Rasmus Wriedt Larsen
ed53742f03
Python: Fix additional taint-steps for cgi
...
So there isn't flow from *any* instance to *any* access of the methods,
but only from the _actual_ instance where the method is accessed.
2020-12-15 11:41:00 +01:00
Rasmus Wriedt Larsen
fabc6fb7d9
Python: Add change-note
2020-12-08 14:04:46 +01:00
Rasmus Wriedt Larsen
ba1ca70858
Python: Add source modeling of stdlib HTTPRequestHandlers
2020-12-08 14:04:15 +01:00
Rasmus Wriedt Larsen
34863721f0
Python: Model cgi.FieldStorage
2020-12-08 14:03:13 +01:00
Rasmus Wriedt Larsen
43688715f5
Python: Add test of stdlib HTTP server facilities
...
Just a port of the old tests, except for the fact that I learned
`cgi.FieldStorage()` _should_ be tainted when not specifying any arguments. (and
moved taint-test to own function)
Also clarified how imports of all the .*HTTPRequestHandler works in Python2
2020-12-08 14:01:55 +01:00
Jonas Jensen
bc340e210b
Merge pull request #4745 from ihsinme/main
...
CPP: Add query for CWE-191 into experimental this reveals a dangerous comparison
2020-12-04 18:00:41 +01:00
yo-h
54d7cac46d
Merge pull request #4718 from aschackmull/java/cleanup-deprecated
...
Java: Remove some deprecated classes.
2020-12-04 11:17:14 -05:00
yo-h
a5393b4661
Merge pull request #4746 from aschackmull/java/ssa-perf
...
Java: Improve performance of SSA.
2020-12-04 11:16:39 -05:00
Tamás Vajk
4226467556
Merge pull request #4678 from tamasvajk/feature/external-api-untrusted-data
...
C#: Add queries to check untrusted data flow to external APIs
2020-12-04 15:03:09 +01:00
Cornelius Riemenschneider
2ea9b4a62b
Merge pull request #4719 from geoffw0/issue84
...
C++: Create tests readme.
2020-12-04 13:49:56 +01:00
Tamas Vajk
aa3ae0f567
Remove calls to deprecated predicates
2020-12-04 13:28:14 +01:00
Jonas Jensen
9cf318b72c
C++: Autoformat the new query
...
Tweak whitespace, also in the alert message.
2020-12-04 13:27:07 +01:00
Tamas Vajk
d55fbc8a05
Add test cases for safe API calls
2020-12-04 13:26:53 +01:00
Tamas Vajk
24670160c2
Address code review findings
2020-12-04 13:26:53 +01:00
Tamas Vajk
cd5c1f06ee
C#: Add queries to check untrusted data flow to external APIs
2020-12-04 13:26:53 +01:00
Jonas Jensen
bf88df8134
C++: CRLF -> LF line endings
2020-12-04 13:25:32 +01:00
CodeQL CI
0f5f0ed99e
Merge pull request #4776 from asgerf/js/electron-openshell
...
Approved by erik-krogh
2020-12-04 09:12:44 +00:00
Asger F
22dbaf28ab
Merge pull request #4709 from asgerf/js/typescript-4.1
...
JS: Support for TypeScript 4.1
2020-12-04 09:10:14 +00:00
Jonas Jensen
b4be72268d
Merge pull request #4722 from rdmarsh2/rdmarsh2/cpp/range-analysis-overflow-perf
...
C++: Filter out lower bounds on overflowing exprs
2020-12-04 08:29:21 +01:00
ihsinme
69ed608a11
Update UnsignedDifferenceExpressionComparedZero.ql
2020-12-04 09:47:11 +03:00
Robert Marsh
b45f7846db
C++: autoformat
2020-12-03 15:48:42 -08:00
Asger Feldthaus
20d9848f07
JS: Add test case
2020-12-03 15:08:43 +00:00
Asger Feldthaus
e66a49bea6
JS: Change note
2020-12-03 13:58:40 +00:00
Asger Feldthaus
ec6b8d6d3a
JS: Remove old workaround for template literals in import
2020-12-03 13:58:40 +00:00
Asger Feldthaus
757398f5fd
JS: Add upgrade script and stats
2020-12-03 13:58:39 +00:00
Asger Feldthaus
3b3052d792
JS: Autoformat
2020-12-03 13:58:39 +00:00
Asger Feldthaus
5676891e44
JS: Add TemplateLiteralTypeExpr
2020-12-03 13:58:39 +00:00
Asger Feldthaus
9da5c5cc70
JS: Update to TypeScript 4.1.2
2020-12-03 13:58:39 +00:00
Asger F
254072dd6d
Merge pull request #4546 from toufik-airane/main
...
JS: Add ElectronShellOpenExternalSink class for Electron framework security
2020-12-03 13:20:46 +00:00
Tamás Vajk
3eb55ddc0b
Merge pull request #4704 from tamasvajk/feature/stats2
...
C#: Update DB stats file
2020-12-03 13:13:43 +01:00
Mathias Vorreiter Pedersen
1142a79ad5
Merge pull request #4766 from criemen/cleanup-flow-tests
...
C++: Cleanup data/taint flow tests
2020-12-03 10:10:39 +01:00
CodeQL CI
edbbc846d0
Merge pull request #4753 from max-schaefer/js/more-nosql-query-args
...
Approved by asgerf, mchammer01
2020-12-03 08:46:47 +00:00
Tamás Vajk
04bacf4347
Merge pull request #4760 from tamasvajk/feature/cil-debug-build
...
C#: Fix CIL trap file writing in debug mode
2020-12-02 22:08:22 +01:00
CodeQL CI
e266cedc84
Merge pull request #4700 from RasmusWL/python-add-code-injection-FP
...
Approved by tausbn
2020-12-02 16:29:21 +00:00
CodeQL CI
6017f25106
Merge pull request #4740 from RasmusWL/fix-json-modeling
...
Approved by tausbn
2020-12-02 16:29:00 +00:00
Mathias Vorreiter Pedersen
e0a9e2dca7
Merge pull request #4754 from geoffw0/modelchanges3
...
C++: Expose more information in FormattingFunction and make subclasses private.
2020-12-02 17:12:55 +01:00
Geoffrey White
4322b214c6
C++: Link to standards.
2020-12-02 15:57:38 +00:00
Geoffrey White
420d47b676
Apply suggestions from code review
...
Co-authored-by: hubwriter <hubwriter@github.com >
2020-12-02 15:54:28 +00:00
Tamas Vajk
ba56993396
C#: Fix CIL trap file writing in debug mode
2020-12-02 16:52:33 +01:00
Tamás Vajk
6e6cd05787
Merge pull request #4758 from tamasvajk/feature/cil-structure-change
...
C#: Cleanup CIL extraction structure
2020-12-02 16:49:31 +01:00
Geoffrey White
d20619d779
Merge branch 'main' into modelchanges3
2020-12-02 14:45:54 +00:00
Cornelius Riemenschneider
feb05542d2
C++: Refactor common implementation of data/taint flow tests.
2020-12-02 15:42:52 +01:00
Anders Schack-Mulligen
0cc324b715
Merge pull request #3839 from luchua-bc/uncaught-servlet-exception
...
Java: Uncaught servlet exception
2020-12-02 15:12:59 +01:00
Anders Schack-Mulligen
0175a596ef
Update java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql
2020-12-02 13:33:59 +01:00
Taus
9eeaceac2a
Merge pull request #4739 from RasmusWL/recrete-regex-fp
...
Python: Add regex FP with + for flags
2020-12-02 13:01:47 +01:00
Tom Hvitved
ecfa66e19a
C#: Use getParentNamespace instead of getParent
2020-12-02 10:39:29 +01:00
Mathias Vorreiter Pedersen
203bbdd84f
Merge pull request #4741 from criemen/port-dataflow-tests
...
C++: Port dataflow tests to inline expectations test library.
2020-12-02 10:25:52 +01:00
Tom Hvitved
9c516bf62c
C#: Fix join-order in UselessUpcast.ql
2020-12-02 10:12:57 +01:00
Cornelius Riemenschneider
f3a7d87d46
C++: Remove vscode snippets.
2020-12-02 09:30:10 +01:00
Arthur Baars
7f485dfe70
Merge pull request #4763 from github/yo-h/java15-merge
...
Java: adjust test options for JDK 15 upgrade
2020-12-02 05:15:10 +01:00
