Tony Torralba
e2022f467c
Update java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll
...
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com >
2021-12-15 13:00:16 +01:00
Tony Torralba
5e80044f11
Preserve taint on field-read-steps on entrypoint types
2021-12-15 13:00:15 +01:00
Chris Smowton
753d886b0d
Merge pull request #6319 from haby0/java/MyBatisSqlInjection
...
[Java] CWE-089 MyBatis Mapper Sql Injection
2021-12-09 19:57:18 +00:00
Chris Smowton
d0a19fffee
Copyedit
2021-12-09 14:58:29 +00:00
Tony Torralba
522a4bb9fa
Propagate extras through build methods
2021-12-09 14:56:52 +01:00
Tony Torralba
c0c40cc05b
Remove synthetic fields
2021-12-09 13:34:41 +01:00
Tony Torralba
f209ff4f76
Use synthetic fields to improve taint precision
2021-12-09 13:34:39 +01:00
Tony Torralba
b7f7c5ba20
Change format of fluent models to make review easier
2021-12-09 13:33:19 +01:00
Tony Torralba
f63ffb0630
Add models for Notification builders
2021-12-09 13:33:17 +01:00
Anders Schack-Mulligen
38d0bb4a60
Merge pull request #7260 from hvitved/dataflow/argument-parameter-matching
...
Data flow: Introduce `ParameterPosition` and `ArgumentPosition`
2021-12-08 12:49:08 +01:00
Tom Hvitved
283173ad02
Address review comments
2021-12-08 11:26:44 +01:00
Tom Hvitved
490872173a
Data flow: Sync files
2021-12-07 20:29:18 +01:00
Erik Krogh Kristensen
3c59aa319e
Merge pull request #7245 from erik-krogh/explicit-this-all-the-places
...
All langs: apply the explicit-this patch to all remaining code
2021-12-07 10:40:26 +01:00
haby0
daf6a4ce07
Partial modification 2
2021-12-04 17:45:02 +08:00
Tony Torralba
8ffa195538
Merge branch 'main' into atorralba/android_slice_models
2021-12-03 16:59:33 +01:00
intrigus
2c4ccb79a1
Fix QL Doc typos.
2021-12-02 15:30:29 +01:00
Michael Nebel
ad281c0365
C#: Sync FlowSummaryImpl files.
2021-12-02 09:03:00 +01:00
Anders Schack-Mulligen
cde853c095
Merge pull request #7270 from aschackmull/dataflow/stage2-refactor
...
Dataflow: Stage 2 refactor
2021-12-01 11:09:08 +01:00
Tom Hvitved
ae6501d906
Java: Implement ParameterPosition et al
2021-12-01 08:51:22 +01:00
haby0
08be8edbce
Modify according to suggestions
2021-12-01 11:57:57 +08:00
Tom Hvitved
540ecf3c21
Data flow: Sync files
2021-11-30 15:20:20 +01:00
Anders Schack-Mulligen
3e914ef2ff
Dataflow: Sync.
2021-11-30 13:52:52 +01:00
Anders Schack-Mulligen
fc05825c73
Dataflow: Make stage 2 equal to stages 3 and 4.
2021-11-30 13:52:31 +01:00
Chris Smowton
27f40e08e5
Merge pull request #7007 from JLLeitschuh/feat/JLL/improve_ratpack_support
...
Java: Ratpack HTTP Framework Additional Modeling
2021-11-29 16:20:53 +00:00
Tom Hvitved
fdc94365b4
Merge pull request #7178 from michaelnebel/csharp-flowsummary-pp-csv
...
C#: Initial implementation of csv printing in FlowSummaries test
2021-11-29 09:59:33 +01:00
haby0
db04a0dadf
New model: SQL injection in MyBatis annotations
2021-11-28 14:43:57 +08:00
Erik Krogh Kristensen
74158f1e3a
revert explicit-this that caused non-monotonic recursion
2021-11-26 21:37:46 +01:00
Michael Nebel
d4f3a6d4bb
C#: Review comments. Keep the TContent type pribate
2021-11-26 15:38:33 +01:00
Erik Krogh Kristensen
6ff8d4de5c
add all remaining explicit this
2021-11-26 13:50:10 +01:00
Anders Schack-Mulligen
00ee34c0a0
Merge pull request #7237 from hvitved/dataflow/consistency-config
...
Data flow: Introduce `ConsistencyConfiguration` class
2021-11-26 12:49:25 +01:00
Anders Schack-Mulligen
57fd397cb3
Merge pull request #7239 from smowton/smowton/fix/useless-comparison-surrogates
...
Range analysis and useless-comparison query: don't treat all unicode surrogates as if they are U+FFFD
2021-11-26 09:00:36 +01:00
Chris Smowton
d3a4dadc7d
Merge pull request #7240 from smowton/smowton/admin/derecognise-xxe-secure-processing
...
Note that FEATURE_SECURE_PROCESSING isn't a sufficient defence against XXE
2021-11-25 19:31:06 +00:00
Jonathan Leitschuh
1ddf5fb133
Java: Ratpack HTTP Framework Additional Modeling
...
Adds models for `ratpack.func.Pair`, and `ratpack.exec.Result`.
Improve moels for `ratpack.exec.Promise`.
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com >
2021-11-25 12:55:32 -05:00
Chris Smowton
ce63549425
Apply review comments
2021-11-25 15:20:35 +00:00
Chris Smowton
db39c0b8be
CharacterLiteral.getCodePointValue: fix handling of surrogates
2021-11-25 14:07:21 +00:00
Chris Smowton
9eb9eb606e
Note that FEATURE_SECURE_PROCESSING isn't a sufficient defence against XXE
2021-11-25 12:22:48 +00:00
Tom Hvitved
6cb00992e8
Data flow: Introduce ConsistencyConfiguration class
2021-11-25 10:01:47 +01:00
haby0
04a3f76a8b
Eliminate false positives of Mybatis Configuration Variable
2021-11-25 15:47:37 +08:00
Anders Schack-Mulligen
7ca3407c86
Dataflow: Sync.
2021-11-24 14:43:00 +01:00
Anders Schack-Mulligen
a7ec0fa900
Dataflow: Remove more disjunction-induced tuple duplication.
2021-11-24 14:39:49 +01:00
Michael Nebel
b9d0a60ce7
C#: Addressed review comments from hvitved
2021-11-24 14:35:52 +01:00
Anders Schack-Mulligen
4efdcc22a2
Dataflow: Improve barrier handling.
2021-11-24 14:17:05 +01:00
Michael Nebel
a3ca9ad27d
C#: Sync flow summary implementation files and implement specific parts for ruby and java
2021-11-24 12:09:20 +01:00
Anders Schack-Mulligen
822890f2bd
Dataflow: Remove disjunction-induced tuple duplication.
2021-11-23 15:05:24 +01:00
Anders Schack-Mulligen
f5f67dd11a
Dataflow: Pull ccc.matchesCall(call) from the recursive loop.
2021-11-23 14:35:33 +01:00
Anders Schack-Mulligen
e711ba9d18
Dataflow: Remove negation materialization.
2021-11-23 11:35:57 +01:00
Anders Schack-Mulligen
fc43220864
Java: bugfix
2021-11-19 15:01:29 +01:00
Anders Schack-Mulligen
2b1f34ed9b
Java: Don't clear content in store steps in summaries.
2021-11-19 14:22:28 +01:00
Anders Schack-Mulligen
6815a13a00
Merge pull request #6931 from hvitved/dataflow/restrict-derived-summaries
...
Data flow: Restrict derived flow summaries
2021-11-18 15:31:55 +01:00
Anders Schack-Mulligen
22ebe68b1b
Merge pull request #7132 from aschackmull/java/overrides
...
Java: Fix overrides to not be transitive.
2021-11-17 15:38:11 +01:00
