Geoffrey White
|
81205f37c5
|
C++: Fix test annotation.
|
2021-01-06 11:45:17 +00:00 |
|
Geoffrey White
|
18890c4a77
|
C++: Use isAdditionalBarrier in the SqlTainted query.
|
2021-01-05 11:33:39 +00:00 |
|
Geoffrey White
|
69efe7a72a
|
C++: Add isAdditionalBarrier to DefaultTaintTracking.
|
2021-01-05 11:32:43 +00:00 |
|
Geoffrey White
|
01b204ea30
|
C++: Add a test case with a tainted integer.
|
2021-01-04 15:35:18 +00:00 |
|
Geoffrey White
|
7a3f9c7895
|
C++: Add a test (cleaned up) that was previously in the internal repo.
|
2021-01-04 15:35:18 +00:00 |
|
Tom Hvitved
|
7f25efd43f
|
Merge pull request #4858 from hvitved/csharp/merge-format-queries
C#: Merge queries `FormatInvalid.ql`, `FormatMissingArgument.ql`, and `FormatUnusedArgument.ql`
|
2021-01-04 14:53:34 +01:00 |
|
Tom Hvitved
|
1237e566d0
|
C#: Fix typo
|
2021-01-04 12:59:45 +01:00 |
|
Jonas Jensen
|
86194226e2
|
Merge pull request #4891 from MathiasVP/get-an-overload-perf-fix
C++: Fix join order in getAnOverload
|
2021-01-04 10:02:59 +01:00 |
|
Tom Hvitved
|
6d973d0103
|
Merge pull request #4857 from hvitved/csharp/expr-has-value
C#: Move `Expr::hasValue()` to `DotNet::Expr`
|
2021-01-04 10:02:45 +01:00 |
|
Mathias Vorreiter Pedersen
|
134982c5a9
|
C++: Respond to review comments.
|
2021-01-04 09:06:58 +01:00 |
|
Mathias Vorreiter Pedersen
|
454605b7b1
|
C++: Fix join order in getAnOverload.
|
2020-12-30 10:34:26 +01:00 |
|
CodeQL CI
|
2bb96369f1
|
Merge pull request #4868 from erik-krogh/boundShell
Approved by esbena
|
2020-12-22 03:35:42 -08:00 |
|
CodeQL CI
|
7c6b4d7324
|
Merge pull request #4865 from esbena/js/fix-execa-model
Approved by erik-krogh
|
2020-12-22 03:32:26 -08:00 |
|
Erik Krogh Kristensen
|
da9a4e5267
|
add test
|
2020-12-22 11:22:25 +01:00 |
|
Erik Krogh Kristensen
|
b8b5aef5f4
|
recognize Object.defineProperty(obj, prop, {get: func}) as a property-write
|
2020-12-22 11:21:41 +01:00 |
|
Erik Krogh Kristensen
|
6a9089b15e
|
recognize bound functions in js/shell-command-constructed-from-input
|
2020-12-22 11:20:34 +01:00 |
|
CodeQL CI
|
67d0f4d938
|
Merge pull request #4866 from esbena/js/add-tests-for-examples
Approved by erik-krogh
|
2020-12-22 02:04:47 -08:00 |
|
CodeQL CI
|
e2bba97794
|
Merge pull request #4860 from erik-krogh/functionExports
Approved by esbena
|
2020-12-22 01:05:37 -08:00 |
|
CodeQL CI
|
b35edc9de6
|
Merge pull request #4732 from github/esbena-patch-4
Approved by erik-krogh
|
2020-12-22 00:42:25 -08:00 |
|
Esben Sparre Andreasen
|
34a09ff522
|
JS: add js/conditional-bypass example as a test case
|
2020-12-22 09:34:25 +01:00 |
|
Esben Sparre Andreasen
|
009527c69c
|
JS: add change note
|
2020-12-22 09:26:35 +01:00 |
|
Esben Sparre Andreasen
|
ab4f3ea259
|
JS: fixup for execa.shell and execa.shellSync models
|
2020-12-22 09:06:18 +01:00 |
|
Esben Sparre Andreasen
|
ba714a1214
|
JS: add execa.shell tests
|
2020-12-22 09:01:43 +01:00 |
|
Jonas Jensen
|
430194bb66
|
Merge pull request #4863 from MathiasVP/is-source-on-default-taint-tracking
C++: Overridable isSource on DefaultTaintTracking
|
2020-12-22 08:32:07 +01:00 |
|
Mathias Vorreiter Pedersen
|
4f07474b62
|
C++: Also allow custom sources in taintedWithoutGlobals
|
2020-12-21 19:55:47 +01:00 |
|
Mathias Vorreiter Pedersen
|
f4f96fe257
|
C++: Use isSource in queries. These were the only queries that restrict the source after dataflow terminates.
|
2020-12-21 16:35:35 +01:00 |
|
Mathias Vorreiter Pedersen
|
0e84c638b6
|
C++: Add isSource to AdjustedConfiguration
|
2020-12-21 16:34:22 +01:00 |
|
Tom Hvitved
|
0c78fb2933
|
Merge pull request #4855 from madneal/fix-for-csharp-docs
Fix for csharp docs
|
2020-12-21 14:11:36 +01:00 |
|
Erik Krogh Kristensen
|
4ef569fbbe
|
recognize more exported functions in js/shell-command-constructed-from-input
|
2020-12-21 13:50:22 +01:00 |
|
Shati Patel
|
0a0137bb5e
|
Merge pull request #4859 from github/shati-patel-patch-1
Fix typo in docs title
|
2020-12-21 12:07:32 +00:00 |
|
Jonas Jensen
|
4308381057
|
Merge pull request #4846 from MathiasVP/default-taint-tracking-operand-instruction-interleaving
C++: Instruction -> Operand interleaving for DefaultTaintTracking
|
2020-12-21 12:44:06 +01:00 |
|
Shati Patel
|
66b85f1e5e
|
Fix typo
|
2020-12-21 11:29:02 +00:00 |
|
Neal Caffery
|
ee0257836f
|
removed, as it fixed by #4848
|
2020-12-21 19:05:37 +08:00 |
|
Tom Hvitved
|
591f90f98e
|
C#: Add change note
|
2020-12-21 10:26:49 +01:00 |
|
Tom Hvitved
|
b5a1e039a4
|
C#: Merge queries FormatInvalid.ql, FormatMissingArgument.ql, and FormatUnusedArgument.ql
|
2020-12-21 10:13:56 +01:00 |
|
Tom Hvitved
|
8d6c69bf74
|
C#: Move Expr::hasValue() to DotNet::Expr
|
2020-12-21 09:46:45 +01:00 |
|
Mathias Vorreiter Pedersen
|
06366fa320
|
Merge pull request #4856 from jbj/gvn-wrapper-test
C++: Test the AST wrapper for IR GVN
|
2020-12-21 09:31:10 +01:00 |
|
Tom Hvitved
|
16aee6e71e
|
Merge pull request #4842 from hvitved/csharp/format-method-no-insertion-param
C#: Recognize format methods without insertion parameters
|
2020-12-21 09:25:18 +01:00 |
|
Jonas Jensen
|
3236cbd83e
|
C++: Test the AST wrapper for IR GVN
Out of our 3 GVN libraries, the one we actually use in production didn't
have tests -- except indirectly through `diff_ir_expr.ql`.
|
2020-12-21 08:21:02 +01:00 |
|
neal1991
|
b9d24b8255
|
fix for issue #4849
|
2020-12-21 08:54:15 +08:00 |
|
neal1991
|
eac83df40b
|
fix for issue #4848
|
2020-12-21 08:52:42 +08:00 |
|
Rasmus Wriedt Larsen
|
49f902d28b
|
Merge pull request #4757 from yoff/python-dataflow-synthetic-callables
Python: Enclosing callable for synthetic arguments
|
2020-12-18 16:06:26 +01:00 |
|
yoff
|
a08eb99778
|
Merge pull request #4779 from RasmusWL/django-class-based-handlers
Python: Add modeling of django class based view handlers
|
2020-12-18 15:58:51 +01:00 |
|
Anders Schack-Mulligen
|
5106d5df53
|
Merge pull request #4833 from luchua-bc/java-broken-crypto-algorithms
Java: Add missing broken crypto algorithms
|
2020-12-18 15:12:29 +01:00 |
|
Rasmus Wriedt Larsen
|
3e6296c7b8
|
Python: Fix grammar in QLDoc
|
2020-12-18 14:54:14 +01:00 |
|
Rasmus Wriedt Larsen
|
ed11e8f916
|
Python: Simplify predicate implementation
Co-authored-by: yoff <lerchedahl@gmail.com>
|
2020-12-18 14:52:20 +01:00 |
|
Mathias Vorreiter Pedersen
|
b5102043b1
|
Fix comments.
|
2020-12-18 14:19:02 +01:00 |
|
Chris Smowton
|
de4cdda839
|
Merge pull request #4841 from smowton/smowton/admin/mergeback-126-2020-12-16
Mergeback rc/1.26
|
2020-12-18 12:59:06 +00:00 |
|
Mathias Vorreiter Pedersen
|
f5e4725642
|
C++: Propagate flow from instruction's to non-exact operands for arrays and unions, and accept test changes.
|
2020-12-18 13:54:34 +01:00 |
|
Mathias Vorreiter Pedersen
|
2bf8e47932
|
Merge branch 'main' into default-taint-tracking-operand-instruction-interleaving
|
2020-12-18 11:59:10 +01:00 |
|