3994 Commits

Author	SHA1	Message	Date
Tamas Vajk	5004a5fb60	Fix failing external model tests	2022-09-02 16:12:22 +02:00
Tamas Vajk	9fad42b25d	Kotlin: Add manual model for Array.withIndex	2022-09-02 16:12:21 +02:00
Tamas Vajk	a144fa06dc	Kotlin: Add generated MaD for stdlib	2022-09-02 16:12:21 +02:00
Tamas Vajk	57d861337b	Kotlin: Add dataflow tests for stdlib calls	2022-09-02 16:12:21 +02:00
Tamas Vajk	71cce9cf28	Kotlin: Extract error expression for enumValues<T> calls	2022-09-02 15:42:05 +02:00
Tamas Vajk	fd0d2ad767	Kotlin: Add test for enumValues call with type parameter	2022-09-02 15:40:03 +02:00
Ian Lynagh	07b3b15528	Merge pull request #10221 from tamasvajk/kotlin-internal ... Kotlin: Change `Modifiable::isPublic` to not cover Kotlin `internal` members	2022-09-02 11:51:56 +01:00
Tamas Vajk	c77f573a8e	Kotlin: fix doc comment extraction for local functions	2022-09-02 10:47:08 +02:00
Tamas Vajk	46c52aeaae	Kotlin: Add test for doc comment on local functions	2022-09-02 10:45:08 +02:00
Tamas Vajk	e66d2dddb6	Fix review findings	2022-09-01 14:07:27 +02:00
Tamas Vajk	a5415c9c8a	Kotlin: Fix array indexer extraction	2022-09-01 11:12:14 +02:00
Tamas Vajk	afeea64078	Kotlin: Add test case for overloaded array get	2022-09-01 11:09:44 +02:00
Tony Torralba	bee4e4b40a	Add new AlarmManager sinks	2022-09-01 09:47:58 +02:00
Tamás Vajk	bf7437fd2e	Merge pull request #10224 from tamasvajk/kotlin-comment-fixes ... Kotlin: Fix issues in comment extraction	2022-08-31 14:22:09 +02:00
Michael Nebel	1cb6d78d35	Merge pull request #10170 from michaelnebel/java/models-io ... Java: Update models for commons-io and add negative models.	2022-08-31 11:05:09 +02:00
Tony Torralba	2ec53bf78c	Merge pull request #9873 from luchua-bc/java/permissive-dot-regex ... Java: CWE-625 Query to detect regex dot bypass	2022-08-31 10:24:18 +02:00
luchua-bc	e2e87980cc	Move pattern check to MatchRegexConfiguration::isSink	2022-08-30 22:48:12 +00:00
Tamas Vajk	9ced14672d	Kotlin: Assign container class as the owner of init block comments	2022-08-30 15:37:55 +02:00
Tamas Vajk	d9b3726ee8	Kotlin: Add test case for doc comment on init block	2022-08-30 15:37:00 +02:00
Tamas Vajk	3513bb8eed	Kotlin: Change Modifiable::isPublic to not cover Kotlin internal members	2022-08-30 14:37:27 +02:00
Tamas Vajk	d9086e6328	Kotlin: Add test case for internal member accessed from java	2022-08-30 14:26:12 +02:00
Tony Torralba	1f83c5833b	Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint ... Java: Add additional taint steps for java.lang.String methods	2022-08-30 12:24:37 +02:00
Anders Schack-Mulligen	e26a7fc4f3	Merge pull request #10173 from zbazztian/spring-crudrepository ... Java: Add data flow model for Spring's CrudRepository.save() method	2022-08-29 15:00:07 +02:00
Michael Nebel	dbfd16647b	Java: Add negative model CSV validation test.	2022-08-29 14:29:32 +02:00
Tamás Vajk	4f5c06fed7	Merge pull request #10169 from tamasvajk/kotlin-array-iterator ... Kotlin: fix array iterator extraction	2022-08-26 08:33:52 +02:00
Erik Krogh Kristensen	06afe9c0f4	Merge pull request #9816 from erik-krogh/msgConsis ... Make alert messages consistent across languages	2022-08-25 15:20:01 +02:00
Sebastian Bauersfeld	a486a89cee	Java: Taint flow through org.springframework.data.repository.CrudRepository.save().	2022-08-25 17:58:24 +07:00
erik-krogh	c7aa58252a	change "does not seem to check" to "does not check" in unchecked-cast-in-equals queries	2022-08-25 12:31:58 +02:00
Ian Lynagh	bf6d9f8c23	Merge pull request #10161 from igfoo/igfoo/exec ... Make a load of files non-executable	2022-08-25 10:05:39 +01:00
Tamas Vajk	15305fd9bb	Kotlin: Fix iterator extraction of IntArray, BooleanArray, ...	2022-08-25 11:05:17 +02:00
Tamas Vajk	7196fdd475	Kotlin: fix array iterator extraction to work outside of for loops	2022-08-25 09:23:34 +02:00
Tamas Vajk	af2614be84	Kotlin: Add array iterator tests	2022-08-25 09:17:50 +02:00
Ian Lynagh	237b3670b4	Make *.xml non-executable	2022-08-24 16:53:48 +01:00
Ian Lynagh	bb73767042	Make *.java non-executable	2022-08-24 16:38:03 +01:00
Jami	b3e88f8234	Merge pull request #9983 from jcogs33/android-implicit-export ... Java: query to detect implicitly exported Android components	2022-08-24 10:52:50 -04:00
erik-krogh	1c0f2251e2	Merge branch 'main' into msgConsis	2022-08-24 14:38:57 +02:00
Michael Nebel	a412c955e7	Java: One implementation of the interface has no flow (which seems unsound and contradicting our assumptions on interface 'contracts') - this now yields a negative summary.	2022-08-24 09:58:54 +02:00
Michael Nebel	2e273f2273	C#: Re-arange the import order, such that CsvValidation follows ExternalFlow directly.	2022-08-24 09:58:54 +02:00
Michael Nebel	37976d56bc	C#/Java/Go/Swift: Move CsvValidation back into ExternalFlow.	2022-08-24 09:58:53 +02:00
Michael Nebel	4939439982	Java: Re-factor CSV Validation into standalone module.	2022-08-24 09:58:52 +02:00
Michael Nebel	120fb25702	Java: Sync files and model generator and tests.	2022-08-24 09:58:52 +02:00
Erik Krogh Kristensen	4df2e5d937	Merge pull request #10096 from erik-krogh/acronyms-part1 ... make acronyms camelcase	2022-08-24 09:33:53 +02:00
erik-krogh	27fcc90a97	Merge branch 'main' into msgConsis	2022-08-24 09:21:43 +02:00
Tamás Vajk	ecde0abc04	Merge pull request #10091 from tamasvajk/kotlin-data-class ... Kotlin: Identify data classes during extraction	2022-08-24 08:45:41 +02:00
Tony Torralba	7070c4a2d2	Add summaries for ContentResolver and adjacent classes	2022-08-23 14:12:35 +02:00
erik-krogh	1a7d3ee831	update expected output after changing queries	2022-08-23 12:35:32 +02:00
Chris Smowton	0a7350f3bf	Merge pull request #10041 from smowton/AddSensitiveApiCalls ... Java: support more libraries in hardcoded-credentials queries	2022-08-23 10:51:04 +01:00
Joe Farebrother	ac79866799	Merge pull request #9982 from joefarebrother/rsa-without-oaep ... Java: Add query for RSA without OAEP	2022-08-23 09:14:46 +01:00
Tony Torralba	a3f27d4abe	Merge pull request #10131 from atorralba/atorralba/path-steps ... Java: Add new java.nio.Path{,s} summary models	2022-08-23 09:47:34 +02:00
erik-krogh	94ec0b8a52	update expected output of tests	2022-08-23 07:19:37 +02:00