Anders Schack-Mulligen
|
e6145f04d2
|
Merge pull request #6966 from atorralba/atorralba/android-explicit-intent-sanitizer
Android: Add ExplicitIntentSanitizer and allowIntentExtrasImplicitRead
|
2021-11-03 10:20:09 +01:00 |
|
Erik Krogh Kristensen
|
ab4780c505
|
Merge pull request #7032 from erik-krogh/cwe497
JS: add CWE-497 to js/stack-trace-exposure
|
2021-11-03 08:55:49 +01:00 |
|
Mathias Vorreiter Pedersen
|
4a2894a707
|
Merge pull request #7025 from MathiasVP/nomagic-parameterCand
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
|
2021-11-02 20:40:44 +00:00 |
|
Erik Krogh Kristensen
|
9d99ce12c4
|
add CWE-497 to js/stack-trace-exposure
|
2021-11-02 15:43:55 +01:00 |
|
yoff
|
97625d7c2c
|
Merge pull request #7023 from RasmusWL/toml
Python: Add modeling of `toml`
|
2021-11-02 14:42:06 +01:00 |
|
yoff
|
0240631510
|
Merge pull request #6782 from RasmusWL/fastapi
Python: Model FastAPI
|
2021-11-02 14:16:12 +01:00 |
|
Rasmus Wriedt Larsen
|
c52e453342
|
Python: Minor rewrite
|
2021-11-02 13:37:50 +01:00 |
|
Erik Krogh Kristensen
|
54fba2d6a1
|
Merge pull request #6781 from erik-krogh/ldap
JS: Move LDAP injection out of experimental
|
2021-11-02 13:35:32 +01:00 |
|
Anders Schack-Mulligen
|
7d0152f3c0
|
Merge pull request #6932 from aschackmull/dataflow/flow-features
Dataflow: Add support for call context restrictions on sources/sinks.
|
2021-11-02 13:24:17 +01:00 |
|
Nick Rolfe
|
6dd5dad4a9
|
Merge pull request #7026 from github/nickrolfe/rb-prefix
Ruby: use the `rb/` prefix in all query ids
|
2021-11-02 12:04:50 +00:00 |
|
Erik Krogh Kristensen
|
f7f315adbb
|
Merge pull request #7022 from erik-krogh/cwe319
JS: add cwe-319 to js/clear-text-cookie
|
2021-11-02 12:47:53 +01:00 |
|
Erik Krogh Kristensen
|
7a96b8e9e1
|
Merge branch 'main' into ldap
|
2021-11-02 12:47:28 +01:00 |
|
Nick Rolfe
|
898f5ec596
|
Ruby: use the rb/ prefix in all query ids
|
2021-11-02 11:42:02 +00:00 |
|
Mathias Vorreiter Pedersen
|
6f4107ff23
|
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma.
|
2021-11-02 11:37:40 +00:00 |
|
Rasmus Wriedt Larsen
|
8ee804a8c2
|
Python: Add toml modeling
|
2021-11-02 11:57:15 +01:00 |
|
Rasmus Wriedt Larsen
|
14bc297946
|
Python: Add toml encode/decode test
|
2021-11-02 11:57:06 +01:00 |
|
Tom Hvitved
|
302373d154
|
Merge pull request #6858 from hvitved/python/type-tracker-changes
Python: Type tracker changes
|
2021-11-02 11:47:01 +01:00 |
|
CodeQL CI
|
d5e2026a26
|
Merge pull request #6934 from erik-krogh/more-instanceof
Approved by MathiasVP, esbena, yoff
|
2021-11-02 03:46:23 -07:00 |
|
CodeQL CI
|
5d62aa5b29
|
Merge pull request #6994 from erik-krogh/redundant-cast
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
|
2021-11-02 03:45:48 -07:00 |
|
Tom Hvitved
|
fe80c4a17b
|
Ruby: Sync files
|
2021-11-02 11:16:46 +01:00 |
|
Tom Hvitved
|
1e64893742
|
Update python/ql/lib/semmle/python/dataflow/new/internal/TypeTracker.qll
Co-authored-by: Taus <tausbn@github.com>
|
2021-11-02 11:16:32 +01:00 |
|
Tom Hvitved
|
660398aa78
|
Python: Introduce TypeBackTracker::getACompatibleTypeTracker()
|
2021-11-02 11:16:32 +01:00 |
|
Tom Hvitved
|
73fd66cfed
|
Python: Cache TypeBackTracker::prepend
|
2021-11-02 11:16:32 +01:00 |
|
Erik Krogh Kristensen
|
41e7dea943
|
add cwe-319 "Cleartext Transmission of Sensitive Information" to js/clear-text-cookie
|
2021-11-02 11:11:38 +01:00 |
|
Rasmus Wriedt Larsen
|
b7b9120724
|
Python: Better handling of Pydantic models
|
2021-11-02 10:29:17 +01:00 |
|
Rasmus Wriedt Larsen
|
c207580ed9
|
Python: Add extra FastAPI taint tests
|
2021-11-02 10:20:09 +01:00 |
|
Mathias Vorreiter Pedersen
|
e2cb53c65f
|
Merge pull request #7014 from jbj/isFromSystemMacroDefinition
C++: Add `isFromSystemMacroDefinition` predicate
|
2021-11-02 09:14:59 +00:00 |
|
Rasmus Wriedt Larsen
|
17da28118a
|
Python: Small refactor to use extends .. instanceof
|
2021-11-02 10:06:11 +01:00 |
|
Anders Schack-Mulligen
|
42a046edc6
|
Merge pull request #7004 from Marcono1234/marcono1234/deprecate-StringLiteral-getRepresentedString
Java: Deprecate `StringLiteral.getRepresentedString()`
|
2021-11-02 09:57:52 +01:00 |
|
Tamás Vajk
|
18b08060ae
|
Merge pull request #5110 from porcupineyhairs/ssrfCsharp
C# : Add query to detect SSRF
|
2021-11-02 09:50:28 +01:00 |
|
Tony Torralba
|
5d7b09ac67
|
Merge pull request #7020 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2021-11-02 08:33:36 +01:00 |
|
github-actions[bot]
|
093be44258
|
Add changed framework coverage reports
|
2021-11-02 00:09:00 +00:00 |
|
Marcono1234
|
668928045e
|
Merge branch 'main' into marcono1234/deprecate-StringLiteral-getRepresentedString
|
2021-11-01 16:32:57 +01:00 |
|
Anders Schack-Mulligen
|
e88bbfdd67
|
Merge pull request #7008 from JLLeitschuh/feat/JLL/java_optional_lambda_support
Java: Model java.util.Optional lambda methods
|
2021-11-01 13:49:21 +01:00 |
|
Anders Schack-Mulligen
|
64acd0288e
|
Merge pull request #6614 from Marcono1234/marcono1234/char-literal-codepoint
Java: Add `CharacterLiteral.getCodePointValue()`
|
2021-11-01 13:06:00 +01:00 |
|
Nick Rolfe
|
da5d10fd6b
|
Merge pull request #7012 from MalikIdreesHasanKhan/main
Fixed a typo. ( Minor PR)
|
2021-11-01 11:30:13 +00:00 |
|
Chris Smowton
|
b59f6665a2
|
Fix punctuation
|
2021-11-01 11:02:58 +00:00 |
|
Chris Smowton
|
9ff426cf23
|
Sort Optional models
|
2021-11-01 10:59:03 +00:00 |
|
CodeQL CI
|
dde493259a
|
Merge pull request #7003 from asgerf/js/mixed-this-fp
Approved by erik-krogh
|
2021-11-01 09:13:21 +00:00 |
|
Anders Schack-Mulligen
|
301a907596
|
Update java/ql/lib/semmle/code/java/Expr.qll
|
2021-11-01 09:36:09 +01:00 |
|
Jonas Jensen
|
93dfee866a
|
C++: Add isFromSystemMacroDefinition predicate
|
2021-11-01 09:17:49 +01:00 |
|
MalikIdreesHasa
|
e44e982065
|
Fixed a typo.
|
2021-10-31 15:11:39 +00:00 |
|
Jonathan Leitschuh
|
c2a2a3a676
|
Java: Model java.util.Optional lambda methods
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
|
2021-10-29 13:23:47 -04:00 |
|
Marcono1234
|
b284e727a9
|
Java: Add change note for StringLiteral.getRepresentedString() deprecation
|
2021-10-29 15:21:55 +02:00 |
|
Marcono1234
|
fe5115169f
|
Java: Describe CharacterLiteral.getValue() behavior for surrogates
|
2021-10-29 14:56:07 +02:00 |
|
Marcono1234
|
e1516b4e9d
|
Java: Describe StringLiteral.getValue() behavior for unpaired surrogates
|
2021-10-29 14:53:13 +02:00 |
|
Marcono1234
|
bfb9577d15
|
Java: Deprecate StringLiteral.getRepresentedString()
|
2021-10-29 14:50:15 +02:00 |
|
Erik Krogh Kristensen
|
f676fc00d3
|
revert a change in an identical file
|
2021-10-29 14:42:38 +02:00 |
|
Erik Krogh Kristensen
|
0897b004eb
|
revert removal of redundant inline casts in some python files
|
2021-10-29 14:40:27 +02:00 |
|
Erik Krogh Kristensen
|
d36c66cfca
|
remove redundant inline casts in arguments where the type is inferred by the call target
|
2021-10-29 14:37:56 +02:00 |
|