hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 02:24:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,089 Commits 1,740 Branches 164 Tags
e82c21d35d551dcb0bfb392f1d00a1358002d56d
Commit Graph

307 Commits

Author SHA1 Message Date
Tom Hvitved
394c27a279 CFG: Allow erb top-level scopes 2021-08-17 10:46:15 +02:00
Tom Hvitved
c0049bf161 Merge pull request #229 from github/hvitved/api-graphs/remove-mk-module 
API graphs: Remove `MkModule`
 2021-08-09 13:10:17 +02:00
Tom Hvitved
ae837d9f7a API graphs: Remove restriction on top-level constants 2021-08-09 12:59:36 +02:00
Arthur Baars
e8f6cb65b8 Merge pull request #245 from github/aibaars/tweaks 
Move UseDetect.ql to experimental for now
 2021-08-04 16:05:06 +02:00
Arthur Baars
23f423ad66 Merge pull request #242 from github/regex_parsing_fixes 
Regex parsing fixes
 2021-08-04 16:04:54 +02:00
Arthur Baars
9ca0e81953 Move UseDetect to experimental for now 2021-08-04 15:52:48 +02:00
Tom Hvitved
8451286754 API graphs: Remove MkModule 2021-08-04 10:28:30 +02:00
Erik Krogh Kristensen
632ad518f0 enable unicode parsing in the ruby ReDoS query 2021-08-02 07:13:41 +00:00
Arthur Baars
00a0b93172 Add erb file 2021-07-29 19:09:56 +02:00
Nick Rolfe
3abe047cac Fix parsing of POSIX bracket expressions. 
The docs are misleading. [[:alpha:]] is actually a character class
*containing* a POSIX bracket expression, and that means you can have
expressions like [[:alpha:][:digit:]_?!]
 2021-07-29 17:24:51 +01:00
Arthur Baars
866ff7b1f6 Replace Generated module with Ruby 2021-07-27 18:43:44 +02:00
Tom Hvitved
42c06bfde4 Merge pull request #226 from github/hvitved/const-flow 
Data flow through constants
 2021-07-14 13:21:07 +02:00
Tom Hvitved
9463927409 Address review comments 2021-07-14 11:05:55 +02:00
Nick Rolfe
1fe5162b67 Stabilise node ordering for regexp parsing test 2021-07-13 16:18:21 +01:00
Tom Hvitved
23447e6d58 Reduce size of lookupMethodOrConst 2021-07-02 14:02:26 +02:00
Tom Hvitved
bf696df788 Data flow through constants 2021-07-02 14:02:26 +02:00
Tom Hvitved
3b6e5881c8 Update constants.rb test 2021-07-02 14:02:26 +02:00
Arthur Baars
5afd3c7846 Merge pull request #213 from github/aibaars/api-graphs2 
First version of ApiGraphs
 2021-07-02 13:58:00 +02:00
Tom Hvitved
330b33638e Address review comments 2021-07-02 10:41:10 +02:00
Tom Hvitved
52529d590b Model private methods and "main objects" 2021-07-02 10:41:06 +02:00
Tom Hvitved
9de4ed4d4d Add tests for private methods 2021-07-02 10:39:49 +02:00
Tom Hvitved
c3cff3e113 Expose call graph through Call::getATarget() 2021-07-01 16:40:45 +02:00
Nick Rolfe
d99b5510e5 Merge pull request #219 from github/regex 
Add regexp parser and exponential ReDoS query
 2021-06-30 17:23:29 +01:00
Alex Ford
3f76075fe6 improve some rails framework tests 2021-06-29 13:56:28 +01:00
Alex Ford
31cbf818ab fix rb/sql-injection FPs due to not accounting for overridden ActiveRecord methods 2021-06-29 13:54:15 +01:00
Nick Rolfe
ba7021086b Merge remote-tracking branch 'origin/main' into regex 2021-06-25 15:00:26 +01:00
Nick Rolfe
bee94757dd Add query test for ReDoS.ql, ported from JS 2021-06-25 12:51:35 +01:00
Nick Rolfe
6142029fdc Recognise \t as not escaping t 2021-06-25 12:46:25 +01:00
Nick Rolfe
a77e7761fd Make \h and \H character class escapes 2021-06-25 12:27:39 +01:00
Arthur Baars
efde1f86d9 Fix test case 2021-06-25 10:59:10 +02:00
Nick Rolfe
9ec503a3a5 Merge remote-tracking branch 'origin/main' into regex 2021-06-24 18:16:13 +01:00
Alex Ford
b27891b14e update ActiveRecord test output 2021-06-24 18:12:26 +01:00
Alex Ford
9883a9b606 update SqlInjection tests 2021-06-24 18:12:26 +01:00
Alex Ford
d62f4f5bd4 Address review comments 2021-06-24 18:12:26 +01:00
Alex Ford
7415503772 update ActiveRecord test output 2021-06-24 18:12:25 +01:00
Alex Ford
12e4c9ee90 update SqlInjection tests 2021-06-24 18:12:25 +01:00
Alex Ford
5386c776b3 Implement rb/sql-injection 2021-06-24 18:12:25 +01:00
Alex Ford
6e5665da8c Make ActiveRecord model flag more potentially dangerous SQL executions 2021-06-24 18:12:25 +01:00
Nick Rolfe
17a59ef824 Add basic test for regex parsing 2021-06-24 18:06:08 +01:00
Nick Rolfe
51b0ffdaf8 Fix printAst to support adding edges in AstDesugar test 2021-06-24 17:14:23 +01:00
Arthur Baars
6bed50a86b Rename predicate with snake cased name 2021-06-24 11:59:13 +02:00
Tom Hvitved
9438885776 Merge pull request #216 from github/hvitved/synthesis-location 
AST synthesis: Move location information into a separate predicate
 2021-06-23 16:50:17 +02:00
Alex Ford
5941eb2be4 model some ActionController user input sources (params) 2021-06-23 14:11:38 +01:00
Tom Hvitved
1dde5b8ef9 AST synthesis: Move location information into a separate predicate 2021-06-23 08:46:07 +02:00
Arthur Baars
f18e5030e0 Address comments by @tausbn 2021-06-22 17:25:34 +02:00
Alex Ford
dbf1805c8b Merge pull request #196 from github/active-record-1 
Start modelling some potential SQL fragment sinks in ActiveRecord
 2021-06-22 16:05:26 +01:00
Arthur Baars
f0c83288a7 Add test case for ApiGraph 2021-06-21 19:37:41 +02:00
Arthur Baars
4fa093048c Add inline expectations test framework 2021-06-21 19:37:41 +02:00
Nick Rolfe
65aa97c07c Use RegExp prefix instead of Regex, for consistency with other languages. 2021-06-18 15:56:19 +01:00
Alex Ford
214532516b try to avoid a future merge conflict 2021-06-17 14:41:51 +01:00