hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-29 03:38:17 +02:00
Code Issues Packages Projects Releases Wiki Activity
44,783 Commits 1,723 Branches 164 Tags
dfdfd39bccfd6c72f934aa951fa0b0944df90de3
Commit Graph

116 Commits

Author SHA1 Message Date
Nick Rolfe
a6674a5313 Ruby: fix uses of deprecated class name 2022-10-07 13:17:05 +01:00
Harry Maclean
75cb0efecb Merge pull request #10538 from hmac/hmac/actioncontroller-parameters 
Ruby: Model flow through ActionController::Parameters
 2022-10-07 22:21:40 +13:00
Asger F
8b7ec20573 Merge branch 'main' into rb/summarize-more 2022-10-05 09:43:52 +02:00
Arthur Baars
c1c16e44ee Merge pull request #10559 from aibaars/cve-2019-3881 
Ruby: some improvements
 2022-10-04 21:24:14 +02:00
Nick Rolfe
227100d883 Ruby: make old class names available as deprecated aliases 2022-10-04 16:11:43 +01:00
Arthur Baars
e95b5468d9 Ruby: use Dataflow for Pathname instead of TypeTracking 2022-10-04 12:58:49 +02:00
Nick Rolfe
a738f1d5cf Ruby: remove public abstract classes for Action{View,Controller} 2022-10-04 10:53:41 +01:00
Asger F
6e7aea85ef Ruby: update benign test output 
API graph tests only report the shortest path, and a new shortest path has appeared, but the old path is still there, so this is not a regression.
 2022-10-04 11:14:31 +02:00
Harry Maclean
42a97b26bb Merge pull request #10316 from hmac/hmac/actionview 
Ruby: Model ActionView
 2022-10-04 08:16:16 +13:00
Harry Maclean
a5998fbe4d Ruby: Model ActionController::Parameters 
Add flow summaries for methods on ActionController::Parameters,
which mostly propagate taint from receiver to return value.
 2022-10-03 09:45:59 +13:00
Harry Maclean
4a39bc8f47 Merge pull request #10598 from hmac/hmac/actioncontroller-metal 
Ruby: Identify ActionController::Metal controllers
 2022-09-30 13:07:03 +13:00
Harry Maclean
4217a50900 Treat ActiveRecord.create as a model instantiation 2022-09-29 09:24:42 +13:00
Harry Maclean
424f31a24a Add test for AR Model.create instantiations 
These currently aren't recognised.
 2022-09-29 09:24:42 +13:00
Harry Maclean
63309150e0 Make some space 2022-09-29 09:24:37 +13:00
Harry Maclean
e7d19e849f Merge pull request #10090 from hmac/hmac/activestorage 
Ruby: Model Activestorage
 2022-09-29 09:16:25 +13:00
Harry Maclean
28a23209a5 Ruby: Identify ActionController::Metal controllers 
Subclasses of `ActionController::Metal` are stripped-down controllers.
We want to recognise them as ActionController controllers.
There are some common ActionController methods that are not available in
Metal, but these are not likely to be used anyway as they would throw an
exception, so I don't think there's much harm in including them in the
modelling.
 2022-09-28 07:10:09 +13:00
Harry Maclean
49572a5218 Remove redundant import 2022-09-27 10:35:39 +13:00
Harry Maclean
3beed54e35 Ruby: Fix imports in test 2022-09-27 10:09:26 +13:00
Harry Maclean
dea5036912 Ruby: Update for Http concept changes 2022-09-27 10:03:17 +13:00
Harry Maclean
fa20a476a6 Add test code 2022-09-26 20:56:11 +13:00
Harry Maclean
9f234e9f5a Ruby: Merge duplicate tests 2022-09-26 20:56:11 +13:00
Harry Maclean
1d693d336f Ruby: Model javascript_include_tag and friends 2022-09-26 20:56:09 +13:00
Harry Maclean
35a05f6dea Ruby: Add summaries for ActiveSupport::SafeBuffer 2022-09-26 20:55:05 +13:00
Harry Maclean
ed0c85e3af Ruby: Model ActionView helper XSS sinks 2022-09-26 20:55:04 +13:00
Tom Hvitved
a9f2e5272f Merge pull request #10376 from hvitved/ruby/no-ast-by-default 
Ruby: Do not expose AST layer through `ruby.qll`
 2022-09-21 13:15:30 +02:00
Harry Maclean
d5ef853343 Ruby: Remove ActiveStorage entry points 2022-09-20 15:55:35 +01:00
Harry Maclean
ba5cd08a09 Update ActionController fixture 2022-09-20 15:55:35 +01:00
Harry Maclean
53a34174b9 Model ActiveStorage 2022-09-20 15:55:34 +01:00
Nick Rolfe
30b54b2abe Merge pull request #10450 from github/nickrolfe/filesystemresolver 
Ruby: model ActionView::FileSystemResolver as a FileSystemAccess
 2022-09-20 14:21:28 +01:00
Nick Rolfe
b5d648a6b0 Ruby: model ActionView::FileSystemResolver as a FileSystemAccess 2022-09-16 09:24:14 +01:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00
Harry Maclean
6fff02817d Ruby: Fix bug in disablesCertificateValidation 2022-09-02 13:15:02 +12:00
Harry Maclean
570a03a08f Ruby: Test disablesCertificateValidation 2022-09-02 13:00:29 +12:00
Harry Maclean
aa6edb0edb Ruby: Model ActiveResource 2022-08-29 14:24:37 +12:00
Harry Maclean
7ef6ffbc54 Ruby: Recognise Rails render calls as HTTP responses 2022-08-16 14:03:26 +12:00
Harry Maclean
22d7b046ab Ruby: Fix << 2022-08-09 15:08:17 +12:00
Harry Maclean
e3115b5ed7 Ruby: Add test for other= 2022-08-09 15:08:17 +12:00
Harry Maclean
831f722402 Ruby: Make room for new test 2022-08-09 15:08:17 +12:00
Harry Maclean
dc853d9728 Ruby: Model ActiveRecord associations 2022-08-09 15:08:17 +12:00
Harry Maclean
74d529d3e3 Merge pull request #9918 from hmac/hmac/mime-type-match 
Ruby: Model Mime::Type
 2022-08-05 11:51:45 +12:00
Harry Maclean
83393dc195 Ruby: Recognise more AR write accesses 
This change means we recognise calls like

```rb
User.create(params)
User.update(id, params)
```

as instances of `PersistentWriteAccess`.
 2022-08-04 17:22:46 +12:00
Harry Maclean
d4f7f2b75e Ruby: Add test for AR PersistentWriteAccesses 2022-08-04 17:22:46 +12:00
Harry Maclean
7ed81db32d Ruby: Move ActiveRecord tests to new directory 2022-08-04 17:22:46 +12:00
Harry Maclean
f42d33312f Ruby: Model Mime::Type 
Add type summaries to recognise instances of Mime::Type, and recognise
arguments to Mime::Type.match? and Mime::Type.=~ as regular expression
interpretations.
 2022-07-29 11:41:48 +12:00
Harry Maclean
c29eb814b2 Ruby: Reorganise ActionDispatch framework 
Put routing modelling inside a Routing module.
 2022-07-29 10:44:36 +12:00
Harry Maclean
681e58c8e0 Merge pull request #9850 from hmac/hmac/arel 
Ruby: Model Arel.sql
 2022-07-25 12:09:18 +12:00
thiggy1342
6bc2fe513d Merge branch 'main' into add-activerecord-annotate 2022-07-19 10:29:24 -04:00
Harry Maclean
7b8603c89b Ruby: Model Arel.sql 2022-07-19 11:27:15 +12:00
Nick Rolfe
eebba36b18 Merge pull request #9708 from github/nickrolfe/pathname 
Ruby: model the standard library's `Pathname` class
 2022-07-18 11:29:30 +01:00