Rasmus Wriedt Larsen
b55817a5b2
Python: Model HTTP responses in tornado
...
This is quite a simpel model, but ends up matching what we were able to do with
points-to.
I think this modeling excercise really shows that we need a bit of a different
way to model HTTP responses... but I'm not going to try to fix that in this PR.
2021-01-21 13:26:31 +01:00
Rasmus Wriedt Larsen
ac77a8b8a8
Python: Add proper HTTP response tests for Tornado
2021-01-21 13:22:31 +01:00
Asger Feldthaus
2f58683f2d
JS: Remove PipeCallExpr
2021-01-21 12:12:17 +00:00
Asger Feldthaus
1d1149f4cd
JS: Test and QLDoc for RxJS model
2021-01-21 12:08:22 +00:00
Rasmus Lerchedahl Petersen
e786be06ae
Python: Fix broken references
2021-01-21 12:40:35 +01:00
Asger Feldthaus
144d04f3ce
JS: Add test exposing source location of attribute after line break
2021-01-21 11:25:39 +00:00
haby0
a56dd60baa
*)add CWE-652 XQueryInjection detection
2021-01-21 19:18:10 +08:00
Asger Feldthaus
7c6704a63f
JS: Shift line numbers in test case
2021-01-21 11:09:36 +00:00
Owen Mansel-Chan
7dfe5d9f07
Merge pull request #457 from owen-mc/cleanup-avoid-code-duplication
...
Reuse existing class instead of repeating it
2021-01-21 10:56:14 +00:00
Owen Mansel-Chan
7f00ab1f08
Merge pull request #456 from owen-mc/add-guarding-function-test
...
Add tests for guarding functions proxied by a variable
2021-01-21 10:55:54 +00:00
Asger F
34280f90b0
Update QLDoc for getATemplateArgument
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2021-01-21 10:51:46 +00:00
Erik Krogh Kristensen
a9a901d1e2
add change note
2021-01-21 11:08:39 +01:00
Erik Krogh Kristensen
dafec3ceaa
rename to AnalyzedCompoundNumericAssignExpr
2021-01-21 11:06:46 +01:00
Rasmus Lerchedahl Petersen
88db8f562d
Python: Elaborate comments for steps
2021-01-21 10:55:59 +01:00
Tom Hvitved
bc41c26354
Merge pull request #4959 from hvitved/csharp/ssa/split
...
C#: Split up SSA implementation
2021-01-21 10:52:49 +01:00
Rasmus Lerchedahl Petersen
bc1b50788a
Python: Small refactor
2021-01-21 10:44:58 +01:00
Rasmus Lerchedahl Petersen
19918e2e57
Python: Have Node-postfix consistently
2021-01-21 10:43:15 +01:00
CodeQL CI
30015ee995
Merge pull request #4942 from esbena/js/reintroduce-resource-exhaustion
...
Approved by erik-krogh
2021-01-21 01:21:33 -08:00
CodeQL CI
9cfbe6feb7
Merge pull request #4980 from erik-krogh/defaultExport
...
Approved by esbena
2021-01-21 00:55:15 -08:00
Esben Sparre Andreasen
b90dd89746
JS: move js/resource-exhaustion to experimental
2021-01-21 09:09:01 +01:00
Esben Sparre Andreasen
5a6e692807
add js/server-crash to the security suite
2021-01-21 08:43:13 +01:00
Esben Sparre Andreasen
9e3cc3b1b2
JS: add qhelp and changenotes for js/server-crash
2021-01-21 08:43:13 +01:00
Your Name
ad22445d16
refactor
2021-01-21 01:52:00 +03:00
monkey-junkie
c8da633d7b
Update ql/src/experimental/CWE-369/DivideByZero.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-01-21 00:54:00 +03:00
Tamas Vajk
eb8a52ba8d
Add new .stats file
2021-01-20 21:21:03 +01:00
Rasmus Lerchedahl Petersen
419449fb8a
Python: default value for argN
2021-01-20 20:33:04 +01:00
Artem Smotrakov
7df813354a
Improved JexlInjectionLib.qll
2021-01-20 20:26:48 +01:00
Rasmus Lerchedahl Petersen
2409a7899b
Python: Remove func tag in some situations.
...
Also make ArgumentNode public
2021-01-20 20:18:40 +01:00
Erik Krogh Kristensen
a44aefa6c9
add test for top-level closure modules - and simplify
2021-01-20 19:47:32 +01:00
Nick Rolfe
2e8d154f2b
Add AST classes and tests for method calls
2021-01-20 18:34:25 +00:00
Rasmus Lerchedahl Petersen
7a5d553dd2
Merge branch 'main' of github.com:github/codeql into python-dataflow-unpacking-assignment
2021-01-20 19:27:34 +01:00
Tom Hvitved
bf7eb022a0
CFG: Use manual toString()s for AstCfgNode when available
2021-01-20 19:15:03 +01:00
Geoffrey White
d5d8b48218
C++: More accurate solution using Guards library.
2021-01-20 17:15:42 +00:00
Mathias Vorreiter Pedersen
3877f03a46
Merge pull request #4979 from geoffw0/cpp401
...
C++: Improvements to experimental query cpp/memory-leak-on-failed-call-to-realloc
2021-01-20 18:10:13 +01:00
Luke Cartey
5c6f5b7b33
Java: Track taint through Spring Java bean getters on super types
2021-01-20 16:53:03 +00:00
yoff
e072864948
Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2021-01-20 17:38:34 +01:00
Owen Mansel-Chan
7339f3e095
Reuse existing class instead of repeating it
...
This is already done elsewhere.
2021-01-20 16:11:33 +00:00
Geoffrey White
439fe41b0a
C++: Add a couple more test cases.
2021-01-20 15:33:32 +00:00
yoff
3fc085ff38
Update python/ql/test/experimental/dataflow/TestUtil/RoutingTest.qll
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-01-20 16:11:40 +01:00
yoff
d0663e5c3a
Merge pull request #4971 from RasmusWL/avoid-double-route-setup-django
...
Python: Avoid duplicated route-setup in django
2021-01-20 16:10:33 +01:00
Erik Krogh Kristensen
bf518f1c90
flag less overly general functions with js/unneeded-defensive-code
2021-01-20 15:48:12 +01:00
Mathias Vorreiter Pedersen
b0e255eb16
C++: Encapsulate skipSkippableInstructions in a module.
2021-01-20 15:45:37 +01:00
Tamas Vajk
ab8dc27b26
Add missing 'bindingset'
2021-01-20 15:44:05 +01:00
Tamas Vajk
727412b26b
Store by-ref type annotation in trap and add tests
2021-01-20 15:44:05 +01:00
Tamas Vajk
2804f5cba9
Add by-ref, and fix pinned CIL extraction
2021-01-20 15:44:05 +01:00
Tamas Vajk
f99bf5755c
Merge parameter extraction between methods and function pointers
2021-01-20 15:44:05 +01:00
Tamas Vajk
f986c15200
Add QL classes for CIL function pointers, and add test
2021-01-20 15:44:05 +01:00
Tamas Vajk
0c213d0926
C#: Extract function pointer types from CIL
2021-01-20 15:44:05 +01:00
Mathias Vorreiter Pedersen
f12ebe88e6
Revert "C++: Replace SkippableInstruction with local flow steps."
...
This reverts commit 258d04178f
2021-01-20 15:43:24 +01:00
Tamás Vajk
5fa0dd719c
Merge pull request #4619 from tamasvajk/feature/csharp9-function-pointer
...
C#: Extract function pointers
2021-01-20 15:42:58 +01:00
