Geoffrey White
588447d596
C++: Fix up isParameterDeref.
2022-01-24 11:06:24 +00:00
Arthur Baars
78b4d7cbb5
Ruby: remove redundant cast
2022-01-24 11:27:31 +01:00
Arthur Baars
0cef887683
Ruby: address comments
2022-01-24 11:27:26 +01:00
Geoffrey White
683f909f7a
Merge pull request #7704 from geoffw0/clrtxt4
...
C++: Another improvement to cpp/cleartext-transmission
2022-01-24 10:11:11 +00:00
Erik Krogh Kristensen
ab1bc685bb
add CWE-80 to queries that detect bad HTML sanitizers
2022-01-24 11:01:17 +01:00
Stephan Brandauer
02db472209
consistent notation
2022-01-24 10:58:06 +01:00
Anders Schack-Mulligen
7af6dc7164
Merge pull request #7702 from atorralba/atorralba/fix-jndi-injection-sinks
...
Java: Remove some JNDI Injection sinks
2022-01-24 10:53:58 +01:00
Stephan Brandauer
8be58fe01e
Fix comment to avoid summarizing implementation
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2022-01-24 10:47:28 +01:00
Arthur Baars
5df1f7a0c3
Ruby: use CfgNodes classes to implement case value to pattern variable taint steps
2022-01-24 10:31:08 +01:00
Arthur Baars
7d7e9ba9e1
Ruby: add CasePattern classes to CfgNodes
2022-01-24 10:31:08 +01:00
Arthur Baars
e9a01f9e8f
Ruby: fix test case
2022-01-24 10:31:08 +01:00
Arthur Baars
634c8cd060
Ruby: Generalize CfgNodes::ChildMapping
2022-01-24 10:31:08 +01:00
Arthur Baars
fcec8a8388
Address comments
2022-01-24 10:31:08 +01:00
Arthur Baars
ab4935fe68
Ruby: fix some alerts
2022-01-24 10:31:08 +01:00
Arthur Baars
7630b277b8
Ruby: update AST and CFG test data
2022-01-24 10:31:08 +01:00
Arthur Baars
26a0167d6d
Ruby: add taint step test for hash patterns
2022-01-24 10:31:06 +01:00
Arthur Baars
49c452239e
Ruby: add taint steps from case value to variables in patterns
2022-01-24 10:10:22 +01:00
Arthur Baars
77a3e4bd61
Ruby: CFG: fix completion of AsPattern variable
2022-01-24 10:10:22 +01:00
Stephan Brandauer
b277731312
add a predicate to recognize path arguments in calls to the fs-extra lib
2022-01-24 09:40:22 +01:00
Tony Torralba
908b7c43f2
Fix stubs
2022-01-24 09:34:43 +01:00
Anders Schack-Mulligen
9bd2ac96ea
Merge pull request #7705 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2022-01-24 09:14:35 +01:00
Anders Schack-Mulligen
b4bf7a1561
Merge pull request #7698 from aschackmull/java/bitwise-assignop-guards
...
Java: Add support for bitwise compound assignments in Guards.
2022-01-24 09:11:53 +01:00
github-actions[bot]
020970ff4c
Add changed framework coverage reports
2022-01-24 00:09:45 +00:00
Harry Maclean
8419daad03
Ruby: Add subclassing support to API Graphs
...
Given the code
class A; end
class B < A; end
class C < A; end
You can find uses of B and C with the expression
API::getTopLevelMember("A").getASubclass()
2022-01-24 12:21:39 +13:00
luchua-bc
27043a09b3
File path injection with the JFinal framework
2022-01-23 18:07:48 +00:00
Andrew Eisenberg
aee9eb5203
Apply docs fixes
...
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com >
2022-01-21 11:35:15 -08:00
Aditya Sharad
67e3f5edbc
Merge pull request #7685 from adityasharad/merge/3.3-3.4
...
Merge rc/3.3 into rc/3.4
2022-01-21 10:49:19 -08:00
Tom Hvitved
85e1cda81b
Ruby: Distinguish symbols from strings in ConstantValue
2022-01-21 19:16:12 +01:00
Harry Maclean
8e40899dfd
Merge pull request #7419 from github/hmac/const-get
2022-01-22 07:01:09 +13:00
Harry Maclean
2fa18801aa
Merge pull request #7665 from github/hmac/barrier-guard-array-const
2022-01-22 06:59:51 +13:00
Geoffrey White
4326e6f706
C++: Split 'gets' model and make it a local source.
2022-01-21 17:29:49 +00:00
Geoffrey White
79735f5ac5
C++: Add test case.
2022-01-21 17:29:48 +00:00
Tony Torralba
78d7e538a5
Remove some JNDI Injection sinks
...
Add tests and stubs
2022-01-21 17:47:15 +01:00
Henry Mercer
c41de33156
Merge pull request #7700 from github/henrymercer/js-atm-fix-xss-results-pattern
...
JS: Fix copy/paste error in XSS ML-powered queries results patterns
2022-01-21 16:18:33 +00:00
Geoffrey White
0b98397e9b
C++: Catch another encryption clue.
2022-01-21 16:16:16 +00:00
Geoffrey White
97447d0b3a
C++: Expand tests.
2022-01-21 16:16:15 +00:00
Tony Torralba
4df0f399cd
Move ContentProvider models to the appropriate file
2022-01-21 16:55:43 +01:00
Tony Torralba
c6dd7ddf7a
Fix stub
2022-01-21 16:55:43 +01:00
Tony Torralba
4f253590f1
Fix method name in LocalDatabaseOpenMethodAccess
2022-01-21 16:55:43 +01:00
Tony Torralba
652a1d2dc2
Fix wrongly resolved rebase conflicts
2022-01-21 16:55:43 +01:00
Tony Torralba
5cf664411b
Remove unneeded nonSuspicious values
2022-01-21 16:55:43 +01:00
Tony Torralba
baa1f71a53
Add QLDoc
2022-01-21 16:55:43 +01:00
Tony Torralba
4e4f619ae4
Update java/ql/lib/semmle/code/java/security/CleartextStorageAndroidDatabaseQuery.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2022-01-21 16:55:43 +01:00
Tony Torralba
c5ed5fcaac
Apply suggestions from code review
...
Co-authored-by: Ethan Palm <56270045+ethanpalm@users.noreply.github.com >
2022-01-21 16:55:42 +01:00
Tony Torralba
ee84dae164
Fix predicate name
2022-01-21 16:55:42 +01:00
Tony Torralba
16b61f78e6
Fix QLDocs and the qhelp example
2022-01-21 16:55:42 +01:00
Tony Torralba
f0604e2e84
Added query for Cleartext Storage in Android Database
2022-01-21 16:55:42 +01:00
Henry Mercer
84907f91f1
JS: Fix copy/paste error in XSS ML-powered queries results patterns
...
We didn’t catch this because our unit tests test only library code due
to the previous difficulty of running queries with an ML model (the ML
models in packs work should fix that), and because the end-to-end
evaluation runs separate queries that have different result patterns.
Going forward we should create unit tests for the queries themselves,
which will require using the ML model in tests. We should also be able
to catch this type of error using DCA.
2022-01-21 15:17:52 +00:00
Mathias Vorreiter Pedersen
48064c1c8f
C++: Fix false positive.
2022-01-21 15:16:02 +00:00
Mathias Vorreiter Pedersen
7c8c2090f7
C++: Add real-world false positive from the 'cpp/return-stack-allocated-memory' query.
2022-01-21 15:14:18 +00:00
