Ian Lynagh
5dff1852e1
Kotlin: We now support 1.9.10
2023-08-24 17:36:45 +01:00
Jeroen Ketema
da403c1a79
Merge pull request #14039 from jketema/non-constant-assign
...
C++: Omit assign case from `cpp/non-constant-format`
2023-08-24 16:54:19 +02:00
Jeroen Ketema
45c56fbce7
Update cpp/ql/src/change-notes/2023-08-24-remove-non-constant-assign-sources.md
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2023-08-24 16:17:59 +02:00
Jeroen Ketema
607f729339
C++: Add change note
2023-08-24 16:11:39 +02:00
Asger F
6c664e93ef
Merge pull request #14035 from asgerf/shared/variable-capture-nested
...
Variable capture: synchronize with aliases in nested scopes
2023-08-24 15:39:34 +02:00
Asger F
1286235773
Address review comments
2023-08-24 13:58:33 +02:00
Anders Schack-Mulligen
7af1e96943
Merge pull request #14032 from aschackmull/java/mad-nestednames
...
Java: Use nested names in MaD signatures.
2023-08-24 13:53:55 +02:00
Tony Torralba
6b58d11eeb
Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv
...
Java: Improve `JaxWsEndpoint::getARemoteMethod`
2023-08-24 13:37:15 +02:00
Erik Krogh Kristensen
59de92ce64
Merge pull request #14027 from erik-krogh/py-reg-app
...
ReDoS: limit concretize to strings of at most length 100
2023-08-24 12:57:42 +02:00
Tom Hvitved
7723dbc6d7
Merge pull request #14026 from hvitved/dataflow/stage3-call-ctx
...
Data flow: Use call contexts in stage 3
2023-08-24 11:52:08 +02:00
Tony Torralba
8c32919381
Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models
...
Java: New models for JAX-RS
2023-08-24 11:43:13 +02:00
Tony Torralba
3f9701cea7
Two fixes:
...
* Consider that the @WebService annotation (et al) can be in a supertype or interface
* getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
2023-08-24 11:35:52 +02:00
Asger F
b424f3fe83
Update a comment to be more accurate
2023-08-24 11:12:39 +02:00
Jeroen Ketema
9f7413eded
C++: Omit assign case from cpp/non-constant-format
2023-08-24 11:02:40 +02:00
Anders Schack-Mulligen
ebe3f61ef6
Java: Fix models in qltest.
2023-08-24 09:44:43 +02:00
Jeroen Ketema
f996fa2f8b
Merge pull request #14043 from jketema/ir-regres
...
C++: Add IR test case that shows regression after frontend update
2023-08-24 09:23:58 +02:00
AlexDenisov
d89a86fea4
Merge pull request #13979 from github/alexdenisov/autobuilder-spm
...
Swift: teach autobuilder about SPM, CocoaPods, and Carthage
2023-08-24 08:50:04 +02:00
Jeroen Ketema
c882945e30
C++: Add IR test case that shows regression after frontend update
2023-08-24 08:36:22 +02:00
erik-krogh
db2b8d4bcc
remove some test code I accidentially commited
2023-08-24 07:56:05 +02:00
Harry Maclean
96e9dfc7b2
Merge pull request #13969 from hmac/shared-extractor-globs
...
Shared extractor: support file path globs
2023-08-23 16:41:39 +01:00
Harry Maclean
b76842ad3d
Shared: Fix clippy lint
2023-08-23 16:24:57 +01:00
Harry Maclean
3680613f2d
Shared: Restrict extractor file globs to filenames
2023-08-23 16:09:56 +01:00
Mathias Vorreiter Pedersen
6cf99688e1
Merge pull request #13985 from alexet/ir-tainted-sql
...
CPP: Convert SQL tainted away from away from DefaultTaintTracking.
2023-08-23 15:40:55 +01:00
Rasmus Wriedt Larsen
89b790d048
Merge pull request #14037 from RasmusWL/fix-tests
...
Python: Fix tests
2023-08-23 16:37:40 +02:00
Rasmus Wriedt Larsen
f33359bd5c
Python: Fix tests
2023-08-23 15:37:55 +02:00
Asger F
2b540e251a
Merge pull request #14007 from asgerf/js/import-path-string
...
JS: Follow immediate predecessors in path resolution
2023-08-23 15:28:22 +02:00
Harry Maclean
54c2221f35
Merge pull request #14033 from hmac/excon-bugfix
...
Ruby: Fix bug in excon model
2023-08-23 14:24:53 +01:00
Harry Maclean
cc7ef5dac1
Shared: Fix clippy lint in shared extractor
2023-08-23 14:11:22 +01:00
Harry Maclean
ed40d72e4f
Shared: Bump extractor version
2023-08-23 14:11:22 +01:00
Harry Maclean
24ac6c0596
QL: Update for shared extractor changes
2023-08-23 14:11:21 +01:00
Harry Maclean
7e2abf20c6
Shared: Support glob patterns in shared extractor
...
Replace the `file_extensions` field with `file_globs`, which supports
UNIX style glob patterns powered by the `globset` crate.
This allows files with no extension (e.g. Dockerfiles) to be extracted,
by specifying a glob such as `*Dockerfile`.
One surprising aspect of this change is that the globs match against the
whole path, rather than just the file name.
This is a breaking change.
2023-08-23 14:11:21 +01:00
Asger F
d146514275
Merge pull request #13928 from asgerf/js/ignore-huge-files
...
JS: Ignore files larger than 10 MB during extraction
2023-08-23 15:09:58 +02:00
Asger F
d2fca1b804
Merge pull request #13926 from asgerf/js/fix-cyclic-alias-extraction
...
JS: fix crash in case of cyclic alias
2023-08-23 15:09:39 +02:00
Asger F
ee1b3fd7e9
Java: update test after VariableCapture.qll change
2023-08-23 14:57:26 +02:00
Asger F
8aec87ea57
Update VariableCapture.qll
2023-08-23 14:57:26 +02:00
Alex Eyers-Taylor
949b0a2613
CPP:Move import to start of file
2023-08-23 13:39:29 +01:00
Alex Eyers-Taylor
7d99d61662
CPP: Convert SQL tainted to IR dataflow.
2023-08-23 13:39:29 +01:00
Michael Nebel
08d44c1bdc
Merge pull request #14019 from michaelnebel/csharp/excludedlls
...
C#: Exclude dll files when getting files in the dependency manager.
2023-08-23 14:15:32 +02:00
Asger F
b8fc84e8e4
JS: Change note
2023-08-23 14:11:07 +02:00
Asger F
c6a757e085
JS: More robust handling of cyclic aliases
2023-08-23 14:11:07 +02:00
Asger F
794a459c1b
JS: Add reproduction test
2023-08-23 14:11:07 +02:00
Asger F
b93e404441
JS: Change log
2023-08-23 14:05:21 +02:00
Harry Maclean
d18ca3f5d7
Ruby: Fix bug in excon model
...
If a codebase included a definition for `Excon.new`, we matched
connection nodes to unrelated request nodes.
2023-08-23 12:55:36 +01:00
Tony Torralba
0f3918af16
Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink
...
Java: Add XXE sinks for MDHT
2023-08-23 13:49:49 +02:00
Asger F
ae2a1c7399
JS: Change note
2023-08-23 13:39:56 +02:00
Anders Schack-Mulligen
736c4beb9e
Java: Add change note.
2023-08-23 13:26:41 +02:00
Anders Schack-Mulligen
6c02e30f56
Java: Update models.
2023-08-23 13:24:55 +02:00
Anders Schack-Mulligen
4b0a1cf74b
Java: Remove old interpretation.
2023-08-23 13:19:16 +02:00
Anders Schack-Mulligen
410c09270f
Java: Use nested names in MaD signatures.
2023-08-23 13:17:52 +02:00
Harry Maclean
a5c8917ff0
Merge pull request #14031 from hmac/hmac-fix-test
...
Ruby: Update test fixture
2023-08-23 10:15:23 +01:00
