hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,671 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

271 Commits

Author SHA1 Message Date
Tony Torralba
c9d1cd97fb Ruby: Remove omittable exists variables 2023-01-10 13:39:49 +01:00
Erik Krogh Kristensen
5157d4df7b Merge pull request #11581 from erik-krogh/stdin 
Rb: add stdin as source for unsafe-deserialization
 2023-01-09 13:57:47 +01:00
erik-krogh
1a27441cfb drive-by: delete code-execution sinks from unsafe-deserialization, we risked duplicate alerts 2023-01-06 09:04:36 +01:00
Harry Maclean
4d228bcddf Ruby: Recognise more string-valued variables 
This increases the sensitivity of our barrier guards.
 2023-01-04 11:45:10 +13:00
Harry Maclean
9944252c43 Ruby: Add test for barrier guards 
This demonstrates that we are missing a guard when a case branch
compares against a string-valued variable rather than a string literal.
 2023-01-04 11:45:10 +13:00
Harry Maclean
698a679c78 Ruby: add test 2023-01-04 11:45:10 +13:00
Harry Maclean
0fbb6bf608 Ruby: Make array inclusion barrier more sensitive 2023-01-04 11:45:09 +13:00
Erik Krogh Kristensen
79a2b6d0b0 use any() instead of this = this 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-01-02 10:49:54 +01:00
erik-krogh
99dc0a8356 fix binding 2023-01-02 10:30:28 +01:00
Harry Maclean
b70ca77afc Merge pull request #10899 from hmac/flow-summary-docs 
Ruby: Document flow summary syntax
 2022-12-28 10:47:38 +13:00
Tom Hvitved
bfc257147c Ruby: Fix bug in call-sensitivity logic for initialize calls 2022-12-16 11:17:15 +01:00
Tom Hvitved
5d9c64ba6f Ruby: Model flow through initialize constructors 2022-12-14 12:57:39 +01:00
Tom Hvitved
9a7628c988 Ruby: Add data flow tests for constructors 2022-12-14 12:57:39 +01:00
Peter Stöckli
d2c8e70be1 Adjust expected file for TaintStep (due to changes to File.join) 2022-12-09 09:57:19 +01:00
Arthur Baars
d862972d5e Ruby: Add use-use stress test 2022-12-07 15:28:51 +01:00
Arthur Baars
f11f2cb1a0 Ruby: Update tests 2022-12-07 15:28:50 +01:00
Tom Hvitved
b171dc9b7b Merge pull request #11477 from hvitved/ruby/call-ctx-rewrite 
Ruby: Rework call-context sensitivity logic
 2022-12-06 07:39:29 +01:00
Asger F
2d578c1a73 Merge branch 'main' into merge-package-type-columns 2022-12-02 10:00:44 +01:00
Harry Maclean
91421528df Ruby: Update test 2022-12-01 09:01:03 +13:00
Tom Hvitved
bfbe5bdfb8 Ruby: Add data flow test that illustrates spurious flow 2022-11-30 11:01:32 +01:00
Harry Maclean
1bd2dd0a6e Ruby: update test fixture 2022-11-30 13:17:46 +13:00
Harry Maclean
375403fb9d Merge pull request #11114 from hmac/case-barrier-guard-3 
Ruby: Add case string comparison barrier guard
 2022-11-30 11:21:07 +13:00
erik-krogh
0c2ff98dc2 add flow from the first splat argument to the first splat parameter 2022-11-28 09:54:05 +01:00
erik-krogh
d5725255fe add failing test for splat parameter flow 2022-11-28 09:53:03 +01:00
Harry Maclean
f49507e59a Ruby: Add note about WithElement usage 2022-11-25 16:55:37 +13:00
Harry Maclean
df398fb9a0 Ruby: Add more flow summary tests 2022-11-25 16:55:37 +13:00
Harry Maclean
fe13ac188f Ruby: US spelling 2022-11-25 16:55:37 +13:00
Harry Maclean
0b065001a8 Ruby: Add tests for flow summary behaviour 
These test cases are a companion to the flow summary docs, and ensure
that the documentated behaviour matches reality.
 2022-11-25 16:55:37 +13:00
Harry Maclean
43f2713925 Ruby: Update test fixture 2022-11-25 16:55:37 +13:00
Harry Maclean
0a4a8516eb Ruby: simplify Hash#transform_keys! flow summary 2022-11-25 16:55:36 +13:00
Asger F
22316ee4fe Ruby: merge package/type columns 2022-11-23 11:17:42 +01:00
Tom Hvitved
f24fa402f3 Adjust CFG 2022-11-17 10:32:28 +01:00
Tom Hvitved
67b6a82cf1 Merge pull request #11198 from hvitved/ssa/expose-phi-reads 
SSA: Expose phi-read nodes
 2022-11-16 15:11:58 +01:00
Erik Krogh Kristensen
7d4ea47611 Merge pull request #10855 from erik-krogh/formatTaint 
Ruby: taint-steps for printf calls - and add a `AdditionalTaintStep` class
 2022-11-16 12:08:45 +01:00
Tom Hvitved
32f60fd112 Ruby: Add more local flow tests for use-use flow 2022-11-15 11:45:31 +01:00
Harry Maclean
2b4217b8a4 Ruby: Update test fixture 2022-11-11 18:41:55 +13:00
Harry Maclean
62ea1f0a05 Ruby: Fix performance of string comparison guard 
The `or` case ran extremely slowly before this change. Also exclude
string interpolations from consideration, for correctness, and add some
more tests.
 2022-11-11 18:24:20 +13:00
Harry Maclean
e25e192ef3 Ruby: Change the CFG for while clauses 
The `when` node now acts as a join point for patterns in the when
clause, with match/no-match completions. This is similar to how `or`
expressions work.

The result of this is that the `when` clause "controls" the body of the
`when`, which allows us to model barrier guards for multi-pattern when
clauses.

For this code

case x
when 1, 2
  y
end

The old CFG was

x --> when --> 1 --no-match--> 2 ---no-match---> case
                \               \                  ^
                  \               \                |
                   \                --match----+   |
                     \                         |   |
                       \                       |   |
                         ------match---------> y --+

The new CFG is

x --> 1 --no-match--> 2 --no-match--> [no-match] when --no-match--> case
       \               \                                             ^
         \               \                                           |
           \               --match--> [match] when --match--> y -----+
             \                       /
               \                   /
                 -------match-----

i.e. all patterns flow to the `when` node, which is split based on
whether the pattern matched or not. The body of the when clause then has
a single predecessor `[match] when`, which acts as condition block that
controls `y`.
 2022-11-11 11:52:27 +13:00
Tom Hvitved
e18442069b Ruby: Fix SSA entry definitions for self in top-level 2022-11-10 15:08:17 +01:00
Harry Maclean
a8b0d298ff Ruby: More string comparison guards 
Recognise if statements with conditionals made up or logical `and` or
`or` clauses as barrier guards.
 2022-11-10 16:38:09 +13:00
Nick Rolfe
c8c53cb424 Merge remote-tracking branch 'origin/main' into nickrolfe/active_support_flow_summaries 2022-11-09 17:02:05 +00:00
Asger F
859dc7beb7 Merge pull request #11024 from asgerf/rb/data-flow-layer-capture2 
Ruby: expand DataFlow API
 2022-11-09 15:06:03 +01:00
Nick Rolfe
97e939ae2b Ruby: refine summaries for Hash#reverse_merge etc. 
- revert the changes to the taint summaries specific to ActionController
  params
- make the general flow summaries value-preserving and use
  WithElement[any]
 2022-11-09 11:56:07 +00:00
Harry Maclean
ad7b5ae7ed Ruby: Add inline barrier guard test 2022-11-09 16:35:28 +13:00
Harry Maclean
f1b63c4df3 Ruby: Fix in clause barrier guard 2022-11-09 16:10:17 +13:00
Harry Maclean
0ab88c2e29 Ruby: Handle simple in clauses in barrier guard 2022-11-09 16:01:33 +13:00
Harry Maclean
87944a3a75 Ruby: Add test for another case guard variant 2022-11-09 15:05:03 +13:00
Harry Maclean
4bc9096446 Ruby: Add case string comparison barrier guard 
This recognises barriers of the form

    STRINGS = ["foo", "bar"]

    case foo
    when "some string literal"
      foo
    when *["other", "strings"]
      foo
    when *STRINGS
      foo
    end

where the reads of `foo` inside each `when` are guarded by the comparison
of `foo` with the string literals.

We don't yet recognise this construct:

    case foo
    when "foo", "bar"
      foo
    end

This is due to a limitation in the shared barrier guard logic.
 2022-11-09 15:03:13 +13:00
Asger F
43769ad464 Ruby: update test output 2022-11-08 19:20:57 +01:00
Asger F
271de66f01 Ruby: rename getConst -> getConstant 2022-11-08 16:41:04 +01:00