Sauyon Lee
c2c7fee8df
Fix tests
2021-07-13 10:29:02 -07:00
Sauyon Lee
b01e6d49fb
Add generated tests
2021-07-13 10:29:01 -07:00
Sauyon Lee
b807757863
Model Spring web.multipart
2021-07-13 10:29:01 -07:00
Chris Smowton
1044049e72
Simplify getInput
2021-07-13 16:36:26 +01:00
Chris Smowton
98b85a481c
Improve inline-expectation style
2021-07-13 16:36:08 +01:00
Chris Smowton
a11021991a
Improve method documentation
2021-07-13 16:35:44 +01:00
Chris Smowton
b5492056d8
Remove superfluous parens
2021-07-13 16:35:22 +01:00
Chris Smowton
97694bc9a1
Report error even if interpretElement resolves to a non-Callable Element
...
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com >
2021-07-13 16:16:01 +01:00
Tom Hvitved
7e9d87055d
Data flow: Sync
2021-07-13 16:15:00 +02:00
Anders Schack-Mulligen
9388983e41
Java: Add missing stub.
2021-07-13 15:26:37 +02:00
Anders Schack-Mulligen
0f6f020766
Java: Fix models.
2021-07-13 15:23:19 +02:00
Chris Smowton
78fe0f810a
Add models for decode/encodePointer methods
2021-07-13 11:10:46 +01:00
Chris Smowton
2bd58d6ba7
Improve header comment
2021-07-12 18:09:23 +01:00
Chris Smowton
cc4401b453
Add models of JsonPointer, JsonMergeDiff and JsonPatchBuilder
2021-07-12 18:08:45 +01:00
Chris Smowton
539859497b
Add models of JsonMergePatch, JsonPatchBuilder and JsonPointer
2021-07-12 17:39:51 +01:00
Chris Smowton
6bf931392b
Add missing model of JsonObjectBuilder.remove
2021-07-12 17:13:39 +01:00
Tom Hvitved
47d126e681
Data flow: Sync
2021-07-12 12:09:51 +02:00
github-actions[bot]
56419bc74b
Add changed framework coverage reports
2021-07-12 00:06:55 +00:00
Joe Farebrother
4d459f24d9
Fix up tests and update models
2021-07-02 14:46:33 +01:00
Joe Farebrother
fc017b7934
Use ArrayElement of in flow step specifications
2021-07-02 14:46:31 +01:00
Joe Farebrother
15415931ce
Use Argument ranges in CSV rows
2021-07-02 14:46:03 +01:00
Joe Farebrother
5325622813
Convert sql-related flow steps to CSV
2021-07-02 14:46:03 +01:00
Anders Schack-Mulligen
3c6604daa7
Java: Fix subtypes interpretation.
2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen
6813a79423
Java: Add test for override of Map.put highlighting problem.
2021-07-02 14:41:59 +02:00
Anders Schack-Mulligen
55ebbc3e01
Java: Add signature to Map.put.
2021-07-02 14:41:32 +02:00
Chris Smowton
6823855e9c
Merge pull request #6203 from smowton/smowton/admin/avoid-config-imports-from-qlls
...
Java: Reduce DataFlow Configuration pollution from Random.qll and JexlInjection.qll
2021-07-02 11:27:27 +01:00
Tamás Vajk
4a5fe75d8c
Merge pull request #6207 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2021-07-02 12:00:31 +02:00
Chris Smowton
a51154a8ef
Deduplicate Jexl configuration
2021-07-02 10:02:28 +01:00
Chris Smowton
d022c57903
Add change note
2021-07-02 10:02:28 +01:00
Chris Smowton
bbd3ecb768
Add docs to RandomQuery.qll
2021-07-02 10:02:28 +01:00
Chris Smowton
e661fc08d3
Split Android XSS sink defintions out of XSS.qll
...
This removes one of the routes by which XSS.qll is always in scope, and so its dataflow configuration is too -- however it is still always in scope because JaxWS.qll imports it.
2021-07-02 10:02:25 +01:00
Chris Smowton
747a8e4157
Split up JexlInjection.qll
...
This avoids a DataFlow2::Configuration being in scope for all queries via the import from ExternalFlow.qll
2021-07-02 10:01:51 +01:00
Chris Smowton
643f7dfb87
Split up Random.qll
...
This prevents bringing a dataflow config into scope from utility libraries.
2021-07-02 10:00:49 +01:00
Anders Schack-Mulligen
80124df78e
Merge pull request #5487 from joefarebrother/sql-sinks
...
Java: Convert SQL sinks to CSV format
2021-07-02 10:51:09 +02:00
Anders Schack-Mulligen
4e1155cfd2
Merge pull request #6202 from smowton/smowton/admin/cleanup-duplicated-experimental-query
...
Deduplicate shared body of regular and experimental versions of `java/command-line-injection` query.
2021-07-02 09:23:50 +02:00
Anders Schack-Mulligen
f9da044e54
Merge pull request #6185 from aschackmull/java/perf-fix-request-forgery
...
Java: Fix bad magic.
2021-07-02 09:07:07 +02:00
github-actions[bot]
55aff21587
Add changed framework coverage reports
2021-07-02 00:09:02 +00:00
Chris Smowton
8b7db8a8cc
Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks
...
Java: Add URLClassLoader, WebClient SSRF sinks
2021-07-01 16:14:22 +01:00
Joe Farebrother
1e82c607ef
Mark failing tests as missing
2021-07-01 15:29:47 +01:00
Chris Smowton
e0a7f6e14f
Fix URLClassLoader test
2021-07-01 15:03:38 +01:00
Chris Smowton
d5a9f3d87b
Deduplicate shared body of regular and experimental versions of java/command-line-injection query.
2021-07-01 14:53:56 +01:00
Joe Farebrother
160f3b4312
Remove ArrayElement from sink specifications
2021-07-01 14:41:39 +01:00
Joe Farebrother
4bea33402c
Rename test labels for more clarity
2021-07-01 14:38:20 +01:00
Joe Farebrother
1a06c132be
Use ArrayElement of to handle arargs case in SpringJdbc.qll
2021-07-01 14:38:20 +01:00
Joe Farebrother
29f82fc81f
Use ArrayElementOf in Android sinks
2021-07-01 14:38:19 +01:00
Joe Farebrother
f4a59cc2e3
Convert tainted arrays to arrays of tainted elements in tests
2021-07-01 14:38:19 +01:00
Joe Farebrother
865477d020
Convert android tests to inline expectations
2021-07-01 14:38:19 +01:00
Joe Farebrother
95d8018a43
Include overrides for SQLiteQueryBuilder sinks
2021-07-01 14:38:19 +01:00
Joe Farebrother
0d4f8aedb8
Use Argument ranges in CSV rows
2021-07-01 14:38:19 +01:00
Joe Farebrother
7926d16844
Convert SQL sinks to CSV format
2021-07-01 14:38:19 +01:00
