hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,288 Commits 1,673 Branches 157 Tags
dd1dbdf4ec9e7682d91c3478ca883cd461cf4da7
Commit Graph

4184 Commits

Author SHA1 Message Date
Tom Hvitved
914a605a87 Ruby: Rework hidden synthetic data-flow nodes 2024-02-27 15:33:58 +01:00
Tom Hvitved
994d990f37 Ruby: Add another data flow test 2024-02-27 15:33:58 +01:00
Joe Farebrother
3ab6f222d0 Merge pull request #15718 from joefarebrother/ruby-arel-sqlliteral 
Ruby: Model Arel::Nodes::SqlLiteral.new
 2024-02-27 12:43:47 +00:00
Tom Hvitved
bbeee8f38d Merge pull request #15717 from hvitved/csharp/view-cfg 
Shared `View CFG` implementation
 2024-02-27 09:13:18 +01:00
Joe Farebrother
cb733dcf85 Simplify model defenition 2024-02-26 14:59:03 +00:00
Cornelius Riemenschneider
4bb725cbf5 Merge pull request #15656 from github/criemen/ruby-bazel 
Ruby: Start building the language pack using bazel.
 2024-02-26 15:52:28 +01:00
Harry Maclean
8212f5de1b Ruby: Update test 2024-02-26 13:10:27 +00:00
Harry Maclean
b86643fab2 Ruby: doc fixes 2024-02-26 12:57:21 +00:00
Harry Maclean
8a670fe9a2 Ruby: formatting 2024-02-26 12:26:04 +00:00
amammad
32f5667bb6 revert YAML.qll and yaml sinks to previous PR, make a separate experimental query only for yaml 2024-02-26 12:12:03 +00:00
amammad
c582ea626d update expected test file 2024-02-26 12:10:04 +00:00
amammad
1c1a6f13df fix QLDoc style 2024-02-26 12:05:35 +00:00
amammad
9c5c8c8362 fix test file 2024-02-26 12:05:35 +00:00
amammad
464e2e4291 fix qldoc and test files 2024-02-26 12:04:52 +00:00
amammad
18fa91bde4 add transform method that is an alias for to_ruby 2024-02-26 11:59:41 +00:00
amammad
a75a004942 add more additional steps, change parse* sinks to reciever of them 2024-02-26 11:59:41 +00:00
amammad
474a4f8abd thanks @asgerf for informing me that Successor wants to be deprecated and thank him that providing the solution 2024-02-26 11:59:41 +00:00
amammad
1410574f76 make seperate steps for YAML.parse* and use getAsuccessor*() to reach final to_ruby method call, All parts have Rewritten with API graphs exclusively 2024-02-26 11:59:35 +00:00
Cornelius Riemenschneider
1657b314c1 Re-pin ruby extractor deps. 2024-02-26 11:21:23 +00:00
Cornelius Riemenschneider
688b9955a0 Address review, start accomodating bzlmod. 2024-02-26 11:21:23 +00:00
Cornelius Riemenschneider
fd85c44129 Ruby: Start building the language pack using bazel. 
This PR introduces a bazel and `rules_rust`-based build system
for the ruby extractor and language pack.
This replacese the existing, `cargo` and `cross`-based build system.

For local development, nothing changes, and the existing `cargo`-based
build still keeps working as-is.

We no longer need to use `cross` to compile our Linux binaries,
as we now can link against our hermetic C++ toolchain, which ships
with an old enough glibc, so that we don't run into symbol version issues
when deploying the binaries to older systems.
Besides the one change in dependency (explained in detail in `Cargo.toml`
and in https://github.com/github/codeql/pull/15595), nothing ought to
change in how we build the extractor.
 2024-02-26 11:21:22 +00:00
Joe Farebrother
386defc3c7 Update test output 2024-02-26 11:21:03 +00:00
Joe Farebrother
fb06e9f6b2 Merge pull request #15719 from joefarebrother/ruby-changenote-formatting 
Ruby: Fix change note formatting
 2024-02-26 11:12:01 +00:00
Tom Hvitved
5b6e76c030 Move View CFG implementation from Ruby/Swift into shared library 2024-02-26 11:23:49 +01:00
Joe Farebrother
403a1ac483 Fix change note formatting 2024-02-26 10:21:26 +00:00
Joe Farebrother
2257df5c6f Model Arel::Nodes::SqlLiteral.new 2024-02-26 10:09:33 +00:00
Tom Hvitved
03a125de38 Merge pull request #15562 from Marcono1234/patch-2 
Ruby: Fix formatting in changelog
 2024-02-26 10:03:29 +01:00
Tom Hvitved
2683e40038 Merge pull request #15708 from hvitved/share-ide-contextual 
Share `getFileBySourceArchiveName` implementation
 2024-02-23 19:56:33 +01:00
Tom Hvitved
62b16c0fa3 Share getFileBySourceArchiveName implementation 2024-02-23 11:25:49 +01:00
Tom Hvitved
94113521d1 Merge pull request #15689 from hvitved/ruby/no-field-branch-limit-summarized-callable 
Ruby: No `fieldFlowBranchLimit` for `SummarizedCallable`s
 2024-02-23 10:47:22 +01:00
Harry Maclean
fbc689227d Merge pull request #15604 from p-/p--rails-more-request-sources 
Ruby: add additional sources on the request object of Rails
 2024-02-22 16:35:59 +00:00
Joe Farebrother
67e8f17c4c Merge pull request #15619 from joefarebrother/ruby-activerecord-connection 
Ruby: Add additional sql sinks for ActiveRecord connection methods
 2024-02-22 14:02:31 +00:00
Joe Farebrother
1f409b0456 Merge pull request #15671 from joefarebrother/ruby-activerecord-extra-args 
Ruby: Consider additional arguments to certain `ActiveRecord` methods as sql injection sinks.
 2024-02-22 14:01:56 +00:00
Joe Farebrother
92bdd637a3 Address reveiw comment - add create nd remove select_insert 2024-02-22 09:55:46 +00:00
Tom Hvitved
ebee35b385 Ruby: No fieldFlowBranchLimit for SummarizedCallables 2024-02-22 10:27:25 +01:00
Tom Hvitved
23869fc8e6 Ruby: Fix bug in allowParameterReturnInSelf 2024-02-22 09:43:52 +01:00
Tom Hvitved
007d08ea63 Ruby: Add another variable capture test 2024-02-22 09:39:01 +01:00
github-actions[bot]
37f8fa3413 Post-release preparation for codeql-cli-2.16.3 2024-02-20 16:50:47 +00:00
Joe Farebrother
10da4d14d9 Add addtional arguments as sinks to certain methods 2024-02-20 16:35:29 +00:00
github-actions[bot]
6d061fbc35 Release preparation for version 2.16.3 2024-02-20 14:26:23 +00:00
Joe Farebrother
e36b9f4d3c Add tests and change note 2024-02-15 15:26:20 +00:00
Harry Maclean
a9abba5859 Merge pull request #15520 from hmac/hmac-erb-raw-output-directive 
Ruby: Recognise raw Erb output as XSS sink
 2024-02-15 08:05:16 +00:00
Joe Farebrother
37eb81097f Add additional sinks for connection methods 2024-02-14 22:42:03 +00:00
Peter Stöckli
2f7b946c9f Ruby: add sources on request object of Rails 2024-02-13 15:52:18 +01:00
Harry Maclean
6cc5c09769 Ruby: Simplify ErbOutputDirective 2024-02-13 08:38:16 +00:00
Harry Maclean
11040d628b Ruby: Add changenote 2024-02-13 08:38:15 +00:00
Harry Maclean
3d9f9afa77 Merge pull request #15566 from hmac/hmac-actioncontroller-regex 
Ruby: Fix ActionController path regex
 2024-02-12 14:14:57 +00:00
Harry Maclean
99497e5f3c Merge pull request #15521 from hmac/hmac-ar-connection 
Ruby: Recognise more ActiveRecord connections
 2024-02-12 14:06:50 +00:00
Harry Maclean
5af58d24e0 Ruby: Recognise raw Erb output as XSS sink 2024-02-12 13:28:44 +00:00
Marcono1234
d814decc17 Ruby: Fix formatting in changelog 2024-02-10 00:23:57 +01:00