1744 Commits

Author	SHA1	Message	Date
Anders Schack-Mulligen	99ca28ea9b	Merge pull request #10886 from aschackmull/dataflow/joinorders ... Dataflow: Fix a couple of join-orders.	2022-11-07 11:05:29 +01:00
github-actions[bot]	fca754bddd	Post-release preparation for codeql-cli-2.11.3	2022-11-05 14:30:48 +00:00
Dave Bartolomeo	013b7eff1c	Apply suggestions from code review ... Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com>	2022-11-04 18:46:32 -04:00
github-actions[bot]	508327235a	Release preparation for version 2.11.3	2022-11-04 20:16:23 +00:00
Anders Schack-Mulligen	a1dba82360	Dataflow: Sync.	2022-11-04 12:41:55 +01:00
Tom Hvitved	d3488da0c2	Data flow: Sync files	2022-11-03 15:52:30 +01:00
Tom Hvitved	cc87d2e38b	Data flow: Restrict public PathNodes to those that may reach a sink	2022-11-03 15:52:30 +01:00
Dave Bartolomeo	499f20f6e8	Merge pull request #11004 from dbartol/dbartol/use-workspace-versions	2022-11-02 20:02:48 -04:00
Tom Hvitved	46631d6eaf	Merge pull request #10931 from hvitved/ruby/fix-flow-into-phis ... Ruby: Fix flow steps into phi nodes	2022-11-02 21:07:06 +01:00
Dave Bartolomeo	a475e5758d	Merge remote-tracking branch 'upstream/main' into dbartol/use-workspace-versions	2022-11-02 12:38:03 -04:00
Tom Hvitved	2d5b9c12a6	Ruby: Avoid calls to deprecated SSA predicates	2022-11-02 09:37:28 +01:00
Dave Bartolomeo	49c4c554c4	Merge from main	2022-11-01 13:22:40 -04:00
Tom Hvitved	ee9163aa40	Ruby: Fix flow steps into phi nodes ... - Add missing flow from post-update nodes into phi nodes. - Prevent flow from reads into phi nodes when use-use flow is prohibited.	2022-11-01 16:33:06 +01:00
Tom Hvitved	e8f9429b92	Merge pull request #10917 from hvitved/ruby/singleton-call-sensitivity ... Ruby: Call-context sensitivity for singleton method calls	2022-11-01 14:13:26 +01:00
Harry Maclean	3f403f0f87	Merge pull request #10700 from hmac/activesupport ... Ruby: Model some ActiveSupport methods	2022-10-31 11:50:44 +13:00
Erik Krogh Kristensen	93fb2930c8	Merge pull request #10968 from erik-krogh/fixRbCode ... RB: fix rb/code-injection	2022-10-28 09:14:14 +02:00
Harry Maclean	368ce69198	Fix qldoc formatting	2022-10-28 11:31:55 +13:00
Harry Maclean	9df8edcb1c	Ruby: fix formatting	2022-10-28 11:31:55 +13:00
Harry Maclean	cd34686967	Ruby: Document flow summary for Hash#extract!	2022-10-28 11:31:55 +13:00
Harry Maclean	ca7b48c3d5	Add change note	2022-10-28 11:31:55 +13:00
Harry Maclean	ef260db76e	Fix singleton set literal	2022-10-28 11:31:55 +13:00
Harry Maclean	71d703f2a5	Ruby: Add ActiveSupport extensions	2022-10-28 11:31:55 +13:00
Harry Maclean	cb37a0e835	Ruby: Add summaries for Hash#deep_merge(!)	2022-10-28 11:31:55 +13:00
Harry Maclean	3dea1d6a60	Ruby: Add flow summary for Hash#except!	2022-10-28 11:31:55 +13:00
Harry Maclean	0454642220	Ruby: Model deep_dup and presence	2022-10-28 11:31:55 +13:00
Harry Maclean	9f260853ac	Ruby: Model more ActiveSupport string extensions	2022-10-28 11:31:55 +13:00
Harry Maclean	b389d50943	Ruby: Identify safe_constantize	2022-10-28 11:31:54 +13:00
Dave Bartolomeo	23b572e9b7	Use ${workspace} for intra-workspace dependencies ... Now that the released CLI supports replacement variables in dependency version ranges, we can now mark our published library packs as depending on whatever version of their dependency is in our workspace, without having to manually bump the dependency version every release. Note that when the packs are published, the dependencies in the published pack file are rewritten to have the correct specific version.	2022-10-26 16:40:01 -04:00
thiggy1342	9c1fbfd330	Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new	2022-10-25 13:09:17 -04:00
thiggy1342	3659eaa780	add markdown file extension	2022-10-25 10:13:19 -04:00
erik-krogh	e8dce25cc2	fix rb/code-injection	2022-10-25 14:44:23 +02:00
Erik Krogh Kristensen	ef5132b0ae	Merge pull request #10883 from erik-krogh/codeSink ... RB: don't flag code-injection for dynamic loading where an attacker only controls a substring	2022-10-24 18:59:36 +02:00
thiggy1342	952ad6ea46	Merge branch 'main' into expand-ruby-ssrf-sinks-faraday-connection-new	2022-10-24 09:52:24 -04:00
Erik Krogh Kristensen	5ff98cd80e	Merge pull request #10888 from erik-krogh/glob ... Ruby: add model for Dir.glob and other Dir methods	2022-10-24 14:17:37 +02:00
Asger F	bcfe4ece6f	Merge pull request #10918 from asgerf/rb/constant-compound-assignment ... Ruby: handle compound constant-assignment	2022-10-24 14:07:28 +02:00
Asger F	cac2e2e2e4	Merge pull request #10928 from asgerf/rb/assumed-global-const ... Ruby: assume some global constants are defined	2022-10-24 14:06:34 +02:00
Asger F	0ffb0f6d4d	Ruby: constant lookup is unaffected by blocks	2022-10-24 13:07:21 +02:00
erik-krogh	07d90b34df	use instanceof in DirPathAccess	2022-10-24 12:05:26 +02:00
Erik Krogh Kristensen	669b0c35fe	fix qldoc ... Co-authored-by: Nick Rolfe <nickrolfe@github.com>	2022-10-24 12:05:26 +02:00
erik-krogh	85cd7f9121	add model for Dir.glob and other Dir methods	2022-10-24 12:05:26 +02:00
Arthur Baars	ccaa12998d	Ruby: desugar compound constant-assignments	2022-10-22 01:11:35 +02:00
Nick Rolfe	9fb436e22b	Ruby: add change note for localTaintStep fix	2022-10-21 16:33:29 +01:00
Nick Rolfe	269c27757d	Ruby: include value-preserving flow in localTaintStep	2022-10-21 16:17:11 +01:00
Asger F	84ae17dcbb	Ruby: ensure Object is a transitive superclass	2022-10-21 15:18:59 +02:00
Arthur Baars	a56ed88db2	Merge pull request #10920 from github/post-release-prep/codeql-cli-2.11.2 ... Post-release preparation for codeql-cli-2.11.2	2022-10-21 11:58:12 +02:00
Tom Hvitved	4422327c00	Ruby: Call-context sensitivity for singleton method calls	2022-10-21 11:48:25 +02:00
Asger F	3fd2b9ad7b	Ruby: add a comment ... This would have saved me some time	2022-10-21 11:44:12 +02:00
Asger F	ee7970afcb	Ruby: treat String as a builtin	2022-10-21 11:44:11 +02:00
Asger F	db58e3357b	Ruby: allow speculative container qname resolution	2022-10-21 11:44:11 +02:00
github-actions[bot]	be7693283b	Post-release preparation for codeql-cli-2.11.2	2022-10-21 08:07:17 +00:00