mirror of
https://github.com/github/codeql.git
synced 2026-04-27 09:45:15 +02:00
44cc6f7350
There are two flavours of `match?`. If the receiver of `match?` has type String then the argument to `match?` is a regular expression. However, if the receiver of `match?` has type Regexp then the argument is the text. The role of receiver and argument flips depending on the type of the receiver, this caused a lot of false positives when looking for string-like literals that are used as a regular expression. This commit attempts to improve things by trying to determine whether the type of the receiver is known to be of type Regexp. In such cases we know that the argument is unlikely to be regular expression.
Ruby analysis support for CodeQL
This directory contains the extractor, CodeQL libraries, and queries that power Ruby support in LGTM and the other CodeQL products that GitHub makes available to its customers worldwide.
It contains two major components:
- static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.
- an extractor, written in Rust, that parses Ruby source code and converts it into a database that can be queried using CodeQL. See Developer information for information on building the extractor (you do not need to do this if you are only developing queries).