Asger Feldthaus
6d84baf276
Ruby: Support self,block in Argument/Parameter tokens
2022-03-23 18:06:12 +01:00
Arthur Baars
06a99c3987
Ruby: fix location of setter-call argument
2022-03-23 12:55:52 +01:00
Asger F
228570129e
Merge branch 'main' into ruby/mad-prototype
2022-03-16 13:50:31 +01:00
Asger Feldthaus
2ca45ef9f9
Ruby: support BlockArgument in identifying access path
2022-03-16 12:51:14 +01:00
Asger Feldthaus
71f195d1e0
Ruby: add test for Receiver in summary
2022-03-16 12:37:21 +01:00
Asger Feldthaus
7f8205684e
Ruby: verify tokens in identifying access path
2022-03-15 10:25:59 +01:00
Asger Feldthaus
65249dabd3
Ruby: add warning for wrong number of columns in CSV row
2022-03-15 09:28:21 +01:00
Tom Hvitved
37f5db5baa
Ruby: Reduce captureFlow(In|Out)
...
When there is flow in/out of a block through a captured variable, we can restrict
the calls that give rise to the flow to the method calls to which the blocks
belong.
2022-03-10 10:21:51 +01:00
Tom Hvitved
1e1b2e284d
Ruby: Cleanup flow through self
2022-03-09 13:17:11 +01:00
Arthur Baars
200a965fda
Update expected output
2022-03-07 11:51:54 +01:00
Tom Hvitved
9c4c35141a
Ruby: Update type tracker test
2022-03-07 11:51:54 +01:00
Harry Maclean
37dac186a8
Ruby: String.try_convert isn't value-preserving
...
`String.try_convert` can convert arbitrary objects to strings, which
obviously isn't value-preserving.
2022-03-02 13:31:59 +13:00
Asger Feldthaus
df379809df
Ruby: support CSV rows of form ;any;Method[foo]
2022-03-01 14:08:21 +01:00
Asger Feldthaus
05ea33033b
Ruby: add test for API::EntryPoint
2022-03-01 14:08:21 +01:00
Asger Feldthaus
63e7c16d6b
Ruby: add test with sinks and type-defs
2022-03-01 14:08:20 +01:00
Asger Feldthaus
388949f12e
Ruby: support WithBlock and WithoutBlock
2022-03-01 14:08:20 +01:00
Asger Feldthaus
d6bc9c259e
Ruby: add simple test case
2022-03-01 14:08:20 +01:00
Harry Maclean
fc351fbd64
Ruby: Remove value-flow for name-matched summaries
...
String summaries that are identified by name only should not specify
value-preserving flow as this can cause spurious flow in cases where
they are applied to different but identically-named methods.
2022-02-24 16:15:15 +13:00
Harry Maclean
d180a55b3a
Ruby: Fix value/taint flow in String summaries
2022-02-22 16:41:16 +13:00
Harry Maclean
f07ae35b87
Ruby: Fix bug with String flow summaries
...
Split summaries for methods with optional block parmaters into separate
classes. Also model the `exclusive` argument to `String#upto`.
2022-02-22 16:41:16 +13:00
Harry Maclean
379de5581d
Ruby: Disable summaries that clash with Array
...
Some String methods are named identically to Array methods, and this
leads to overlapping flow summaries. These adversely affect the original
Array flow summaries.
2022-02-22 16:41:15 +13:00
Harry Maclean
fef46e1ee4
Ruby: Add flow summaries for String methods
2022-02-22 16:41:15 +13:00
Asger Feldthaus
e3605eed44
Ruby: update CSV rows to dot-separated syntax
2022-02-21 08:21:50 +01:00
Asger Feldthaus
6dbeb81f36
Ruby: use AccessPathSyntax.qll to parse input/output summary specs
2022-02-21 08:16:55 +01:00
Erik Krogh Kristensen
9739929795
convert the ruby ApiGraphs to use IPA labels
2022-02-10 17:54:19 +01:00
CodeQL CI
a57ee019c2
Merge pull request #7819 from asgerf/asgerf/ruby-def-nodes
...
Approved by hvitved
2022-02-10 12:37:34 +00:00
Tom Hvitved
0bd8411cb6
Ruby: Hide more SSA nodes from data-flow path explanations
2022-02-09 15:31:10 +01:00
Nick Rolfe
1eba8277ee
Merge pull request #7614 from github/nickrolfe/array_flow_summaries
...
Ruby: add more Array/Enumerable flow summaries
2022-02-09 09:57:59 +00:00
Asger Feldthaus
2b36703bfb
Ruby: add def= tags to API graph test
2022-02-08 10:20:25 +01:00
Nick Rolfe
45962f1cad
Ruby: make this unique for each method
...
Even when summaries are shared in a single class.
2022-02-04 17:03:55 +00:00
Nick Rolfe
7a9ddc28bf
Ruby: address some more feedback on array flow summaries
2022-02-04 16:33:27 +00:00
Nick Rolfe
ed00f2b0d2
Ruby: address some feedback on array flow summaries
2022-02-04 13:40:39 +00:00
Nick Rolfe
161d766ba9
Ruby: address review comments on array_flow.rb
2022-02-04 11:59:59 +00:00
Asger Feldthaus
87c62db781
Ruby: disable test line not currently working
2022-02-04 11:20:42 +01:00
Asger Feldthaus
5e350a0270
Ruby: Derive edge labels from {Argument,Parameter}Position
2022-02-04 11:20:42 +01:00
Asger Feldthaus
d2e381aa79
Ruby: more def-node tests
2022-02-04 11:20:41 +01:00
Asger Feldthaus
32e0f42969
Ruby: refactor Return(x) to Method(x).return
2022-02-04 11:20:39 +01:00
Asger Feldthaus
55b5f19b92
Ruby: Add def-nodes to API graphs
2022-02-04 11:06:35 +01:00
Asger Feldthaus
9c17a5ce99
Ruby: replace "instance" label with a call to new
2022-02-04 11:03:25 +01:00
Harry Maclean
ab7fd89653
Merge pull request #7663 from github/hmac/api-graph-subclass
...
Ruby: Add basic subclassing support to API Graphs
2022-02-04 10:19:07 +13:00
Harry Maclean
704b58519f
Ruby: Include subclasses in more API calls
...
Change the behaviour of `API::getInstance()` and `API::getReturn()` to
include results on subclasses of the current API node.
2022-02-03 11:35:59 +13:00
Nick Rolfe
8248a942ce
Ruby: enable taint checking for array-flow test
2022-01-28 11:33:59 +00:00
Nick Rolfe
693ff6a904
Ruby: add flow summaries for remaining Array methods
2022-01-28 11:33:59 +00:00
Nick Rolfe
030cfa36da
Ruby: add flow summaries for all remaining Enumerable methods
2022-01-28 11:33:59 +00:00
Harry Maclean
b01f81aab3
Use modified getAPath predicate for test
2022-01-28 19:45:52 +13:00
Arthur Baars
948ebe4b4c
Merge pull request #7568 from aibaars/ruby-pattern-matching-taint
...
Ruby: taint steps for pattern matches
2022-01-26 10:27:47 +01:00
Tom Hvitved
0299b4603f
Merge pull request #7677 from hvitved/ruby/constant-value
...
Ruby: Replace `getValueText` with `getConstantValue`
2022-01-25 10:31:02 +01:00
Harry Maclean
c5904b7410
Add inline tests for API Graph subclassing
2022-01-25 16:41:49 +13:00
Arthur Baars
0cef887683
Ruby: address comments
2022-01-24 11:27:26 +01:00
Arthur Baars
e9a01f9e8f
Ruby: fix test case
2022-01-24 10:31:08 +01:00
