Rasmus Wriedt Larsen
d18fbb7f07
Python: Add working tests of AES and RC4
2021-04-22 14:51:14 +02:00
Rasmus Wriedt Larsen
cf64701bcb
Python: Move weak-crypto-algorithm tests to own folder
2021-04-22 14:51:13 +02:00
Tamas Vajk
ed42c878b0
Adjust 'fromSource' to hold only on '.cs' files
2021-04-22 14:17:16 +02:00
Tamas Vajk
b36d35bf1e
Revert "C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file"
...
This reverts commit 1dab1590ea .
2021-04-22 14:16:10 +02:00
haby0
407dcea751
add String type startsWith
2021-04-22 19:20:54 +08:00
haby0
1712d01b74
Merge branch 'UseOfLessTrustedSource' of https://github.com/haby0/codeql into UseOfLessTrustedSource
2021-04-22 19:02:23 +08:00
haby0
9b4442be8b
Fix some errors
2021-04-22 19:01:55 +08:00
haby0
aaef4ef22b
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-22 18:52:55 +08:00
Tamás Vajk
cb28bc80b7
Merge branch 'main' into feature/java-sinks-csv
2021-04-22 11:41:18 +02:00
Tamas Vajk
7134eb9079
Improve documentation of csv sink models
2021-04-22 11:37:41 +02:00
Mathias Vorreiter Pedersen
2b8afe55e8
Merge pull request #5747 from rdmarsh2/rdmarsh2/cpp/deprecate-return-stack-allocated-object
...
C++: deprecate cpp/return-stack-allocated-object
2021-04-22 11:37:07 +02:00
edvraa
c9c9758e01
Make similarly named files in tests and qhelp in sync
2021-04-22 12:23:46 +03:00
Tamas Vajk
1caa5c4780
Adjust hostname verifier sink identifier name
2021-04-22 11:22:18 +02:00
Tamas Vajk
6c78a247f2
Revert erroneous refactoring in header splitting sink base class
2021-04-22 11:20:39 +02:00
Tamas Vajk
9b1c54e81b
Add argument indices to HTTP header splitting sinks
2021-04-22 11:17:25 +02:00
Tamas Vajk
180904e9f6
Revert "Java: Convert Google HTTP client API parseAs sink to CSV format"
...
This reverts commit 3e53484bb3 .
2021-04-22 11:14:51 +02:00
Owen Mansel-Chan
fea9f5f431
Merge pull request #5746 from owen-mc/java/refactor-exec-tainted
...
Make ExecTainted easier to extend
2021-04-22 10:14:28 +01:00
Tamas Vajk
a8a920c8f0
Add change note
2021-04-22 11:01:12 +02:00
Owen Mansel-Chan
8a01799fb8
Make imports private
...
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com >
2021-04-22 09:46:49 +01:00
Rasmus Lerchedahl Petersen
b724e51cab
Python: Improvements from review suggestions
2021-04-22 10:40:42 +02:00
Owen Mansel-Chan
4b8d4f5bbd
Update docs
2021-04-22 09:30:50 +01:00
Owen Mansel-Chan
e448dcb725
Avoid bad join order
...
We want to avoid joining on `i` first.
2021-04-22 09:30:49 +01:00
Owen Mansel-Chan
9f1704560b
Include constructors in abstract class
2021-04-22 09:30:48 +01:00
Tamas Vajk
1dab1590ea
C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file
2021-04-22 10:21:28 +02:00
Tamas Vajk
1a708affbf
Include compilation errors in diagnostic check
2021-04-22 10:08:33 +02:00
Asger Feldthaus
d2646ea4ad
JS: More consistent section capitalization
2021-04-22 09:06:44 +01:00
Asger Feldthaus
0dceabe704
JS: Reference specific section of cheat sheet
2021-04-22 09:06:09 +01:00
Tamas Vajk
64354bbfaa
Fix test results after rebase
2021-04-22 09:23:59 +02:00
Tamas Vajk
ff9327a035
Add diagnostic query to get correctly extracted files
2021-04-22 09:21:46 +02:00
Tamas Vajk
b05e211e21
Fix failing test
2021-04-22 09:21:45 +02:00
Tamas Vajk
353d43a039
Log model errors even in standalone extraction
2021-04-22 09:13:06 +02:00
Tamas Vajk
5149ffdd16
C#: Add extraction error diagnostic query
2021-04-22 09:13:06 +02:00
edvraa
ade238307f
Add a test
2021-04-22 10:02:06 +03:00
Tamás Vajk
9c936867fa
Exclude code from XML files
...
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com >
2021-04-22 09:00:31 +02:00
Tamás Vajk
a7cc9f98ef
Merge pull request #5745 from tamasvajk/feature/fix-arg-default
...
C#: Fix special case of default argument value extraction
2021-04-22 08:58:13 +02:00
edvraa
86444bfa09
Use set literal expression
2021-04-22 09:48:46 +03:00
edvraa
9774b24c4e
Use TypeString
2021-04-22 09:44:07 +03:00
Sauyon Lee
b808c187cf
Add test with curly braces in filename
2021-04-21 21:14:41 -07:00
Sauyon Lee
f15b65d07e
Extract dummy files for errors with no location
2021-04-21 21:14:40 -07:00
Sauyon Lee
488f7f5b9b
Use pre-transformed path for extractor fileinfo
2021-04-21 21:14:40 -07:00
Chris Smowton
90c4b5d63f
Switch to using HTML entities for escaping
2021-04-21 21:14:39 -07:00
Chris Smowton
06c958e61f
Extractor: tolerate curly braces in struct field tags, directory names
...
These previously produced malformed TRAP. I have checked the other uses of GlobalID and don't see any others that should require escaping.
2021-04-21 21:14:39 -07:00
haby0
454324781d
delete IfStmt
2021-04-22 11:59:33 +08:00
Robert Marsh
cac1bef6ea
C++: deprecate cpp/return-stack-allocated-object
2021-04-21 15:17:31 -07:00
Asger Feldthaus
fe8deeaf6b
JS: Autoformat
2021-04-21 23:13:57 +01:00
Dave Bartolomeo
383210096c
C++: Isolate models from AST dataflow's reference/object conflation
...
`DataFlowFunction` models treat references a pointers - an explicit level of indirection. The AST dataflow library generally treats references as if they were the referred-to object. This commit removes a workaround in the dataflow model for unary `operator*` on smart pointers, and makes the AST dataflow library adjust the results of querying the model so that a returned reference only gets flow that was modeled as going to the dereference of the return value.
This fixes some missing flow in IR dataflow, and recovers some (presumably) missing reverse taint flow in AST taint tracking as well.
2021-04-21 18:09:44 -04:00
Asger Feldthaus
e98bfe921e
JS: QLDoc
2021-04-21 22:14:50 +01:00
Asger Feldthaus
bb7934b381
JS: Change note
2021-04-21 21:20:12 +01:00
Asger Feldthaus
c113cfd8b7
JS: Autoformat
2021-04-21 21:13:07 +01:00
edvraa
57689df5aa
Remove DataFlow::Node
2021-04-21 19:29:30 +03:00