Chris Smowton
|
910a1f872d
|
Adjust opt-in required to use string-manipulation functions in Kotlin <= 1.5
|
2022-12-06 18:35:04 +00:00 |
|
Chris Smowton
|
540a2a623e
|
Don't create stub trap files for anonymous or local classes, or unexpected kinds of top-level declaration
|
2022-12-06 18:35:04 +00:00 |
|
Chris Smowton
|
08e3431107
|
Also stub class files relating to file classes and top-level declarations
|
2022-12-06 18:35:04 +00:00 |
|
Chris Smowton
|
748637c2d8
|
Tidy and use version 0 for classes extracted from source
|
2022-12-06 18:35:03 +00:00 |
|
Chris Smowton
|
e34d72aee9
|
Kotlin: stub trap .class files when extracting a class from Kotlin source
|
2022-12-06 18:35:03 +00:00 |
|
Ethan Willoner
|
64f58061b7
|
Rename 2022-12-05-owin-uri-fix.md. to 2022-12-05-owin-uri-fix.md
|
2022-12-06 09:13:28 -08:00 |
|
Ethan Willoner
|
574d6d6119
|
Fix comment.
Co-authored-by: Tom Hvitved <hvitved@github.com>
|
2022-12-06 09:10:22 -08:00 |
|
Jeroen Ketema
|
b5147bbfb0
|
C++: Deprecate DefaultTaintTracking and TaintTrackingImpl
|
2022-12-06 17:45:16 +01:00 |
|
Owen Mansel-Chan
|
4789431d6e
|
Add change note
|
2022-12-06 16:25:50 +00:00 |
|
Owen Mansel-Chan
|
d588ee375b
|
Fix mayHaveSideEffects for ReturnStmt
The previous code only worked when the return statement
only has one returned expression.
|
2022-12-06 15:07:45 +00:00 |
|
Mathias Vorreiter Pedersen
|
2c500142c7
|
Merge pull request #11435 from jketema/rewrite-tainted-path
C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`
|
2022-12-06 14:54:57 +00:00 |
|
ALJI Mohamed
|
2801b8495a
|
A fix of the tag name
|
2022-12-06 14:50:47 +01:00 |
|
retanoj
|
b0c86d8e51
|
change string match to regex match
|
2022-12-06 21:50:09 +08:00 |
|
ALJI Mohamed
|
4896e62117
|
Use of more generic terms
|
2022-12-06 14:44:52 +01:00 |
|
Sim4n6
|
58570b4d2c
|
Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
|
2022-12-06 14:40:48 +01:00 |
|
Sim4n6
|
9a60202de6
|
Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
|
2022-12-06 14:40:35 +01:00 |
|
Sim4n6
|
c22c0b5029
|
Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
|
2022-12-06 14:39:16 +01:00 |
|
Mathias Vorreiter Pedersen
|
e71fbb1def
|
Merge pull request #11541 from MathiasVP/add-node0
C++: Introduce a pre-SSA `DataFlow::Node` class
|
2022-12-06 13:28:39 +00:00 |
|
Michael Nebel
|
8e4190d84a
|
Merge pull request #11516 from michaelnebel/java/externalflowcleanup
Java: Cleanup imports of `ExternalFlow`
|
2022-12-06 14:26:39 +01:00 |
|
erik-krogh
|
8f0c0f3c17
|
add support for super calls to Kernel
|
2022-12-06 14:25:51 +01:00 |
|
erik-krogh
|
0e9cd1e4b5
|
factor out methodName to a field in KernelMethodCall
|
2022-12-06 14:23:46 +01:00 |
|
erik-krogh
|
e24f041661
|
drive-by: use instanceof KernelMethodCall such that override getAnArgument cannot be mistaken for a method in CallNode
|
2022-12-06 14:21:48 +01:00 |
|
erik-krogh
|
5849b2c98a
|
drive-by: simplify the imports in PathInjection.ql
|
2022-12-06 14:09:39 +01:00 |
|
erik-krogh
|
66946ebf6a
|
add Kernel methods as sinks to path-injection
|
2022-12-06 14:09:15 +01:00 |
|
Anders Schack-Mulligen
|
b579e2e7ed
|
Merge pull request #11493 from aschackmull/java/scc-equivrel
Java: Replace ad-hoc SCC reduction with union-find.
|
2022-12-06 14:02:46 +01:00 |
|
ALJI Mohamed
|
a5849eb9b0
|
Improved the additional taint step using InstanceSource
|
2022-12-06 14:00:08 +01:00 |
|
Michael Nebel
|
27efb0d843
|
C#: Rename -> for .
|
2022-12-06 13:53:50 +01:00 |
|
Erik Krogh Kristensen
|
be168901d6
|
Merge pull request #11085 from dbartol/dbartol/ql-for-ql-latest
Use latest released bundle for QL-for-QL
|
2022-12-06 12:43:53 +01:00 |
|
retanoj
|
2bbd37f9ab
|
change code snippet to or condition
|
2022-12-06 19:27:29 +08:00 |
|
Michael Nebel
|
29ccac8e93
|
C#: Address review comments.
|
2022-12-06 12:05:48 +01:00 |
|
Mathias Vorreiter Pedersen
|
3eea3b2f45
|
Merge pull request #11446 from atorralba/atorralba/swift/path-injection
Swift: Add path injection query
|
2022-12-06 11:03:26 +00:00 |
|
Michael Nebel
|
6b35098fb7
|
C#: Replace more uses of getQualifiedName/0.
|
2022-12-06 11:59:13 +01:00 |
|
Michael Nebel
|
0a3295ef3f
|
C#: Address review comments.
|
2022-12-06 11:59:13 +01:00 |
|
Michael Nebel
|
ae4f4d6df4
|
C#: Add change note about deprecation of hasQualifiedName/1.
|
2022-12-06 11:59:13 +01:00 |
|
Michael Nebel
|
f7a1a4a9b7
|
C#: Add some missing this qualifiers.
|
2022-12-06 11:59:13 +01:00 |
|
Michael Nebel
|
38e906f854
|
C#: Use hasQualifiedName instead of getQualifiedName.
|
2022-12-06 11:59:13 +01:00 |
|
Michael Nebel
|
c24302bec2
|
C#: Replace all uses of the deprecated hasQualifiedName/1 predicate.
|
2022-12-06 11:59:12 +01:00 |
|
Michael Nebel
|
315a3a5ed3
|
C#: Add hasQualifiedName/3 including overrides where relevant and re-write some of the existing hasQualifiedName/2 predicates.
|
2022-12-06 11:59:12 +01:00 |
|
Michael Nebel
|
38565407c5
|
C#: Add small module with relevant printing predicates.
|
2022-12-06 11:59:12 +01:00 |
|
Michael Nebel
|
86c021ef7e
|
C#: Deprecate hasQualifiedName/1.
|
2022-12-06 11:59:12 +01:00 |
|
retanoj
|
de652e1e27
|
expected
|
2022-12-06 18:09:48 +08:00 |
|
Chris Smowton
|
3b5b121aeb
|
Merge pull request #11553 from smowton/smowton/fix/kotlin-synthetic-noarg-constructor
Kotlin: Extract a no-arg constuctor whenever a Kotlin class has default values for all parameters
|
2022-12-06 10:07:31 +00:00 |
|
retanoj
|
fb8559f03a
|
tiny fix function name
|
2022-12-06 18:03:00 +08:00 |
|
Anders Schack-Mulligen
|
f0ac59be25
|
Merge pull request #11521 from aschackmull/shared/typetracking
Shared: Add a qlpack with a parameterized module defining type-trackers.
|
2022-12-06 10:56:44 +01:00 |
|
Anders Schack-Mulligen
|
1b77f50fd7
|
Shared: Address review comments.
|
2022-12-06 10:42:16 +01:00 |
|
Michael Nebel
|
4e93429026
|
Merge pull request #11577 from michaelnebel/java/enablemodeldifferenceworkflow
Java: Add Model Difference workflow on model generator changes.
|
2022-12-06 10:35:52 +01:00 |
|
retanoj
|
82d0551215
|
Merge branch 'main' into MybatisSqli
|
2022-12-06 17:19:30 +08:00 |
|
retanoj
|
d2140eb4b1
|
MyBatisAnnotationSqlInjection no @Param case
|
2022-12-06 17:07:49 +08:00 |
|
Michael Nebel
|
204766b967
|
Java: Adjust generated model paths in Model difference workflow.
|
2022-12-06 09:53:39 +01:00 |
|
Tom Hvitved
|
b5e2e1e469
|
Merge pull request #11564 from hvitved/dataflow/parameter-position-consistency-checks
Data flow: Add consistency checks for parameter positions
|
2022-12-06 09:33:36 +01:00 |
|