hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,744 Commits 1,673 Branches 157 Tags
d0bdbe65ef8aecf96bde5aba33c32a18b2b02494
Commit Graph

2077 Commits

Author SHA1 Message Date
Alex Ford
d0bdbe65ef Ruby: ActiveJob::Serializers.deserialize changenote 2022-10-09 22:47:52 +01:00
Alex Ford
ee77404006 Ruby: Add ActiveJob::Serializers.deserialize as a code execution sink 2022-10-09 22:28:22 +01:00
Alex Ford
4a39e4aac0 Ruby: Add new test case for rb/code-injection 2022-10-09 22:26:29 +01:00
Alex Ford
c4baf0b8fa Ruby: add space for test case 2022-10-09 22:16:23 +01:00
Dave Bartolomeo
5ee7986649 Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
Nick Rolfe
a6674a5313 Ruby: fix uses of deprecated class name 2022-10-07 13:17:05 +01:00
Tom Hvitved
b065d2d3ab Merge pull request #10705 from hvitved/ruby/singleton-overrides 
Ruby: Take overrides into account for singleton methods defined on modules
 2022-10-07 13:33:59 +02:00
Harry Maclean
75cb0efecb Merge pull request #10538 from hmac/hmac/actioncontroller-parameters 
Ruby: Model flow through ActionController::Parameters
 2022-10-07 22:21:40 +13:00
Tom Hvitved
69fc59930f Ruby: Add ql doc to lookupSingletonMethod 2022-10-07 10:55:30 +02:00
github-actions[bot]
a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
Henry Mercer
7a7d164b07 Merge pull request #10698 from github/henrymercer/successfully-extracted-files-tag 
Tag successfully extracted files queries
 2022-10-06 13:21:52 +01:00
Tom Hvitved
48bdf13c89 Ruby: Take overrides into account for singleton methods defined on modules 2022-10-06 11:56:26 +02:00
Tom Hvitved
7608276397 Ruby: Add more call graph tests 2022-10-06 10:38:02 +02:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears 
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
 2022-10-06 09:03:30 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries 
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
 2022-10-05 19:19:43 +01:00
Asger F
387e57546b Merge pull request #10650 from asgerf/rb/summarize-more 
Ruby: more type-tracking steps
 2022-10-05 19:16:56 +02:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Asger F
decd4c93c7 Ruby: update type tracking test 2022-10-05 15:15:52 +02:00
Asger F
c9c36985b2 Ruby: address review comments 2022-10-05 14:59:37 +02:00
Arthur Baars
6509c19aad Merge pull request #10692 from aibaars/fix-splats 
Ruby: fix CFG and toString for anonymous '*' and '**'
 2022-10-05 13:25:29 +02:00
Tom Hvitved
3f0f16afc4 Ruby: Update flow summary for Hash#except 2022-10-05 12:58:29 +02:00
Tom Hvitved
e51c20bfc7 Data flow: Take conjunctive With(out)Contents into account in prohibitsUseUseFlow 2022-10-05 12:58:29 +02:00
Arthur Baars
a080f498be Ruby: fix CFG and toString for anonymous '*' and '**' 2022-10-05 11:50:37 +02:00
Tom Hvitved
9d23742ed6 Ruby: Add test that illustrates issue with conjunctive WithoutContents 2022-10-05 11:26:23 +02:00
Asger F
f664a77a02 Ruby: ensure Hash flow works again 2022-10-05 11:07:55 +02:00
Arthur Baars
4ff85d5275 Ruby: add test case 2022-10-05 10:57:53 +02:00
Nick Rolfe
525fe12671 Merge pull request #10585 from github/nickrolfe/libxml-xxe 
Ruby: detect uses of LibXML with entity substitution enabled by default
 2022-10-05 09:51:39 +01:00
Asger F
7cf969f9c8 Ruby: remove mention of PairValueContent 2022-10-05 10:32:09 +02:00
Asger F
6f74a52542 Merge branch 'main' into rb/summarize-more 2022-10-05 09:55:23 +02:00
Asger F
8b7ec20573 Merge branch 'main' into rb/summarize-more 2022-10-05 09:43:52 +02:00
Tom Hvitved
1496c4f0e2 Merge pull request #10686 from hvitved/ruby/remove-value-pair-content 
Ruby: Remove `PairValueContent`
 2022-10-05 09:41:14 +02:00
Asger F
93e8434e08 Ruby: fix content restriction in type trackers 2022-10-05 09:36:42 +02:00
Asger F
f5f351e26c Ruby: make flowsToLoadStoreStep private 2022-10-05 09:35:11 +02:00
Asger F
a9a99c5b18 Ruby: nomagic on unary hasAdjacentTypeCheckedReads 2022-10-05 09:34:36 +02:00
Asger F
4c19d2d71e Ruby: make getAStaticHashCall private again 2022-10-05 09:32:56 +02:00
Arthur Baars
c1c16e44ee Merge pull request #10559 from aibaars/cve-2019-3881 
Ruby: some improvements
 2022-10-04 21:24:14 +02:00
Tom Hvitved
aae9a58ca3 Ruby: Remove ValuePairContent 2022-10-04 20:10:51 +02:00
Nick Rolfe
d69a658e06 Merge pull request #10673 from github/nickrolfe/no_abstract 
Ruby: remove public abstract classes for Action{View,Controller}
 2022-10-04 17:49:59 +01:00
Nick Rolfe
2e80926951 Ruby: fix a couple of references to deprecated names 2022-10-04 16:45:08 +01:00
Nick Rolfe
445241fd95 Ruby: add missing qldoc comment 2022-10-04 16:31:54 +01:00
Nick Rolfe
2315a177fe Ruby: add changenote for ActionView/Controller class renames 2022-10-04 16:22:11 +01:00
Nick Rolfe
227100d883 Ruby: make old class names available as deprecated aliases 2022-10-04 16:11:43 +01:00
erik-krogh
dedbe66619 update expected output 2022-10-04 14:16:07 +02:00
Erik Krogh Kristensen
5ba7c13ecd fix alert-message by adding the link 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2022-10-04 13:50:25 +02:00
erik-krogh
d370b2a51e simplify the where clause of rb/kernel-open 2022-10-04 13:49:50 +02:00
erik-krogh
bf74481f65 add a link to the source in the alert-message for rb/kernel-open 2022-10-04 13:41:50 +02:00
Arthur Baars
88b5d4da16 Ruby: extend may have multiple arguments 2022-10-04 12:58:50 +02:00
Arthur Baars
ab3a62de3c Update ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll 2022-10-04 12:58:50 +02:00
Tom Hvitved
6e61ef10b8 Ruby: Add another dataflow copy 2022-10-04 12:58:50 +02:00