Commit Graph

87274 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
946b8c68a6 Swift: Accept test changes. 2022-08-05 11:19:00 +01:00
Mathias Vorreiter Pedersen
a302570349 Merge branch 'main' into swift-taint-through-interpolated-strings 2022-08-05 11:17:54 +01:00
AlexDenisov
a779f0e376 Merge pull request #9977 from github/alexdenisov/extract-swift-comments
Swift: extract comments
2022-08-05 12:15:56 +02:00
Mathias Vorreiter Pedersen
24c9ab8015 Swift: Fix MaD for methods 2022-08-05 10:52:28 +01:00
Alex Denisov
5e69adb0a9 Swift: extract comments 2022-08-05 11:50:48 +02:00
Mathias Vorreiter Pedersen
1c8090fa04 Merge pull request #9964 from geoffw0/cwe95
Swift: Query for CWE-79 / CWE-95
2022-08-05 10:38:33 +01:00
Geoffrey White
1ce06accbd Swift: Fix capitalization issue? 2022-08-05 10:20:51 +01:00
Mathias Vorreiter Pedersen
ac26371de0 Merge pull request #9909 from geoffw0/stringlengthconflation6
Swift: Understand String.utf8.count etc in the string length conflation CVE query
2022-08-05 10:13:25 +01:00
Tony Torralba
9ee90f8022 Remove unnecessary import from test 2022-08-05 11:11:13 +02:00
Tony Torralba
792d34c3a1 Add change note 2022-08-05 11:10:09 +02:00
Anders Schack-Mulligen
3d47875b60 Dataflow: Generate shorter RA/DIL names. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
09d0f8e0ce Dataflow: Replace stage duplication with parameterised modules. 2022-08-05 11:00:56 +02:00
Tom Hvitved
56ee07e24c Merge pull request #9936 from aibaars/gh-codeql-nightly
Use 'gh codeql' with the nightly release for CI jobs
2022-08-05 10:34:39 +02:00
Tony Torralba
5ebce6ee4f Improve AsyncTask data flow support
Model the life-cycle described here: https://developer.android.com/reference/android/os/AsyncTask\#the-4-steps
2022-08-05 10:29:49 +02:00
Tom Hvitved
e0dadb4df6 Ruby: Simplify flow summaries for hash literals 2022-08-05 10:20:07 +02:00
Jeroen Ketema
ba2cee07a9 Merge pull request #8596 from rdmarsh2/rdmarsh2/dataflow-global-vars
C++: IR data flow through global variables
2022-08-05 10:07:00 +02:00
Anders Schack-Mulligen
1fde06c0a8 Merge pull request #9970 from aschackmull/java/confusingoverload-perf
Java: Improve performance of ConfusingOverloading.
2022-08-05 09:38:22 +02:00
Harry Maclean
74d529d3e3 Merge pull request #9918 from hmac/hmac/mime-type-match
Ruby: Model Mime::Type
2022-08-05 11:51:45 +12:00
Harry Maclean
157bbccf62 Merge pull request #9851 from hmac/hmac/active-record-improvements
Ruby: Recognise more AR write accesses
2022-08-05 11:49:50 +12:00
Mathias Vorreiter Pedersen
2f13c65ad7 Update swift/ql/lib/codeql/swift/controlflow/internal/ControlFlowGraphImpl.qll
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-08-04 22:45:45 +01:00
Mathias Vorreiter Pedersen
05e6dd85d4 Swift: Add taint tests for flow through interpolated strings. 2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
9c48ce1bf2 Swift: Flow (1) through the internal function calls generated by the compiler during string interpolation, and (2) out of the internal 'TapExpr' and into the interpolated string result. 2022-08-04 21:57:05 +01:00
Mathias Vorreiter Pedersen
52b78b6e68 Swift: Don't assume we know the call target statically in 'TInOutUpdateNode'. 2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
ff6b8c5c9c Swift: Replace 'CallExpr' with 'ApplyExpr'. This is needed because not all the calls inside the interpolated string computations are 'CallExpr's. 2022-08-04 21:57:04 +01:00
Mathias Vorreiter Pedersen
3028b80e46 Swift: Control-flow through interpolated strings. 2022-08-04 21:57:04 +01:00
Tom Hvitved
6fa1e06afb Merge pull request #9966 from hvitved/csharp/no-clr-tracer
C#: Disable CLR tracer
2022-08-04 20:50:19 +02:00
intrigus
b7d94906bf Add change note 2022-08-04 16:21:55 +02:00
intrigus
88ded4679a Accept test changes 2022-08-04 16:21:53 +02:00
intrigus
c867a1a146 Test setProperty/put with taint stored earlier 2022-08-04 16:21:51 +02:00
intrigus
0b7f0fbe54 Accept test changes 2022-08-04 16:21:50 +02:00
intrigus
55618adf6a Model java.util.Properties.setProperty 2022-08-04 16:21:48 +02:00
Tom Hvitved
01c0d4b59f Ruby: Support more flow through keyword arguments 2022-08-04 16:20:08 +02:00
Anders Schack-Mulligen
43d4324f65 Java: Improve performance of ConfusingOverloading. 2022-08-04 16:05:30 +02:00
Tom Hvitved
38ede25385 Ruby: Add test that illustrates missing flow for keyword arguments 2022-08-04 14:39:22 +02:00
Michael Nebel
64e8660904 C#: Simplification of AspNetCoreRemoteFlowSourceMember. 2022-08-04 14:18:25 +02:00
Ahmed Farid
5eef14a0a9 Update SafeComparisonOfHeaderValue.py 2022-08-04 12:51:30 +01:00
Ahmed Farid
a6af455eae Create UnsafeComparisonOfHeaderValue.py 2022-08-04 12:50:55 +01:00
Ahmed Farid
a98a77ad40 Create SafeComparisonOfHeaderValue.py 2022-08-04 12:48:19 +01:00
Ahmed Farid
e1435afea9 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.qhelp 2022-08-04 12:45:01 +01:00
Ahmed Farid
76c8e7d2e8 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.ql 2022-08-04 12:44:45 +01:00
Ahmed Farid
428132a58e Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.ql 2022-08-04 12:44:10 +01:00
Ahmed Farid
a34478d58f Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.ql 2022-08-04 12:43:53 +01:00
Ahmed Farid
59f05b4d62 Rename python/ql/src/experimental/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.qhelp 2022-08-04 12:43:35 +01:00
Ahmed Farid
fe51a917ec Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.qhelp 2022-08-04 12:43:21 +01:00
Ahmed Farid
ae4ded08fa Update and rename TimingAttackAgainstHeader.qlref to TimingAttackAgainstHeaderValue.qlref 2022-08-04 12:42:52 +01:00
Ahmed Farid
a747bacbe5 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash.ql to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.ql 2022-08-04 12:42:08 +01:00
Ahmed Farid
cf36a30909 Rename python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash.qhelp to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.qhelp 2022-08-04 12:41:51 +01:00
Ahmed Farid
4b0c42951f Rename python/ql/src/experimental/Security/CWE-208/UnSafeComparisonOfHash.py to python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHash/UnSafeComparisonOfHash.py 2022-08-04 12:41:27 +01:00
Ahmed Farid
cf47104f62 Update TimingAttackAgainstHeaderValue.ql 2022-08-04 12:39:31 +01:00