codeql

Граф коммитов

Автор	SHA1	Сообщение	Дата
Alex Ford	558238a9be	Ruby: update TaintStep test output	2023-07-31 16:00:27 +01:00
Alex Ford	f272b0786a	Ruby: fix qldoc typo	2023-07-31 14:58:05 +01:00
Alex Ford	7f82aba7d4	qlformat	2023-07-31 14:57:14 +01:00
Alex Ford	2240e4bffb	Ruby: fix changenote date format	2023-07-31 14:56:53 +01:00
Maiky	2d88ac1846	Suggested Changes	2023-07-27 23:40:52 +02:00
Maiky	f5e17d7d39	Add additional Filter Methods	2023-07-27 23:04:55 +02:00
Owen Mansel-Chan	9b2b58a823	Sync files	2023-07-26 21:48:10 +01:00
github-actions[bot]	f91b7a9342	Post-release preparation for codeql-cli-2.14.1	2023-07-21 16:16:25 +00:00
github-actions[bot]	c936a920b0	Release preparation for version 2.14.1	2023-07-20 16:32:27 +00:00
Anders Schack-Mulligen	e72a0b2f8c	Dataflow: Add change notes.	2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen	ae24d68b5d	C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output.	2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen	95d17045c9	Dataflow: Sync.	2023-07-19 11:41:15 +02:00
Alex Ford	27ee72c265	Merge remote-tracking branch 'origin/main' into rb/rack-env-query-string	2023-07-17 14:11:25 +01:00
Alex Ford	06aefe01b8	Update ruby/ql/lib/codeql/ruby/frameworks/rack/internal/App.qll Co-authored-by: Asger F <asgerf@github.com>	2023-07-17 14:08:44 +01:00
Alex Ford	ab1f341aa6	Merge pull request #13566 from alexrford/rb/rack-params Ruby: add `Rack::Request` params and cookies as remote input sources	2023-07-17 14:07:20 +01:00
Maiky	3f36d3244b	Fix singleton set literal	2023-07-15 00:18:21 +02:00
Alex Ford	bdf1aa0807	Merge pull request #13746 from asgerf/rb/fix-rack-todo Ruby: Use API graphs asCallable() instead of Proc.new workaround	2023-07-14 16:29:00 +01:00
Alex Ford	d89c10dd85	Merge pull request #13130 from maikypedia/maikypedia/xpath-injection Ruby : XPath Injection Query (CWE-643)	2023-07-14 14:10:09 +01:00
Asger F	2962727f0f	Ruby: Use API graphs asCallable() instead of Proc.new workaround	2023-07-14 13:50:07 +02:00
Alex Ford	dbb55ff2b4	Ruby: fix xpathinjection deprecation warnings	2023-07-14 12:45:27 +01:00
Alex Ford	a524735236	Merge branch 'main' into maikypedia/ldap-injection	2023-07-14 12:05:17 +01:00
Alex Ford	c0009379d1	qlformat	2023-07-14 12:04:03 +01:00
Asger F	31bed36231	Merge pull request #13612 from asgerf/rb/api-graph-explicit-proc-lambda Ruby: Improve support for explicit proc-creation	2023-07-14 13:02:44 +02:00
Anders Schack-Mulligen	80a799df01	Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix Dataflow: Fix forceHighPrecision for length-2 prefixes.	2023-07-14 11:42:35 +02:00
Asger F	f1c82b650f	Ruby: Implement Fuzzy for Ruby	2023-07-13 15:42:34 +02:00
Asger F	919cb07c1e	Sync ApiGraphModels.qll	2023-07-13 15:42:33 +02:00
Asger F	18762db0fb	Ruby: factor out isProcCreationCall	2023-07-13 11:53:16 +02:00
Asger F	8d2dba18c0	Ruby: change note	2023-07-13 11:53:16 +02:00
Asger F	f232669ea5	Ruby: support Proc.new alongside 'proc' and 'lambda'	2023-07-13 11:53:16 +02:00
Asger F	194fe85442	Ruby: Use asCallable() to generate epsilon edges	2023-07-13 11:53:16 +02:00
Asger F	452fbe7e8f	Ruby: add test showing lack of lambda handling	2023-07-13 11:53:16 +02:00
Anders Schack-Mulligen	91de43f918	C#/Java/Ruby: Remove superfluous module members.	2023-07-13 11:38:35 +02:00
Anders Schack-Mulligen	837df2ad37	Dataflow: Sync.	2023-07-13 10:55:39 +02:00
Maiky	119a32fe0e	fix naming error	2023-07-12 23:54:58 +02:00
Maiky	db0f38fe06	Update XpathInjectionQuery.qll	2023-07-12 23:46:47 +02:00
Ed Minnix	63299688d5	Add change notes for default implementations of isBarrier and isAdditionalFlowStep	2023-07-12 15:21:16 -04:00
Ed Minnix	94638c9997	Ruby: Add default implementation of StateConfigSig::isAdditionalFlowStep/4	2023-07-12 15:06:25 -04:00
Ed Minnix	8a7081753d	Ruby: Add default implementation of StateConfigSig::isBarrier/2	2023-07-12 15:06:25 -04:00
Maiky	1559b7da3c	Update Frameworks.qll	2023-07-12 17:45:45 +02:00
Maiky	c255f8717d	Change `hasFlowPath` to `flowPath` Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-07-11 19:20:54 +02:00
Maiky	c4f72dd2f2	Change make to global Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>	2023-07-11 19:20:34 +02:00
Mathias Vorreiter Pedersen	a4c0063ab1	Merge pull request #13679 from MathiasVP/speedup-big-step DataFlow: Speed up the big step relation	2023-07-11 09:44:17 +01:00
Asger F	d88f557dbe	Merge pull request #13683 from asgerf/rb/api-graph-noobject Ruby: exclude Object class from API graph	2023-07-10 12:51:15 +02:00
Mathias Vorreiter Pedersen	44f23bfa59	Merge pull request #13690 from github/post-release-prep/codeql-cli-2.14.0 Post-release preparation for codeql-cli-2.14.0	2023-07-07 23:39:38 +01:00
github-actions[bot]	13cf054a9d	Post-release preparation for codeql-cli-2.14.0	2023-07-07 14:55:41 +00:00
Asger F	b14cac6b28	Merge pull request #12689 from asgerf/rb/perf-diagnostics Ruby: performance diagnostics query	2023-07-07 14:25:56 +02:00
github-actions[bot]	6484ee106e	Release preparation for version 2.14.0	2023-07-07 08:22:14 +00:00
Asger F	d8604ff390	Ruby: exclude Object class from API graph	2023-07-07 09:49:21 +02:00
Asger F	86b5f0adc7	Revert "Merge pull request #13620 from github/revert-13496-rb/tracking-on-demand" This reverts commit `133de56ac2`, reversing changes made to `28a8e48351`.	2023-07-07 09:42:34 +02:00
Dave Bartolomeo	9631e9f2f1	Bump minor version numbers post-GHES	2023-07-06 10:10:01 -04:00
Dave Bartolomeo	2bb9adfbf1	Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10	2023-07-06 10:00:46 -04:00
Erik Krogh Kristensen	b2a60bf3d1	Merge pull request #13642 from erik-krogh/san-script JS/RB: Fix FP in incomplete-multi-character-sanitization	2023-07-06 15:38:39 +02:00
Mathias Vorreiter Pedersen	83d0dec0fb	DataFlow: Sync identical files.	2023-07-06 14:00:00 +01:00
Asger F	59c72836d3	Ruby: fix typo	2023-07-06 14:57:24 +02:00
Asger F	db58d32f7a	Ruby: Add a query ID	2023-07-06 14:57:24 +02:00
Asger F	d123e5ba63	Ruby: add performance diagnostic query	2023-07-06 14:57:24 +02:00
Maiky	a3c58c66e9	Using `DataFlow::ConfigSig` instead of `TaintTracking::Configuration`	2023-07-06 03:14:49 +02:00
Maiky	25814f76b9	Apply suggested changes	2023-07-06 02:20:42 +02:00
Alex Ford	08784d24b4	Ruby: rack - add tests for env['QUERY_STRING']	2023-07-05 15:49:00 +01:00
Alex Ford	ec2c9f20f6	Ruby: rack - env['QUERY_STRING'] changenote	2023-07-05 15:46:56 +01:00
Alex Ford	2b0b2855e1	Ruby: rack - Rack::Response changenote	2023-07-05 15:15:34 +01:00
Alex Ford	df62cf8a5a	qlformat	2023-07-05 12:19:57 +01:00
Alex Ford	082f26bcb1	Ruby: update TaintStep.ql output	2023-07-05 12:19:55 +01:00
Alex Ford	9a263e12ec	Ruby: rack - add some qldoc	2023-07-05 12:18:52 +01:00
Alex Ford	bf25b07c17	Ruby: rack - request input tests	2023-07-05 12:18:52 +01:00
Alex Ford	175d524146	Ruby: rack - add Rack#Utils.parse_query summary	2023-07-05 12:18:52 +01:00
Alex Ford	cc6f6418f5	Ruby: rack - start modelling request inputs	2023-07-05 12:18:52 +01:00
Alex Ford	9b2cd768e1	Ruby: rack - add env['QUERY_STRING'] as an http request input	2023-07-05 11:59:18 +01:00
Alex Ford	5fafd9ecc1	Merge branch 'main' into rb/rack-extend-app-and-resp	2023-07-04 11:43:30 +01:00
Michael Nebel	238f390738	Merge pull request #13452 from michaelnebel/refactorstackprinting Re-factor printing of summary component stacks.	2023-07-04 08:29:10 +02:00
Michael Nebel	243c592447	Address review comments.	2023-07-03 17:01:08 +02:00
Michael Nebel	e06bc8fd8d	Ruby: Use serialize to for the string representation of ConstantValue.	2023-07-03 14:36:07 +02:00
Michael Nebel	bddd22f522	Sync files and make language specific adjustments.	2023-07-03 14:36:07 +02:00
Michael Nebel	0665f4f004	Ruby: Update TaintStep expected test output.	2023-07-03 14:36:06 +02:00
Michael Nebel	6aded7b461	Ruby: Improve AccessPath printing.	2023-07-03 14:36:06 +02:00
Michael Nebel	c18f4b1604	Sync files and make language specific rename.	2023-07-03 14:36:06 +02:00
erik-krogh	8c871621f1	sync to ruby	2023-07-01 20:33:02 +02:00
Chuan-kai Lin	ce464a7d69	Remove pragma[assume_small_delta]	2023-06-30 11:09:29 -07:00
Alex Ford	9d36ab9204	Merge pull request #13606 from alexrford/rb/sqlite3-getSql Ruby: fix sqlite3 `PreparedStatementExecution.getSql()` predicate	2023-06-30 12:18:46 +01:00
github-actions[bot]	668aaa2dc8	Post-release preparation for codeql-cli-2.13.5	2023-06-30 08:51:48 +00:00
Asger F	5d1a437e9c	Revert "Ruby: overhaul API graphs"	2023-06-29 15:39:19 +02:00
github-actions[bot]	9d7987f822	Release preparation for version 2.13.5	2023-06-29 09:26:18 +00:00
Tom Hvitved	9a26fc3178	Merge pull request #13573 from hvitved/ruby/inline-late-members Ruby/Python: Use `inline_late` on member predicates	2023-06-29 09:07:14 +02:00
Alex Ford	ede6b262cd	Ruby: fix sqlite3 PreparedStatementExecution.getSql() predicate	2023-06-28 17:09:43 +01:00
Asger F	f0517028b9	Merge pull request #13496 from asgerf/rb/tracking-on-demand Ruby: overhaul API graphs	2023-06-28 15:01:37 +02:00
Asger F	39789d4050	Ruby: use a valid change note category	2023-06-28 13:42:05 +02:00
Asger F	2f1223426a	Ruby: add change note	2023-06-28 13:36:47 +02:00
Asger F	7af3d226c9	Ruby: simplify Twirp model	2023-06-28 13:20:59 +02:00
Asger F	129e6349f7	Ruby: expand Twirp test	2023-06-28 13:20:59 +02:00
Asger F	423da55fb9	Ruby: use asCallable() in Twirp model	2023-06-28 13:20:59 +02:00
Asger F	dd868437ce	Ruby: add asCallable()	2023-06-28 13:20:59 +02:00
Asger F	6feda75dd6	Ruby: preserve comment in SQLite3	2023-06-28 13:20:58 +02:00
Asger F	f171c21002	Ruby: remove forwarder for getADescendentModule	2023-06-28 13:20:58 +02:00
Asger F	67032b5d73	Ruby: add test for self.class call	2023-06-28 13:20:58 +02:00
Asger F	174ab25867	Ruby: address some review comments	2023-06-28 13:20:58 +02:00
Tom Hvitved	fa92e79bea	Ruby/Python: Use `inline_late` on member predicates	2023-06-28 09:04:06 +02:00
Kasper Svendsen	41c071ff74	Ruby: Enable implicit this warnings for remaining packs	2023-06-27 12:07:05 +02:00
Alex Ford	9cf165ac55	Ruby: rack - update a deprecation notice	2023-06-26 15:37:34 +01:00
Alex Ford	8fdc48753c	Ruby: rack - replace RackApplication with just the rack RequestHandler	2023-06-26 15:36:37 +01:00
Asger F	f6e244995a	Update ruby/ql/lib/codeql/ruby/ApiGraphs.qll Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-06-26 15:32:11 +02:00

1 2 3 4 5 ...

3741 Коммитов