4860 Commits

Author	SHA1	Message	Date
Jeroen Ketema	9a0e94f389	Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard	2022-03-15 11:55:34 +01:00
Joe Farebrother	e4a16cc700	Add security severity	2022-03-15 10:42:41 +00:00
Tony Torralba	6f484d3d64	Merge pull request #8440 from github/workflow/coverage/update ... Update CSV framework coverage reports	2022-03-15 10:58:27 +01:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
Jonas Jensen	d89c52f4b0	Merge pull request #8403 from erik-krogh/noUpper ... Rename all upper-case variables, and all lower-case modules	2022-03-15 09:00:37 +01:00
github-actions[bot]	b10adfc8da	Add changed framework coverage reports	2022-03-15 00:13:15 +00:00
Arthur Baars	6a74e761c8	Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 ... Post-release preparation for codeql-cli-2.8.3	2022-03-14 21:05:09 +01:00
Michael Nebel	bcdbfefb2b	Merge pull request #8329 from michaelnebel/csharp/model-generator ... C#: Capture Summary models.	2022-03-14 16:10:05 +01:00
Joe Farebrother	d4b5eed3e4	Merge pull request #8410 from joefarebrother/sensitive-logging ... Java: Promote Sensitive Logging query	2022-03-14 14:50:26 +00:00
Chris Smowton	9f02ca0db2	Merge pull request #8357 from p0wn4j/jdbc-url-ssrf-sink ... Java: Add JDBC connection SSRF sinks	2022-03-14 13:27:34 +00:00
Chris Smowton	ca8237b9de	Make comment into qldoc	2022-03-14 13:14:31 +00:00
Joe Farebrother	e4b762b5c5	Improve qldoc; make taint tracking	2022-03-14 13:10:34 +00:00
Michael Nebel	21bcaf6a0e	C#/Java: After remaining code after rebase.	2022-03-14 14:08:49 +01:00
Michael Nebel	74352925e4	C#/Java: Remove inline from returnNodeEnclosingCallable.	2022-03-14 13:50:55 +01:00
Michael Nebel	48dc9d7057	C#/Java: Move containerContent to DataFlowPrivate.	2022-03-14 13:50:55 +01:00
Michael Nebel	b7803ef0b1	C#: Introduce SyntheticFieldContent in RelevantContent.	2022-03-14 13:50:55 +01:00
Michael Nebel	12ff2c6cd5	C#/Java: Improve comments in CaptureSummaryModels.	2022-03-14 13:50:55 +01:00
Michael Nebel	3ad9731e91	C#/Java: Add some more QL docs.	2022-03-14 13:50:50 +01:00
Michael Nebel	2476e716a2	C#: Move the isRelevantTaintStep and isRelevantContent into the shared utils.	2022-03-14 13:49:52 +01:00
Michael Nebel	665e3c9326	C#: Re-factor containerContent into standalone predicate in DataFlow library.	2022-03-14 13:49:51 +01:00
Michael Nebel	5d03e510d2	C#/Java: Include synthetic fields in isRelevantContent.	2022-03-14 13:49:51 +01:00
Michael Nebel	cd03af3be4	C#: Get rid of the isOwnInstanceAccess based on ReturnStmt.	2022-03-14 13:49:46 +01:00
Michael Nebel	34a91f1aac	C#: Rename CaptureSummaryModelsQuery to CaptureSummaryModels.	2022-03-14 13:48:56 +01:00
Michael Nebel	36e0c683bd	C#: Add QL Doc to the primary predicate used for capturing flow.	2022-03-14 13:48:56 +01:00
Michael Nebel	e8aacb710e	C#: Add file level QL Doc to Capture Summary models specific implementations.	2022-03-14 13:48:56 +01:00
Michael Nebel	d114582b56	C#: Add QLDoc to the shared Capture summary models library.	2022-03-14 13:48:51 +01:00
Michael Nebel	82d93d0f9e	Java: Refactor CaptureSummaryModels code to enable re-use in C#.	2022-03-14 13:47:20 +01:00
Michael Nebel	ba233ed7a1	Java: Rearrange and refactor language specific content into standalone predicates.	2022-03-14 13:46:24 +01:00
Chris Smowton	b351d5bc2f	Autoformat	2022-03-14 12:44:40 +00:00
Michael Nebel	9ca199c9ae	Java: Move generic code out of language specific file for model generation.	2022-03-14 13:43:45 +01:00
Michael Nebel	a2d9f4f6f4	Java: Introduce language specific file for model generator code.	2022-03-14 13:40:40 +01:00
Michael Nebel	a1c642685a	Java: Re-arrange code in ModelGeneratorUtils.	2022-03-14 13:35:56 +01:00
Chris Smowton	f83ea25ead	Add change note	2022-03-14 12:14:37 +00:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Chris Smowton	aada8d3af9	Merge pull request #8405 from smowton/smowton/fix/range-analysis-use-ranked-phi-nodes ... C#/Java: Range analysis: use ranked phi nodes	2022-03-14 11:55:55 +00:00
Jeroen Ketema	4c2081b7fc	Merge pull request #8401 from jketema/taint-flow ... Extend taint tracking interface with flow states	2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen	83f26eb833	rename all upper-case variables to start with a lower-case letter	2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen	bbb2847ec1	Merge pull request #8323 from erik-krogh/acronyms ... Enforcing consistent casing of acronyms	2022-03-14 11:38:25 +01:00
Jeroen Ketema	c832b21fbe	Add change notes for changes to the taint tracking library	2022-03-14 10:38:48 +01:00
Tony Torralba	1f4f4207b5	Add missing security-severity scores	2022-03-14 09:50:14 +01:00
p0wn4j	ee67d27b56	Java: Add JDBC connection SSRF sinks	2022-03-12 16:35:32 +04:00
Joe Farebrother	b924de631f	Add change note, minor docs improvement	2022-03-11 17:58:52 +00:00
Joe Farebrother	594d51e84d	Exclude constants	2022-03-11 17:45:42 +00:00
Joe Farebrother	06f2c03828	Add tests	2022-03-11 17:44:52 +00:00
Jonathan Leitschuh	50ff2c2c68	Code cleanup from code review	2022-03-11 11:44:15 -05:00
Chris Smowton	58d4513d84	Change note	2022-03-11 12:51:13 +00:00
Chris Smowton	496cae7742	Revert 8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue ... As pointed out in 8325's thread, this breaks the corner case of char-literal addition and the convention that getStringValue only applies to String-typed constants.	2022-03-11 12:45:53 +00:00
Chris Smowton	579b57cf67	Range analysis: use ranked phi nodes ... This borrows a technique (and the implementing code) off Modulus analysis.	2022-03-11 12:32:12 +00:00
Erik Krogh Kristensen	1e365611fc	fix all other implicit-this warnings introduced by the acronym patch	2022-03-11 13:22:07 +01:00
Erik Krogh Kristensen	2e2970128e	fix typo in change-note	2022-03-11 13:16:34 +01:00