Rasmus Lerchedahl Petersen
a176e6ac30
Python: comment out temporarily unused predicate
2021-06-30 15:28:31 +02:00
Asger Feldthaus
376efaa46c
JS: Change note
2021-06-30 15:10:52 +02:00
Asger Feldthaus
780453008a
JS: Drive-by fixes in ComposedFunctions.qll
2021-06-30 15:07:59 +02:00
Asger Feldthaus
7e2871bfdf
JS: Propagate React components through recompose HOCs
2021-06-30 15:05:28 +02:00
Rasmus Lerchedahl Petersen
45e30b0c06
Python: comment out temporarily unused predicate
2021-06-30 15:04:37 +02:00
Rasmus Lerchedahl Petersen
c306cee04e
Python: mimic JS file hierarchy
2021-06-30 15:03:22 +02:00
Rasmus Lerchedahl Petersen
651f8abba0
Python: Avoid multiple results for toString
2021-06-30 14:39:49 +02:00
Rasmus Wriedt Larsen
c2708176b1
Python: Support %-style formatting for MarkupSafe
2021-06-30 14:15:41 +02:00
Rasmus Wriedt Larsen
0a4efd0e86
Python: Add %-style formatting tests for MarkupSafe
2021-06-30 14:13:59 +02:00
Rasmus Wriedt Larsen
c84658dff1
Python: Use MethodCallNode for MarkupSafe string-format
2021-06-30 13:58:09 +02:00
Rasmus Wriedt Larsen
d6e8fafdbd
Python: Proper sorting in Frameworks.qll
2021-06-30 13:55:26 +02:00
Rasmus Wriedt Larsen
075953860b
Merge branch 'main' into markupsafe-modeling
2021-06-30 13:55:08 +02:00
Anders Schack-Mulligen
f03d460e95
Java: Fix bad join-order.
2021-06-30 13:42:45 +02:00
Tamas Vajk
dc63f23d6b
Fix review findings
2021-06-30 13:40:36 +02:00
Tamas Vajk
6a35c8c5f4
Upgrade database in coverage report jobs
2021-06-30 13:40:36 +02:00
Tamás Vajk
10a6089739
Merge pull request #6148 from tamasvajk/feature/try-csv-source-models
...
C#: Start using CSV based flow models
2021-06-30 12:58:42 +02:00
Tony Torralba
a3e1b139c3
Fix spring stubs location
2021-06-30 12:56:45 +02:00
Tony Torralba
0bb9e464b2
Merge branch 'main' into atorralba/spring-beans
2021-06-30 12:55:10 +02:00
Rasmus Lerchedahl Petersen
72986e1e28
Python: Add some comments on the booelan sweep
...
pattern
2021-06-30 12:50:36 +02:00
Rasmus Lerchedahl Petersen
4ca0ee87f0
Merge branch 'main' of github.com:github/codeql into python-port-ReDoS
2021-06-30 12:28:54 +02:00
Rasmus Lerchedahl Petersen
52d91917aa
Merge branch 'python-port-ReDoS' of github.com:yoff/codeql into python-port-ReDoS
2021-06-30 12:25:59 +02:00
Rasmus Lerchedahl Petersen
09e71cfdfd
Python: update test expectations
2021-06-30 12:25:29 +02:00
Rasmus Lerchedahl Petersen
6dfbf80494
Python: Disable use of toUnicode
...
until supporting CLI is released
2021-06-30 12:21:52 +02:00
Rasmus Wriedt Larsen
e5d65992b4
Python: Use DefinitionNode instead of Assign
...
Based on https://github.com/github/codeql/pull/6155#discussion_r660964666 :
> Hmm... Would it be better to do this using DefinitionNode instead of
> Assign? The latter is fairly limited in what it can represent, and also
> raises questions of whether this definition is sound with regard to
> control-flow splitting.
2021-06-30 12:08:32 +02:00
yoff
c19522e921
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-06-30 11:49:45 +02:00
Tamas Vajk
0946ae2ae9
Fix review findings
2021-06-30 11:39:51 +02:00
Anders Schack-Mulligen
e235e151f1
Java: Fix bad magic.
2021-06-30 11:09:08 +02:00
Geoffrey White
4a8299e5d0
C++: Change note.
2021-06-30 09:21:10 +01:00
Tony Torralba
9d64cadb50
Adapt tests after applying changes from code review
2021-06-30 10:02:03 +02:00
Tony Torralba
b64b8ecec2
Apply suggestions from code review
...
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com >
2021-06-30 09:52:22 +02:00
Anders Schack-Mulligen
374859efb4
Merge pull request #6156 from smowton/smowton/feature/jax-rs-content-type-sensitivity
...
Jax RS XSS Tests
2021-06-30 09:52:07 +02:00
Tamás Vajk
a0e768bb43
Merge pull request #6172 from tamasvajk/fix/csv-comment-again
...
Fix CSV framework coverage commenter workflow
2021-06-30 09:10:47 +02:00
Tom Hvitved
22dd53f245
Merge pull request #6167 from hvitved/csharp/trap-stack-preprocessor-conditions
...
C#: Add active preprocessor conditions as suffix in all TRAP `.push` instructions
2021-06-30 08:34:47 +02:00
Sauyon Lee
52d1901d6e
Adjust validation models to reflect array parameters
2021-06-29 12:01:24 -07:00
Sauyon Lee
52b24118b3
Add tests for Spring validation.Errors
2021-06-29 12:01:23 -07:00
Geoffrey White
dcc7a6360f
C++: Simplify a bit and remove two noopts that don't seem to make a difference.
2021-06-29 19:05:13 +01:00
Edoardo Pirovano
8354f66c29
Performance: Improve join order in data flow library
2021-06-29 18:23:22 +01:00
Geoffrey White
5bf7e453e6
C++: Tidy up WrongTypeFormatArguments.ql somewhat.
2021-06-29 16:45:47 +01:00
Geoffrey White
6e49891ed9
C++: Accept Microsoft/non-Microsoft format specifiers on the opposite platform.
2021-06-29 16:45:46 +01:00
Chris Smowton
bb5fefa47f
Sync FlowSummaryImpl.qll
2021-06-29 15:59:55 +01:00
Chris Smowton
47ccb19b84
SSV -> CSV everywhere
...
While these are semicolon-delimited, we use CSV as a generic term for delimited values
2021-06-29 15:59:43 +01:00
Chris Smowton
92ab650b7d
Use new interpretSpec/2 predicate where appropriate
2021-06-29 15:59:43 +01:00
Chris Smowton
28ab4c083b
Make interpretSpec/3 private again
2021-06-29 15:59:43 +01:00
Chris Smowton
c94c69415f
Document Content::hasLocationInfo
2021-06-29 15:59:43 +01:00
Chris Smowton
cf7c966ea7
GenerateFlowTestCase: make imports private
2021-06-29 15:59:43 +01:00
Chris Smowton
5a71812001
Adjust import
...
Type Content has moved into DataFlowUtil
2021-06-29 15:59:43 +01:00
Chris Smowton
95b640db20
Resolve missing qldoc errors
...
Document some, make some private, and delete the needless modules surrounding the spring models.
2021-06-29 15:59:43 +01:00
Chris Smowton
036733d3e7
Sync FlowSummaryImpl.qll
2021-06-29 15:59:43 +01:00
Chris Smowton
eda7bb6aa2
Fix: restrict generated test cases to requested rows
2021-06-29 15:59:14 +01:00
Chris Smowton
bd1bd8cf08
Switch to an abstract unit / predicate approach to specifying rows to generate tests for
...
This enables moving this code into the qll file, rather than having to specify a query predicate in the .ql
2021-06-29 15:59:14 +01:00
