Owen Mansel-Chan
|
a8c64443e8
|
Merge pull request #13645 from porcupineyhairs/goTiming
Go : Improvements to Timing Attacks query
|
2023-08-01 07:10:42 +01:00 |
|
Felicity Chapman
|
df1e8e263b
|
Merge pull request #13854 from github/11185-add-note
CodeQL library update to use modular API interface - Add note and include in articles
|
2023-07-31 17:22:17 +01:00 |
|
Owen Mansel-Chan
|
216911dad9
|
Merge branch 'main' into goTiming
|
2023-07-31 16:15:10 +01:00 |
|
Felicity Chapman
|
46f80dc5ca
|
Put back a missing colon to fix the link
|
2023-07-31 15:56:24 +01:00 |
|
Felicity Chapman
|
9a334d3300
|
Add shortened link to changelog
|
2023-07-31 14:13:52 +01:00 |
|
Geoffrey White
|
1c64fb16f1
|
Merge pull request #13756 from geoffw0/sources2
Swift: CustomUrlSchemes test enhancements and minor model improvement
|
2023-07-31 12:53:03 +01:00 |
|
Felicity Chapman
|
a0c0da78e9
|
Merge branch 'main' into 11185-add-note
|
2023-07-31 11:54:00 +01:00 |
|
Geoffrey White
|
c4b782407b
|
Merge pull request #13853 from geoffw0/commandinject
Swift: Autoformat experimental query.
|
2023-07-31 11:30:20 +01:00 |
|
Felicity Chapman
|
4d05b742d6
|
Merge branch 'main' into 11185-add-note
|
2023-07-31 10:58:03 +01:00 |
|
Felicity Chapman
|
32da3c3730
|
Add main note and include in articles
|
2023-07-31 10:50:47 +01:00 |
|
Geoffrey White
|
f921076fca
|
Swift: Autoformat.
|
2023-07-31 10:25:25 +01:00 |
|
Tony Torralba
|
5488abc512
|
Merge pull request #13850 from atorralba/atorralba/java/unimportant-generated-models
Java: Remove superfluous generated models
|
2023-07-31 11:25:03 +02:00 |
|
Tony Torralba
|
41f1315da9
|
Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step
Java: Add taint steps for InputStream wrappers
|
2023-07-31 11:12:43 +02:00 |
|
Geoffrey White
|
e534afe634
|
Merge pull request #13726 from maikypedia/maikypedia/swift-command-injection
Swift: Add Command Injection query (CWE-078)
|
2023-07-31 10:06:22 +01:00 |
|
Geoffrey White
|
12f2539d1d
|
Swift: Use flowTo.
|
2023-07-31 10:03:25 +01:00 |
|
Mathias Vorreiter Pedersen
|
2562f8a297
|
Merge pull request #13844 from jketema/forgotten-paren
C++: Add forgotten parentheses in ternary IR test
|
2023-07-31 10:03:06 +02:00 |
|
Tony Torralba
|
3bd4d34a47
|
Java: Remove superfluous generated models
|
2023-07-31 09:48:03 +02:00 |
|
Porcupiney Hairs
|
74e5c15eaa
|
Go : Improvements to Timing Attacks query
|
2023-07-31 06:30:47 +05:30 |
|
Mathias Vorreiter Pedersen
|
4656130dab
|
Merge pull request #13843 from MathiasVP/revert-13792
|
2023-07-30 01:18:00 +02:00 |
|
Jeroen Ketema
|
0bc75ea9b7
|
C++: Add forgotten parentheses in ternary IR test
Without the parentheses, the expressions are parsed as `a ? x : (y = val)`.
|
2023-07-29 18:44:28 +02:00 |
|
Mathias Vorreiter Pedersen
|
fd1949092c
|
C++: Accept test changes.
|
2023-07-29 11:29:06 +02:00 |
|
Mathias Vorreiter Pedersen
|
ce9a14b692
|
Revert "Merge pull request #13792 from MathiasVP/swap-argument-order-in-invalid-ptr-deref"
This reverts commit 1fa6511482, reversing
changes made to 4676ca5a4a.
|
2023-07-29 11:26:41 +02:00 |
|
Stephan Brandauer
|
40eab180cc
|
Merge pull request #13823 from github/kaeluka/support-argument-this-in-frameworkmode-metadata-extraction
Java: Support Argument[this] and parameters of bodiless interface methods in framework mode metadata extraction
|
2023-07-28 17:38:39 +02:00 |
|
Tony Torralba
|
08cba7dc5f
|
Merge pull request #13713 from pwntester/java/struts2_source_taint_inheriting
[Java] Implement field taint inheritance for Struts2 unmarshalled objects
|
2023-07-28 16:46:27 +02:00 |
|
Owen Mansel-Chan
|
a020189895
|
Merge pull request #13822 from owen-mc/dataflow/mergepathgraph3-signature-fix
Dataflow: MergePathGraph3 signature fix
|
2023-07-28 15:15:43 +01:00 |
|
Shati Patel
|
a98ae8941c
|
Merge pull request #13832 from github/shati-patel/docs-indentation
Docs: Fix indentation in tutorial examples
|
2023-07-28 14:07:16 +01:00 |
|
Tony Torralba
|
2dff0ce5b4
|
Merge pull request #13712 from pwntester/java/new_struts2_models
[Java] New models for Struts2 framework
|
2023-07-28 14:31:25 +02:00 |
|
Stephan Brandauer
|
8bf960bd44
|
Java: fix QL-for-QL alert
|
2023-07-28 14:28:47 +02:00 |
|
Stephan Brandauer
|
021eedfdf1
|
Java: format
|
2023-07-28 14:26:34 +02:00 |
|
Stephan Brandauer
|
82fd0e45aa
|
Java: support Argument[this] in NotAModelApiParameter
|
2023-07-28 14:04:53 +02:00 |
|
Stephan Brandauer
|
a9d2f43538
|
Java: use a newtype for framework mode candidates
|
2023-07-28 13:51:25 +02:00 |
|
Stephan Brandauer
|
8ed773b240
|
Java: Framework mode extraction now uses a custom class for endpoints, so we can support both Argument[this] and interface-method parameters
|
2023-07-28 12:56:39 +02:00 |
|
Stephan Brandauer
|
09c64e8fee
|
Java: Support Argument[this] in framework mode metadata extraction
|
2023-07-28 12:55:26 +02:00 |
|
shati-patel
|
1694915535
|
Docs: Fix indentation in tutorial examples
|
2023-07-28 11:45:39 +01:00 |
|
Ian Lynagh
|
499bd970d3
|
Merge pull request #13412 from igfoo/igfoo/json_escape
Kotlin: Tweak our JSON escaping
|
2023-07-28 11:13:51 +01:00 |
|
Alvaro Muñoz
|
c3a2ae2943
|
Account for public fields/setters
|
2023-07-28 12:12:07 +02:00 |
|
Alvaro Muñoz
|
c089368557
|
Merge branch 'java/struts2_source_taint_inheriting' of https://github.com/pwntester/codeql into java/struts2_source_taint_inheriting
|
2023-07-28 12:05:38 +02:00 |
|
Maiky
|
90ac5b905b
|
|
2023-07-28 00:21:02 +02:00 |
|
Maiky
|
2a49219127
|
Move query to experimental
|
2023-07-28 00:15:33 +02:00 |
|
Maiky
|
d9800c7bb6
|
Update CommandInjection.ql
|
2023-07-27 22:45:50 +02:00 |
|
Maiky
|
d0a912fb02
|
Update swift/ql/src/queries/Security/CWE-078/CommandInjection.ql
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
|
2023-07-27 22:45:05 +02:00 |
|
Geoffrey White
|
3eb1bac9df
|
Swift: Update consistency test failure (line numbers).
|
2023-07-27 16:11:59 +01:00 |
|
Geoffrey White
|
44d785fabf
|
Swift: Make QL-for-QL happy.
|
2023-07-27 15:37:13 +01:00 |
|
Tony Torralba
|
c239a4399c
|
Changed Struts2ActionSupportClassFieldReadSource to be a FieldValueNode instead of a field read
|
2023-07-27 10:39:06 +02:00 |
|
Alvaro Muñoz
|
97a4230d5d
|
add change note
|
2023-07-27 10:39:06 +02:00 |
|
Alvaro Muñoz
|
f3fc56294e
|
implement field taint inheritance for Struts2 unmarshalled objects
|
2023-07-27 10:39:06 +02:00 |
|
Charis Kyriakou
|
8438fb2310
|
Merge pull request #13821 from github/charisk/remove-last-updated
Remove last updated information and sorting from MRVA views
|
2023-07-27 08:31:00 +01:00 |
|
Tony Torralba
|
9d6bc76dc0
|
Merge pull request #13817 from atorralba/atorralba/java/non-static-fieldvaluenode-step
Java: Allow flow out of FieldValueNodes for non-static fields
|
2023-07-27 09:14:04 +02:00 |
|
Owen Mansel-Chan
|
9b2b58a823
|
Sync files
|
2023-07-26 21:48:10 +01:00 |
|
Owen Mansel-Chan
|
e0cc337c71
|
Fix DataFlow::MergePathGraph3
Need to get the signatures correct.
|
2023-07-26 21:48:08 +01:00 |
|