Ahmed Farid
b5f1e9de08
Update zipslip_bad.py
2022-03-24 00:33:28 +01:00
Ahmed Farid
a05318f10c
Update zipslip_good.py
2022-03-24 00:32:11 +01:00
Ahmed Farid
1836723ecb
Merge branch 'main' into ZipSlip
2022-03-23 19:27:12 -04:00
Harry Maclean
3b4206cebf
Merge pull request #8517 from hmac/hmac/lambda-captured-var
...
Ruby: fix bug with captured variable reads in lambdas
2022-03-24 10:00:19 +13:00
Mathias Vorreiter Pedersen
61c944201f
Merge pull request #8461 from Paul1nh0/dev_cve_2016_6480
...
Add query for double-fetch vulnerability
2022-03-23 18:15:05 +00:00
CodeQL CI
ac29d5f51b
Merge pull request #8523 from asgerf/js/api-graph-receiver-label
...
Approved by erik-krogh
2022-03-23 15:31:12 +00:00
Mathias Vorreiter Pedersen
8b8f0ca6e5
Merge pull request #8479 from geoffw0/widecharperf
...
C++: Fix expensive getWideCharType().
2022-03-23 14:22:17 +00:00
Anna Railton
41418e729e
Merge pull request #8536 from github/codeql-ci/js-atm-new-release
...
JS: Bump version numbers of ML-powered packs after 0.2.0 release
2022-03-23 14:16:11 +00:00
Geoffrey White
9ae1ec69dc
C++: Autoformat.
2022-03-23 13:37:39 +00:00
Michael Nebel
6804e20e4a
Merge pull request #8451 from michaelnebel/csharp/modelgenerator-improvements
...
C#: Model generator improvements and more tests
2022-03-23 13:30:58 +01:00
github-actions[bot]
1e620c99c6
JS: Bump patch version of ML-powered library and query packs post-release
2022-03-23 11:53:34 +00:00
github-actions[bot]
dc0c8374d2
JS: Bump minor version of ML-powered library and query packs
2022-03-23 11:47:53 +00:00
github-actions[bot]
2b42d84ccd
JS: Bump patch version of ML-powered model pack post-release
2022-03-23 11:47:53 +00:00
github-actions[bot]
6fbc0e6e32
JS: Bump ML model pack dependency of ML-powered model building and query packs
2022-03-23 11:47:53 +00:00
github-actions[bot]
8d13662315
JS: Bump minor version of ML-powered model pack
2022-03-23 11:47:08 +00:00
yoff
647d37492d
Merge pull request #8289 from tausbn/python-remove-with-test-syntax-error
...
Python: Fix syntax error in `with` test output
2022-03-23 12:25:11 +01:00
Mathias Vorreiter Pedersen
a81024a485
Merge pull request #8525 from MathiasVP/more-precise-is-before
...
C++: Consider columns in `Location.isBefore`
2022-03-23 11:04:34 +00:00
Mathias Vorreiter Pedersen
0eab54d385
Merge pull request #8491 from jketema/command-line-injection-with-flow-state
...
C++: Use flow states in `cpp/command-line-injection`
2022-03-23 11:03:29 +00:00
Michael Nebel
b204f783fb
C#: Remove special handling of bulk types.
2022-03-23 11:26:49 +01:00
Asger Feldthaus
f2285709bd
JS: Change note
2022-03-23 10:42:51 +01:00
Asger Feldthaus
59d5c54432
JS: Update test output from knex
2022-03-23 10:42:51 +01:00
Asger Feldthaus
73071bdc08
JS: Change getAParameter to not return the receiver
2022-03-23 10:42:51 +01:00
Asger Feldthaus
6bef5a70b3
JS: Add dedicated API graph label for receiver, instead of parameter -1
2022-03-23 10:42:51 +01:00
Mathias Vorreiter Pedersen
a84ee50af0
Update cpp/ql/src/change-notes/2022-03-21-command-line-injection-with-flow-states.md
2022-03-23 09:35:41 +00:00
Rasmus Wriedt Larsen
bbf60b875e
Merge pull request #8476 from RasmusWL/shared-concepts-scaffolding
...
Python/JS/Ruby: Shared concepts scaffolding
2022-03-23 10:22:42 +01:00
Paul1nh0
5a1dc61d9d
modify arguments check logic
...
As far as I can tell, root cause of double-fetech issue is read from the same user mode memory twice, so it makes sense that only check whether user mode pointer is same or not
2022-03-23 11:20:08 +08:00
Paul1nh0
6a6cd61d83
automated using CodeQL for VSCode extension
2022-03-23 09:37:45 +08:00
Mathias Vorreiter Pedersen
01929d484e
Merge pull request #8526 from MathiasVP/internal-diagmetric-queries-ql
...
C++: Add internal `ExtractionError` query
2022-03-22 17:26:38 +00:00
Owen Mansel-Chan
efc0d95535
Merge pull request #8528 from github/smowton/admin/fix-go-doc-links
...
Fix broken links
2022-03-22 16:25:41 +00:00
Taus
f9120167b4
Python: Fix syntax error in with test output
...
Depends on an internal PR. The two lines in question were caused by
the insertion of an extra node due to the failure to parse a trailing
comma corrcetly.
2022-03-22 16:22:03 +00:00
Paul1nh0
f2728f5284
delete some unused code
2022-03-22 23:20:30 +08:00
yoff
47e062cfb9
Merge pull request #8486 from aibaars/incomplete-hostname-python
...
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
2022-03-22 15:06:14 +01:00
Erik Krogh Kristensen
8ae04e04d4
Merge pull request #8509 from erik-krogh/fpXss
...
JS: filter away reads of .src that end in a URL sink for js/xss-through-dom
2022-03-22 14:51:17 +01:00
Mathias Vorreiter Pedersen
c35b385383
C++: Fix 'implicit this' warning.
2022-03-22 13:32:46 +00:00
Paul1nh0
afe4a8435f
Using globalValueNumber to match same arguments
2022-03-22 21:14:07 +08:00
Chris Smowton
35af797683
Fix broken links
2022-03-22 12:34:22 +00:00
Mathias Vorreiter Pedersen
93346a574f
C++: Add a new 'Location.isBefore' predicate that also considers columns.
2022-03-22 12:16:53 +00:00
Mathias Vorreiter Pedersen
c6c3206031
C++: Add example of 'goto' on the same line as the destination label.
2022-03-22 12:11:29 +00:00
Mathias Vorreiter Pedersen
5cdf0b5ee2
Merge pull request #8507 from geoffw0/sde-perf
...
C++: Make getUnderlyingType nomagic
2022-03-22 11:12:44 +00:00
Paul1nh0
d476493c3e
Add double-fetch.ql under CWE-362 directory
2022-03-22 19:08:44 +08:00
Paul1nh0
dd4e82126c
remove to another directory
2022-03-22 19:06:53 +08:00
Paul1nh0
2dad2c477b
query description added
2022-03-22 19:06:03 +08:00
Geoffrey White
5d5904d6c8
C++: Autoformat.
2022-03-22 10:55:04 +00:00
Mathias Vorreiter Pedersen
5cbd86519b
C++: Add internal extraction errors query and modify the 'code-scanning-selectors' to exclude internal queries.
2022-03-22 10:52:02 +00:00
Michael Nebel
b95a332ded
C#: Simplify the isCollectionType predicate.
2022-03-22 11:25:14 +01:00
Rasmus Wriedt Larsen
6bd9d82610
Merge pull request #8061 from RasmusWL/orm
...
Python: Add data-flow through Django ORM models
2022-03-22 11:14:08 +01:00
Michael Nebel
1d45996001
Merge pull request #8466 from michaelnebel/csharp/refactor-aspartial
...
C#: Refactor asPartial to allow re-use.
2022-03-22 10:54:54 +01:00
Rasmus Wriedt Larsen
311cbb4e13
Merge branch 'main' into shared-concepts-scaffolding
2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen
414764ccee
Concepts: Minor rewrite in qldoc
...
As suggested by @hmac
2022-03-22 10:33:58 +01:00
Rasmus Wriedt Larsen
e50a9421a6
JS: Update dataflow import in ConceptsImports.qll
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2022-03-22 10:32:20 +01:00
