804 Commits

Author	SHA1	Message	Date
Chris Smowton	db39c0b8be	CharacterLiteral.getCodePointValue: fix handling of surrogates	2021-11-25 14:07:21 +00:00
Chris Smowton	9eb9eb606e	Note that FEATURE_SECURE_PROCESSING isn't a sufficient defence against XXE	2021-11-25 12:22:48 +00:00
Tom Hvitved	6cb00992e8	Data flow: Introduce ConsistencyConfiguration class	2021-11-25 10:01:47 +01:00
haby0	04a3f76a8b	Eliminate false positives of Mybatis Configuration Variable	2021-11-25 15:47:37 +08:00
Anders Schack-Mulligen	7ca3407c86	Dataflow: Sync.	2021-11-24 14:43:00 +01:00
Anders Schack-Mulligen	a7ec0fa900	Dataflow: Remove more disjunction-induced tuple duplication.	2021-11-24 14:39:49 +01:00
Michael Nebel	b9d0a60ce7	C#: Addressed review comments from hvitved	2021-11-24 14:35:52 +01:00
Anders Schack-Mulligen	4efdcc22a2	Dataflow: Improve barrier handling.	2021-11-24 14:17:05 +01:00
Michael Nebel	a3ca9ad27d	C#: Sync flow summary implementation files and implement specific parts for ruby and java	2021-11-24 12:09:20 +01:00
Anders Schack-Mulligen	822890f2bd	Dataflow: Remove disjunction-induced tuple duplication.	2021-11-23 15:05:24 +01:00
Anders Schack-Mulligen	f5f67dd11a	Dataflow: Pull ccc.matchesCall(call) from the recursive loop.	2021-11-23 14:35:33 +01:00
Anders Schack-Mulligen	e711ba9d18	Dataflow: Remove negation materialization.	2021-11-23 11:35:57 +01:00
Anders Schack-Mulligen	fc43220864	Java: bugfix	2021-11-19 15:01:29 +01:00
Anders Schack-Mulligen	2b1f34ed9b	Java: Don't clear content in store steps in summaries.	2021-11-19 14:22:28 +01:00
Anders Schack-Mulligen	6815a13a00	Merge pull request #6931 from hvitved/dataflow/restrict-derived-summaries ... Data flow: Restrict derived flow summaries	2021-11-18 15:31:55 +01:00
Anders Schack-Mulligen	22ebe68b1b	Merge pull request #7132 from aschackmull/java/overrides ... Java: Fix overrides to not be transitive.	2021-11-17 15:38:11 +01:00
Anders Schack-Mulligen	1645fcf79c	Merge pull request #7088 from aschackmull/java/parameterized-subtyping ... Java: Improve algorithm for subtyping of parameterized types.	2021-11-17 15:28:28 +01:00
Benjamin Muskalla	3c3a65243f	Merge pull request #6664 from bmuskalla/bmuskalla/modelGenerator ... Java: Initial CSV model generator	2021-11-17 12:30:45 +01:00
Tom Hvitved	ac41451798	Data flow: Sync files	2021-11-17 10:39:12 +01:00
Anders Schack-Mulligen	69671ce90d	Java: cache overrides	2021-11-17 09:16:58 +01:00
Chris Smowton	188915e597	Fix typos	2021-11-16 15:30:00 +00:00
Anders Schack-Mulligen	76606b5995	Java: Add more comments.	2021-11-16 16:11:14 +01:00
Anders Schack-Mulligen	c70d384d28	Merge pull request #7045 from aschackmull/dataflow/hidden-ret-subpaths ... Data flow: Support hidden return nodes in subpaths predicate	2021-11-16 15:04:51 +01:00
Anders Schack-Mulligen	d408105fad	Java: Fix bad join-order.	2021-11-16 14:25:19 +01:00
Tony Torralba	87ebcea913	Add AsyncTask value step	2021-11-15 16:13:36 +01:00
Anders Schack-Mulligen	1cd42ea668	Java: Fix test and some references.	2021-11-15 16:03:04 +01:00
Anders Schack-Mulligen	2fe6880d70	Java: Add support for adding additional value steps.	2021-11-15 15:05:48 +01:00
Anders Schack-Mulligen	c616f5784d	Java: Fix overrides to not be transitive.	2021-11-15 13:54:53 +01:00
Anders Schack-Mulligen	7ffd9b4f9e	Dataflow: Include read/store steps when finding non-hidden return.	2021-11-11 11:26:21 +01:00
Benjamin Muskalla	9500c9c8bc	Support lambda flow for source models ... Also rely on public API to detect the source node	2021-11-10 16:30:24 +01:00
Benjamin Muskalla	7dae6122d9	Support CharSequence#toString ... Given CharSequence is often used as an alias for String, ensure taint through toString is flowing	2021-11-10 16:30:20 +01:00
Benjamin Muskalla	a1d8dfb524	Initial support for source models	2021-11-10 16:30:19 +01:00
Tom Hvitved	198b321158	Java: Hide parameters of summarized callables	2021-11-10 15:13:32 +01:00
Anders Schack-Mulligen	6d9fb3ca43	Dataflow: Sync.	2021-11-10 15:11:13 +01:00
Anders Schack-Mulligen	678a21e532	Dataflow: Support hidden return nodes in subpaths.	2021-11-10 15:11:13 +01:00
Benjamin Muskalla	f9fa22c14d	Removed unused import	2021-11-10 10:21:54 +01:00
Benjamin Muskalla	1a751608de	Extract Commons IO into seperate file	2021-11-10 10:15:27 +01:00
Anders Schack-Mulligen	1efe1e0d10	Java: Improve algorithm for subtyping of parameterized types.	2021-11-09 15:49:17 +01:00
Benjamin Muskalla	bfe2e2e0b9	Model taint for FilterOutputStream	2021-11-09 14:21:50 +01:00
Anders Schack-Mulligen	85fdbda16f	Merge pull request #7002 from aschackmull/java/field-node ... Java: Add FieldValueNode to break up cartesian step relation.	2021-11-08 09:31:42 +01:00
Tony Torralba	f4704f1325	Merge pull request #6397 from atorralba/atorralba/android-intent-redirect-query ... Java: Create new Android Intent Redirection query	2021-11-04 10:42:59 +01:00
Tony Torralba	fd92c4e435	Apply suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-11-04 10:08:53 +01:00
Tony Torralba	6613a98e02	Fix references to logging library	2021-11-04 09:15:57 +01:00
Tony Torralba	474bf576a7	Minor corrections in QLDoc, qhelp and example code	2021-11-04 08:46:23 +01:00
Tony Torralba	f1df542345	Add stubs & tests ... Fix mistakes detected by the tests	2021-11-03 17:26:13 +01:00
Tony Torralba	7d88f80fb9	Add tests for summaries	2021-11-03 10:35:38 +01:00
Anders Schack-Mulligen	e6145f04d2	Merge pull request #6966 from atorralba/atorralba/android-explicit-intent-sanitizer ... Android: Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead	2021-11-03 10:20:09 +01:00
Mathias Vorreiter Pedersen	4a2894a707	Merge pull request #7025 from MathiasVP/nomagic-parameterCand ... Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma	2021-11-02 20:40:44 +00:00
Anders Schack-Mulligen	7d0152f3c0	Merge pull request #6932 from aschackmull/dataflow/flow-features ... Dataflow: Add support for call context restrictions on sources/sinks.	2021-11-02 13:24:17 +01:00
Mathias Vorreiter Pedersen	6f4107ff23	Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma.	2021-11-02 11:37:40 +00:00