10 +01:00
Tom Hvitved
2737255705 Ruby: Make sure to always generate SSA definitions for namespace self-variables 2022-11-07 14:02:09 +01:00
Asger F
a39cefe40f Ruby: fix broken test 2022-11-07 14:01:11 +01:00
Tom Hvitved
46631d6eaf Merge pull request #10931 from hvitved/ruby/fix-flow-into-phis 
Ruby: Fix flow steps into phi nodes
 2022-11-02 21:07:06 +01:00
erik-krogh
6bc12e8f2b Merge branch 'main' into formatTaint 2022-11-02 13:39:30 +01:00
Tom Hvitved
ee9163aa40 Ruby: Fix flow steps into phi nodes 
- Add missing flow from post-update nodes into phi nodes.
- Prevent flow from reads into phi nodes when use-use flow is prohibited.
 2022-11-01 16:33:06 +01:00
Tom Hvitved
a191edfbd5 Ruby: Add data flow tests that illustrate problems with flow into SSA phi nodes 2022-11-01 16:32:46 +01:00
Tom Hvitved
e8f9429b92 Merge pull request #10917 from hvitved/ruby/singleton-call-sensitivity 
Ruby: Call-context sensitivity for singleton method calls
 2022-11-01 14:13:26 +01:00
Asger F
056b1e8d63 Ruby: add some basic tests 2022-10-31 14:05:11 +01:00