Tony Torralba
|
e14294a2f7
|
Remove XSS sink since it's better handled in this query
|
2021-05-06 11:20:37 +02:00 |
|
Tony Torralba
|
84504a88e4
|
Fix tests by adding AndroidManifest.xml
|
2021-05-06 10:55:56 +02:00 |
|
Tony Torralba
|
a706046a19
|
Reestructured test
|
2021-05-06 09:17:53 +02:00 |
|
Tony Torralba
|
c138ed3e4d
|
QLDocs
|
2021-05-05 16:51:15 +02:00 |
|
Tony Torralba
|
03ce8d689f
|
Refactored to use CSV sink model
|
2021-05-05 16:34:30 +02:00 |
|
Tony Torralba
|
9b78cee37a
|
Add tests
|
2021-05-05 11:59:57 +02:00 |
|
Tony Torralba
|
be50e8f30c
|
Moved from experimental to standard
|
2021-05-05 11:59:49 +02:00 |
|
Tony Torralba
|
458b89bf5f
|
Added Android stubs
|
2021-05-05 11:57:01 +02:00 |
|
CodeQL CI
|
b160badbf6
|
Merge pull request #5768 from erik-krogh/cacheMore
Approved by esbena
|
2021-05-04 04:16:15 -07:00 |
|
Tamás Vajk
|
05c045070e
|
Merge pull request #5810 from tamasvajk/feature/culture
C#: Use invariant culture in the extractor
|
2021-05-04 13:09:38 +02:00 |
|
Tamas Vajk
|
c547907784
|
C#: Use invariant culture in the extractor
|
2021-05-04 11:17:33 +02:00 |
|
Anders Schack-Mulligen
|
5bcf810a7c
|
Merge pull request #5821 from JarLob/patch-1
Update UncaughtServletException.qhelp
|
2021-05-04 10:39:02 +02:00 |
|
Anders Schack-Mulligen
|
9ee9186a1a
|
Merge pull request #5825 from github/yo-h/java-diagnostic-queries
Java: split extractor diagnostics query into two
|
2021-05-04 10:12:32 +02:00 |
|
CodeQL CI
|
6931d9a6f7
|
Merge pull request #5785 from edvraa/httponlyjs
Approved by esbena
|
2021-05-03 23:14:26 -07:00 |
|
yo-h
|
edf1a90161
|
Java: split extractor diagnostics query into two
|
2021-05-03 20:27:07 -04:00 |
|
edvraa
|
6fa2f1e653
|
update test message
|
2021-05-04 00:32:01 +03:00 |
|
Taus
|
483199878d
|
Merge pull request #5793 from RasmusWL/fix-qldoc
Python: Minor fix to Django RawSQL QLDoc
|
2021-05-03 18:18:02 +02:00 |
|
Edwin
|
27c680e28b
|
Apply suggestions from code review
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
|
2021-05-03 16:41:09 +03:00 |
|
Jaroslav Lobačevski
|
38bce39baa
|
Update UncaughtServletException.qhelp
There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
|
2021-05-03 15:06:57 +03:00 |
|
edvraa
|
cef845ac47
|
Support string expressions
|
2021-05-03 13:46:56 +03:00 |
|
edvraa
|
ea38f0d3bd
|
a new test for simple flow
|
2021-05-03 12:19:05 +03:00 |
|
edvraa
|
000826af11
|
typo
|
2021-05-03 12:18:43 +03:00 |
|
Tom Hvitved
|
bb1cb73675
|
Merge pull request #5795 from hvitved/csharp/implicit-constructor-inits
C#: Extract implicit constructor initializer calls
|
2021-05-03 10:21:04 +02:00 |
|
Tom Hvitved
|
b77b3da8d6
|
C#: Add change note
|
2021-05-03 09:40:13 +02:00 |
|
Jonas Jensen
|
c05ef1225c
|
Merge pull request #5803 from MathiasVP/no-magic-in-getUnspecifiedType
C++: Add nomagic to getUnspecifiedType
|
2021-05-03 09:03:58 +02:00 |
|
edvraa
|
65183cde80
|
Move to experimental
|
2021-05-03 09:59:52 +03:00 |
|
edvraa
|
bd99114cd6
|
Comments added
|
2021-05-03 09:55:04 +03:00 |
|
edvraa
|
a24c1c8114
|
fix comment
|
2021-05-03 00:36:38 +03:00 |
|
edvraa
|
fa94fedfc3
|
simple dataflow for sensitive name
|
2021-05-03 00:36:26 +03:00 |
|
edvraa
|
97bc7e38d2
|
check for sensitive property name
|
2021-05-03 00:31:29 +03:00 |
|
edvraa
|
7ab91bb185
|
Inline getOptionsArgument
|
2021-05-03 00:09:15 +03:00 |
|
Chris Smowton
|
b2c0259197
|
Merge pull request #5631 from haby0/UseOfLessTrustedSource
[Java] CWE-348: Using a client-supplied IP address in a security check
|
2021-04-30 15:20:53 +01:00 |
|
haby0
|
fdcc517b9f
|
UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"
|
2021-04-30 17:43:34 +08:00 |
|
haby0
|
f41301f8f5
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-30 16:55:17 +08:00 |
|
haby0
|
0691cac5ab
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-30 16:54:41 +08:00 |
|
haby0
|
8142810455
|
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
|
2021-04-30 16:54:28 +08:00 |
|
Tom Hvitved
|
ecd40e5cae
|
Merge pull request #5808 from intrigus-lgtm/fix-lambda-typos
Fix typo.
|
2021-04-30 09:08:28 +02:00 |
|
haby0
|
711a74c9c9
|
Eliminate false positives\
|
2021-04-30 10:31:40 +08:00 |
|
intrigus
|
08731fc6cf
|
Fix typo.
|
2021-04-29 20:26:34 +02:00 |
|
Chris Smowton
|
ad9ea40954
|
Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse
[Java] JWT without signature check.
|
2021-04-29 14:41:11 +01:00 |
|
Geoffrey White
|
c4069362ce
|
Merge pull request #5804 from MathiasVP/improve-detect-and-handle-memory-allocation-errors
C++: Improve qhelp and tests for cpp/detect-and-handle-memory-allocation-errors
|
2021-04-29 14:34:41 +01:00 |
|
haby0
|
e813257431
|
use hardCode
|
2021-04-29 21:23:52 +08:00 |
|
Anders Schack-Mulligen
|
404a6c1506
|
Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs
Document `SpringProperty::getSetterMethod`.
|
2021-04-29 15:10:58 +02:00 |
|
Anders Schack-Mulligen
|
c78285e557
|
Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent
Java: Add StmtParent as superclass of SwitchExpr
|
2021-04-29 15:02:05 +02:00 |
|
Tom Hvitved
|
c3890a9435
|
C#: Adjust CFG for instance constructors
|
2021-04-29 14:05:42 +02:00 |
|
Tom Hvitved
|
ee62522c51
|
C#: Extract implicit constructor initializer calls
|
2021-04-29 14:05:42 +02:00 |
|
Mathias Vorreiter Pedersen
|
c67ab8f1f0
|
C++: Respond to review comments.
|
2021-04-29 14:01:04 +02:00 |
|
Chris Smowton
|
2787c2f874
|
Document SpringProperty::getSetterMethod.
|
2021-04-29 12:28:26 +01:00 |
|
Mathias Vorreiter Pedersen
|
e81b40978e
|
C++: Improve the description tag.
|
2021-04-29 12:10:29 +02:00 |
|
Arthur Baars
|
6693c5bdd0
|
Merge pull request #5395 from tausbn/python-share-typetracker
Python: Make the type tracking implementation shareable
|
2021-04-29 12:06:12 +02:00 |
|