Anders Schack-Mulligen
|
1efe1e0d10
|
Java: Improve algorithm for subtyping of parameterized types.
|
2021-11-09 15:49:17 +01:00 |
|
Mathias Vorreiter Pedersen
|
e9b114630a
|
Merge pull request #6948 from ihsinme/ihsinme-patch-076
CPP: Add query for CWE-243 Creation of chroot Jail Without Changing Working Directory
|
2021-11-03 18:50:13 +00:00 |
|
ihsinme
|
aef0275b3c
|
Update IncorrectChangingWorkingDirectory.expected
|
2021-11-03 20:45:38 +03:00 |
|
Tom Hvitved
|
d00196f6be
|
Merge pull request #7048 from hvitved/ruby/remove-node-predicates
Ruby: Remove `Node::getEnclosingCallable` and `ParameterNode::isParameterOf`
|
2021-11-03 17:46:16 +01:00 |
|
ihsinme
|
a9dd868348
|
Update IncorrectChangingWorkingDirectory.qhelp
|
2021-11-03 18:38:30 +03:00 |
|
ihsinme
|
c94b64cbca
|
Update IncorrectChangingWorkingDirectory.qhelp
|
2021-11-03 18:28:57 +03:00 |
|
Tom Hvitved
|
16d96d2ad3
|
Ruby: Remove Node::getEnclosingCallable and ParameterNode::isParameterOf
|
2021-11-03 15:59:29 +01:00 |
|
Erik Krogh Kristensen
|
3638892d35
|
Merge pull request #6881 from erik-krogh/add-missing-noinline
JS: add pragma[noinline] to predicates where the qldoc mentions join-order
|
2021-11-03 14:21:27 +01:00 |
|
Tom Hvitved
|
ab37ae6613
|
Merge pull request #7036 from hvitved/ruby/truncate-get-value-text
Ruby: Truncate concatenated strings in `getValueText`
|
2021-11-03 10:57:43 +01:00 |
|
ihsinme
|
c175f0aa9d
|
Update IncorrectChangingWorkingDirectory.ql
|
2021-11-03 12:25:30 +03:00 |
|
Anders Schack-Mulligen
|
e6145f04d2
|
Merge pull request #6966 from atorralba/atorralba/android-explicit-intent-sanitizer
Android: Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead
|
2021-11-03 10:20:09 +01:00 |
|
Erik Krogh Kristensen
|
ab4780c505
|
Merge pull request #7032 from erik-krogh/cwe497
JS: add CWE-497 to js/stack-trace-exposure
|
2021-11-03 08:55:49 +01:00 |
|
Mathias Vorreiter Pedersen
|
4a2894a707
|
Merge pull request #7025 from MathiasVP/nomagic-parameterCand
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
|
2021-11-02 20:40:44 +00:00 |
|
Tom Hvitved
|
8b287a7846
|
Ruby: Truncate concatenated strings in getValueText
|
2021-11-02 18:19:49 +01:00 |
|
Erik Krogh Kristensen
|
9d99ce12c4
|
add CWE-497 to js/stack-trace-exposure
|
2021-11-02 15:43:55 +01:00 |
|
yoff
|
97625d7c2c
|
Merge pull request #7023 from RasmusWL/toml
Python: Add modeling of `toml`
|
2021-11-02 14:42:06 +01:00 |
|
ihsinme
|
62b3c3c9a0
|
Update IncorrectChangingWorkingDirectory.ql
|
2021-11-02 16:16:17 +03:00 |
|
yoff
|
0240631510
|
Merge pull request #6782 from RasmusWL/fastapi
Python: Model FastAPI
|
2021-11-02 14:16:12 +01:00 |
|
ihsinme
|
738354b8e7
|
Update cpp/ql/src/experimental/Security/CWE/CWE-243/IncorrectChangingWorkingDirectory.ql
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
|
2021-11-02 16:13:34 +03:00 |
|
Rasmus Wriedt Larsen
|
c52e453342
|
Python: Minor rewrite
|
2021-11-02 13:37:50 +01:00 |
|
Erik Krogh Kristensen
|
54fba2d6a1
|
Merge pull request #6781 from erik-krogh/ldap
JS: Move LDAP injection out of experimental
|
2021-11-02 13:35:32 +01:00 |
|
Anders Schack-Mulligen
|
7d0152f3c0
|
Merge pull request #6932 from aschackmull/dataflow/flow-features
Dataflow: Add support for call context restrictions on sources/sinks.
|
2021-11-02 13:24:17 +01:00 |
|
Nick Rolfe
|
6dd5dad4a9
|
Merge pull request #7026 from github/nickrolfe/rb-prefix
Ruby: use the `rb/` prefix in all query ids
|
2021-11-02 12:04:50 +00:00 |
|
Erik Krogh Kristensen
|
f7f315adbb
|
Merge pull request #7022 from erik-krogh/cwe319
JS: add cwe-319 to js/clear-text-cookie
|
2021-11-02 12:47:53 +01:00 |
|
Erik Krogh Kristensen
|
7a96b8e9e1
|
Merge branch 'main' into ldap
|
2021-11-02 12:47:28 +01:00 |
|
Nick Rolfe
|
898f5ec596
|
Ruby: use the rb/ prefix in all query ids
|
2021-11-02 11:42:02 +00:00 |
|
Mathias Vorreiter Pedersen
|
6f4107ff23
|
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma.
|
2021-11-02 11:37:40 +00:00 |
|
Rasmus Wriedt Larsen
|
8ee804a8c2
|
Python: Add toml modeling
|
2021-11-02 11:57:15 +01:00 |
|
Rasmus Wriedt Larsen
|
14bc297946
|
Python: Add toml encode/decode test
|
2021-11-02 11:57:06 +01:00 |
|
Tom Hvitved
|
302373d154
|
Merge pull request #6858 from hvitved/python/type-tracker-changes
Python: Type tracker changes
|
2021-11-02 11:47:01 +01:00 |
|
CodeQL CI
|
d5e2026a26
|
Merge pull request #6934 from erik-krogh/more-instanceof
Approved by MathiasVP, esbena, yoff
|
2021-11-02 03:46:23 -07:00 |
|
CodeQL CI
|
5d62aa5b29
|
Merge pull request #6994 from erik-krogh/redundant-cast
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
|
2021-11-02 03:45:48 -07:00 |
|
Tom Hvitved
|
fe80c4a17b
|
Ruby: Sync files
|
2021-11-02 11:16:46 +01:00 |
|
Tom Hvitved
|
1e64893742
|
Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll
Co-authored-by: Taus <tausbn@github.com>
|
2021-11-02 11:16:32 +01:00 |
|
Tom Hvitved
|
660398aa78
|
Python: Introduce TypeBackTracker::getACompatibleTypeTracker()
|
2021-11-02 11:16:32 +01:00 |
|
Tom Hvitved
|
73fd66cfed
|
Python: Cache TypeBackTracker::prepend
|
2021-11-02 11:16:32 +01:00 |
|
Erik Krogh Kristensen
|
41e7dea943
|
add cwe-319 "Cleartext Transmission of Sensitive Information" to js/clear-text-cookie
|
2021-11-02 11:11:38 +01:00 |
|
Rasmus Wriedt Larsen
|
b7b9120724
|
Python: Better handling of Pydantic models
|
2021-11-02 10:29:17 +01:00 |
|
Rasmus Wriedt Larsen
|
c207580ed9
|
Python: Add extra FastAPI taint tests
|
2021-11-02 10:20:09 +01:00 |
|
Mathias Vorreiter Pedersen
|
e2cb53c65f
|
Merge pull request #7014 from jbj/isFromSystemMacroDefinition
C++: Add `isFromSystemMacroDefinition` predicate
|
2021-11-02 09:14:59 +00:00 |
|
Rasmus Wriedt Larsen
|
17da28118a
|
Python: Small refactor to use extends .. instanceof
|
2021-11-02 10:06:11 +01:00 |
|
Anders Schack-Mulligen
|
42a046edc6
|
Merge pull request #7004 from Marcono1234/marcono1234/deprecate-StringLiteral-getRepresentedString
Java: Deprecate `StringLiteral.getRepresentedString()`
|
2021-11-02 09:57:52 +01:00 |
|
Tamás Vajk
|
18b08060ae
|
Merge pull request #5110 from porcupineyhairs/ssrfCsharp
C# : Add query to detect SSRF
|
2021-11-02 09:50:28 +01:00 |
|
ihsinme
|
9b8b916199
|
Update IncorrectChangingWorkingDirectory.ql
|
2021-11-02 11:33:29 +03:00 |
|
Tony Torralba
|
5d7b09ac67
|
Merge pull request #7020 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2021-11-02 08:33:36 +01:00 |
|
github-actions[bot]
|
093be44258
|
Add changed framework coverage reports
|
2021-11-02 00:09:00 +00:00 |
|
Marcono1234
|
668928045e
|
Merge branch 'main' into marcono1234/deprecate-StringLiteral-getRepresentedString
|
2021-11-01 16:32:57 +01:00 |
|
Anders Schack-Mulligen
|
e88bbfdd67
|
Merge pull request #7008 from JLLeitschuh/feat/JLL/java_optional_lambda_support
Java: Model java.util.Optional lambda methods
|
2021-11-01 13:49:21 +01:00 |
|
Anders Schack-Mulligen
|
64acd0288e
|
Merge pull request #6614 from Marcono1234/marcono1234/char-literal-codepoint
Java: Add `CharacterLiteral.getCodePointValue()`
|
2021-11-01 13:06:00 +01:00 |
|
Nick Rolfe
|
da5d10fd6b
|
Merge pull request #7012 from MalikIdreesHasanKhan/main
Fixed a typo. ( Minor PR)
|
2021-11-01 11:30:13 +00:00 |
|