hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

2965 Commits

Author SHA1 Message Date
Arthur Baars
207ba86d51 Ruby: add flow summary for Enumerable#pick 2022-11-30 11:57:29 +01:00
Tom Hvitved
bfbe5bdfb8 Ruby: Add data flow test that illustrates spurious flow 2022-11-30 11:01:32 +01:00
Harry Maclean
dab7970087 Ruby: Model JSON.pretty_generate 2022-11-30 13:18:45 +13:00
Harry Maclean
14a19d23a6 Ruby: Fix typo in documentation 
This import isn't needed.
 2022-11-30 13:18:45 +13:00
Harry Maclean
67257671ea Ruby: Remove redundant dataflow test 2022-11-30 13:18:44 +13:00
Harry Maclean
d20d1e5e75 Ruby: Add change note 2022-11-30 13:18:44 +13:00
Harry Maclean
35a62018e4 Ruby: US spelling 2022-11-30 13:17:46 +13:00
Harry Maclean
1bd2dd0a6e Ruby: update test fixture 2022-11-30 13:17:46 +13:00
Harry Maclean
eff763d127 Ruby: Model to_json ActiveSupport extension 2022-11-30 13:17:44 +13:00
Harry Maclean
5259d4af63 Ruby: Model various JSON methods 2022-11-30 13:15:18 +13:00
Harry Maclean
0a98559fcb Ruby: Add flow summaries for ActiveSupport::JSON 2022-11-30 13:15:16 +13:00
Harry Maclean
e3def7c22f Ruby: Add change note 2022-11-30 11:50:47 +13:00
Harry Maclean
aed4325ee3 Ruby: Remove unused class 2022-11-30 11:50:35 +13:00
Harry Maclean
b66ea6ed72 Ruby: Simplify ActionMailbox modeling 2022-11-30 11:46:21 +13:00
Harry Maclean
71f2d8f6d8 Ruby: Model ActionMailbox#inbound_mail 2022-11-30 11:46:21 +13:00
Harry Maclean
eac5aa26ee Ruby: Model remote input for ActionMailbox 2022-11-30 11:46:21 +13:00
Harry Maclean
375403fb9d Merge pull request #11114 from hmac/case-barrier-guard-3 
Ruby: Add case string comparison barrier guard
 2022-11-30 11:21:07 +13:00
Tom Hvitved
86e045916d Ruby: Rework call-context sensitivity logic 2022-11-29 14:47:37 +01:00
Arthur Baars
52cf27653f Ruby: fix upgrade script 2022-11-29 13:12:14 +01:00
Arthur Baars
cf7ebe2fa8 Merge pull request #11471 from github/rc/3.8 
Merge rc/3.8 into main
 2022-11-29 12:57:34 +01:00
erik-krogh
7dcb813ff3 remove two more claseses of FPs in rb/non-constant-kernel-open 2022-11-29 12:49:23 +01:00
Tom Hvitved
f3dca95958 Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Peter Stöckli
6b1865d2ca Merge branch 'main' into p--ruby-kernel-open-addition 2022-11-29 10:19:36 +01:00
Peter Stöckli
deb3accd1e make predicate private 2022-11-29 10:07:13 +01:00
Peter Stöckli
5b6dd786c3 Add changes for NonConstantKernelOpenQuery 2022-11-29 10:00:57 +01:00
Peter Stöckli
88282ade1a Add predicate to filter out calls to File in opal 2022-11-29 10:00:57 +01:00
Peter Stöckli
315480824b Fix KernelOpen qhelp 2022-11-29 10:00:57 +01:00
Peter Stöckli
d8752a0b12 Add additional sinks to the rb/kernel-open query 2022-11-29 10:00:56 +01:00
Erik Krogh Kristensen
0cd50aac40 Merge pull request #11398 from erik-krogh/splat-stuff 
Rb: add some more flow through splat parameters
 2022-11-28 22:31:25 +01:00
Felicity Chapman
b5f849463b Update QL library references 2022-11-28 15:26:24 +01:00
erik-krogh
fd7442868f fix copy-pate error in UnsafeCodeConstructionQuery.qll 2022-11-28 13:45:24 +01:00
Arthur Baars
a8effd1961 Ruby: add change note 2022-11-28 13:02:22 +01:00
Tom Hvitved
cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Tom Hvitved
c65780ee99 Data flow: Inline revFlowInNotToReturn 2022-11-28 12:11:18 +01:00
Tom Hvitved
bdb205a318 Data flow: Track return kind instead of return position in pruning stages 2-4 2022-11-28 12:11:18 +01:00
Tom Hvitved
4346a7f426 Data flow: Inline fwdFlowOutNotFromArg 2022-11-28 12:11:18 +01:00
Tom Hvitved
70d2a0df8a Data flow: Track parameter position instead of parameter in pruning stages 2-4 2022-11-28 12:11:12 +01:00
Nick Rolfe
8a94cabdbf Merge pull request #11250 from github/nickrolfe/stack-trace-exposure 
Ruby: add stack-trace exposure query
 2022-11-28 10:45:59 +00:00
erik-krogh
0c2ff98dc2 add flow from the first splat argument to the first splat parameter 2022-11-28 09:54:05 +01:00
erik-krogh
d5725255fe add failing test for splat parameter flow 2022-11-28 09:53:03 +01:00
Alex Ford
8362caa9d9 Merge pull request #11417 from alexrford/ruby/activesupport-json_escape 
Ruby: model ActiveSupport `json_escape` flow
 2022-11-25 10:46:34 +00:00
erik-krogh
f75b853ae4 add change-note 2022-11-25 11:08:14 +01:00
erik-krogh
53f24a5281 fix QL-for-QL warning 2022-11-25 10:32:06 +01:00
erik-krogh
0817238177 drive-by: same change in unsafe-shell-command-construction 2022-11-25 10:32:06 +01:00
erik-krogh
378cc1aed2 add support for string-like-literals 2022-11-25 10:32:06 +01:00
erik-krogh
80c92dc3e6 add support for array pushes 2022-11-25 10:32:05 +01:00
erik-krogh
3461404bbb add basic support for arrays 2022-11-25 10:31:35 +01:00
erik-krogh
0f2a48f461 fix QL-for-QL warnings 2022-11-25 10:26:24 +01:00
erik-krogh
2033dd2dcc remove parameters named "code" as source 2022-11-25 10:25:31 +01:00
erik-krogh
e7c6571f52 remove the "send(..)" and similar from unsafe-code-construction 2022-11-25 10:25:31 +01:00