Asger Feldthaus
5cab737ef1
Shared: sync AccessPathSyntax.qll
2022-02-23 14:13:40 +01:00
Asger Feldthaus
abd4933d6c
Shared: move numeric parsing into AccessPathSyntax.qll
2022-02-23 14:13:37 +01:00
Mathias Vorreiter Pedersen
4b03778938
Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
...
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com >
2022-02-23 13:10:29 +00:00
Rasmus Wriedt Larsen
b17c769257
Python: Remove accidental "foo" snippet
2022-02-23 13:30:56 +01:00
Rasmus Wriedt Larsen
5626427ea5
Python: Add "debug partial flow" snippet
2022-02-23 13:30:56 +01:00
CodeQL CI
7d55771092
Merge pull request #8150 from asgerf/js/prep-sharing-api-graph-mad
...
Approved by erik-krogh
2022-02-23 11:59:31 +00:00
CodeQL CI
62ee8fce3a
Merge pull request #8186 from asgerf/js/request-forgery-docs-followup
...
Approved by esbena, hubwriter
2022-02-23 11:46:37 +00:00
Stephan Brandauer
a664e02d04
Merge pull request #8014 from kaeluka/js/functionality-from-untrusted-source
...
JS: Functionality from untrusted sources query (CWE-830)
2022-02-23 12:45:31 +01:00
Chris Smowton
50d9945625
Autoformat
2022-02-23 11:41:23 +00:00
Mathias Vorreiter Pedersen
53299d61eb
C++: Add more tests.
2022-02-23 11:38:01 +00:00
Mathias Vorreiter Pedersen
c8f940124f
C++: Respond to review comments.
2022-02-23 11:17:12 +00:00
Chris Smowton
476997a599
Replace more non-breaking spaces
2022-02-23 11:02:17 +00:00
Stephan Brandauer
1ed71e15f3
apply docreview feedback
2022-02-23 11:21:22 +01:00
Michael Nebel
20f71110ef
C#: Add change note for compression extractor option.
2022-02-23 11:02:28 +01:00
Tony Torralba
f011bbc92c
Merge pull request #8055 from luchua-bc/java/unsafe-url-forward-with-shared-lib
...
CWE-552: Switch to the shared PathSanitizer library
2022-02-23 11:00:23 +01:00
Stephan Brandauer
517d6969e1
Merge pull request #8171 from kaeluka/js/update-atm-query-docs-for-nosql-sql-injection
...
update ATM NosqlInjection and SqlInjection query docs
2022-02-23 10:54:37 +01:00
Asger Feldthaus
22ba43fff6
JS: Minor fixup in the client-side request forgery qhelp
2022-02-23 10:54:26 +01:00
Erik Krogh Kristensen
203212657e
recognize modules imported by AMD imports as library inputs
2022-02-23 10:39:45 +01:00
Mathias Vorreiter Pedersen
8b7214621b
Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.qhelp
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2022-02-23 09:38:30 +00:00
Mathias Vorreiter Pedersen
8e0f354c2c
Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.cpp
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2022-02-23 09:38:06 +00:00
Mathias Vorreiter Pedersen
862ebefbad
Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2022-02-23 09:33:58 +00:00
Mathias Vorreiter Pedersen
dda85bf234
Update cpp/ql/src/Likely Bugs/Memory Management/UsingExpiredStackAddress.ql
...
Co-authored-by: Jeroen Ketema <93738568+jketema@users.noreply.github.com >
2022-02-23 09:33:52 +00:00
Stephan Brandauer
c17d8b145a
Merge pull request #8054 from asgerf/js/split-request-forgery
...
JS: split request forgery query into server-side and client-side variants
2022-02-23 10:27:16 +01:00
Michael Nebel
837b91b31e
C#: Make TrapCompression setter private.
2022-02-23 10:12:56 +01:00
Michael Nebel
68b85900b7
C#: Remove old way of providing compression parameter.
2022-02-23 09:39:13 +01:00
Michael Nebel
a04aa1f05d
C#: Add unit test(s).
2022-02-23 09:39:13 +01:00
Michael Nebel
6176b64907
C#: Add support to the extractor for getting the compression extractor option.
2022-02-23 09:39:13 +01:00
Michael Nebel
bca479c2f3
C#: Add extractor option 'compression'.
2022-02-23 09:39:13 +01:00
Mathias Vorreiter Pedersen
31a204a5d9
Merge pull request #8174 from jketema/hinding-cleanup
...
C++: Simplify `cpp/declaration-hides-variable`
2022-02-23 08:27:59 +00:00
Esben Sparre Andreasen
58e0d54744
Merge pull request #8168 from github/esbena/hapi-reflected-xss
...
JS: model hapi handler returns as reflected-xss sinks
2022-02-23 08:53:15 +01:00
jorgectf
4aa1c0a11e
Update .expected
2022-02-23 00:55:39 +01:00
Jeroen Ketema
423d325204
C++: Simplify cpp/declaration-hides-variable
...
The check for `(unnamed local variable)` is no longer needed, because these
variables are now identified as being compiler generated.
2022-02-22 23:04:48 +01:00
Robert Marsh
a37f746dff
C++: fix FP and add paths in InsufficientKeySize
2022-02-22 15:38:50 -05:00
Erik Krogh Kristensen
73f2e89f3e
Merge pull request #8165 from erik-krogh/protoWrite
...
JS: support more property writes in js/prototype-pollution-utility
2022-02-22 21:30:22 +01:00
jorgectf
7c108c7892
Polish test
2022-02-22 20:57:20 +01:00
Jorge
0216798cb9
Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2022-02-22 20:55:51 +01:00
Mathias Vorreiter Pedersen
ea35f56212
C++: Add a query for detecting uses of expired stack pointers that escaped through global variables.
2022-02-22 19:12:08 +00:00
Porcupiney Hairs
c81d85f321
Include suggestions from review
2022-02-22 23:07:34 +05:30
Erik Krogh Kristensen
b6b93065ff
Merge pull request #8157 from erik-krogh/lodash-clone
...
JS: add lodash.{clone, cloneDeep} as a clone step
2022-02-22 18:12:10 +01:00
Erik Krogh Kristensen
c487bb73a7
Merge pull request #8143 from erik-krogh/pred-ql-style
...
QL: add ql-for-ql query for detecting bad predicate qldoc
2022-02-22 17:49:12 +01:00
Paolo Tranquilli
e15c1f7c45
fix typo in docs/pre-commit-hook-setup.md
2022-02-22 17:47:35 +01:00
Paolo Tranquilli
33cce2b5ac
add pre-commit configuration
...
This enables use of the `pre-commit` framework to run quick pre-commit
checks. In particular this allows to automatically fix:
* trailing white spaces
* absence or multiple newlines at the end of files
* QL code formatting
* file sync
More could be added in the future: anything that can be checked fast
can be added in the configuration (for example well-formedness of
`qldoc` files).
This is a purely opt-in feature. Instructions for enabling it and
possibly configuring its behaviour are in `pre-commit-hook-setup.md`.
2022-02-22 17:40:07 +01:00
Jeroen Ketema
aecc17c49b
Merge pull request #7928 from jketema/structured-bindings-db-scheme
...
C++: Add table that identifies C++ structured bindings
2022-02-22 17:34:26 +01:00
Stephan Brandauer
6a9186cdef
update ATM NosqlInjection and SqlInjection query docs
2022-02-22 16:56:18 +01:00
Arthur Baars
69ed121ecb
Ruby/Python: regex parser: group sequences of 'normal' characters
2022-02-22 16:15:33 +01:00
Geoffrey White
31d214d5ee
Merge pull request #8170 from geoffw0/typos
...
C++: Fix Spelling Typos.
2022-02-22 15:09:50 +00:00
Mathias Vorreiter Pedersen
894992d403
Merge pull request #8169 from MathiasVP/fix-spelling-in-post-dominance-frontier
...
C++/C#: Fix spelling of 'postDominanceFrontier'
2022-02-22 14:54:39 +00:00
Geoffrey White
4908eaf5ec
C++: Typos.
2022-02-22 14:33:11 +00:00
Ian Lynagh
691473bd6e
Java: Add a changenote
2022-02-22 14:07:31 +00:00
Mathias Vorreiter Pedersen
b6740ed4a1
C++/C#: Fix spelling of 'postDominanceFrontier'.
2022-02-22 13:48:13 +00:00
