Erik Krogh Kristensen
2250ebc5e2
remove leftover comments
2022-03-14 13:04:22 +01:00
Erik Krogh Kristensen
3bf5e06d53
delete all dead code
2022-03-14 13:03:31 +01:00
Mathias Vorreiter Pedersen
7c411b4bad
C++: Respond to review comments
2022-03-14 11:57:28 +00:00
Erik Krogh Kristensen
27d41cba7e
QL: add ql/dead-code query
2022-03-14 12:57:02 +01:00
Chris Smowton
aada8d3af9
Merge pull request #8405 from smowton/smowton/fix/range-analysis-use-ranked-phi-nodes
...
C#/Java: Range analysis: use ranked phi nodes
2022-03-14 11:55:55 +00:00
Erik Krogh Kristensen
a4525bbb29
add change-note
2022-03-14 12:22:39 +01:00
Erik Krogh Kristensen
ad2ab5602e
PY: rename remaining private python modules
2022-03-14 12:22:33 +01:00
Mathias Vorreiter Pedersen
0da5d91955
Merge branch 'main' into use-taint-configuration-in-three-more-queries
2022-03-14 11:12:23 +00:00
Jeroen Ketema
4c2081b7fc
Merge pull request #8401 from jketema/taint-flow
...
Extend taint tracking interface with flow states
2022-03-14 12:06:10 +01:00
Mathias Vorreiter Pedersen
31b1e4079f
C++: Prevent join-on-enclosing-callable in 'cpp/return-stack-allocated-memory'.
2022-03-14 11:01:07 +00:00
Rasmus Wriedt Larsen
2f4a22c86c
Merge pull request #6112 from jorgectf/jorgectf/python/deserialization
...
Python: Port and extend XXE modeling
2022-03-14 11:59:28 +01:00
Erik Krogh Kristensen
8515a70fe6
JS: fix all ql/no-upper-case-variables
2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
02127b40cd
PY: fix all ql/no-upper-case-variables
2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
83f26eb833
rename all upper-case variables to start with a lower-case letter
2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
4f0d4ecf6e
QL: add no-uppercase-variables query
2022-03-14 11:50:48 +01:00
Erik Krogh Kristensen
7d6700a943
Merge branch 'main' into depMore
2022-03-14 11:49:18 +01:00
Erik Krogh Kristensen
c06336480c
add change note
2022-03-14 11:41:53 +01:00
Erik Krogh Kristensen
bbb2847ec1
Merge pull request #8323 from erik-krogh/acronyms
...
Enforcing consistent casing of acronyms
2022-03-14 11:38:25 +01:00
Jeroen Ketema
c832b21fbe
Add change notes for changes to the taint tracking library
2022-03-14 10:38:48 +01:00
Erik Krogh Kristensen
6d66ea4253
also deprecate the definitionReaches predicate, it was only used in a test
2022-03-14 10:14:15 +01:00
Erik Krogh Kristensen
54760081dc
add pointers to the qldoc of deprecated predicates
2022-03-14 10:10:38 +01:00
Alex Ford
6eca036b44
Ruby: Add qldoc for Cryptography module (from python version)
2022-03-14 08:57:13 +00:00
Tony Torralba
1f4f4207b5
Add missing security-severity scores
2022-03-14 09:50:14 +01:00
Tom Hvitved
06b8f74644
C#: Avoid combinatorial explosion in structural comparison library
...
In cases where the target of a call/access has multiple values (which is a DB
inconsistency), the GVN construction underlying the structural comparision library
may run into a combinatorial explosion. This change excludes such expressions from
the GVN construction.
2022-03-14 09:07:45 +01:00
ihsinme
62381d0762
Update test.cpp
2022-03-14 09:36:28 +03:00
ihsinme
de92356c88
Update InsecureTemporaryFile.expected
2022-03-14 09:35:03 +03:00
ihsinme
1db759cc4d
Update InsecureTemporaryFile.ql
2022-03-14 09:33:08 +03:00
4B5F5F4B
597603a3a6
Create cve-2017-5123.ql
...
Add query to detect CVE-2017-5123
2022-03-14 09:44:30 +08:00
4B5F5F4B
4030561eb7
Delete CVE
2022-03-14 09:43:04 +08:00
4B5F5F4B
880c12bd34
Create CVE
2022-03-14 09:42:40 +08:00
Erik Krogh Kristensen
8f86b067e7
deprecate the unused localTaintStep and stringStep predicates
2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
cc231fef4c
deprecate some unused predicate in DefUse.qll
2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
c0a63beec1
deprecate unused document predicates in DOM.qll
2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
5e52a71091
remove test .qll files that weren't imported
2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
4fc85a791d
deprecate DefiningIdentifier, it was not used in any query
2022-03-13 23:54:53 +01:00
Erik Krogh Kristensen
9cf0a94e4d
use some Sanitizer classes that were unused in the query code
2022-03-13 23:54:53 +01:00
Alex Ford
fc232ce55f
Ruby: changenote for rb/weak-cryptographic-algorithm
2022-03-13 21:25:28 +00:00
Alex Ford
94d5f3bb1f
Ruby: Add rb/weak-cryptographic-algorithm query
2022-03-13 21:25:28 +00:00
Alex Ford
40b87e6df7
Ruby: tests for rb/weak-cryptographic-algorithm
2022-03-13 21:25:24 +00:00
Alex Ford
446141ada3
Ruby: qhelp for rb/weak-cryptographic-algorithm
2022-03-13 21:25:12 +00:00
Alex Ford
4234cfeeec
Ruby: model CipherOperations for OpenSSL
2022-03-13 21:21:52 +00:00
Alex Ford
489391eb4c
Ruby: add CryptographicOperation concept
2022-03-13 21:21:52 +00:00
Dave Bartolomeo
afa3399e27
Zero diffs between Java AST and Semantic range analysis
2022-03-13 13:38:21 -04:00
jorgectf
ded9663f2b
Finish taint steps
2022-03-13 13:59:03 +01:00
Dave Bartolomeo
8b4d6a26ef
Performance improvements for semantic layer construction
2022-03-12 11:28:12 -05:00
p0wn4j
ee67d27b56
Java: Add JDBC connection SSRF sinks
2022-03-12 16:35:32 +04:00
Arthur Baars
f59f36b863
Use RUNNER_TEMP instead of runner.temp
2022-03-11 21:13:41 +01:00
Joe Farebrother
b924de631f
Add change note, minor docs improvement
2022-03-11 17:58:52 +00:00
Ahmed Farid
3c9de6f488
Update Zip.qll
2022-03-11 18:50:37 +01:00
Joe Farebrother
594d51e84d
Exclude constants
2022-03-11 17:45:42 +00:00
