3741 Коммитов

Автор	SHA1	Сообщение	Дата
Jeroen Ketema	2d0f73d7c2	Merge pull request #13881 from jketema/shared-taint-tracking ... Introduce shared taint tracking library	2023-08-21 12:45:49 +02:00
Harry Maclean	222aa41bbf	Merge pull request #13938 from hmac/splat-flow-2 ... Ruby: More precise flow into splat parameters	2023-08-18 12:07:58 +01:00
Tom Hvitved	da8005dbd3	Code review suggestions	2023-08-17 09:26:58 +02:00
Jeroen Ketema	33e8310625	Merge branch 'main' into shared-taint-tracking	2023-08-17 00:14:25 +02:00
Tom Hvitved	44b734e120	Merge pull request #13955 from hvitved/ruby/type-tracking-capture-insensitive ... Ruby: Make type tracking flow-insensitive for captured variables	2023-08-15 11:42:41 +02:00
Erik Krogh Kristensen	6a3b9e10eb	Merge pull request #13914 from erik-krogh/escape-unicode ... ReDoS: escape unicode chars in the output for the ReDoS queries	2023-08-15 11:21:21 +02:00
Tom Hvitved	061575ff77	Merge pull request #13937 from hvitved/ruby/for-loop-desugar ... Ruby: Improve desugaring of `for` loops	2023-08-14 20:12:12 +02:00
Arthur Baars	77db0cf547	Merge pull request #13334 from aibaars/print-cfg-2 ... Ruby: printCfg: only show graph for selected CfgScope	2023-08-14 18:24:20 +02:00
Tom Hvitved	e96cbeb00a	Ruby: Adjust locations of synthesized nodes	2023-08-14 14:37:47 +02:00
Tom Hvitved	c084a9b27a	Ruby: Make type tracking flow-insensitive for captured variables	2023-08-14 13:44:37 +02:00
Harry Maclean	d45e9101ba	Ruby: Add change note	2023-08-14 11:20:58 +01:00
Harry Maclean	ca5456a54a	Ruby: Remove duplicate disjuncts	2023-08-14 09:45:57 +01:00
Henry Mercer	75e6fd9c8e	Merge pull request #13918 from github/post-release-prep/codeql-cli-2.14.2 ... Post-release preparation for codeql-cli-2.14.2	2023-08-11 16:28:16 +01:00
Harry Maclean	6011d26823	Ruby: Restrict parameter nodes	2023-08-11 15:14:32 +01:00
Tom Hvitved	e39fb093e9	Merge pull request #13945 from hvitved/ruby/destruct-param-test ... Ruby: Add test for documenting missing flow through destructured parameters	2023-08-11 15:11:39 +02:00
Henry Mercer	1213eba630	Merge branch 'main' into post-release-prep/codeql-cli-2.14.2	2023-08-11 13:54:55 +01:00
Tom Hvitved	b28f60ccd2	Ruby: Add test for documenting missing flow through destructured parameters	2023-08-10 20:22:11 +02:00
Tom Hvitved	f19232f800	Ruby: Fix another bug in `isCapturedAccess`	2023-08-10 14:02:58 +02:00
Harry Maclean	b365ff095a	Ruby: Fix SynthSplatParameterElementNode ... Make this class into a proper subclass of `ParameterNodeImpl`, to prevent some consistency test failures.	2023-08-10 12:35:12 +01:00
Tom Hvitved	77fca277fe	Ruby: Improve desugaring of `for` loops	2023-08-10 13:22:01 +02:00
Tom Hvitved	4e954c29a2	Merge pull request #13936 from hvitved/ruby/captured-access-fix ... Ruby: Fix bug in `isCapturedAccess`	2023-08-10 13:15:48 +02:00
Harry Maclean	5fff9fa8da	More precise flow into splat parameters ... We now precisely track flow from positional arguments to splat parameters, provided that splat arguments are not used and there are no positional parameters after the splat parameter. For example, in this case: def f(x, y, *z); end f(a, b, c, d) we get flow from `c` to `z[0]` and `d` to `z[1]`. We get false flow if there are positional parameters after the splat parameter. For example in this case: def g(x, y, *z, w); end g(a, b, c, d) we get flow from `d` to `z[0]` instead of `w`. We also track flow in this case def f(a, *b) sink b[0] end f(1, *[taint, 2])	2023-08-10 12:02:47 +01:00
Tom Hvitved	e40f0a7350	Ruby: Fix bug in `isCapturedAccess`	2023-08-10 09:37:04 +02:00
Tom Hvitved	e7acf8c3a8	Ruby: Add test	2023-08-10 08:53:00 +02:00
github-actions[bot]	432c21d4fb	Post-release preparation for codeql-cli-2.14.2	2023-08-09 18:45:18 +00:00
Harry Maclean	b03f6efa60	Ruby: Refactor	2023-08-09 15:01:40 +01:00
Harry Maclean	142393b599	Ruby: Handle unknown content in splat flow	2023-08-09 15:01:40 +01:00
Harry Maclean	4239268efd	Ruby: Prevent some false flow into splat params ... In cases where there are positional parameters after a splat parameter, don't attempt to match the splat parameter to a splat argument. We need more sophisticated modelling to handle these cases, which is future work.	2023-08-09 15:01:40 +01:00
Harry Maclean	6f3e2cdde3	Ruby: Add change note	2023-08-09 15:01:40 +01:00
Harry Maclean	c0baa5116f	Ruby: add test for example splat arg/param matches	2023-08-09 15:01:40 +01:00
Harry Maclean	72356d1515	Ruby: track flow from *args to positional params ... This models flow in the following case: def foo(x, y) sink x # 1 sink y # 2 end args = [source 1, source 2] foo(*args) We do this by introducing a SynthSplatParameterNode which accepts content from the splat argument, if one is given at the callsite. From this node we add read steps to each positional parameter.	2023-08-09 15:01:40 +01:00
erik-krogh	92db7b047c	escape unicode chars in the output for the ReDoS queries	2023-08-08 00:15:54 +02:00
github-actions[bot]	79c90fa36a	Release preparation for version 2.14.2	2023-08-07 18:08:52 +00:00
Jeroen Ketema	8b6a7985db	Refactor the traint-tracking library to follow the dataflow library refactoring	2023-08-07 15:23:15 +02:00
Jeroen Ketema	5d2984b7a5	Merge branch 'main' into shared-taint-tracking	2023-08-07 15:22:29 +02:00
Tom Hvitved	db88b7da88	Ruby: Adjust to data flow refactor	2023-08-07 11:35:21 +02:00
Jeroen Ketema	747cd1745a	Update all languages to use the shared taint-tracking library	2023-08-04 22:53:25 +02:00
Mathias Vorreiter Pedersen	abe3a816ce	Merge pull request #13851 from MathiasVP/sink-without-states ... DataFlow: Support stateless `isSink` in `StateConfigSig`s	2023-08-04 18:01:42 +02:00
Tom Hvitved	e011480114	Merge pull request #13509 from hvitved/cfg-pack ... Convert shared CFG construction library to a parameterized module	2023-08-03 14:11:56 +02:00
Tom Hvitved	2ac646770e	Merge `ControlFlowTreeBase` and `AstNode`	2023-08-03 10:59:26 +02:00
Tom Hvitved	525ed65b0b	Rename `getNode` to `getAstNode`	2023-08-03 10:56:50 +02:00
Asger F	c38cbe859d	Merge pull request #13737 from asgerf/dynamic/fuzzy-models ... Dynamic: add Fuzzy token	2023-08-03 09:58:24 +02:00
Tom Hvitved	2f3e52646c	Add class wrappers around `newtype` in `Cfg.qll`	2023-08-03 09:39:30 +02:00
Tom Hvitved	5d69e14cc1	Rename `ControlFlowElement` to `AstNode`	2023-08-03 09:39:30 +02:00
Tom Hvitved	1988397f93	Make shared CFG construction library a parameterized module	2023-08-03 09:39:30 +02:00
Mathias Vorreiter Pedersen	3007fdab5e	Sync identical files.	2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen	7bc8bf616f	Merge pull request #13863 from aschackmull/dataflow/pack4 ... Dataflow: Move the shared library to a properly shared qlpack.	2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen	73d4b126cf	Ruby: Adjust to use the qlpack data-flow api.	2023-08-01 14:02:33 +02:00
Alex Ford	af854749d7	Ruby: update Ldapinjection test output	2023-07-31 16:08:15 +01:00
Alex Ford	f437a6f729	Merge branch 'main' into maikypedia/ldap-injection	2023-07-31 16:00:41 +01:00