hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
72356d1515283bce8f4d9bc9b19ef7a7d9aa044c
codeql/ruby
History
Harry Maclean 72356d1515 Ruby: track flow from *args to positional params 
This models flow in the following case:

    def foo(x, y)
      sink x # 1
      sink y # 2
    end

    args = [source 1, source 2]
    foo(*args)

We do this by introducing a SynthSplatParameterNode which accepts
content from the splat argument, if one is given at the callsite.
From this node we add read steps to each positional parameter.
2023-08-09 15:01:40 +01:00
..
.vscode
actions/create-extractor-pack
QL/Ruby: included shared extractor code in cache key
2023-05-22 19:28:59 +02:00
doc
Ruby: Update build instructions for new extractor
2023-03-16 11:54:47 +13:00
downgrades
Ruby: Enable implicit this warnings for remaining packs
2023-06-27 12:07:05 +02:00
extractor
Ruby: update grammar
2023-06-09 16:23:28 +02:00
old-change-notes
ql
Ruby: track flow from *args to positional params
2023-08-09 15:01:40 +01:00
scripts
Ruby: Rename extractor to codeql-extractor-ruby
2023-04-19 06:27:27 +00:00
tools
Ruby: Update scripts for merged extractor
2023-04-07 15:49:17 +08:00
.gitattributes
.gitignore
Ruby: Update .gitignore for moved extractor
2023-03-14 12:03:03 +13:00
codeql-extractor.yml
Ruby: Make trap option title consistent with C#
2023-03-10 21:11:58 +13:00
Makefile
Ruby: Rename extractor to codeql-extractor-ruby
2023-04-19 06:27:27 +00:00
README.md
Ruby: Remove reference to LGTM
2022-12-19 15:15:43 +00:00

README.md

Ruby analysis support for CodeQL

This directory contains the extractor, CodeQL libraries, and queries that power Ruby support in CodeQL products that GitHub makes available to its customers worldwide.

It contains two major components:

  1. static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.
  2. an extractor, written in Rust, that parses Ruby source code and converts it into a database that can be queried using CodeQL. See Developer information for information on building the extractor (you do not need to do this if you are only developing queries).