hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
fdca8966149bbe8b5101ab4c39c30246b5bb8b9e
codeql/ruby
History
Nick Rolfe fdca896614 Ruby: improve handling of [g]sub! 
rb/incomplete-sanitization has a few cases where we find flow from one
one string substitution call to another, e.g.

    a.sub(...).sub(...)

But this didn't find typical chained uses of the destructive variants,
e.g.

    a.sub!(...)
    a.sub!(...)

We now handle those cases by tracking flow from the post-update node for
the receiver of the first call.
2022-04-13 17:19:25 +01:00
..
.vscode
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
actions/create-extractor-pack
Simplify cache key
2022-02-04 07:41:29 +13:00
autobuilder
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
doc
Move Ruby doc on db upgrades to common docs dir
2022-02-16 11:35:52 +00:00
downgrades
Ruby: add upgrade/downgrade scripts
2022-02-08 09:57:55 +00:00
extractor
Ruby: put AST node locations in a single table
2022-02-07 12:10:36 +00:00
generator
Ruby: make node column unique
2022-02-08 09:55:34 +00:00
node-types
Ruby: remove redundant closure
2021-12-02 16:29:59 +00:00
old-change-notes
Move older change notes to old-change-notes
2021-12-14 12:35:04 -05:00
ql
Ruby: improve handling of [g]sub!
2022-04-13 17:19:25 +01:00
scripts
Python/Ruby: rm old prepare-db-upgrade.sh files
2022-02-16 12:21:52 +00:00
tools
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
.gitattributes
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
.gitignore
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
Cargo.lock
Ruby: update tree-sitter-ruby
2022-01-28 19:47:25 +01:00
Cargo.toml
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
codeql-extractor.yml
Move files to ruby subfolder
2021-10-15 11:47:28 +02:00
Cross.toml
Ruby: add configuration for 'cross'
2022-02-11 12:50:33 +01:00
Makefile
Fix CI jobs
2021-11-23 22:03:01 +01:00
README.md
Ruby: clean up docs
2021-10-28 12:04:48 +01:00
rust-toolchain.toml
Ruby: add configuration for 'cross'
2022-02-11 12:50:33 +01:00

README.md

Ruby analysis support for CodeQL

This directory contains the extractor, CodeQL libraries, and queries that power Ruby support in LGTM and the other CodeQL products that GitHub makes available to its customers worldwide.

It contains two major components:

  1. static analysis libraries and queries written in CodeQL that can be used to analyze such a database to find coding mistakes or security vulnerabilities.
  2. an extractor, written in Rust, that parses Ruby source code and converts it into a database that can be queried using CodeQL. See Developer information for information on building the extractor (you do not need to do this if you are only developing queries).