hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

2965 Commits

Author SHA1 Message Date
Harry Maclean
6e289a9db3 Ruby: Improvements to StringSubstitutionCall 
- Handle block arguments
- Recognise patterns passed via constants
 2022-08-17 16:02:48 +12:00
Harry Maclean
17dfb4e7b8 Ruby: Add RegExpTerm.getAMatch 2022-08-17 16:02:48 +12:00
Harry Maclean
c9fc43a4ba Ruby: Add matchesEmptyString to RegExpTerm 2022-08-17 16:02:47 +12:00
erik-krogh
4b7f63a0f3 sync SensitiveDataHeuristics.qll to the other languages 2022-08-16 22:31:26 +02:00
Tom Hvitved
7395587244 Sync files 2022-08-16 14:07:39 +02:00
Erik Krogh Kristensen
fd5b8896df Merge pull request #10063 from erik-krogh/fixRbDep 
re-deprecate ReDoSUtil in ruby
 2022-08-16 13:27:52 +02:00
Alex Ford
d02ad51d74 Merge pull request #10032 from github/post-release-prep/codeql-cli-2.10.3 
Post-release preparation for codeql-cli-2.10.3
 2022-08-16 12:04:07 +01:00
erik-krogh
2fbae81356 re-deprecate ReDoSUtil in ruby 2022-08-16 11:22:00 +02:00
erik-krogh
8e6a36256c import the non-deprecated NfaUtils in the overly-large-range query 2022-08-16 11:21:43 +02:00
Tom Hvitved
aa93986d1a Ruby: Add tests that demonstrate missing flow through positional arguments 2022-08-16 10:36:40 +02:00
Tom Hvitved
007d98e3b4 Ruby: Fix deprecation warning 2022-08-16 10:23:06 +02:00
Erik Krogh Kristensen
f106e064fa Merge pull request #9422 from erik-krogh/refacReDoS 
Refactorizations of the ReDoS libraries
 2022-08-16 09:32:08 +02:00
Harry Maclean
7ef6ffbc54 Ruby: Recognise Rails render calls as HTTP responses 2022-08-16 14:03:26 +12:00
Erik Krogh Kristensen
0adb588fe8 Merge pull request #9712 from erik-krogh/badRange 
JS/RB/PY/Java: add suspicious range query
 2022-08-15 13:55:44 +02:00
Anders Schack-Mulligen
a3fb54c9de Merge pull request #10007 from aschackmull/dataflow/source-node-identity 
Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow
 2022-08-15 10:39:17 +02:00
erik-krogh
3a4a3437b5 fix some QL-for-QL warnings 2022-08-12 20:38:50 +02:00
erik-krogh
b54f037424 Merge branch 'main' into refacReDoS 2022-08-12 20:28:30 +02:00
erik-krogh
b9e96fb078 sync changes to other languages 2022-08-12 20:28:12 +02:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Alex Ford
7a61f59b1e Ruby: add change note for new rb/log-injeciton query 2022-08-10 16:17:55 +01:00
Alex Ford
44c4b9ba5c Ruby: add rb/log-injection test cases 2022-08-10 16:17:37 +01:00
Alex Ford
00e290e1f1 Ruby: document rb/log-injection 2022-08-10 16:17:18 +01:00
Alex Ford
c31995764b Ruby: add rb/log-inection query 2022-08-10 16:16:54 +01:00
Anders Schack-Mulligen
abad133ab5 Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow. 2022-08-10 15:02:56 +02:00
Tom Hvitved
19043bdf38 Merge pull request #9976 from hvitved/ruby/hash-literal-summary-simplification 
Ruby: Simplify flow summaries for hash literals
 2022-08-10 08:57:33 +02:00
Erik Krogh Kristensen
d008975ff4 Merge pull request #9825 from erik-krogh/repeatedWord 
QL: add ql/repeated-word query
 2022-08-10 07:25:26 +02:00
Harry Maclean
30ff18aec8 Merge pull request #9919 from hmac/hmac/ar-associations 
Ruby: ActiveRecord associations
 2022-08-10 11:13:39 +12:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Tom Hvitved
28c8d9b885 Ruby: Add two more hash flow tests 2022-08-09 14:17:07 +02:00
Erik Krogh Kristensen
0abbd50ca1 apply changes based on docs review 2022-08-09 13:51:40 +02:00
Tom Hvitved
975edac34e Merge pull request #9969 from hvitved/ruby/kwargs-missing-flow 
Ruby: Support more flow through keyword arguments
 2022-08-09 09:59:57 +02:00
Harry Maclean
22d7b046ab Ruby: Fix << 2022-08-09 15:08:17 +12:00
Harry Maclean
e3115b5ed7 Ruby: Add test for other= 2022-08-09 15:08:17 +12:00
Harry Maclean
831f722402 Ruby: Make room for new test 2022-08-09 15:08:17 +12:00
Harry Maclean
58b628b6d1 Ruby: Add change note 2022-08-09 15:08:17 +12:00
Harry Maclean
dc853d9728 Ruby: Model ActiveRecord associations 2022-08-09 15:08:17 +12:00
Tom Hvitved
9268437a58 Ruby: Generalize SynthHashSplatParameterNode to also work for synthesized methods 2022-08-08 14:05:06 +02:00
Tom Hvitved
d16a154f9e Address review comment 2022-08-08 10:45:55 +02:00
Anders Schack-Mulligen
3d47875b60 Dataflow: Generate shorter RA/DIL names. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Tom Hvitved
e0dadb4df6 Ruby: Simplify flow summaries for hash literals 2022-08-05 10:20:07 +02:00
Harry Maclean
74d529d3e3 Merge pull request #9918 from hmac/hmac/mime-type-match 
Ruby: Model Mime::Type
 2022-08-05 11:51:45 +12:00
Tom Hvitved
01c0d4b59f Ruby: Support more flow through keyword arguments 2022-08-04 16:20:08 +02:00
Tom Hvitved
38ede25385 Ruby: Add test that illustrates missing flow for keyword arguments 2022-08-04 14:39:22 +02:00
Harry Maclean
ee9e6b1f2e Ruby: Add change note 2022-08-04 17:27:34 +12:00
Harry Maclean
452811dbf2 Ruby: move change note 2022-08-04 17:25:55 +12:00
Harry Maclean
83393dc195 Ruby: Recognise more AR write accesses 
This change means we recognise calls like

```rb
User.create(params)
User.update(id, params)
```

as instances of `PersistentWriteAccess`.
 2022-08-04 17:22:46 +12:00