hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 08:07:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
29,457 Commits 1,758 Branches 168 Tags
ea5d696d5504eb8f122d617ca1a970d9a031ac17
Commit Graph

29457 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nick Rolfe
ea5d696d55 Ruby: use IndexMap 
This is the same idea as Java's LinkedHashMap: it gives the same O(1)
insertion and lookup as HashMap, but preserves insertion order for
iteration.
 2021-11-23 11:08:18 +00:00
Nick Rolfe
6908a0dc12 Ruby: avoid repeated construction of table name strings 2021-11-23 11:08:18 +00:00
Nick Rolfe
189e75bfe2 Sort TRAP output 
First, emit labels with fresh ids. Then other labels. Then tuples,
grouped by name. Hopefully this will help both with the compression
ratio but also with branch prediction in the TRAP importer.
 2021-11-23 11:08:18 +00:00
Nick Rolfe
b502e68783 Ruby: compute path string only once 2021-11-23 11:08:18 +00:00
Nick Rolfe
6d28e87f57 Ruby: separate trap-writer into its own module 2021-11-23 11:08:18 +00:00
Nick Rolfe
5cada400f1 Ruby: pre-compute set of valid types for each field 
We were previously doing this during extraction, i.e. for each field
node we encouter, which meant we were repeating a lot of work. The
`type_matches_set` function was a fairly significant hot-spot in
profiling results, so this should improve performance.
 2021-11-23 11:08:18 +00:00
Tom Hvitved
9d072a12ed Merge pull request #7098 from github/ruby/desugar-for-1 
Ruby: Desugar `for` loops as calls to `each`
 2021-11-23 11:35:49 +01:00
James Fletcher
21aff99637 Merge pull request #7215 from github/jf205-patch-1 
Fix link formatting
 2021-11-23 10:03:40 +00:00
Tom Hvitved
dcca5d28bb Merge pull request #7172 from hvitved/ruby/ensure-split-cp 
Ruby: Remove CP in `EnsureSplitImpl::exit/3`
 2021-11-23 11:02:23 +01:00
James Fletcher
b8e8ddf9ae fix link 2021-11-23 08:38:39 +00:00
Anders Schack-Mulligen
a68b55b099 Merge pull request #7208 from hvitved/ruby/restrict-use-use 
Ruby: Restrict use-use flow
 2021-11-23 09:33:43 +01:00
Henry Mercer
245edd41ff Merge pull request #7186 from github/henrymercer/rename-available-models-predicate 
JS: [Internal only] Rename the available ML models external predicate
 2021-11-22 18:26:46 +00:00
Arthur Baars
f6baab6399 Merge pull request #7211 from dbartol/dbartol/ruby-workspace 
Merge Ruby workspace into root workspace
 2021-11-22 16:22:12 +01:00
Dave Bartolomeo
186e3755c0 Remove unnecessary path options 2021-11-22 09:50:01 -05:00
Tom Hvitved
da39f15a9d Ruby: Move localFlowStepCommon into LocalFlow and make localSsaFlowStep private 2021-11-22 15:24:24 +01:00
Dave Bartolomeo
522074940d Merge Ruby workspace into root workspace 2021-11-22 09:10:59 -05:00
AlonaHlobina
b60fef88b5 Merge pull request #7206 from github/AlonaHlobina-patch-2 
Update query-metadata-style-guide.md
 2021-11-22 14:48:46 +01:00
Mathias Vorreiter Pedersen
74221f4aba Merge pull request #7209 from geoffw0/experimental-tests 
C++: Move experimental test.
 2021-11-22 13:01:52 +00:00
Harry Maclean
6f22867af9 Merge pull request #7015 from github/hmac/ssrf 
Ruby: Add Server-Side Request Forgery query
 2021-11-22 12:41:39 +00:00
CodeQL CI
ddeb700fd6 Merge pull request #7207 from github/asgerf/document-template-language-extensions 
Approved by esbena
 2021-11-22 04:16:19 -08:00
Tom Hvitved
fc64faefcf Ruby: Restrict use-use flow 2021-11-22 13:05:17 +01:00
Geoffrey White
6f2b528a32 C++: Move experimental test. 2021-11-22 11:02:06 +00:00
Asger F
8322a44379 JS: Mention .hbs, .ejs, and .njk file extensions 
Also fixes a typo `.xhm` -> `.xhtm`
 2021-11-22 11:53:55 +01:00
Tom Hvitved
39e3254fe0 Merge pull request #7182 from hvitved/csharp/self-assignment-bad-magic 
C#: Fix bad magic `Element::fromSource` in context of `SelfAssignment.ql`
 2021-11-22 10:57:48 +01:00
AlonaHlobina
0de6511dff Update query-metadata-style-guide.md 2021-11-22 10:17:57 +01:00
Erik Krogh Kristensen
9f08acab7e Merge pull request #7170 from erik-krogh/qldocStyle 
Ruby: use A/An/The to start qlDoc for classes
 2021-11-19 17:34:35 +01:00
Anders Schack-Mulligen
344f7bca5b Merge pull request #7187 from aschackmull/java/dont-clear-in-summary-store 
Java: Don't clear content in store steps in summaries.
 2021-11-19 16:12:37 +01:00
Harry Maclean
06000781e9 Ruby: Document PairCfgNode::getKey/getValue 2021-11-19 14:54:06 +00:00
Anders Schack-Mulligen
fc43220864 Java: bugfix 2021-11-19 15:01:29 +01:00
Anders Schack-Mulligen
2b1f34ed9b Java: Don't clear content in store steps in summaries. 2021-11-19 14:22:28 +01:00
Henry Mercer
8ba864e897 JS: Rename the available ML models external predicate 2021-11-19 12:56:03 +00:00
Tom Hvitved
47fd64fc44 Merge pull request #7130 from hvitved/cfg/dead-end-consistency 
Shared CFG: Add "dead end" consistency query
 2021-11-19 13:49:53 +01:00
Tom Hvitved
2b2ff7717e Merge pull request #7179 from hvitved/ruby/shared-ssa-consistency 
Ruby: Move SSA consistency queries into shared SSA library
 2021-11-19 13:49:25 +01:00
Erik Krogh Kristensen
75586b0cf6 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-11-19 13:23:01 +01:00
Tom Hvitved
a393bff6cb C#: Fix bad magic Element::getLocation in context of SelfAssignment.ql 2021-11-19 12:44:07 +01:00
Harry Maclean
90a9688310 Ruby: update CFG fixture 2021-11-19 11:31:14 +00:00
Harry Maclean
8fc7e4be43 Ruby: Increase precision of SSRF query 2021-11-19 11:28:09 +00:00
Harry Maclean
c297a68acf Model more of the RestClient API 
We now handle this form:

    RestClient::Request.execute(url: "http://example.com")
 2021-11-19 11:28:09 +00:00
Harry Maclean
e2ef780c55 Add base_uri note to HTTParty modelling 2021-11-19 11:28:09 +00:00
Harry Maclean
38ff584307 Model more Faraday behaviour 
You can instantiate a Faraday connection by passing a URL as an keyword
argument:

    conn = Faraday.new(url: "http://example.com")
 2021-11-19 11:28:09 +00:00
Harry Maclean
f933d24031 Fix comment 2021-11-19 11:28:09 +00:00
Harry Maclean
70efadac77 Add change note for Ruby SSRF query 2021-11-19 11:28:09 +00:00
Harry Maclean
e87a4531d8 Remove redundant imports 2021-11-19 11:28:08 +00:00
Harry Maclean
ac20eafecc Add qhelp for Ruby SSRF 2021-11-19 11:28:08 +00:00
Harry Maclean
2bba31eb02 Update metadata of Ruby SSRF query 2021-11-19 11:28:08 +00:00
Harry Maclean
dc464879a2 Add a query for server-side request forgery 2021-11-19 11:28:08 +00:00
Harry Maclean
cd33e4d394 Make string interpolation sanitizer reusable 2021-11-19 11:28:08 +00:00
Harry Maclean
b6ce37b241 Add getURL to HTTP::Client::Request 
This member predicate gets dataflow nodes which contribute to the URL of
the request.

Also consolidate the identical tests for each HTTP client.
 2021-11-19 11:28:08 +00:00
Harry Maclean
8fd8c9b04d Fix CallExprCfgNode.getKeywordArgument 
This predicate now produces results.
 2021-11-19 11:28:08 +00:00
Harry Maclean
0caea17118 Add a test for CallCfgNodes 
This test shows that `CallCfgNode.getKeywordArgument(string keyword)`
doesn't return any results.
 2021-11-19 11:28:07 +00:00