codeql

mirror of https://github.com/github/codeql.git synced 2026-02-03 16:51:07 +01:00

Author	SHA1	Message	Date
Asger Feldthaus	7f8205684e	Ruby: verify tokens in identifying access path	2022-03-15 10:25:59 +01:00
Asger Feldthaus	65249dabd3	Ruby: add warning for wrong number of columns in CSV row	2022-03-15 09:28:21 +01:00
Asger Feldthaus	df379809df	Ruby: support CSV rows of form ;any;Method[foo]	2022-03-01 14:08:21 +01:00
Asger Feldthaus	05ea33033b	Ruby: add test for API::EntryPoint	2022-03-01 14:08:21 +01:00
Asger Feldthaus	e6a3747656	Ruby: add test for ActiveStorage.Filename.new	2022-03-01 14:08:21 +01:00
Asger Feldthaus	cbd044a768	Ruby: add a code injection test for flwo through Regexp.escape	2022-03-01 14:08:21 +01:00
Asger Feldthaus	63e7c16d6b	Ruby: add test with sinks and type-defs	2022-03-01 14:08:20 +01:00
Asger Feldthaus	388949f12e	Ruby: support WithBlock and WithoutBlock	2022-03-01 14:08:20 +01:00
Asger Feldthaus	d6bc9c259e	Ruby: add simple test case	2022-03-01 14:08:20 +01:00
Asger F	02c4966109	Merge pull request #7878 from asgerf/dot-separated-access-paths Shared: Switch to dot-separated access paths in summary specs	2022-02-21 13:29:09 +01:00
Alex Ford	9196b64d6e	Merge pull request #8138 from github/ruby/file-write Ruby: Implement `FileSystemWriteAccess` concept	2022-02-21 10:13:27 +00:00
Alex Ford	746290d903	Merge pull request #7713 from github/ruby/clear-text-logging Ruby: Add `rb/clear-text-logging-sensitive-data` query	2022-02-21 10:12:33 +00:00
Asger Feldthaus	e3605eed44	Ruby: update CSV rows to dot-separated syntax	2022-02-21 08:21:50 +01:00
Asger Feldthaus	6dbeb81f36	Ruby: use AccessPathSyntax.qll to parse input/output summary specs	2022-02-21 08:16:55 +01:00
Harry Maclean	9a60c7e4ac	Ruby: Update filename in test fixture	2022-02-21 09:43:36 +13:00
Alex Ford	baabe66551	Ruby: update Files.ql tests for write accesses	2022-02-20 19:28:12 +00:00
Alex Ford	dd383f942f	Merge remote-tracking branch 'origin/main' into ruby/clear-text-logging	2022-02-17 15:32:31 +00:00
Harry Maclean	459f949c24	Ruby: fix old import in ActiveSupport codeql.ruby.frameworks.StandardLibrary is deprecated	2022-02-17 20:44:04 +13:00
Harry Maclean	546bfcb8ea	Ruby: split tests to match stdlib changes	2022-02-17 20:44:04 +13:00
Erik Krogh Kristensen	25d64a7901	Merge pull request #7930 from erik-krogh/rbApiIpa RB: convert the ruby ApiGraphs to use IPA labels	2022-02-11 14:35:39 +01:00
Harry Maclean	017183e7f3	Merge pull request #7919 from github/hmac/open-uri Ruby: recognise additional form for OpenURI	2022-02-11 14:03:26 +13:00
Erik Krogh Kristensen	9739929795	convert the ruby ApiGraphs to use IPA labels	2022-02-10 17:54:19 +01:00
Alex Ford	7c1bd9a533	Ruby: add a test case for cleartext logging that uses NonCleartextPasswordFlow	2022-02-10 15:50:56 +00:00
Alex Ford	59ab384825	Ruby: rb/clear-text-logging-sensitive-data - match on CFG nodes rather than AST nodes	2022-02-10 15:50:56 +00:00
CodeQL CI	a57ee019c2	Merge pull request #7819 from asgerf/asgerf/ruby-def-nodes Approved by hvitved	2022-02-10 12:37:34 +00:00
Harry Maclean	d966ca8466	Ruby: recognise additional form for OpenURI	2022-02-10 15:42:15 +13:00
Harry Maclean	f30222256f	Merge pull request #7061 from github/hmac/actiondispatch Ruby: Rails route resolution	2022-02-10 09:46:36 +13:00
Tom Hvitved	0bd8411cb6	Ruby: Hide more SSA nodes from data-flow path explanations	2022-02-09 15:31:10 +01:00
Nick Rolfe	1eba8277ee	Merge pull request #7614 from github/nickrolfe/array_flow_summaries Ruby: add more Array/Enumerable flow summaries	2022-02-09 09:57:59 +00:00
Harry Maclean	3206384884	Merge pull request #7824 from github/hmac/constantize	2022-02-09 08:30:21 +13:00
Asger Feldthaus	2b36703bfb	Ruby: add def= tags to API graph test	2022-02-08 10:20:25 +01:00
Arthur Baars	ac03fab986	Merge pull request #7753 from aibaars/ruby-3.1 Ruby 3.1 features	2022-02-06 21:06:16 +01:00
Nick Rolfe	45962f1cad	Ruby: make `this` unique for each method Even when summaries are shared in a single class.	2022-02-04 17:03:55 +00:00
Nick Rolfe	7a9ddc28bf	Ruby: address some more feedback on array flow summaries	2022-02-04 16:33:27 +00:00
Nick Rolfe	ed00f2b0d2	Ruby: address some feedback on array flow summaries	2022-02-04 13:40:39 +00:00
Nick Rolfe	161d766ba9	Ruby: address review comments on array_flow.rb	2022-02-04 11:59:59 +00:00
Asger Feldthaus	87c62db781	Ruby: disable test line not currently working	2022-02-04 11:20:42 +01:00
Asger Feldthaus	5e350a0270	Ruby: Derive edge labels from {Argument,Parameter}Position	2022-02-04 11:20:42 +01:00
Asger Feldthaus	d2e381aa79	Ruby: more def-node tests	2022-02-04 11:20:41 +01:00
Asger Feldthaus	32e0f42969	Ruby: refactor Return(x) to Method(x).return	2022-02-04 11:20:39 +01:00
Asger Feldthaus	55b5f19b92	Ruby: Add def-nodes to API graphs	2022-02-04 11:06:35 +01:00
Asger Feldthaus	9c17a5ce99	Ruby: replace "instance" label with a call to new	2022-02-04 11:03:25 +01:00
Harry Maclean	ab7fd89653	Merge pull request #7663 from github/hmac/api-graph-subclass Ruby: Add basic subclassing support to API Graphs	2022-02-04 10:19:07 +13:00
Arthur Baars	6525035f0a	Address comments	2022-02-03 13:47:03 +01:00
Harry Maclean	c65ca8ff86	Model calls to `constantize` as code executions `constantize` is an ActiveSupport extension to `String` that attempts to look up a constant with a name matching the receiver.	2022-02-03 15:22:07 +13:00
Harry Maclean	704b58519f	Ruby: Include subclasses in more API calls Change the behaviour of `API::getInstance()` and `API::getReturn()` to include results on subclasses of the current API node.	2022-02-03 11:35:59 +13:00
Harry Maclean	80835a5a19	Ruby: Don't expose abstract class Make ActionDispatch::Route into a private class ActionDispatch::RouteImpl, defining a new class Route which exposes the necessary public API from RouteImpl. Also rename getHTTPMethod to getHttpMethod.	2022-02-03 10:41:30 +13:00
Harry Maclean	a8a7c156d0	via - update tests	2022-02-03 10:40:23 +13:00
Arthur Baars	a22868ba27	Merge branch 'main' into ruby-3.1	2022-02-02 19:00:03 +01:00
Arthur Baars	fdcef6225b	Ruby: fix QL warnings	2022-02-02 13:29:09 +01:00

1 2 3 4 5

237 Commits