Commit Graph

35063 Commits

Author SHA1 Message Date
Chris Smowton
bb049bffbd Merge pull request #8765 from artem-smotrakov/cover-jms
Java: Add flow sources and steps for RabbitMQ and JMS
2022-04-27 21:27:05 +01:00
Paolo Tranquilli
f95b5853c1 Merge pull request #8788 from AlexDenisov/alexdenisov/swift-first-extractor-test
Swift: file extraction
2022-04-27 17:47:17 +02:00
Mathias Vorreiter Pedersen
dc96d55943 Merge pull request #8888 from geoffw0/xxe2
C++: Add support for createLSParser to the CWE-611 XXE query.
2022-04-27 16:24:27 +01:00
Anna Railton
00b74d8b1c Merge pull request #8895 from github/annarailton-patch-1
ATM: Update `TaintedPathInjection` -> `TaintedPath`
2022-04-27 16:15:46 +01:00
Mathias Vorreiter Pedersen
abbb7f861f Merge pull request #8904 from MathiasVP/sync-swift-schema
Swift: Sync schema after extractor changes
2022-04-27 16:14:46 +01:00
Alex Denisov
272aa594cc Swift: compiler options moved to .bazelrc 2022-04-27 17:11:16 +02:00
Henry Mercer
897bc2374a Merge pull request #8906 from github/henrymercer/workflow-codeowners
Add CODEOWNERS for Actions workflows
2022-04-27 15:47:11 +01:00
Geoffrey White
d04078f989 C++: Fix. 2022-04-27 15:45:23 +01:00
Henry Mercer
c39eaf64ca Merge pull request #8901 from github/dependabot/github_actions/actions/checkout-3
Bump actions/checkout from 2 to 3
2022-04-27 15:40:07 +01:00
Henry Mercer
6777090f36 Add CODEOWNERS for Actions workflows 2022-04-27 15:26:15 +01:00
dependabot[bot]
c63a0e7010 Bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 14:13:33 +00:00
Henry Mercer
3e80c78612 Merge pull request #8903 from github/dependabot/github_actions/actions/stale-5
Bump actions/stale from 3 to 5
2022-04-27 15:13:03 +01:00
Henry Mercer
b6a787d4a0 Merge pull request #8902 from github/dependabot/github_actions/actions/cache-3
Bump actions/cache from 2 to 3
2022-04-27 15:12:58 +01:00
Henry Mercer
f876ef91a3 Merge pull request #8900 from github/dependabot/github_actions/actions/labeler-4
Bump actions/labeler from 2 to 4
2022-04-27 15:12:52 +01:00
Henry Mercer
52475cd917 Merge pull request #8899 from github/dependabot/github_actions/actions/upload-artifact-3
Bump actions/upload-artifact from 2 to 3
2022-04-27 15:12:39 +01:00
Paolo Tranquilli
cde5ba7987 Merge pull request #8889 from redsun82/swift-codegen-unit-tests
Swift: add unit tests to code generation
2022-04-27 16:07:54 +02:00
Chris Smowton
db90bf9900 Move change note 2022-04-27 15:00:26 +01:00
Mathias Vorreiter Pedersen
141e8fcd5b Swift: Sync schema. 2022-04-27 14:39:13 +01:00
Tony Torralba
51bb33ae65 Merge pull request #8876 from atorralba/atorralba/externalflow-import-private
Java: Make all imports of ExternalFlow private
2022-04-27 15:24:55 +02:00
dependabot[bot]
c71c6f6dbe Bump actions/stale from 3 to 5
Bumps [actions/stale](https://github.com/actions/stale) from 3 to 5.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v3...v5)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:41 +00:00
dependabot[bot]
2c1ee564aa Bump actions/cache from 2 to 3
Bumps [actions/cache](https://github.com/actions/cache) from 2 to 3.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:37 +00:00
dependabot[bot]
70ba8e3a5c Bump actions/labeler from 2 to 4
Bumps [actions/labeler](https://github.com/actions/labeler) from 2 to 4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](https://github.com/actions/labeler/compare/v2...v4)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:30 +00:00
dependabot[bot]
e1e68e96dc Bump actions/upload-artifact from 2 to 3
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-04-27 13:17:28 +00:00
Henry Mercer
295c0fcbb5 Merge pull request #8896 from github/henrymercer/dependabot-actions-updates
Enable Dependabot updates for Actions
2022-04-27 14:16:46 +01:00
Geoffrey White
4aa41dfa52 Update cpp/ql/src/Security/CWE/CWE-611/XXE.ql
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
2022-04-27 13:06:02 +01:00
yoff
39753d5a0b Merge pull request #8693 from erik-krogh/pyApi
PY: more API-graphs refactorings
2022-04-27 13:19:50 +02:00
Geoffrey White
6ada1bd05b C++: Match createLSParser more precisely. 2022-04-27 11:51:17 +01:00
Erik Krogh Kristensen
e1c7d369be Merge pull request #8796 from erik-krogh/redundantImport
Remove redundant imports
2022-04-27 12:39:51 +02:00
Henry Mercer
60ebf4d9b7 Enable Dependabot updates for Actions
This will automatically create update PRs for workflow files referencing Actions that have since had a major update.
2022-04-27 11:37:22 +01:00
yoff
9d774463f5 Merge pull request #8859 from tausbn/python-fix-bad-essa-joins
Python: Fix a bunch of bad joins
2022-04-27 12:27:50 +02:00
Anna Railton
1f1ef22f90 Update TaintedPathInjection -> TaintedPath
Lines up with usual naming in https://github.com/github/ml-ql-adaptive-threat-modeling-backend
2022-04-27 11:27:43 +01:00
Geoffrey White
a21af8e262 C++: Address QLDoc alerts. 2022-04-27 11:05:11 +01:00
Tom Hvitved
597424809f Merge pull request #8893 from hvitved/ruby/simplify-fetch-summary
Ruby: Simplify flow summary for `fetch`
2022-04-27 11:47:11 +02:00
Paolo Tranquilli
0100c7171d Swift: testing non-trivial dataclass properties 2022-04-27 10:17:49 +02:00
Paolo Tranquilli
7f0476049f Swift: removed spurious mock import 2022-04-27 09:11:14 +02:00
Paolo Tranquilli
68231bfc27 Swift: bump python version to 3.8 in workflow 2022-04-27 08:55:27 +02:00
Tom Hvitved
3b7fe06858 Ruby: Simplify flow summary for fetch 2022-04-27 08:26:24 +02:00
Paolo Tranquilli
f171ce6341 Swift: add unit tests to code generation
Tests can be run with
```
bazel test //swift/codegen:tests
```

Coverage can be checked installing `pytest-cov` and running
```
pytest --cov=swift/codegen swift/codegen/test
```
2022-04-27 08:24:11 +02:00
Nick Rolfe
2d05ea3519 Merge pull request #8885 from SukkaW/replace-git-io-link 2022-04-26 20:29:32 +01:00
Mathias Vorreiter Pedersen
800e4ea7df Merge pull request #8515 from rdmarsh2/rdmarsh2/ir-global-vars
C++: generate IR for global variables with initializers
2022-04-26 18:17:13 +01:00
Geoffrey White
7ce040f331 Merge pull request #8736 from geoffw0/xxe
C++: New query for CWE-611 / XML External Entity Expansion (XXE)
2022-04-26 17:21:06 +01:00
Nick Rolfe
649d7dd022 Merge pull request #8607 from github/nickrolfe/incomplete_sanitization
Ruby: port of `js/incomplete-sanitization`
2022-04-26 17:10:24 +01:00
Geoffrey White
742949154b C++: Apply code style suggestion. 2022-04-26 16:53:24 +01:00
Taus
7d736952db Python: Update expected output 2022-04-26 15:49:40 +00:00
Anna Railton
eacfceb6ce Merge pull request #8605 from github/annarailton/new-query-label-mappings
Experimental (ATM): update query label mappings
2022-04-26 16:39:06 +01:00
SukkaW
0c4885caa7 Replace git.io link with the actual URL 2022-04-26 23:28:34 +08:00
Nick Rolfe
2a4d65f917 Merge pull request #8881 from github/nickrolfe/graph_ordering_typo 2022-04-26 14:30:49 +01:00
Nick Rolfe
a7185e8a75 Ruby: fix typo in edge key for graph query 2022-04-26 13:56:38 +01:00
Erik Krogh Kristensen
7dba2b5868 PY: revert deletion of redundant-import in ClientSuppliedIpUsedInSecurityCheckLib.qll 2022-04-26 14:51:21 +02:00
Chris Smowton
d01c847839 Make import private
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2022-04-26 13:34:24 +01:00