40697 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Tony Torralba	c66e583aea	Make more ExternalFlow imports private	2022-05-03 10:31:29 +02:00
Arthur Baars	19e4d34581	Update ruby/ql/lib/change-notes/2022-04-30-update-grammar.md ... Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2022-05-03 10:08:29 +02:00
Erik Krogh Kristensen	806dacb0e3	Merge pull request #8989 from erik-krogh/mentionAll ... JS/RB: have `ApiGraphModelsSpecific.qll` mention all the required predicates	2022-05-03 09:42:41 +02:00
Tony Torralba	5c574906fe	Merge pull request #9010 from github/workflow/coverage/update ... Update CSV framework coverage reports	2022-05-03 09:23:53 +02:00
github-actions[bot]	433beaf637	Add changed framework coverage reports	2022-05-03 00:15:34 +00:00
Daniel Santos	fddb465260	Update javascript/ql/lib/semmle/javascript/security/dataflow/XssThroughDomCustomizations.qll ... Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>	2022-05-02 14:00:45 -05:00
Robert Marsh	ffd2cd7f40	C++: cleanup some implicit this usage	2022-05-02 12:38:04 -04:00
Robert Marsh	7993cba457	C++: fix global vars accesses in global vars	2022-05-02 12:27:10 -04:00
Robert Marsh	b5a2a2e8c2	C++: test for global var access in a global var	2022-05-02 12:07:01 -04:00
Tony Torralba	de8b5f927b	Adjust test expectations	2022-05-02 16:55:11 +02:00
Tony Torralba	29b430e49b	Make commits private	2022-05-02 16:55:01 +02:00
Anders Schack-Mulligen	86516b157b	Merge pull request #8884 from JLLeitschuh/feat/JLL/additional-file-taint-flow ... Java: Add additional `File` taint value flow models	2022-05-02 16:30:45 +02:00
Tony Torralba	9a35aba465	Add change notes	2022-05-02 15:45:44 +02:00
Tony Torralba	1cf4b60769	Simplify non-https-url query	2022-05-02 15:43:07 +02:00
Tony Torralba	8602a6f6c9	Add models for OkHttp and Retrofit	2022-05-02 15:42:15 +02:00
Rasmus Wriedt Larsen	7e1be3172e	Python: Add change-note	2022-05-02 14:24:13 +02:00
Rasmus Wriedt Larsen	de4390cdf6	Python: Improve Flask request.files handling even more	2022-05-02 14:19:45 +02:00
Rasmus Wriedt Larsen	fb0133d276	Python: Fix Flask request.files modeling	2022-05-02 14:14:58 +02:00
Rasmus Wriedt Larsen	0c62916af5	Python: Highlight problem with Flask request.files modeling	2022-05-02 14:14:53 +02:00
Erik Krogh Kristensen	c0eca0d09a	deprecate SqlConstruction	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	6c67e51ec3	add test for the .Call token	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	9c3d45a16a	last test of taint steps	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	894252dfa7	third test of taint steps	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	0f1e070d82	second test of taint steps	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	649df1dd31	simple taint-flow test	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	a8790412dd	add support for the Argument[any] and Argument[any-named] tokens	2022-05-02 12:58:21 +02:00
Erik Krogh Kristensen	b1fa7f86a8	add support for the any argument tokens	2022-05-02 12:58:15 +02:00
Erik Krogh Kristensen	413d182bcf	add support for named parameters	2022-05-02 12:56:44 +02:00
Erik Krogh Kristensen	c1d3738fb8	fix API-graphs such that the first parameter is the first non-self parameter	2022-05-02 12:52:02 +02:00
Erik Krogh Kristensen	547047ef19	add self parameters to API-graphs, and add support for self parameters in MaD	2022-05-02 12:50:31 +02:00
Erik Krogh Kristensen	dc38aa8a96	add support for the Method[name] token	2022-05-02 12:50:29 +02:00
Erik Krogh Kristensen	ea01bcf5ec	have the Instance token be an alias for Subclass.ReturnValue	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	46acce0ad4	add support for the Subclass token	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	a02e812de8	add test for the Instance token	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	682cab3737	add test for awaited	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	48408ca45d	Add TODO list	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	8d60336396	add tests for callsite filters	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	20992af037	add test for parameter syntax	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	35b143a1a5	add tests for argument syntax	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	86a9bc6aca	add test for keyword arguments	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	d4b882519a	convert most of the asyncpg model to MaD	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	1c2c9159a9	initial MaD implementation for Python	2022-05-02 12:45:19 +02:00
yoff	1d44694280	Merge pull request #8732 from RasmusWL/dataflow-imports ... Python: Don't re-export `python` under `DataFlow::`	2022-05-02 12:08:28 +02:00
Taus	231def026f	Merge pull request #8890 from tausbn/python-add-global-attribute-writes ... Python: Add support for global attribute writes	2022-05-02 12:03:41 +02:00
yoff	c67b06b1fd	Update python/ql/test/experimental/dataflow/typetracking/attribute_tests.py ... Co-authored-by: Taus <tausbn@github.com>	2022-05-02 11:36:58 +02:00
Rasmus Wriedt Larsen	714465bf39	Python: Refactor SaxParserSetFeatureCall ... Originally made by @erik-krogh in https://github.com/github/codeql/pull/8693/files#diff-9627c1fb9a1cc77fb93e6b7e31af1a4fa908f2a60362cfb34377d24debb97398 Could not be applied directly to this PR, since this PR deletes the file.	2022-05-02 11:29:54 +02:00
Rasmus Wriedt Larsen	5f01fc24e4	Merge branch 'main' into promote-xxe	2022-05-02 11:25:55 +02:00
Rasmus Wriedt Larsen	3c1a37e7e1	Merge branch 'main' into new-nosql-examples	2022-05-02 11:21:36 +02:00
Tom Hvitved	29f30a19e7	Merge pull request #8955 from hvitved/csharp/useless-cast-fp ... C#: Add FP test for `cs/useless-cast-to-self`	2022-05-02 10:32:28 +02:00
Anders Schack-Mulligen	b2e9555075	Merge pull request #8345 from jorgectf/mybatis-new-sinks ... Java: Add `MyBatis`' `Providers` sinks	2022-05-02 09:44:28 +02:00