hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

2965 Commits

Author SHA1 Message Date
dependabot[bot]
bf02340a6a Merge pull request #11982 from github/dependabot/cargo/ruby/num_cpus-1.14.0 2023-01-26 10:13:09 +00:00
dependabot[bot]
6e69acdd7e Bump serde from 1.0.131 to 1.0.152 in /ruby 
Bumps [serde](https://github.com/serde-rs/serde) from 1.0.131 to 1.0.152.
- [Release notes](https://github.com/serde-rs/serde/releases)
- [Commits](https://github.com/serde-rs/serde/compare/v1.0.131...v1.0.152)

---
updated-dependencies:
- dependency-name: serde
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-26 03:08:58 +00:00
Harry Maclean
07a7a213b3 Merge pull request #11871 from hmac/rack 2023-01-26 08:40:30 +13:00
Alex Ford
3dd9392f5e Merge pull request #11869 from alexrford/rails/render_locals_shared 
Ruby: Rails - generalize rails flow step for accessing render locals hash in view
 2023-01-25 12:07:26 +00:00
erik-krogh
54b0350cac add note in ReDoS qhelp that Ruby 3.2 has fixed ReDoS 2023-01-25 10:24:11 +01:00
dependabot[bot]
531c0559a0 Bump num_cpus from 1.13.0 to 1.14.0 in /ruby 
Bumps [num_cpus](https://github.com/seanmonstar/num_cpus) from 1.13.0 to 1.14.0.
- [Release notes](https://github.com/seanmonstar/num_cpus/releases)
- [Changelog](https://github.com/seanmonstar/num_cpus/blob/master/CHANGELOG.md)
- [Commits](https://github.com/seanmonstar/num_cpus/compare/v1.13.0...v1.14.0)

---
updated-dependencies:
- dependency-name: num_cpus
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-25 08:48:08 +00:00
Arthur Baars
358ae7529b Merge pull request #11973 from github/dependabot/cargo/ruby/serde_json-1.0.91 
Bump serde_json from 1.0.72 to 1.0.91 in /ruby
 2023-01-25 09:45:32 +01:00
Arthur Baars
068b71bc3d Merge pull request #11972 from github/dependabot/cargo/ruby/regex-1.7.1 
Bump regex from 1.5.5 to 1.7.1 in /ruby
 2023-01-25 09:44:57 +01:00
erik-krogh
80d05c0425 also recognize protected methods as library-input sources 2023-01-24 20:55:25 +01:00
erik-krogh
a017b7500b Merge branch 'main' into rbPoly 2023-01-24 20:51:36 +01:00
dependabot[bot]
fd22c7c73e Bump serde_json from 1.0.72 to 1.0.91 in /ruby 
Bumps [serde_json](https://github.com/serde-rs/json) from 1.0.72 to 1.0.91.
- [Release notes](https://github.com/serde-rs/json/releases)
- [Commits](https://github.com/serde-rs/json/compare/v1.0.72...v1.0.91)

---
updated-dependencies:
- dependency-name: serde_json
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:13 +00:00
dependabot[bot]
c4bf25f33c Bump regex from 1.5.5 to 1.7.1 in /ruby 
Bumps [regex](https://github.com/rust-lang/regex) from 1.5.5 to 1.7.1.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/1.5.5...1.7.1)

---
updated-dependencies:
- dependency-name: regex
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:09 +00:00
dependabot[bot]
b1f73b59cd Bump flate2 from 1.0.22 to 1.0.25 in /ruby 
Bumps [flate2](https://github.com/rust-lang/flate2-rs) from 1.0.22 to 1.0.25.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases)
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.22...1.0.25)

---
updated-dependencies:
- dependency-name: flate2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
 2023-01-24 06:39:03 +00:00
Harry Maclean
e6e4e29bf8 Ruby: newline 2023-01-23 21:53:52 +00:00
Harry Maclean
224db456af Ruby: Simplify isRackResponse 2023-01-23 21:53:09 +00:00
Harry Maclean
60f9635ada Ruby: Move import 2023-01-23 21:51:27 +00:00
Harry Maclean
c1207e0938 Ruby: Fix rack response tracking 
Use type tracking instead of getReturningNode, which seems to be faster
and works correctly for the cases I've tried.
 2023-01-23 21:43:04 +00:00
Erik Krogh Kristensen
240248b9cf Merge pull request #11453 from erik-krogh/unsafeHtmlConstruction 
RB: add unsafe-html-construction query
 2023-01-23 16:40:25 +01:00
Erik Krogh Kristensen
5be97f3761 Merge pull request #11909 from erik-krogh/concatCode 
Rb: recognize string concatenations as sinks for unsafe-code-construction
 2023-01-23 16:22:46 +01:00
erik-krogh
ae00518ddf remove the isAdditionalTaintStep predicate from UnsafeHtmlConstructionQuery, as it was not needed 2023-01-23 15:27:19 +01:00
erik-krogh
7c6ee5f293 Merge branch 'main' into unsafeHtmlConstruction 2023-01-23 15:01:01 +01:00
Erik Krogh Kristensen
32c4cf5769 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-23 14:58:04 +01:00
erik-krogh
800077dabe changes based on feedback 2023-01-23 14:54:36 +01:00
Alex Ford
3b10a2de11 Merge branch 'main' into rails/render_locals_shared 2023-01-23 10:00:22 +00:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Arthur Baars
99148244a4 Merge pull request #11856 from aibaars/update-grammars 
Update grammars
 2023-01-23 09:46:50 +01:00
Michael Nebel
69a42d8b1f Merge pull request #11931 from michaelnebel/csharp/refactor 
Remove the Csv postfix of some predicate names.
 2023-01-23 09:09:48 +01:00
Harry Maclean
21ce9b448a Ruby: Attempt to fix performance of AppCandidate 
`DataFlow::MethodNode.getAReturningNode` is expensive to compute.
Instead we look for rack responses which flow to the `SynthReturnNode`.
Each method has only one of these (vs many "returning" nodes) so it is
a lot faster.
I'm not sure yet whether the results are the same.
 2023-01-23 15:25:52 +13:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
Arthur Baars
2b9bc3c7e3 Ruby: write errors to json log 2023-01-20 20:11:55 +01:00
Alex Ford
8ae993185c Ruby: fix missing docs 2023-01-20 13:40:19 +00:00
Alex Ford
c986ea1070 Ruby: scope local_assigns synthetic globals to both render call and template file 2023-01-20 13:40:19 +00:00
Alex Ford
14c896215c Ruby: factor out some RenderCall methods into a helper module 2023-01-20 13:40:19 +00:00
Alex Ford
03070c9fd0 Ruby: restrict AccessLocalsKeySummary to method calls against self 2023-01-20 13:40:19 +00:00
Alex Ford
f6516db105 Ruby: correct preservesValue in AccessLocalsKeySummary 2023-01-20 13:40:19 +00:00
Alex Ford
ab72301a4c Ruby: add a change note for rails render locals dataflow 2023-01-20 13:40:19 +00:00
Alex Ford
8fec4b804f Ruby: StoredXSS test whitespace change 2023-01-20 13:40:19 +00:00
Alex Ford
fd8dd5e103 Ruby: update StoredXSS test output 2023-01-20 13:40:19 +00:00
Alex Ford
8845157d08 Ruby: slightly limit AccessLocalsKeySummary summarized callables 2023-01-20 13:40:19 +00:00
Alex Ford
b5cc1087fe Ruby: add LocalAssignsHashSyntheticGlobal#getARenderCall predicate 2023-01-20 13:40:19 +00:00
Alex Ford
022171923c Ruby: fix some ql for ql alerts 2023-01-20 13:40:19 +00:00
Alex Ford
bea110b598 Ruby: remove blank line in test file 2023-01-20 13:40:19 +00:00
Alex Ford
b78ae1608e Ruby: remove a fixed TODO 2023-01-20 13:40:19 +00:00
Alex Ford
e5fbc92856 Ruby: generalize rails flow step for accessing render locals hash in view 2023-01-20 13:40:19 +00:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Harry Maclean
16baea22c0 Ruby: doc fix 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-20 22:06:29 +13:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Arthur Baars
d5e60dfb22 Ruby: pass diagnostics::LogWriter to extractor 2023-01-19 13:53:56 +01:00
Erik Krogh Kristensen
ee9b01b5e6 Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2023-01-18 22:14:46 +01:00