hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-07 02:31:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,308 Commits 1,691 Branches 160 Tags
e19e28fbb9c8efe71012c95e925293f0cfa67e71
Commit Graph

2182 Commits

Author SHA1 Message Date
Alex Ford
774030a8db Merge pull request #12083 from pwntester/ruby_twirp_support 
[Ruby] Add support for Twirp framework
 2023-02-20 13:16:52 +00:00
Harry Maclean
4e07fd3eb1 Ruby: Model ApplicationController.renderer 2023-02-19 13:37:27 +13:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
github-actions[bot]
b0315119c6 Release preparation for version 2.12.3 2023-02-16 11:49:06 +00:00
Alex Ford
74782bf6a2 Merge branch 'main' into ruby_twirp_support 2023-02-15 17:15:08 +00:00
Rasmus Wriedt Larsen
c72dbc49fc Merge pull request #12165 from RasmusWL/crypto-updates 
Python/Ruby/JS Crypto: Add a few algorithms + block modes
 2023-02-15 14:35:40 +01:00
Alvaro Muñoz
4644a88b89 address code review comments 2023-02-14 14:27:17 +01:00
Tom Hvitved
2113c3c3d9 Ruby: Remove NumberUtils.qll 2023-02-13 15:59:50 +01:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Arthur Baars
457a2bb2a2 Merge pull request #12093 from aibaars/oneline-match 
Ruby: add support for one-line pattern matches
 2023-02-13 12:38:28 +01:00
Erik Krogh Kristensen
2f404df17c Merge pull request #10782 from erik-krogh/rbPoly 
Ruby: add library input as a source for `rb/polynomial-redos`
 2023-02-13 12:26:07 +01:00
Erik Krogh Kristensen
26d5fb2412 Merge pull request #11824 from erik-krogh/secondMissAnchor 
RB: add query detecting validators that use badly anchored regular expressions on library/remote input
 2023-02-13 11:26:05 +01:00
erik-krogh
634087b417 Merge branch 'main' into rbPoly 2023-02-13 10:46:00 +01:00
Rasmus Wriedt Larsen
5235964b07 sync files 2023-02-13 10:44:12 +01:00
Tom Hvitved
f7a5a33474 Address review comment 2023-02-13 09:01:15 +01:00
Arthur Baars
679f02c274 Address comments 2023-02-10 18:08:30 +01:00
Arthur Baars
07947e6528 Address comments 2023-02-09 12:02:14 +01:00
Arthur Baars
78ad9d67b4 Address comments 2023-02-08 13:40:46 +01:00
Tom Hvitved
8e8897b08b Data flow: Sync files 2023-02-07 15:15:04 +01:00
Tom Hvitved
10534b62c9 Data flow: Call context virtual dispatch pruning in stage 1 2023-02-07 15:14:27 +01:00
Tom Hvitved
984729f9b0 Merge pull request #12117 from hvitved/ruby/delay-location-to-string 
Ruby: Avoid computing `Location::toString` in full
 2023-02-07 12:42:03 +01:00
Alvaro Muñoz
642a138eaa Update Twirp.qll 2023-02-07 10:44:48 +01:00
Tom Hvitved
c0e3186607 Ruby: Avoid computing Location::toString in full 2023-02-07 10:06:47 +01:00
Mathias Vorreiter Pedersen
00fe448e3a Merge pull request #12072 from aschackmull/dataflow/stage3-perf 
Dataflow: Fix join in `fwdFlowRead` (take 2)
 2023-02-06 10:43:11 +00:00
Arthur Baars
e382d6d000 Ruby: update stats 2023-02-06 10:28:19 +01:00
Arthur Baars
ec46f33a01 Ruby: add change note 2023-02-06 10:17:19 +01:00
Arthur Baars
4af0c4bb03 Ruby: desugar one-line pattern matches 2023-02-06 10:17:19 +01:00
Arthur Baars
edbba85b96 Ruby: add one-line pattern matches to AST 2023-02-06 10:17:18 +01:00
Arthur Baars
e390ca50b0 Ruby: upgrade/downgrade scripts 2023-02-06 10:17:18 +01:00
Arthur Baars
90c51ef404 Ruby: re-generate dbscheme and library 2023-02-06 10:17:18 +01:00
Alvaro Muñoz
3a9d650cb9 add qldocs for member predicates 2023-02-03 10:09:16 +01:00
Alvaro Muñoz
dd31be43e0 Support for Twirp framework 2023-02-03 09:35:22 +01:00
github-actions[bot]
faf21f3edb Post-release preparation for codeql-cli-2.12.2 2023-02-02 23:01:04 +00:00
Anders Schack-Mulligen
67d4ed53b9 Dataflow: Sync. 2023-02-02 16:33:00 +01:00
Jeroen Ketema
3cf5107b45 Apply suggestions from code review 2023-02-02 15:48:29 +01:00
github-actions[bot]
a4fa984792 Release preparation for version 2.12.2 2023-02-02 14:34:55 +00:00
Harry Maclean
da45d3aa7f Ruby: Fix string comparison barrier guard 
`strNode` was not properly restricted for some cases.
 2023-02-01 14:40:53 +13:00
Harry Maclean
0d68d88741 Merge pull request #11934 from hmac/actioncontroller-filters 2023-02-01 09:10:30 +13:00
Harry Maclean
69ed00cdf1 Ruby: QL4QL fix 2023-01-31 11:06:32 +13:00
erik-krogh
e01002368f add query detecting validators that use badly anchored regular expressions on library/remote input 2023-01-30 16:34:20 +01:00
erik-krogh
f04a9cb523 Merge branch 'main' into rbRegConcept 2023-01-30 11:05:40 +01:00
Harry Maclean
f7cdd430a2 Ruby: Small fix 2023-01-30 21:55:19 +13:00
Harry Maclean
7778524e08 Ruby: Refactor 2023-01-30 21:52:59 +13:00
Harry Maclean
5e9210fcea Ruby: use getAnAncestor 2023-01-30 21:21:38 +13:00
Harry Maclean
708e303c01 Ruby: Model except: with a const argument 2023-01-30 21:17:31 +13:00
Harry Maclean
28716866d8 Ruby: getAction -> getAnAction 2023-01-30 18:52:47 +13:00
Harry Maclean
246ad46eb1 Ruby: Account for filter skip ordering 
A `skip_*_filter :foo` call only has an effect if there was an earlier
call that registered `:foo` as a filter.
 2023-01-30 18:50:30 +13:00
Harry Maclean
a164e76a5d Ruby: Model actioncontroller filter overrides 
If a filter is registered twice with the same name, the last
registration wins.
 2023-01-30 18:05:22 +13:00
Harry Maclean
28c3bd3e2f Ruby: QL4QL fix 2023-01-30 17:41:36 +13:00
Harry Maclean
fb86ef4aac Ruby: Model ActionController filters 
ActionController filters provide a way to register callbacks that run
before, after or around an action (i.e. HTTP request handler). They run
in the same class context as the action, so can get/set instance
variables and generally interact with the action in arbitrary ways.

In order to track flow between filters and actions, we have to model the
callback chain. This commit does that. A later change will add dataflow
steps to actually track flow through the chain.
 2023-01-30 17:41:36 +13:00