58178 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Alex Denisov	5cce37baa9	Swift: update test expectations	2023-08-22 11:11:28 +02:00
Alex Denisov	48607e3ad7	Swift: address code review comments	2023-08-22 10:01:16 +02:00
AlexDenisov	b98a966729	Apply suggestions from code review ... Co-authored-by: Paolo Tranquilli <redsun82@github.com>	2023-08-22 09:57:25 +02:00
Anders Schack-Mulligen	bdc5f9cdea	Merge pull request #14012 from knewbury01/knewbury01/add-sanitizer-command-query ... Java: add sanitizer to command injection query	2023-08-22 08:40:49 +02:00
Michael Nebel	ce6fd8ac5f	Merge pull request #13432 from michaelnebel/updateissupported ... Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.	2023-08-22 08:39:38 +02:00
Sid Shankar	a9ea61f0b2	Merge pull request #14001 from github/sidshank/clarify-js-and-ts-requirements ... Clarify system requirements for TypeScript extraction	2023-08-21 20:59:11 -04:00
Robert Marsh	a335ece5e5	Swift: change note for keypath optional flows	2023-08-21 20:11:37 +00:00
Robert Marsh	1634fa2e25	Swift: support for optional chaining in keypaths	2023-08-21 20:09:28 +00:00
Robert Marsh	81bf415b50	Swift: modify test so implicit read isn't needed at sink	2023-08-21 20:08:30 +00:00
Robert Marsh	246d5c530e	Swift: flow through keypath force components	2023-08-21 19:07:40 +00:00
Geoffrey White	f7776f812c	Swift: 'good enough' fix for UnsafeJsEval flow.	2023-08-21 18:30:30 +01:00
Henry Mercer	5a76b9f59e	Merge pull request #14010 from github/henrymercer/cs/add-alias ... C#: Add "c#" alias to language pack	2023-08-21 18:26:54 +01:00
Geoffrey White	317757b7ae	Swift: Create proper models for JavaScriptCore.	2023-08-21 18:24:26 +01:00
Kristen Newbury	5e01e1d464	Java: add sanitizer to command injection query	2023-08-21 12:33:05 -04:00
Mathias Vorreiter Pedersen	e1ed49f3ac	Merge pull request #14011 from github/revert-13991-redsun82/swift-use-concepts ... Revert "Swift: use C++20 constraints and concepts to simplify code"	2023-08-21 17:21:42 +01:00
Paolo Tranquilli	1daedd9fb6	Revert "Swift: use C++20 constraints and concepts to simplify code"	2023-08-21 17:40:15 +02:00
Henry Mercer	cbce0736c2	C#: Add "c#" alias to language pack ... This will allow users to reference the C# extractor using `--language c#` in future versions of the CLI.	2023-08-21 16:27:39 +01:00
Harry Maclean	414ae76ae1	Ruby: Add another splat flow test	2023-08-21 16:21:55 +01:00
Harry Maclean	c615f183c1	Ruby: Add test for spurious splat flow ... We don't yet properly model splat flow when a positional argument follows a splat argument.	2023-08-21 16:11:10 +01:00
Tamas Vajk	2575db356d	Improve code quality: fix review findings	2023-08-21 16:07:56 +02:00
Paolo Tranquilli	6d85d0d0f7	Merge pull request #13991 from github/redsun82/swift-use-concepts ... Swift: use C++20 constraints and concepts to simplify code	2023-08-21 15:45:44 +02:00
Tom Hvitved	12d1d04592	Merge pull request #13983 from hvitved/dataflow/reduced-dispatch-early-join ... Data flow: Earlier call-context based dispatch filtering	2023-08-21 13:20:08 +02:00
Tom Hvitved	1b4520b058	Data flow: Update QL doc	2023-08-21 12:56:37 +02:00
Sid Shankar	671eb0f82f	Updates requirements for TypeScript only ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2023-08-21 06:51:30 -04:00
Jeroen Ketema	2d0f73d7c2	Merge pull request #13881 from jketema/shared-taint-tracking ... Introduce shared taint tracking library	2023-08-21 12:45:49 +02:00
Geoffrey White	6ef6be7291	Swift: UnsafeJSEval regression.	2023-08-21 11:28:48 +01:00
Geoffrey White	997984c529	Swift: Minor test .expected changes.	2023-08-21 11:15:43 +01:00
Geoffrey White	a54747f850	Swift: Fix mysterious taint flow issue.	2023-08-21 11:06:04 +01:00
Rasmus Wriedt Larsen	c8c69aac9b	Merge pull request #13561 from amammad/amammad-python-WebAppsConstatntSecretKeys ... Python: Flask & Django Constant Secret Key initialization	2023-08-21 11:39:19 +02:00
Mathias Vorreiter Pedersen	e776178be5	C++: Add some whitespace to make stuff appear in the diff.	2023-08-21 10:23:41 +01:00
Mathias Vorreiter Pedersen	0a41acc0a6	C++: Add change note.	2023-08-21 10:23:41 +01:00
Mathias Vorreiter Pedersen	70fdfc2ae3	C++: Set precision to medium and add security severity.	2023-08-21 10:23:23 +01:00
Mathias Vorreiter Pedersen	4daabdae2b	C++: Promote 'cpp/invalid-pointer-deref' out of experimental.	2023-08-21 10:23:22 +01:00
Geoffrey White	b4db68af80	Swift: Add content to the string models.	2023-08-21 10:16:40 +01:00
Geoffrey White	a6f29fa417	Swift: Address pointer/pointee conflation in the string tests themselves.	2023-08-21 10:16:39 +01:00
Tamas Vajk	b5cdaa2f94	Fix compile issues after rebase	2023-08-21 10:43:36 +02:00
Tamas Vajk	62666915b4	Adjust integration test to opt into cshtml extraction	2023-08-21 10:38:22 +02:00
Tamas Vajk	84a78e7a8d	Add opt-in environment variable for cshtml generation	2023-08-21 10:38:22 +02:00
Tamas Vajk	ba0cc76da1	Minor cleanup of dotnet CLI invocations	2023-08-21 10:38:22 +02:00
Tamas Vajk	ad3cc8e1c7	Change backslash to forward slash in file paths in the analyzer config file	2023-08-21 10:38:22 +02:00
Tamas Vajk	c2eb2e9c69	Add more logging	2023-08-21 10:38:22 +02:00
Tamas Vajk	a644133d8f	Write CSC arguments to file and pass that to the execution	2023-08-21 10:38:22 +02:00
Michael Nebel	166633dac0	C#: Only apply Path.combine to OS agnostic parts of the path.	2023-08-21 10:38:21 +02:00
Michael Nebel	d48ab36273	C#: Run dotnet exec command silently.	2023-08-21 10:38:21 +02:00
Tamas Vajk	d391246f27	C#: Generate source files from .cshtml files in standalone	2023-08-21 10:38:21 +02:00
Tamas Vajk	ba0f07b66c	C#: Add integration test for cshtml extraction in standalone mode	2023-08-21 10:38:21 +02:00
Tamas Vajk	af1a0b9a6c	C#: Include cshtml files in integration test results	2023-08-21 10:38:21 +02:00
Jeroen Ketema	a2bb7dee18	Java: Delete copy of shared taint tracking library	2023-08-21 10:32:28 +02:00
Michael Nebel	51f166d71e	Java: Address review comments.	2023-08-21 10:22:28 +02:00
Paolo Tranquilli	bda516e9ea	C++: tweak dispatcher clauses	2023-08-21 10:01:45 +02:00