Alvaro Muñoz
c10087b9a3
Merge branch 'restify_improvements' of https://github.com/pwntester/codeql into restify_improvements
2022-10-19 22:18:29 +02:00
Alvaro Muñoz
009403b61e
Add QLDoc for FormatterSetup.getAFormatterHandler
2022-10-19 22:18:13 +02:00
Alvaro Muñoz
2ad5a70cf1
Merge branch 'main' into restify_improvements
2022-10-19 21:57:37 +02:00
Erik Krogh Kristensen
534574f4d9
Merge pull request #10764 from pwntester/javascript_xss_improvements
...
JS: Consider other XSS unsafe content-types when reasoning about XSS vulnerabilities
2022-10-19 21:53:24 +02:00
Geoffrey White
5b1e138300
Swift: Another qhelp edit.
2022-10-19 20:49:26 +01:00
Geoffrey White
495f744cd3
Swift: Attempt to address qhelp suggestions.
2022-10-19 20:44:27 +01:00
Geoffrey White
05d9c7b892
Swift: More 'an SQL' -> 'a SQL'.
2022-10-19 19:44:59 +01:00
Geoffrey White
83dc6d1564
Apply suggestions from code review
...
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com >
2022-10-19 19:42:35 +01:00
Ian Lynagh
74a4061508
Kotlin: Refactor PSI handling
...
We were giving warnings about comments, when we were actually trying to
populate numlines.
2022-10-19 18:02:24 +01:00
Alvaro Muñoz
245be44eac
Merge branch 'main' into javascript_xss_improvements
2022-10-19 18:18:19 +02:00
Alvaro Muñoz
976dd7f99f
Fix format errors
2022-10-19 18:14:25 +02:00
dependabot[bot]
c3693f1a20
Swift: bump actions/setup-python from 3 to 4
...
Also fixes python version with a `.pythonversion` file.
Bumps [actions/setup-python](https://github.com/actions/setup-python ) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases )
- [Commits](https://github.com/actions/setup-python/compare/v3...v4 )
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com >
2022-10-19 18:10:42 +02:00
Chris Smowton
c6b62c934b
Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes
...
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
2022-10-19 16:48:28 +01:00
Tony Torralba
c2a2d6b379
Fix LaunchOptionsUrlVarDecl
...
Update test expectations
2022-10-19 17:42:28 +02:00
Jami Cogswell
b7f360647e
rename change note
2022-10-19 11:37:42 -04:00
Alvaro Muñoz
31d271b8e1
Fix format errors
2022-10-19 17:32:34 +02:00
Henry Mercer
6a12d676b8
Merge pull request #10878 from jsoref/spelling-ml
...
Spelling ml
2022-10-19 16:28:06 +01:00
Paolo Tranquilli
6426b8dc7e
Merge pull request #10891 from github/alexdenisov/xcode-autobuilder-tests
...
Swift: add Xcode autobuilder tests
2022-10-19 17:19:21 +02:00
ALJI Mohamed
9163cbec09
Restrict the reach for an additional taint step
2022-10-19 16:08:49 +01:00
Jami Cogswell
e5982f19fa
minor updates
2022-10-19 11:05:40 -04:00
ALJI Mohamed
25a7fcffc0
Add an additional taint step
2022-10-19 16:01:34 +01:00
Tony Torralba
0678b06a9b
Apply review suggestions
2022-10-19 16:58:43 +02:00
Chris Smowton
4da480ecc0
Accept test changes resulting from correctly mapping extension methods' default proxies
2022-10-19 15:56:17 +01:00
Tony Torralba
e2c9240973
Add a new Custom URL Scheme source
...
Also adds a couple of data flow steps to model flow through `?` expressions.
2022-10-19 16:55:14 +02:00
Chris Smowton
14b8892ced
Don't create interface forwarders for other interfaces, and target super accesses correctly
...
Intermediate interfaces don't need interface forwarders, since the Kotlin compiler won't try to make them non-abstract by synthesising methods.
Super references should always target an immediate superclass, not the ancestor containing the intended implementation.
2022-10-19 15:37:06 +01:00
Alex Denisov
bb31ff7aef
Swift: drop redundant workflow
2022-10-19 16:36:45 +02:00
Alex Denisov
7790abce22
Swift: better CI names
2022-10-19 16:31:27 +02:00
Tony Torralba
25241276b0
Add change note
2022-10-19 16:29:36 +02:00
Alex Denisov
f6cfeab357
Swift: add Xcode autobuilder to CI
2022-10-19 16:29:08 +02:00
Tony Torralba
429bd5fbd8
Add flow summaries for startActivities
...
Uses SyntheticCallables and SyntheticGlobals to pair each startActivities call to getIntent calls in the components targeted by the intent(s).
2022-10-19 16:25:04 +02:00
Alex Denisov
95b7e8abb5
Swift: make xcode-autobuilder tester work with several tests
2022-10-19 16:20:32 +02:00
Ian Lynagh
71b649558b
Merge pull request #10648 from igfoo/igfoo/lockless
...
Kotlin: Implement lockless TRAP writing
2022-10-19 15:04:19 +01:00
Alex Denisov
e51485595c
Swift: introduce xcode-autobuilder tests
2022-10-19 16:04:07 +02:00
Erik Krogh Kristensen
8086d37cfc
Merge pull request #10840 from erik-krogh/html_safe
...
RB: simplify html_safe modeling
2022-10-19 15:02:21 +02:00
ALJI Mohamed
d6fa745279
Add TarSlip Improv query
2022-10-19 14:01:40 +01:00
Tamas Vajk
3e476f96bd
Kotlin: Exclude captured variables from constant loop condition check
2022-10-19 15:01:17 +02:00
Jami Cogswell
961e5c72a3
minor updates
2022-10-19 08:44:35 -04:00
Tamas Vajk
0bc57410a0
Kotlin: Add FP test case for constant loop condition
2022-10-19 14:19:49 +02:00
Ian Lynagh
24a84875ad
Merge pull request #10879 from jsoref/spelling-kotlin
...
Spelling kotlin
2022-10-19 12:26:52 +01:00
erik-krogh
3dd89bb7bf
remove duplicate alerts due to multiple states reaching the same sink
2022-10-19 13:19:18 +02:00
Tom Hvitved
9e5d9f897f
Merge pull request #10824 from jsoref/spelling-csharp
...
Spelling csharp
2022-10-19 13:16:02 +02:00
Ian Lynagh
83a3ae64c4
Kotlin: Accept test changes
2022-10-19 12:14:39 +01:00
Ian Lynagh
c9cf33dd20
Kotlin: Nest TRAP files inside their basename
2022-10-19 12:14:39 +01:00
Ian Lynagh
dff1cf4c48
Kotlin: Don't write TRAP files that are already out-of-date
2022-10-19 12:14:38 +01:00
Ian Lynagh
e6e0fe0cd4
Kotlin: Tweak custom_plugin/diagnostics test
2022-10-19 12:14:38 +01:00
Ian Lynagh
b251078976
Kotlin: Implement lockless TRAP writing
...
Rather than using lock files and rewriting TRAP file, and storing the
metadata in a .metadata file, we now encode the metadata in the filename
and rename all but the newest TRAP file so that the importer doesn't
see them.
So we might end up with e.g.
Text.members#0.0-1664381081060-java.trap.gz
Text.members#55.0-1658481279000-java.trap-old.gz
Text.members#55.0-1664381081060-java.trap-old.gz
For now, you can go back to the old system by setting
CODEQL_EXTRACTOR_JAVA_TRAP_LOCKING=true
in the environment.
2022-10-19 12:14:38 +01:00
erik-krogh
226bd1f321
add flow-state support to sanitizers in code-execution, and use that to refactor the string-concatenation-sanitizer
2022-10-19 13:06:54 +02:00
erik-krogh
3e51f6fa8e
use flow-states to remove FPs related to an attacker only controlling a substring in code-injection
2022-10-19 13:00:44 +02:00
Erik Krogh Kristensen
caaee26ae5
Merge pull request #10880 from jsoref/spelling-ql
...
Spelling ql
2022-10-19 12:38:48 +02:00
erik-krogh
2a72e89090
add a runsImmediately predicate to CodeExecution (name chosen by Copilot)
2022-10-19 12:30:47 +02:00