Harry Maclean
|
06000781e9
|
Ruby: Document PairCfgNode::getKey/getValue
|
2021-11-19 14:54:06 +00:00 |
|
Harry Maclean
|
90a9688310
|
Ruby: update CFG fixture
|
2021-11-19 11:31:14 +00:00 |
|
Harry Maclean
|
8fc7e4be43
|
Ruby: Increase precision of SSRF query
|
2021-11-19 11:28:09 +00:00 |
|
Harry Maclean
|
c297a68acf
|
Model more of the RestClient API
We now handle this form:
RestClient::Request.execute(url: "http://example.com")
|
2021-11-19 11:28:09 +00:00 |
|
Harry Maclean
|
e2ef780c55
|
Add base_uri note to HTTParty modelling
|
2021-11-19 11:28:09 +00:00 |
|
Harry Maclean
|
38ff584307
|
Model more Faraday behaviour
You can instantiate a Faraday connection by passing a URL as an keyword
argument:
conn = Faraday.new(url: "http://example.com")
|
2021-11-19 11:28:09 +00:00 |
|
Harry Maclean
|
f933d24031
|
Fix comment
|
2021-11-19 11:28:09 +00:00 |
|
Harry Maclean
|
70efadac77
|
Add change note for Ruby SSRF query
|
2021-11-19 11:28:09 +00:00 |
|
Harry Maclean
|
e87a4531d8
|
Remove redundant imports
|
2021-11-19 11:28:08 +00:00 |
|
Harry Maclean
|
ac20eafecc
|
Add qhelp for Ruby SSRF
|
2021-11-19 11:28:08 +00:00 |
|
Harry Maclean
|
2bba31eb02
|
Update metadata of Ruby SSRF query
|
2021-11-19 11:28:08 +00:00 |
|
Harry Maclean
|
dc464879a2
|
Add a query for server-side request forgery
|
2021-11-19 11:28:08 +00:00 |
|
Harry Maclean
|
cd33e4d394
|
Make string interpolation sanitizer reusable
|
2021-11-19 11:28:08 +00:00 |
|
Harry Maclean
|
b6ce37b241
|
Add getURL to HTTP::Client::Request
This member predicate gets dataflow nodes which contribute to the URL of
the request.
Also consolidate the identical tests for each HTTP client.
|
2021-11-19 11:28:08 +00:00 |
|
Harry Maclean
|
8fd8c9b04d
|
Fix CallExprCfgNode.getKeywordArgument
This predicate now produces results.
|
2021-11-19 11:28:08 +00:00 |
|
Harry Maclean
|
0caea17118
|
Add a test for CallCfgNodes
This test shows that `CallCfgNode.getKeywordArgument(string keyword)`
doesn't return any results.
|
2021-11-19 11:28:07 +00:00 |
|
Anders Schack-Mulligen
|
1f3f7e9ccc
|
Merge pull request #7169 from erik-krogh/useMatches
use matches instead of regexpMatch/prefix/suffix
|
2021-11-19 11:42:47 +01:00 |
|
Erik Krogh Kristensen
|
62730e7a4b
|
Merge pull request #7174 from erik-krogh/fixCSharpImport
C#: move Linq/Helpers.qll to the lib folder
|
2021-11-18 19:40:53 +01:00 |
|
Tom Hvitved
|
2f7250a0b3
|
Merge pull request #7160 from hvitved/csharp/cfg/static-scope
C#: Extend `(Annotated)ExitNode` to also cover static fields
|
2021-11-18 19:15:06 +01:00 |
|
Erik Krogh Kristensen
|
63ecae5426
|
update imports
|
2021-11-18 17:31:17 +01:00 |
|
Erik Krogh Kristensen
|
2d78cce7a5
|
move Linq/Helpers to the lib folder
|
2021-11-18 16:59:34 +01:00 |
|
Henry Mercer
|
46958e5bff
|
Merge pull request #7168 from erik-krogh/useMinInsteadofRank1
ATM: use min() instead of rank[1]
|
2021-11-18 14:56:49 +00:00 |
|
Erik Krogh Kristensen
|
011fc20963
|
use matches instead of regexpMatch
|
2021-11-18 15:41:25 +01:00 |
|
Anders Schack-Mulligen
|
6815a13a00
|
Merge pull request #6931 from hvitved/dataflow/restrict-derived-summaries
Data flow: Restrict derived flow summaries
|
2021-11-18 15:31:55 +01:00 |
|
Erik Krogh Kristensen
|
2af7817691
|
use min() instead of rank[1]
|
2021-11-18 14:26:55 +01:00 |
|
Geoffrey White
|
6c2713dd8b
|
Merge pull request #7159 from MathiasVP/pointers-are-always-iterators
C++: Always recognize pointers as iterators
|
2021-11-18 11:14:44 +00:00 |
|
Tony Torralba
|
9d22ec88fd
|
Merge pull request #7165 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2021-11-18 10:37:34 +01:00 |
|
Erik Krogh Kristensen
|
1cca377e7d
|
Merge pull request #6561 from erik-krogh/htmlReg
JS/Py/Ruby: add a bad-tag-filter query
|
2021-11-18 09:39:13 +01:00 |
|
github-actions[bot]
|
ecdaeb0c10
|
Add changed framework coverage reports
|
2021-11-18 00:09:24 +00:00 |
|
Tom Hvitved
|
a89be2e3f8
|
C#: Extend (Annotated)ExitNode to also cover static fields
|
2021-11-17 20:50:38 +01:00 |
|
Mathias Vorreiter Pedersen
|
c998370c84
|
C++: Accept more test changes.
|
2021-11-17 15:22:17 +00:00 |
|
Mathias Vorreiter Pedersen
|
36585a7469
|
C++: Accept test changes.
|
2021-11-17 14:41:30 +00:00 |
|
Mathias Vorreiter Pedersen
|
6dc6a78293
|
C++: Add a 'IteratorByPointer' class so pointers are always iterators.
|
2021-11-17 14:41:19 +00:00 |
|
Alex Ford
|
08b6a17097
|
Merge pull request #7151 from github/ruby/methodcallnode
Ruby: add `getMethodName` predicate to `DataFlow::CallNode` class
|
2021-11-17 14:40:07 +00:00 |
|
Anders Schack-Mulligen
|
22ebe68b1b
|
Merge pull request #7132 from aschackmull/java/overrides
Java: Fix overrides to not be transitive.
|
2021-11-17 15:38:11 +01:00 |
|
Anders Schack-Mulligen
|
1645fcf79c
|
Merge pull request #7088 from aschackmull/java/parameterized-subtyping
Java: Improve algorithm for subtyping of parameterized types.
|
2021-11-17 15:28:28 +01:00 |
|
Arthur Baars
|
5ddfb37f29
|
Merge pull request #7155 from aibaars/ruby-qualified-import
Ruby: QL generator: use qualified imports
|
2021-11-17 12:40:14 +01:00 |
|
Arthur Baars
|
6f24947ec6
|
Merge pull request #7156 from aibaars/ruby-prepare-db-upgrade-fix
Ruby: Fix scripts/prepare-db-upgrade.sh
|
2021-11-17 12:39:55 +01:00 |
|
Benjamin Muskalla
|
3c3a65243f
|
Merge pull request #6664 from bmuskalla/bmuskalla/modelGenerator
Java: Initial CSV model generator
|
2021-11-17 12:30:45 +01:00 |
|
Arthur Baars
|
fbb3e8d780
|
Fix scripts/prepare-db-upgrade.sh
|
2021-11-17 12:11:20 +01:00 |
|
Geoffrey White
|
d232283647
|
Merge pull request #7149 from geoffw0/non-https-url2
C++: Minor improvements to 'Failure to use HTTPS URLs' query
|
2021-11-17 10:05:30 +00:00 |
|
Tom Hvitved
|
4eacbd1cbe
|
Ruby: Sync files
|
2021-11-17 10:49:51 +01:00 |
|
Tom Hvitved
|
6d58dd2823
|
Java: Update expected test output
|
2021-11-17 10:49:51 +01:00 |
|
Tom Hvitved
|
3da73b9001
|
C#: Update expected test output
|
2021-11-17 10:49:49 +01:00 |
|
Tom Hvitved
|
58dd75881c
|
C#: Update flow summary to avoid negative recursion
|
2021-11-17 10:39:13 +01:00 |
|
Tom Hvitved
|
ac41451798
|
Data flow: Sync files
|
2021-11-17 10:39:12 +01:00 |
|
Tom Hvitved
|
0c1285f5d9
|
Data flow: Restrict derived flow summaries
|
2021-11-17 10:39:12 +01:00 |
|
Arthur Baars
|
7c2841f058
|
Ruby: QL generator: use qualified imports
|
2021-11-17 10:37:44 +01:00 |
|
Erik Krogh Kristensen
|
474c808373
|
Merge pull request #7137 from erik-krogh/functionExport
JS: recognize library inputs when the library exports "through" a function
|
2021-11-17 09:49:02 +01:00 |
|
Anders Schack-Mulligen
|
69671ce90d
|
Java: cache overrides
|
2021-11-17 09:16:58 +01:00 |
|