Commit Graph

87274 Commits

Author SHA1 Message Date
gregxsunday
9960d11042 added RequestBody source to Beego framework 2022-10-06 13:23:56 +02:00
Geoffrey White
c6b7bb436d C++: Make the ql-for-ql checks happy. 2022-10-06 11:25:22 +01:00
Chris Smowton
6f3c9e4403 Split up extractRawMethodAccess 2022-10-06 11:05:27 +01:00
Mathias Vorreiter Pedersen
a856bc8678 Merge pull request #10562 from rdmarsh2/rdmarsh2/cpp/field-off-by-one
C++: prototype for off-by-one in array-typed field
2022-10-06 11:04:12 +01:00
Tom Hvitved
48bdf13c89 Ruby: Take overrides into account for singleton methods defined on modules 2022-10-06 11:56:26 +02:00
Mathias Vorreiter Pedersen
0065a5af96 Swift: Accept path-explanation test changes. 2022-10-06 10:30:18 +01:00
Mathias Vorreiter Pedersen
1edd4d855a Swift: Add an example with flow through a callback function. 2022-10-06 10:30:11 +01:00
Mathias Vorreiter Pedersen
197f036797 Swift: Support local MaD steps in both dataflow and taintflow. 2022-10-06 10:30:04 +01:00
Mathias Vorreiter Pedersen
9d069b32b0 Swift: Create ArgumentNodes and OutNodes for MaD. 2022-10-06 10:29:59 +01:00
Mathias Vorreiter Pedersen
0b6ea703ea Swift: Create explicit parameter nodes for source parameters and MaD parameters. 2022-10-06 10:29:52 +01:00
Mathias Vorreiter Pedersen
bba70a70fb Swift: Support selecting fields in Swift MaD. 2022-10-06 10:29:45 +01:00
tyage
ddc8f72ef7 accept test result Xss.qlref 2022-10-06 18:23:10 +09:00
Mathias Vorreiter Pedersen
32d0b58923 C++: Fix qhelp example. 2022-10-06 10:19:53 +01:00
Tom Hvitved
7608276397 Ruby: Add more call graph tests 2022-10-06 10:38:02 +02:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer
Java: Promote `PathSanitizer.qll` from experimental
2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic
Java: Fixes bad magic in `Guard::guardControls_v3`
2022-10-06 10:14:48 +02:00
erik-krogh
db056aae1b add some more meta queries for Ruby evaluations 2022-10-06 10:14:28 +02:00
Geoffrey White
86756538f2 C++: Change note. 2022-10-06 09:14:25 +01:00
Geoffrey White
3f78a244b9 C++: Make the tests use more repetitions. 2022-10-06 09:14:24 +01:00
Geoffrey White
9a365d83cf C++: Tighten up the heuristic in cpp/unterminated-variadic-call. 2022-10-06 09:14:16 +01:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
2022-10-06 09:03:30 +02:00
Tamas Vajk
0bbc7adca0 Accept test changes 2022-10-06 08:45:57 +02:00
Henry Mercer
d80d39504f Tag successfully extracted files queries
Tag the successfully extracted files queries with
`successfully-extracted-files` to make them easier to identify
programmatically in a language-independent way.
This follows the prior art for lines of code queries, which are tagged
`lines-of-code`.
2022-10-05 19:19:43 +01:00
Asger F
387e57546b Merge pull request #10650 from asgerf/rb/summarize-more
Ruby: more type-tracking steps
2022-10-05 19:16:56 +02:00
Alex Ford
a28d7b64ea Merge branch 'main' into rb/sensitive-get-query 2022-10-05 15:59:02 +01:00
Alex Ford
fa58c51810 Ruby: switch rb/sensitive-get-query back to using local flow 2022-10-05 15:58:05 +01:00
Tamas Vajk
46fb9865ac Add lateinit test to print the extracted AST 2022-10-05 16:09:00 +02:00
Chris Smowton
7f8bcf76bf Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted
Java Guidance: ExecTainted.ql (experimental version)
2022-10-05 15:05:10 +01:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Tamas Vajk
082544e88c Kotlin: Extract lateinit modifier 2022-10-05 15:25:49 +02:00
Tamas Vajk
61a05c2b6c Kotlin: add lateinit declarations to modifiers test 2022-10-05 15:25:15 +02:00
Asger F
decd4c93c7 Ruby: update type tracking test 2022-10-05 15:15:52 +02:00
Asger F
c9c36985b2 Ruby: address review comments 2022-10-05 14:59:37 +02:00
Nora Dimitrijević
29df69742c Swift: Docs review response: consistent naming 2022-10-05 14:42:11 +02:00
Alex Ford
71670a4f75 Ruby: add RequestInputAccess#getKind predicate 2022-10-05 13:38:31 +01:00
Alex Ford
dea53d86c9 Ruby: remove some redundant imports of DataFlow 2022-10-05 13:22:19 +01:00
Alex Ford
f01670f663 Ruby: add a note to a test case 2022-10-05 13:06:49 +01:00
Alex Ford
d64f8c73be Merge branch 'main' into rb/sensitive-get-query 2022-10-05 12:59:35 +01:00
Alex Ford
084efe062a Ruby: limit rb/sensitive-get-query to data from query params 2022-10-05 12:57:57 +01:00
Alex Ford
977e8a8a6f Ruby: add a test case for sensitive data from cookies for rb/sensitive-get-query (should not be flagged) 2022-10-05 12:57:07 +01:00
Tamás Vajk
d0d8ef1236 Merge pull request #10672 from tamasvajk/kotlin-unary-op
Kotlin: extract unary plus and minus operators
2022-10-05 13:30:21 +02:00
Arthur Baars
6509c19aad Merge pull request #10692 from aibaars/fix-splats
Ruby: fix CFG and toString for anonymous '*' and '**'
2022-10-05 13:25:29 +02:00
Alex Ford
880fb2b14a Ruby: split out rb/sensitive-get-query using query/customizations pattern 2022-10-05 11:59:40 +01:00
Tom Hvitved
6f518c1996 Data flow: Sync files 2022-10-05 12:58:29 +02:00
Tom Hvitved
3f0f16afc4 Ruby: Update flow summary for Hash#except 2022-10-05 12:58:29 +02:00
Tom Hvitved
e51c20bfc7 Data flow: Take conjunctive With(out)Contents into account in prohibitsUseUseFlow 2022-10-05 12:58:29 +02:00
Tony Torralba
527425b397 Fixes bad magic in Guard::guardControls_v3 2022-10-05 12:35:33 +02:00
Mathias Vorreiter Pedersen
5984b8db4d Merge pull request #10682 from MathiasVP/fix-future-bad-join-after-use-use-ir-flow
C++: Fix potentially bad join
2022-10-05 11:30:46 +01:00
Nora Dimitrijević
ba7d375c01 Swift: Fix QL-on-QL warnings. 2022-10-05 12:22:33 +02:00
Nora Dimitrijević
ec2549a38b Merge branch 'main' into cpp/comma-before-misleading-indentation 2022-10-05 12:02:12 +02:00