Simon Taranto
7adf477e2d
Update bad / good message for CWE 079
...
Previously, the "good" example still had the "BAD: " comment in it which was confusing.
This change updates the good example to have a "GOOD: " comment instead.
2020-08-21 15:31:47 -06:00
Robert Marsh
141d240813
C++: autoformat
2020-08-21 14:22:44 -07:00
Robert Marsh
4c82753e8d
C++: remove constexpr in stl.h temporarily
2020-08-21 14:22:32 -07:00
Robert Marsh
94d4e05c25
C++: Fix iterator taint flow
2020-08-21 14:04:45 -07:00
Robert Marsh
656340f5c6
C++: more tests for string iterator flow
2020-08-21 13:48:36 -07:00
Erik Krogh Kristensen
db57f3661e
Merge branch 'main' into ts4
2020-08-21 15:08:30 +02:00
Erik Krogh Kristensen
65a1769d43
Merge branch 'main' into asyncCalls
2020-08-21 14:58:27 +02:00
Erik Krogh Kristensen
1b655f9046
use threadsafe cache stored in ExtractorState
2020-08-21 14:45:24 +02:00
Erik Krogh Kristensen
7aca84cd45
search directly for "package.json" instead of iterating through the files in a folder
2020-08-21 14:31:49 +02:00
Erik Krogh Kristensen
3f0f2c796c
pass extension instead of locationManager to isAlways*Module
2020-08-21 14:27:47 +02:00
Erik Krogh Kristensen
bbbb0a2c5e
specialize module.createRequire support to ES2015 modules
2020-08-21 14:14:05 +02:00
Calum Grant
a93a84fb2e
Merge pull request #4065 from hvitved/csharp/dataflow-type-restriction
...
C#: Restrict `DataFlowType` to types belonging to `Node`s
2020-08-21 11:57:29 +01:00
yoff
d05954e5cc
Merge pull request #4109 from RasmusWL/python-basic-taint-tracking
...
Python: Basic taint tracking with shared library
2020-08-21 12:20:22 +02:00
Rasmus Lerchedahl Petersen
e1343c7f1e
Python: Support set literals.
2020-08-21 11:15:04 +02:00
Rasmus Lerchedahl Petersen
ccff84d546
Python: Test flow into conprehension
2020-08-21 10:40:22 +02:00
Rasmus Lerchedahl Petersen
f9b1c5e4bd
Python: Fix bug pointed out by reviewer
2020-08-21 10:04:27 +02:00
Erik Krogh Kristensen
e00951edf0
update TypeScript to 4.0.2
2020-08-21 09:50:27 +02:00
yoff
bfd9c0860f
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2020-08-21 09:43:29 +02:00
yoff
8e2b2540fa
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2020-08-21 09:39:00 +02:00
Tom Hvitved
86b91cec8a
Merge pull request #4111 from tamasvajk/feature/nullability-extraction
...
C#: Fix nullability warning in Semmle.Extraction
2020-08-21 09:22:05 +02:00
Tom Hvitved
ea77828a6a
Merge pull request #4116 from hvitved/csharp/print-ast-order-top-level
...
C#: Order top-level elements by location in `PrintAst.qll`
2020-08-21 09:09:20 +02:00
Tom Hvitved
b8cde180b9
C#: Order top-level elements by location in PrintAst.qll
2020-08-21 06:17:37 +02:00
CodeQL CI
29183fa0a1
Merge pull request #4067 from erik-krogh/noBin
...
Approved by esbena
2020-08-20 23:07:02 +01:00
CodeQL CI
508ade29f4
Merge pull request #4106 from erik-krogh/depTracked
...
Approved by esbena
2020-08-20 21:23:24 +01:00
Owen Mansel-Chan
caf77e2a44
Merge pull request #298 from smowton/smowton/admin/changenote-blank-lines
...
Remove blank lines from changenote
2020-08-20 16:05:29 +01:00
Tamas Vajk
9cdee63ed7
C#: Enable nullability checks on Semmle.Extraction.CIL
2020-08-20 16:46:42 +02:00
Tamas Vajk
b9e3b327d6
C#: Fix nullability warning in Semmle.Extraction
2020-08-20 16:33:02 +02:00
Erik Krogh Kristensen
cef681d009
bump extractor version (again)
2020-08-20 15:58:44 +02:00
Erik Krogh Kristensen
68f7942820
Merge branch 'main' into noBin
2020-08-20 15:58:15 +02:00
Jonas Jensen
d56a03389c
Merge pull request #4107 from geoffw0/vecmethods
...
C++: Initial models for std::vector
2020-08-20 15:53:35 +02:00
Anders Schack-Mulligen
bcad18f490
Java: Use the instance argument type in call contexts.
2020-08-20 15:17:04 +02:00
Rasmus Lerchedahl Petersen
94e6fd9199
Python: Convenience methods
...
asVar, asCfgNode, and asExpr
2020-08-20 15:16:23 +02:00
Erik Krogh Kristensen
fa8edeed6a
change StoredXss example to use TypeTracking
2020-08-20 15:05:38 +02:00
Erik Krogh Kristensen
906705f84c
add SourceNode example to the TrackedNode deprecation description
2020-08-20 15:01:40 +02:00
Rasmus Lerchedahl Petersen
5a734730de
Python: Control flow nodes are dataflow nodes
...
iff they are expression nodes
We could refine this later, but it seems to work for now...
2020-08-20 15:00:42 +02:00
Rasmus Wriedt Larsen
7fb8e0e277
Python: Add basic shared taint tracking test
2020-08-20 14:49:17 +02:00
Rasmus Wriedt Larsen
0baac8fd54
Python: Adjust shared taint tracking skeleton
...
So it fits the setup from Java/Go, with AdditionalTaintStep class.
2020-08-20 14:49:09 +02:00
Geoffrey White
3d171f358a
Merge remote-tracking branch 'upstream/main' into vecmethods
2020-08-20 13:29:28 +01:00
Erik Krogh Kristensen
372e1a3d84
support the "type" field on package.json files while extracting
2020-08-20 14:26:15 +02:00
Tamás Vajk
2a8ff8785a
C#: Add AST printing ( #4038 )
2020-08-20 14:24:43 +02:00
Geoffrey White
258b61c5f8
Update cpp/ql/src/semmle/code/cpp/models/implementations/StdContainer.qll
...
Co-authored-by: Jonas Jensen <jbj@github.com >
2020-08-20 12:53:23 +01:00
Geoffrey White
689c637d48
C++: Rename things.
2020-08-20 12:52:40 +01:00
Anders Schack-Mulligen
ec7a65777b
Merge pull request #3855 from JLLeitschuh/feat/JLL/jOOQ_SQL_injection
...
Add jOOQ methods as SQL Injection Sinks
2020-08-20 13:17:07 +02:00
Erik Krogh Kristensen
bf88c81f78
bump extractor version
2020-08-20 12:57:48 +02:00
Erik Krogh Kristensen
a347569385
inline StandardCharsets.UTF_8
2020-08-20 12:57:05 +02:00
Chris Smowton
b983778cd1
Merge pull request #297 from ginsbach/noinferred
...
remove reliance on InferredBinding
2020-08-20 11:52:14 +01:00
Erik Krogh Kristensen
410ef8fe0e
exit early if the default encoding is not UTF-8
2020-08-20 12:50:43 +02:00
Erik Krogh Kristensen
fe41521e0c
add tutorial for how to get around TrackedNodes deprecation
2020-08-20 12:46:17 +02:00
Chris Smowton
cc2a153c57
Remove blank lines from changenote
2020-08-20 11:45:29 +01:00
Owen Mansel-Chan
dbf1d24e19
Add new barrier guard for second half of path
2020-08-20 11:37:07 +01:00
