Mathias Vorreiter Pedersen
|
946b8c68a6
|
Swift: Accept test changes.
|
2022-08-05 11:19:00 +01:00 |
|
Mathias Vorreiter Pedersen
|
a302570349
|
Merge branch 'main' into swift-taint-through-interpolated-strings
|
2022-08-05 11:17:54 +01:00 |
|
AlexDenisov
|
a779f0e376
|
Merge pull request #9977 from github/alexdenisov/extract-swift-comments
Swift: extract comments
|
2022-08-05 12:15:56 +02:00 |
|
Mathias Vorreiter Pedersen
|
24c9ab8015
|
Swift: Fix MaD for methods
|
2022-08-05 10:52:28 +01:00 |
|
Alex Denisov
|
5e69adb0a9
|
Swift: extract comments
|
2022-08-05 11:50:48 +02:00 |
|
Mathias Vorreiter Pedersen
|
1c8090fa04
|
Merge pull request #9964 from geoffw0/cwe95
Swift: Query for CWE-79 / CWE-95
|
2022-08-05 10:38:33 +01:00 |
|
Geoffrey White
|
1ce06accbd
|
Swift: Fix capitalization issue?
|
2022-08-05 10:20:51 +01:00 |
|
Mathias Vorreiter Pedersen
|
ac26371de0
|
Merge pull request #9909 from geoffw0/stringlengthconflation6
Swift: Understand String.utf8.count etc in the string length conflation CVE query
|
2022-08-05 10:13:25 +01:00 |
|
Tony Torralba
|
9ee90f8022
|
Remove unnecessary import from test
|
2022-08-05 11:11:13 +02:00 |
|
Tony Torralba
|
792d34c3a1
|
Add change note
|
2022-08-05 11:10:09 +02:00 |
|
Anders Schack-Mulligen
|
3d47875b60
|
Dataflow: Generate shorter RA/DIL names.
|
2022-08-05 11:00:56 +02:00 |
|
Anders Schack-Mulligen
|
d3dcc3ce3a
|
Dataflow: Sync.
|
2022-08-05 11:00:56 +02:00 |
|
Anders Schack-Mulligen
|
09d0f8e0ce
|
Dataflow: Replace stage duplication with parameterised modules.
|
2022-08-05 11:00:56 +02:00 |
|
Tom Hvitved
|
56ee07e24c
|
Merge pull request #9936 from aibaars/gh-codeql-nightly
Use 'gh codeql' with the nightly release for CI jobs
|
2022-08-05 10:34:39 +02:00 |
|
Tony Torralba
|
5ebce6ee4f
|
Improve AsyncTask data flow support
Model the life-cycle described here: https://developer.android.com/reference/android/os/AsyncTask\#the-4-steps
|
2022-08-05 10:29:49 +02:00 |
|
Tom Hvitved
|
e0dadb4df6
|
Ruby: Simplify flow summaries for hash literals
|
2022-08-05 10:20:07 +02:00 |
|
Jeroen Ketema
|
ba2cee07a9
|
Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars
C++: IR data flow through global variables
|
2022-08-05 10:07:00 +02:00 |
|
Anders Schack-Mulligen
|
1fde06c0a8
|
Merge pull request #9970 from aschackmull/java/confusingoverload-perf
Java: Improve performance of ConfusingOverloading.
|
2022-08-05 09:38:22 +02:00 |
|
Harry Maclean
|
74d529d3e3
|
Merge pull request #9918 from hmac/hmac/mime-type-match
Ruby: Model Mime::Type
|
2022-08-05 11:51:45 +12:00 |
|
Harry Maclean
|
157bbccf62
|
Merge pull request #9851 from hmac/hmac/active-record-improvements
Ruby: Recognise more AR write accesses
|
2022-08-05 11:49:50 +12:00 |
|
Mathias Vorreiter Pedersen
|
2f13c65ad7
|
Update swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
|
2022-08-04 22:45:45 +01:00 |
|
Mathias Vorreiter Pedersen
|
05e6dd85d4
|
Swift: Add taint tests for flow through interpolated strings.
|
2022-08-04 21:57:05 +01:00 |
|
Mathias Vorreiter Pedersen
|
9c48ce1bf2
|
Swift: Flow (1) through the internal function calls generated by the compiler during string interpolation, and (2) out of the internal 'TapExpr' and into the interpolated string result.
|
2022-08-04 21:57:05 +01:00 |
|
Mathias Vorreiter Pedersen
|
52b78b6e68
|
Swift: Don't assume we know the call target statically in 'TInOutUpdateNode'.
|
2022-08-04 21:57:04 +01:00 |
|
Mathias Vorreiter Pedersen
|
ff6b8c5c9c
|
Swift: Replace 'CallExpr' with 'ApplyExpr'. This is needed because not all the calls inside the interpolated string computations are 'CallExpr's.
|
2022-08-04 21:57:04 +01:00 |
|
Mathias Vorreiter Pedersen
|
3028b80e46
|
Swift: Control-flow through interpolated strings.
|
2022-08-04 21:57:04 +01:00 |
|
Tom Hvitved
|
6fa1e06afb
|
Merge pull request #9966 from hvitved/csharp/no-clr-tracer
C#: Disable CLR tracer
|
2022-08-04 20:50:19 +02:00 |
|
intrigus
|
b7d94906bf
|
Add change note
|
2022-08-04 16:21:55 +02:00 |
|
intrigus
|
88ded4679a
|
Accept test changes
|
2022-08-04 16:21:53 +02:00 |
|
intrigus
|
c867a1a146
|
Test setProperty/put with taint stored earlier
|
2022-08-04 16:21:51 +02:00 |
|
intrigus
|
0b7f0fbe54
|
Accept test changes
|
2022-08-04 16:21:50 +02:00 |
|
intrigus
|
55618adf6a
|
Model java.util.Properties.setProperty
|
2022-08-04 16:21:48 +02:00 |
|
Tom Hvitved
|
01c0d4b59f
|
Ruby: Support more flow through keyword arguments
|
2022-08-04 16:20:08 +02:00 |
|
Anders Schack-Mulligen
|
43d4324f65
|
Java: Improve performance of ConfusingOverloading.
|
2022-08-04 16:05:30 +02:00 |
|
Tom Hvitved
|
38ede25385
|
Ruby: Add test that illustrates missing flow for keyword arguments
|
2022-08-04 14:39:22 +02:00 |
|
Michael Nebel
|
64e8660904
|
C#: Simplification of AspNetCoreRemoteFlowSourceMember.
|
2022-08-04 14:18:25 +02:00 |
|
Ahmed Farid
|
5eef14a0a9
|
Update SafeComparisonOfHeaderValue.py
|
2022-08-04 12:51:30 +01:00 |
|
Ahmed Farid
|
a6af455eae
|
Create UnsafeComparisonOfHeaderValue.py
|
2022-08-04 12:50:55 +01:00 |
|
Ahmed Farid
|
a98a77ad40
|
Create SafeComparisonOfHeaderValue.py
|
2022-08-04 12:48:19 +01:00 |
|
Ahmed Farid
|
e1435afea9
|
Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.qhelp
|
2022-08-04 12:45:01 +01:00 |
|
Ahmed Farid
|
76c8e7d2e8
|
Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql
|
2022-08-04 12:44:45 +01:00 |
|
Ahmed Farid
|
428132a58e
|
Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.ql
|
2022-08-04 12:44:10 +01:00 |
|
Ahmed Farid
|
a34478d58f
|
Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.ql
|
2022-08-04 12:43:53 +01:00 |
|
Ahmed Farid
|
59f05b4d62
|
Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.qhelp
|
2022-08-04 12:43:35 +01:00 |
|
Ahmed Farid
|
fe51a917ec
|
Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.qhelp
|
2022-08-04 12:43:21 +01:00 |
|
Ahmed Farid
|
ae4ded08fa
|
Update and rename TimingAttackAgainstHeader.qlref to TimingAttackAgainstHeaderValue.qlref
|
2022-08-04 12:42:52 +01:00 |
|
Ahmed Farid
|
a747bacbe5
|
Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql
|
2022-08-04 12:42:08 +01:00 |
|
Ahmed Farid
|
cf36a30909
|
Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.qhelp
|
2022-08-04 12:41:51 +01:00 |
|
Ahmed Farid
|
4b0c42951f
|
Rename python/ql/src/experimental/Security/CWE-208/UnSafeComparisonOfHash.py to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/UnSafeComparisonOfHash.py
|
2022-08-04 12:41:27 +01:00 |
|
Ahmed Farid
|
cf47104f62
|
Update TimingAttackAgainstHeaderValue.ql
|
2022-08-04 12:39:31 +01:00 |
|