gregxsunday
9960d11042
added RequestBody source to Beego framework
2022-10-06 13:23:56 +02:00
Geoffrey White
c6b7bb436d
C++: Make the ql-for-ql checks happy.
2022-10-06 11:25:22 +01:00
Chris Smowton
6f3c9e4403
Split up extractRawMethodAccess
2022-10-06 11:05:27 +01:00
Mathias Vorreiter Pedersen
a856bc8678
Merge pull request #10562 from rdmarsh2/rdmarsh2/cpp/field-off-by-one
...
C++: prototype for off-by-one in array-typed field
2022-10-06 11:04:12 +01:00
Tom Hvitved
48bdf13c89
Ruby: Take overrides into account for singleton methods defined on modules
2022-10-06 11:56:26 +02:00
Mathias Vorreiter Pedersen
0065a5af96
Swift: Accept path-explanation test changes.
2022-10-06 10:30:18 +01:00
Mathias Vorreiter Pedersen
1edd4d855a
Swift: Add an example with flow through a callback function.
2022-10-06 10:30:11 +01:00
Mathias Vorreiter Pedersen
197f036797
Swift: Support local MaD steps in both dataflow and taintflow.
2022-10-06 10:30:04 +01:00
Mathias Vorreiter Pedersen
9d069b32b0
Swift: Create ArgumentNodes and OutNodes for MaD.
2022-10-06 10:29:59 +01:00
Mathias Vorreiter Pedersen
0b6ea703ea
Swift: Create explicit parameter nodes for source parameters and MaD parameters.
2022-10-06 10:29:52 +01:00
Mathias Vorreiter Pedersen
bba70a70fb
Swift: Support selecting fields in Swift MaD.
2022-10-06 10:29:45 +01:00
tyage
ddc8f72ef7
accept test result Xss.qlref
2022-10-06 18:23:10 +09:00
Mathias Vorreiter Pedersen
32d0b58923
C++: Fix qhelp example.
2022-10-06 10:19:53 +01:00
Tom Hvitved
7608276397
Ruby: Add more call graph tests
2022-10-06 10:38:02 +02:00
Anders Schack-Mulligen
5b67ba2939
Merge pull request #10177 from atorralba/atorralba/path-sanitizer
...
Java: Promote `PathSanitizer.qll` from experimental
2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8
Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic
...
Java: Fixes bad magic in `Guard::guardControls_v3`
2022-10-06 10:14:48 +02:00
erik-krogh
db056aae1b
add some more meta queries for Ruby evaluations
2022-10-06 10:14:28 +02:00
Geoffrey White
86756538f2
C++: Change note.
2022-10-06 09:14:25 +01:00
Geoffrey White
3f78a244b9
C++: Make the tests use more repetitions.
2022-10-06 09:14:24 +01:00
Geoffrey White
9a365d83cf
C++: Tighten up the heuristic in cpp/unterminated-variadic-call.
2022-10-06 09:14:16 +01:00
Tom Hvitved
0e6735b804
Merge pull request #10691 from hvitved/dataflow/conjunctive-clears
...
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
2022-10-06 09:03:30 +02:00
Tamas Vajk
0bbc7adca0
Accept test changes
2022-10-06 08:45:57 +02:00
Henry Mercer
d80d39504f
Tag successfully extracted files queries
...
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
2022-10-05 19:19:43 +01:00
Asger F
387e57546b
Merge pull request #10650 from asgerf/rb/summarize-more
...
Ruby: more type-tracking steps
2022-10-05 19:16:56 +02:00
Alex Ford
a28d7b64ea
Merge branch 'main' into rb/sensitive-get-query
2022-10-05 15:59:02 +01:00
Alex Ford
fa58c51810
Ruby: switch rb/sensitive-get-query back to using local flow
2022-10-05 15:58:05 +01:00
Tamas Vajk
46fb9865ac
Add lateinit test to print the extracted AST
2022-10-05 16:09:00 +02:00
Chris Smowton
7f8bcf76bf
Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted
...
Java Guidance: ExecTainted.ql (experimental version)
2022-10-05 15:05:10 +01:00
Tom Hvitved
0beea9fd1a
Fix typos
2022-10-05 15:54:52 +02:00
Tamas Vajk
082544e88c
Kotlin: Extract lateinit modifier
2022-10-05 15:25:49 +02:00
Tamas Vajk
61a05c2b6c
Kotlin: add lateinit declarations to modifiers test
2022-10-05 15:25:15 +02:00
Asger F
decd4c93c7
Ruby: update type tracking test
2022-10-05 15:15:52 +02:00
Asger F
c9c36985b2
Ruby: address review comments
2022-10-05 14:59:37 +02:00
Nora Dimitrijević
29df69742c
Swift: Docs review response: consistent naming
2022-10-05 14:42:11 +02:00
Alex Ford
71670a4f75
Ruby: add RequestInputAccess#getKind predicate
2022-10-05 13:38:31 +01:00
Alex Ford
dea53d86c9
Ruby: remove some redundant imports of DataFlow
2022-10-05 13:22:19 +01:00
Alex Ford
f01670f663
Ruby: add a note to a test case
2022-10-05 13:06:49 +01:00
Alex Ford
d64f8c73be
Merge branch 'main' into rb/sensitive-get-query
2022-10-05 12:59:35 +01:00
Alex Ford
084efe062a
Ruby: limit rb/sensitive-get-query to data from query params
2022-10-05 12:57:57 +01:00
Alex Ford
977e8a8a6f
Ruby: add a test case for sensitive data from cookies for rb/sensitive-get-query (should not be flagged)
2022-10-05 12:57:07 +01:00
Tamás Vajk
d0d8ef1236
Merge pull request #10672 from tamasvajk/kotlin-unary-op
...
Kotlin: extract unary plus and minus operators
2022-10-05 13:30:21 +02:00
Arthur Baars
6509c19aad
Merge pull request #10692 from aibaars/fix-splats
...
Ruby: fix CFG and toString for anonymous '*' and '**'
2022-10-05 13:25:29 +02:00
Alex Ford
880fb2b14a
Ruby: split out rb/sensitive-get-query using query/customizations pattern
2022-10-05 11:59:40 +01:00
Tom Hvitved
6f518c1996
Data flow: Sync files
2022-10-05 12:58:29 +02:00
Tom Hvitved
3f0f16afc4
Ruby: Update flow summary for Hash#except
2022-10-05 12:58:29 +02:00
Tom Hvitved
e51c20bfc7
Data flow: Take conjunctive With(out)Contents into account in prohibitsUseUseFlow
2022-10-05 12:58:29 +02:00
Tony Torralba
527425b397
Fixes bad magic in Guard::guardControls_v3
2022-10-05 12:35:33 +02:00
Mathias Vorreiter Pedersen
5984b8db4d
Merge pull request #10682 from MathiasVP/fix-future-bad-join-after-use-use-ir-flow
...
C++: Fix potentially bad join
2022-10-05 11:30:46 +01:00
Nora Dimitrijević
ba7d375c01
Swift: Fix QL-on-QL warnings.
2022-10-05 12:22:33 +02:00
Nora Dimitrijević
ec2549a38b
Merge branch 'main' into cpp/comma-before-misleading-indentation
2022-10-05 12:02:12 +02:00