Commit Graph

14210 Commits

Author SHA1 Message Date
Arthur Baars
583f7f914e Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix} 2020-07-07 17:22:30 +02:00
Arthur Baars
19a481f809 Java: Arrays: add tests 2020-07-03 17:15:17 +02:00
Arthur Baars
0b89efbee4 Java: model Arrays::addList 2020-07-03 17:15:17 +02:00
Arthur Baars
a07af79fff Java: model java.util.Arrays 2020-07-03 17:15:17 +02:00
Arthur Baars
c629f6b13a Merge pull request #3869 from aibaars/util-collections
Java: model java.util.Collections
2020-07-03 17:09:14 +02:00
yoff
687bb4dfc8 Merge pull request #3890 from github/tausbn-add-paths-ignore-to-code-scanning-config
Code Scanning: Don't scan the Python directory.
2020-07-03 16:03:41 +02:00
Taus
01c4852360 Merge pull request #3701 from yoff/SharedDataflow
Python: Start using the shared data flow libraries
2020-07-03 16:03:20 +02:00
Rasmus Lerchedahl Petersen
fe9520b50b Python: correct doc for toString 2020-07-03 15:04:54 +02:00
Arthur Baars
5fff41f35b Don't track taint on Map keys 2020-07-03 14:47:25 +02:00
Rasmus Lerchedahl Petersen
33cf96ccb8 Python: Address review comments 2020-07-03 14:11:58 +02:00
Taus
b99ec29f6e Code Scanning: Additionally exclude Java and C++. 2020-07-03 13:56:25 +02:00
Taus
39bc978573 Code Scanning: Don't scan the Python directory.
... Possibly some of the other language teams want to get on this? 🙂 
If so, give me a shout!
2020-07-03 13:46:30 +02:00
yoff
d201eb2c12 Update python/ql/src/experimental/dataflow/internal/DataFlowPrivate.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2020-07-03 13:33:27 +02:00
yoff
59d611ddd5 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2020-07-03 13:32:03 +02:00
yoff
8891fbf006 Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2020-07-03 13:31:38 +02:00
yoff
40a6728748 Update python/ql/src/experimental/dataflow/internal/TaintTrackingPrivate.qll
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
2020-07-03 13:30:10 +02:00
Rasmus Lerchedahl Petersen
e3666004cf Python: add some links to readme 2020-07-03 10:37:38 +02:00
Rasmus Lerchedahl Petersen
a9e0288e5b Python: exclude global vars from local flow 2020-07-03 08:41:10 +02:00
Rasmus Lerchedahl Petersen
bdc68ce6b6 Python: refactor Node class 2020-07-03 08:01:44 +02:00
semmle-qlci
04a0d47ab9 Merge pull request #3870 from hvitved/csharp/cfg/cond-out-param
Approved by calumgrant
2020-07-02 18:48:05 +01:00
Arthur Baars
5f2a5f1b55 Java: Collections: add tests 2020-07-02 19:18:02 +02:00
Taus
ba634af86e Merge pull request #3362 from RasmusWL/python-keyword-only-args
Python: properly support keyword only arguments
2020-07-02 18:21:59 +02:00
Rasmus Lerchedahl Petersen
5f18fb427a Python: update TODO 2020-07-02 16:20:38 +02:00
semmle-qlci
b5c8f2238b Merge pull request #3805 from esbena/js/seal-freeze-flow
Approved by asgerf
2020-07-02 13:54:54 +01:00
Rasmus Wriedt Larsen
513c2974bd Merge branch 'master' into python-keyword-only-args 2020-07-02 14:48:32 +02:00
Rasmus Wriedt Larsen
b2f8638ff0 Python: Update dbscheme with new comment 2020-07-02 14:17:55 +02:00
Taus
eecc3ca5dd Merge pull request #3503 from RasmusWL/python-fix-django-taint-sinks
Python: Fix django taint sinks
2020-07-02 13:32:35 +02:00
Tom Hvitved
527a099a26 C#: Fix CFG for conditional method calls with out parameters 2020-07-02 13:12:53 +02:00
Tom Hvitved
090205d9e9 C#: Add CFG test for conditional call to method with out parameter 2020-07-02 13:09:40 +02:00
Arthur Baars
21a4b8d6c0 Java: remove useless casts 2020-07-02 13:03:15 +02:00
Arthur Baars
d80bf3395f Add Navigable variants and sort method names 2020-07-02 13:02:38 +02:00
semmle-qlci
97128b1475 Merge pull request #3829 from asger-semmle/js/xss-substr
Approved by erik-krogh
2020-07-02 11:58:32 +01:00
Arthur Baars
e7b495e7d3 Java: model Collections::addAll 2020-07-02 12:38:22 +02:00
Rasmus Wriedt Larsen
26b7a301d6 Merge branch 'master' into python-keyword-only-args 2020-07-02 12:27:02 +02:00
Arthur Baars
5cf5c77b09 Java: model java.util.Collections 2020-07-02 12:25:55 +02:00
Tom Hvitved
d01904d404 Merge pull request #3846 from hvitved/csharp/autobuilder-refactor
C#: Factor C++ parts out of autobuilder
2020-07-02 12:02:04 +02:00
Rasmus Wriedt Larsen
67be45f045 Merge branch 'master' into python-fix-django-taint-sinks 2020-07-02 11:55:42 +02:00
Rasmus Wriedt Larsen
9a82927187 Python: Autoformat 2020-07-02 11:54:41 +02:00
Rasmus Wriedt Larsen
a947d151e5 Python: Django changes now backwards compatible deprecation 2020-07-02 11:53:25 +02:00
Rasmus Wriedt Larsen
4a7bfbe091 Python: Use .matches instead of .indexOf() = 0 2020-07-02 11:43:23 +02:00
Anders Schack-Mulligen
50fee5c4a1 Merge pull request #3817 from Marcono1234/patch-1
Fix outdated query console link
2020-07-02 11:41:19 +02:00
semmle-qlci
0bf1f75274 Merge pull request #3850 from aschackmull/dataflow/doc
Approved by hvitved
2020-07-02 09:04:35 +01:00
semmle-qlci
bfb734e1d7 Merge pull request #3832 from asger-semmle/js/typescript-in-html-files3
Approved by erik-krogh
2020-07-02 08:30:45 +01:00
Anders Schack-Mulligen
c78427569e Update docs/ql-libraries/dataflow/dataflow.md
Co-authored-by: Tom Hvitved <hvitved@github.com>
2020-07-02 09:24:33 +02:00
Jonas Jensen
2bd84a3a5e Merge pull request #3865 from geoffw0/bufferwrite-fixup
C++: 'modelling' -> 'modeling' part 2.
2020-07-02 08:37:19 +02:00
Jonas Jensen
62a656de0f Merge pull request #3860 from dbartol/codeql-c-analysis-team/40/2
C++: QLDoc cleanup
2020-07-02 08:32:44 +02:00
semmle-qlci
45ef3ec4a8 Merge pull request #3619 from erik-krogh/CWE022-Correctness
Approved by asgerf
2020-07-01 20:07:58 +01:00
Tom Hvitved
398a95c65f C#: Remove unused field 2020-07-01 20:06:46 +02:00
Tom Hvitved
498ee9b5f5 C#: Factor C++ parts out of autobuilder 2020-07-01 20:06:46 +02:00
Geoffrey White
a260df9035 C++: 'modelling' -> 'modeling'. 2020-07-01 17:49:22 +01:00