Tamás Vajk
5017b21579
Merge pull request #10617 from tamasvajk/kotlin-op-calls
...
Kotlin: extract operator expression when operator is in method call form
2022-09-30 15:19:03 +02:00
Arthur Baars
d54a3059b4
Merge pull request #10642 from github/aibaars-patch-2
...
Run QLHelp preview for all languages
2022-09-30 15:13:48 +02:00
Tom Hvitved
3ec43dbd16
Ruby: Do not attempt to track precise hash indices for floats and complex numbers
2022-09-30 14:57:50 +02:00
Tom Hvitved
dc432c7774
Sync shared files
2022-09-30 14:56:56 +02:00
Tom Hvitved
e5d884a905
Ruby: Cache predicates in ApiGraphModels::ModelOutput
2022-09-30 14:56:55 +02:00
Tom Hvitved
299339f817
Ruby: Expose relevant predicates from internal/Module.qll and make sure they are cached
2022-09-30 14:56:55 +02:00
erik-krogh
318718c428
update expected output
2022-09-30 14:51:41 +02:00
Nora Dimitrijević
28606c561d
C++: Simplify normalizeExpr
...
This has a comparable but different set of FPs as the previous version.
But arguably it's an improvement.
2022-09-30 14:35:54 +02:00
Asger F
6e1914ad01
Merge pull request #10375 from asgerf/rb/summarize-loads-v2
...
Ruby: type-tracking and API edges through simple library callables
2022-09-30 14:25:17 +02:00
Tamas Vajk
121a5645b8
Kotlin: extract operator expression when operator is in method call form
2022-09-30 13:48:53 +02:00
Tamas Vajk
0f9b6d4a8b
Kotlin: Add test cases for operators being called by name
2022-09-30 13:46:57 +02:00
erik-krogh
7098e7b102
change more queries to start with "This "
2022-09-30 13:29:18 +02:00
Nick Rolfe
ef8ec0878a
Merge pull request #10641 from github/nickrolfe/a_an
...
JS/Python/Ruby: s/a HTML/an HTML/
2022-09-30 12:17:15 +01:00
CodeQL CI
b66e5c5aee
Merge pull request #10634 from yoff/python/rewrite-typetrackers
...
Approved by tausbn
2022-09-30 03:55:35 -07:00
Nora Dimitrijević
9a94222dbe
C++: Exclude commas from SwitchStmt.getExpr()
2022-09-30 12:32:03 +02:00
Nora Dimitrijević
4938de9185
C++: Fix docstring per suggestion
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2022-09-30 12:28:18 +02:00
Mathias Vorreiter Pedersen
fa12bd3cdf
C++: Fix spelling.
2022-09-30 11:22:26 +01:00
Arthur Baars
c7b01975c1
Run QLHelp preview for all languages
2022-09-30 12:08:05 +02:00
Tamás Vajk
ee59bdab25
Merge pull request #10624 from tamasvajk/kotlin-java-fn-equivalence-remove
...
Kotlin: find java-kotlin equivalent functions by erased parameter types
2022-09-30 12:00:46 +02:00
Ian Lynagh
9be2ca2f1e
Merge pull request #10630 from igfoo/igfoo/ver0
...
Kotlin: Make newerThan symmetric
2022-09-30 10:52:42 +01:00
Nick Rolfe
ed74e0aad1
JS/Python/Ruby: s/a HTML/an HTML/
2022-09-30 10:37:52 +01:00
Mathias Vorreiter Pedersen
483ff58c39
C++: Replace the giant list of predicate parameters with a module signature.
2022-09-30 10:36:03 +01:00
Henti Smith
476960e699
Merge pull request #10625 from github/henti/ql_jobrunson
...
Added job.getRunsOn
2022-09-30 10:19:14 +01:00
Mathias Vorreiter Pedersen
b0af4cba30
C++: Fix Code Scanning alert.
2022-09-30 10:05:45 +01:00
Mathias Vorreiter Pedersen
6d5de66e6a
C++: Add QLDoc to the parameterized module components in 'Allocation.qll'.
2022-09-30 10:04:57 +01:00
Tony Torralba
585cbe2b95
Fix cartesian product
2022-09-30 10:47:22 +02:00
Erik Krogh Kristensen
06ea829537
Merge pull request #10636 from erik-krogh/fixHardcoded
...
JS: recognize another kind of dummy passwords to fix an FP in hardcoded-credentials
2022-09-30 10:42:01 +02:00
Henti Smith
074fac8f2f
Ran autoformatter on Actions.qll
2022-09-30 09:24:12 +01:00
Michael Nebel
82294c1349
Merge pull request #10622 from michaelnebel/ruby/postupdateassignexpr
...
Ruby: Postupdate notes for assignment expressions.
2022-09-30 10:00:02 +02:00
Michael Nebel
c867f2ba5b
Merge pull request #10594 from michaelnebel/csharp/postupdatenotes
...
C#: Postupdate notes for ternary expressions.
2022-09-30 09:56:21 +02:00
Harry Maclean
4a39bc8f47
Merge pull request #10598 from hmac/hmac/actioncontroller-metal
...
Ruby: Identify ActionController::Metal controllers
2022-09-30 13:07:03 +13:00
Nora Dimitrijević
c37c6a004e
Merge branch 'main' into cpp/comma-before-misleading-indentation
2022-09-30 00:28:33 +02:00
Nora Dimitrijević
818be2765e
C++: Add Change Note
2022-09-30 00:28:12 +02:00
Nora Dimitrijević
6eac4f52d9
C++: Accept Test Output
...
Some tricky FPs are preserved in there.
2022-09-30 00:13:23 +02:00
Nora Dimitrijević
a124dcf436
C++: Update QLDoc
...
Arguably warning, not just recommendation; it may be a logic error.
TODO: What CWE/CVEs should I tag this with?
2022-09-30 00:06:53 +02:00
Nora Dimitrijević
981a9798b8
C++: Update .qhelp with precision disclaimer.
2022-09-29 23:59:22 +02:00
Nora Dimitrijević
68b473377a
C++: Fix QL-on-QL Redundant Cast warning
2022-09-29 23:19:49 +02:00
Nora Dimitrijević
2a046352ce
C++: Simplify
2022-09-29 23:06:17 +02:00
erik-krogh
9f2d7dfb29
update expected output
2022-09-29 22:48:41 +02:00
Ed Minnix
2a2878fc7b
Move text into paragraph tag
2022-09-29 16:33:22 -04:00
Ed Minnix
e3c0e6f52a
Remove location link from alert message
...
Follow the style suggestion from the github-code-scanning bot and remove
provider element from alert link
2022-09-29 16:20:48 -04:00
Ed Minnix
90590429e3
Added change note for ContentProvider query
2022-09-29 16:17:52 -04:00
Robert Marsh
f17b563692
C++: handle interprocedural flows
...
This currently copy-pastes some predicates from InvalidPointerDeref.ql.
Those should be moved to a library file in a followup
2022-09-29 16:09:48 -04:00
Ed Minnix
29e34ac970
ContentProvider Incomplete Permissions Test Cases
2022-09-29 16:07:54 -04:00
erik-krogh
0a5ff1b79a
recognize another kind of dummy passwords to fix an FP in hardcoded-credentials
2022-09-29 21:25:40 +02:00
yoff
8ab5617b51
Merge pull request #10539 from yoff/python/improve-API-graphs
...
Python: add subscript to API graphs
2022-09-29 21:05:22 +02:00
Mathias Vorreiter Pedersen
2a514d60d4
C++: Add 'isBarrierIn' to prevent path duplication.
2022-09-29 19:55:58 +01:00
Mathias Vorreiter Pedersen
d12a76559a
C++: Use the new class in 'cpp/invalid-pointer-deref'.
2022-09-29 19:54:03 +01:00
Mathias Vorreiter Pedersen
a9710453f4
C++: Add class with heuristics to detect allocations.
2022-09-29 19:54:03 +01:00
Ed Minnix
f2bda1525a
Revert "Android ContentProvider.openFile does not check mode initital commit"
...
This reverts commit e37f62bb5e .
The MisconfiguedContentProviderUse.ql file provided a sample query which
will be useful in future checks for CVE-2021-41166, but is not needed
for the current manifest-focused check
2022-09-29 14:43:18 -04:00