hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

765 Commits

Author SHA1 Message Date
Tom Hvitved
fea1e47daa Ruby: Add data-flow test for spurious flow through a reverse store 2022-09-27 20:05:35 +02:00
Asger F
52b6dd5bec Ruby: update test expectation 2022-09-27 14:41:59 +02:00
Harry Maclean
49572a5218 Remove redundant import 2022-09-27 10:35:39 +13:00
Harry Maclean
5cdaae7378 Update tests 2022-09-27 10:29:04 +13:00
Harry Maclean
4df7fd248e Ruby: Ensure explicit modifiers take priority 
In Ruby, "explicit" visibility modifiers override "implicit" ones. For
example, in the following:

```rb
class C

  private

  def m1
  end

  public m2
  end

  def m3
  end
  public :m3
end
```

`m1` is private whereas `m2` and `m3` are public.
 2022-09-27 10:28:23 +13:00
Harry Maclean
bda4cfbe5d Ruby: Update test 2022-09-27 10:22:53 +13:00
Harry Maclean
5e9196e51c Ruby: Add test for protected methods 2022-09-27 10:21:04 +13:00
Harry Maclean
494fb4c966 Ruby: Make room for new test cases 2022-09-27 10:18:43 +13:00
Harry Maclean
1d728b234f Ruby: Add test for protected method visibility 2022-09-27 10:16:09 +13:00
Harry Maclean
c5f36613da Ruby: Refactor method visibility modeling 2022-09-27 10:13:21 +13:00
Harry Maclean
3beed54e35 Ruby: Fix imports in test 2022-09-27 10:09:26 +13:00
Harry Maclean
dea5036912 Ruby: Update for Http concept changes 2022-09-27 10:03:17 +13:00
Tom Hvitved
88baf0883a Merge pull request #10358 from hvitved/ruby/dataflow/call-ctx 
Ruby: Context sensitive instance method resolution
 2022-09-26 19:55:10 +02:00
Tom Hvitved
257bcefaf9 Merge pull request #10548 from hvitved/ruby/call-graph-tests 
Ruby: Add call graph tests for unsupported constructs
 2022-09-26 10:47:23 +02:00
Harry Maclean
fa20a476a6 Add test code 2022-09-26 20:56:11 +13:00
Harry Maclean
9f234e9f5a Ruby: Merge duplicate tests 2022-09-26 20:56:11 +13:00
Harry Maclean
1d693d336f Ruby: Model javascript_include_tag and friends 2022-09-26 20:56:09 +13:00
Harry Maclean
35a05f6dea Ruby: Add summaries for ActiveSupport::SafeBuffer 2022-09-26 20:55:05 +13:00
Harry Maclean
ed0c85e3af Ruby: Model ActionView helper XSS sinks 2022-09-26 20:55:04 +13:00
Tom Hvitved
fa6da788dc Ruby: Add call graph test for unsupported constructs 2022-09-23 10:24:43 +02:00
Tom Hvitved
9937ae8ef9 Ruby: Call sensitive instance method resolution 2022-09-22 16:22:31 +02:00
Tom Hvitved
64978b0138 Ruby: Add data-flow test that demonstrates spurious flow 2022-09-22 15:18:42 +02:00
Alex Ford
140458b7cc Merge pull request #9932 from alexrford/ruby/rbi-typegraph-fixes 
Ruby: RBI library changes to support models-as-data model generation
 2022-09-22 13:55:33 +01:00
Tom Hvitved
f0f4fe7286 Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update 
Ruby: Add post-update nodes for compound arguments
 2022-09-22 13:18:51 +02:00
Tom Hvitved
ac594842c8 Merge pull request #10504 from hvitved/ruby/private-methods 
Ruby: Two fixes for `private` methods
 2022-09-22 11:54:28 +02:00
Tom Hvitved
61e9c6f658 Ruby: Fix call graph for overridden private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
e7649fc61a Ruby: Fix ModuleBase::get(A)Method for private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
37a2b7d0b3 Ruby: Add more call graph tests for private methods 2022-09-21 14:00:17 +02:00
Tom Hvitved
a9f2e5272f Merge pull request #10376 from hvitved/ruby/no-ast-by-default 
Ruby: Do not expose AST layer through `ruby.qll`
 2022-09-21 13:15:30 +02:00
Tom Hvitved
59caa977d0 Ruby: Add post-update nodes for compound arguments 2022-09-21 11:02:24 +02:00
Tom Hvitved
1f4573cf25 Ruby: Add more field flow tests 2022-09-21 10:32:38 +02:00
Harry Maclean
d5ef853343 Ruby: Remove ActiveStorage entry points 2022-09-20 15:55:35 +01:00
Harry Maclean
ba5cd08a09 Update ActionController fixture 2022-09-20 15:55:35 +01:00
Harry Maclean
53a34174b9 Model ActiveStorage 2022-09-20 15:55:34 +01:00
Tom Hvitved
647397759e Merge pull request #10336 from hvitved/ruby/call-graph-rework 
Ruby: Rework call graph implementation
 2022-09-20 15:29:40 +02:00
Nick Rolfe
30b54b2abe Merge pull request #10450 from github/nickrolfe/filesystemresolver 
Ruby: model ActionView::FileSystemResolver as a FileSystemAccess
 2022-09-20 14:21:28 +01:00
Alex Ford
d00c9ea2c8 Ruby: RBI library improvements, mostly for parameter types 2022-09-19 21:03:05 +01:00
Tom Hvitved
bb08e6f0fd Ruby: Three call graph fixes for singleton methods 2022-09-19 14:20:12 +02:00
Tom Hvitved
d13332cff1 Ruby: Add more call graph tests 2022-09-19 14:19:25 +02:00
Erik Krogh Kristensen
a4cd913aea Merge pull request #10312 from erik-krogh/fix-caseDiff 
ensure consistent casing of names
 2022-09-19 10:43:12 +02:00
Tom Hvitved
a8cc669251 Ruby: Address review comments 2022-09-18 19:34:54 +02:00
Tom Hvitved
9004e82820 Ruby: Add another call graph test 2022-09-18 19:34:00 +02:00
Nick Rolfe
b5d648a6b0 Ruby: model ActionView::FileSystemResolver as a FileSystemAccess 2022-09-16 09:24:14 +01:00
Tom Hvitved
ac4d4ff613 Ruby: Rework call graph implementation 2022-09-16 10:22:26 +02:00
Tom Hvitved
41c45c26bc Ruby: Add more call graph tests, and make calls.rb interpretable by irb 2022-09-16 10:22:20 +02:00
Tom Hvitved
007ab2b7ce Ruby: Do not expose AST layer through ruby.qll 2022-09-13 19:59:56 +02:00
Tom Hvitved
4247843a27 Ruby: Adjust the scope of singleton class targets 
In

```rb
class << x
  ...
end
```

the scope of `x` is not the singleton class itself, but rather the outer scope.
 2022-09-13 11:39:38 +02:00
Tom Hvitved
87db5fc6b1 Ruby: Add tests for getEnclosing{Method,Module} 2022-09-13 11:39:15 +02:00
Arthur Baars
7ca2e4c51f Merge pull request #9953 from aibaars/update-grammar 
Update tree-sitter-ruby
 2022-09-12 10:51:37 +02:00
erik-krogh
26d8553f6e ensure consistent casing of names 2022-09-09 10:34:14 +02:00