github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
62 622 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

2953 Коммитов

Автор SHA1 Сообщение Дата
Alex Ford ef8ca55d92
Merge pull request #15203 from pwntester/patch-3 
Ruby: Update Kernel.qll to include `Object.send` aliases
 2024-01-08 15:32:57 +00:00
Chuan-kai Lin a743fca3a5
Merge pull request #15243 from github/cklin/upgrade-delete-fixes-ruby 
Ruby: Fix upgrade delete directives
 2024-01-08 07:27:59 -08:00
Arthur Baars f4df5c9556
Merge pull request #15224 from aibaars/ruby-update-grammar 
Ruby: update tree-sitter-ruby
 2024-01-08 11:01:42 +01:00
Alvaro Muñoz dbefc132de
Apply suggestions from code review 
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2024-01-07 10:31:50 +01:00
Chuan-kai Lin 66d2b9b7d2 Ruby: Fix upgrade delete directives 2024-01-05 14:21:52 -08:00
Alvaro Muñoz 9146407f23
Add `[]` to the list of methods returning an `ActionController::Parameters" 2024-01-05 15:14:11 +01:00
Arthur Baars aad42b1b0d Add change note 2024-01-05 14:36:52 +01:00
Harry Maclean c96be39474
Merge pull request #15048 from hmac/hmac-model-editor-ruby-modules 
Ruby: Model editor improvements
 2024-01-03 12:53:43 +00:00
Alvaro Muñoz 2964aef083
Update Kernel.qll to include `send` aliases 
Add `public_send` and `__send__` as Code Injection sinks as proposed by @vcsjones
 2023-12-28 19:08:03 +01:00
Aditya Sharad b1803d0ac2
Merge rc/3.12 into main 2023-12-21 16:40:51 -08:00
github-actions[bot] 8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot] 19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
yoff e0c027f13c
Merge pull request #14848 from hvitved/python/shared-type-tracking 
Python: Adopt shared type tracking library
 2023-12-18 21:14:42 +01:00
Tom Hvitved 020a049d30
Merge pull request #15103 from hvitved/ruby/simple-pattern-flow 
Ruby: Model simple pattern matching as value steps instead of taint steps
 2023-12-18 08:49:11 +01:00
Tom Hvitved 25a676ac6a Ruby: Model simple pattern matching as value steps instead of taint steps 2023-12-14 20:18:24 +01:00
Anders Schack-Mulligen a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Tom Hvitved 84aa9f17a0 Python/Ruby: Use `SummaryTypeTracker` from `typetracking` pack 2023-12-14 13:25:18 +01:00
Tom Hvitved c8b4a215bc
Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Jeroen Ketema 99e65df6ce
Merge remote-tracking branch 'upstream/rc/3.12' into mb12 2023-12-13 15:43:39 +01:00
Tom Hvitved a46964dfe8 Address review comments 2023-12-12 13:55:52 +01:00
Tom Hvitved cdf59e1e1d Ruby: Cache more predicates 2023-12-11 10:15:17 +01:00
Tom Hvitved 0e81577269 Ruby: Use `FlowSummaryImpl` from `dataflow` pack 2023-12-10 11:25:43 +01:00
Harry Maclean e6df264865 Ruby: Report module declarations to model editor 
This allows us to render type relations between modules/classes, not
just methods.
 2023-12-08 14:16:49 +00:00
Harry Maclean c1c258f567 Ruby: Include ancestors in type model generation 2023-12-08 14:16:49 +00:00
Anders Schack-Mulligen 64eb4ff753
Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
Harry Maclean 1dc0a063b0
Merge pull request #14679 from hmac/hmac-model-editor-ruby 
Ruby: Experimental model editor support
 2023-12-08 11:03:38 +00:00
github-actions[bot] 92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot] c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Tom Hvitved dde83b6415
Merge pull request #14709 from hvitved/ruby/shared-type-tracking 
Ruby: Adopt shared type tracking library
 2023-12-05 20:12:06 +01:00
Tom Hvitved c6e805faef Ruby: Add more deprecation comments 2023-12-05 14:57:15 +01:00
Harry Maclean d630773575
Merge pull request #14627 from alexrford/rb/update_all_sink 
Ruby: refine `ActiveRecord` `update_all` as an SQL sink
 2023-12-04 13:02:14 +00:00
Anders Schack-Mulligen 67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Harry Maclean f40f2db3ab Ruby: Fix name of url-redirection sink model 2023-11-27 11:25:37 +00:00
Harry Maclean e9277a56a9 Ruby: Add sinks from external models 2023-11-27 09:18:00 +00:00
Harry Maclean ad608341ab Ruby: Handle alternative gemspec names 
Gemspecs are sometimes named via the first argument to
`Gem::Specification.new`:

```rb
Gem::Specification.new 'sinatra' do |s|
  # ...
end
```
 2023-11-27 09:18:00 +00:00
Harry Maclean 78125a701d Ruby: Model Editor support 
Add experimental support for the CodeQL Model Editor.
 2023-11-27 09:17:59 +00:00
Tom Hvitved 1a6886cf99 SSA: Add locations to ease debugging 2023-11-22 08:37:02 +01:00
Tom Hvitved 12359ba733 Add change note 2023-11-21 11:46:15 +01:00
Tom Hvitved 6ce8e0510f Ruby: Adopt shared type tracking library 2023-11-20 16:03:24 +01:00
Tom Hvitved 620e8dcb37
Merge pull request #14787 from hvitved/ruby/prune-dataflow-nodes 
Ruby: Prune irrelevant data flow nodes and edges
 2023-11-20 16:03:00 +01:00
github-actions[bot] bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
github-actions[bot] 6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Tom Hvitved b2f1022e5c Ruby: Prune irrelevant data flow nodes and edges 2023-11-16 13:52:07 +01:00
Tom Hvitved 75f42f4614
Merge pull request #14783 from hvitved/ruby/hash-array-literal 
Ruby: Include more nodes in `{Hash,Array}LiteralCfgNode`
 2023-11-16 13:51:35 +01:00
Tom Hvitved 475d8da342 Ruby: Include more nodes in `{Hash,Array}LiteralCfgNode` 2023-11-14 13:50:46 +01:00
Tom Hvitved f1b67ade9b Ruby: Include name of variable in `UninitializedDefinition.toString` 2023-11-14 11:33:59 +01:00
Rasmus Wriedt Larsen 43d9d2ceb7
Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link 
JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.
 2023-11-08 14:29:24 +01:00
Geoffrey White e8a466a02c Update dead link. 2023-11-07 09:26:07 +00:00
Tom Hvitved 3c86aad16d
Merge pull request #14628 from hvitved/ruby/type-tracking-store-post-update 
Ruby: Summarized type-tracking stores should target post-update nodes
 2023-11-01 13:54:21 +01:00
Tom Hvitved 0c5b528d54 Address review comments 2023-11-01 11:32:57 +01:00