Asger Feldthaus
6dbeb81f36
Ruby: use AccessPathSyntax.qll to parse input/output summary specs
2022-02-21 08:16:55 +01:00
Asger Feldthaus
0af9e8aa58
C#: remove support for legacy syntax
2022-02-21 08:16:55 +01:00
Asger Feldthaus
6bb15dcc27
C#: update CSV rows to dot-separated syntax
2022-02-21 08:16:55 +01:00
Asger Feldthaus
dffa1d1558
C#: use AccessPathSyntax.qll to parse input/output summary specs
2022-02-21 08:16:55 +01:00
Asger Feldthaus
affdbe9955
Java: remove support for legacy syntax
2022-02-21 08:16:55 +01:00
Asger Feldthaus
a121b73181
Java: update CSV rows to dot-separated syntax
2022-02-21 08:16:55 +01:00
Asger Feldthaus
7f808710ec
Java: update model generator
2022-02-21 08:16:54 +01:00
Asger Feldthaus
753c557dbe
Java: use AccessPathSyntax.qll to parse input/output summary specs
2022-02-21 08:16:54 +01:00
Asger Feldthaus
53935db6c6
JS: Add support for " of " syntax to help during transition
2022-02-21 08:16:54 +01:00
Asger Feldthaus
30254686d8
JS: Move ".."-parsing trick into AccessPathSyntax.qll
2022-02-21 08:16:54 +01:00
Asger Feldthaus
7c2cff3227
JS: Factor out AccessPathSyntax.qll
2022-02-21 08:16:54 +01:00
Asger Feldthaus
e2cbf47b16
JS: Fix accidental recursion
2022-02-21 08:16:53 +01:00
Harry Maclean
e4f801bea8
Merge pull request #7886 from github/hmac/split-ruby-std-library
...
Ruby: split standard library models into multiple files
2022-02-21 13:39:43 +13:00
Harry Maclean
9a60c7e4ac
Ruby: Update filename in test fixture
2022-02-21 09:43:36 +13:00
Alex Ford
6b8537c4e0
Ruby: FileSystemWriteAccess changenote
2022-02-20 20:14:01 +00:00
Alex Ford
baabe66551
Ruby: update Files.ql tests for write accesses
2022-02-20 19:28:12 +00:00
Alex Ford
12ce3d4784
Ruby: Implement FileSystemWriteAccess for IO/File API
2022-02-20 19:27:11 +00:00
Alex Ford
4f0174e89a
Ruby: add FileSystemWriteAccess concept
2022-02-20 19:26:54 +00:00
jorgectf
c5f30d99d5
Create an extendable AdditionalTaintStep class in customizations
2022-02-20 17:34:12 +01:00
Dave Bartolomeo
ac9e2d0c6d
Parallel semantic modulus analysis
2022-02-18 17:43:27 -05:00
Dave Bartolomeo
e2e2c0e540
Fix a few bugs to make results of semantic sign analysis match the original AST analysis
2022-02-18 17:03:10 -05:00
Dave Bartolomeo
99f24e5a9e
Fix up sign analysis and create diff query
2022-02-18 13:03:26 -05:00
Dave Bartolomeo
5bd5f39ad8
Try parallel versions of sign analysis, AST vs. semantic
2022-02-18 12:28:36 -05:00
Rasmus Wriedt Larsen
9d81fd3b95
Python: Improve sanitizer/guards tests
...
Based on review conversation
2022-02-18 14:12:41 +01:00
Rasmus Wriedt Larsen
7aa559f4aa
Python: Restore dataflow consistency queries
2022-02-18 13:47:29 +01:00
Rasmus Wriedt Larsen
c5b6fb37b7
Python: Clean up NormalDataflowTest.qll
2022-02-18 13:47:29 +01:00
Rasmus Wriedt Larsen
67ca14876a
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2022-02-18 13:47:07 +01:00
Alex Ford
dd383f942f
Merge remote-tracking branch 'origin/main' into ruby/clear-text-logging
2022-02-17 15:32:31 +00:00
Alex Ford
33f4fffe16
Ruby: Simplify sub!/gsub! sanitizers for cleartext logging query
2022-02-17 13:10:44 +00:00
Jeroen Ketema
d4832b48c6
C++: Update DB scheme stats
2022-02-17 11:48:42 +01:00
Jeroen Ketema
e2bc4c88e4
C++: Expose is_structured_binding as a member of Variable
2022-02-17 11:44:08 +01:00
Jeroen Ketema
f875d722b0
C++: Add DB upgrade and downgrade scripts
2022-02-17 11:44:08 +01:00
Jeroen Ketema
f358f8f265
C++: Add DB relation identifying structured bindings
2022-02-17 11:44:08 +01:00
Asger Feldthaus
69995d5750
Shared: rephrase request forgery name and description
2022-02-17 09:07:08 +01:00
Asger Feldthaus
51442ddf47
JS: Add change note
2022-02-17 09:07:08 +01:00
Asger Feldthaus
3496ae131b
JS: Factor out <recommendation> part of qhelp
2022-02-17 09:07:08 +01:00
Harry Maclean
bfd2c14555
Ruby: Add shim StandardLibrary.qll
...
This file re-exports everything it used to define, marking each as
deprecated to warn users that they should import `Core` or `Stdlib`
instead.
2022-02-17 20:44:04 +13:00
Harry Maclean
459f949c24
Ruby: fix old import in ActiveSupport
...
codeql.ruby.frameworks.StandardLibrary is deprecated
2022-02-17 20:44:04 +13:00
Harry Maclean
9fff2cfcff
Ruby: Add missing documentation
2022-02-17 20:44:04 +13:00
Harry Maclean
546bfcb8ea
Ruby: split tests to match stdlib changes
2022-02-17 20:44:04 +13:00
Harry Maclean
eb4f333c25
Ruby: Move UnknownMethodCall to ast/Call.qll
2022-02-17 20:44:04 +13:00
Harry Maclean
a397c65d36
Ruby: Split standard library modeling
...
Split the classes modeling various standard library concepts into a
structured group of multiple files.
Things that are part of the core language live in framworks/core and
standard libraries (that aren't part of core) live in frameworks/stdlib.
This mirrors the structure followed by the Ruby docs
(https://docs.ruby-lang.org/en/3.1/ ).
Tests are split in a followup commit.
2022-02-17 20:44:04 +13:00
Robert Marsh
103796dfa8
C++: respond to PR comments on InsufficientKeySize
2022-02-16 14:58:29 -05:00
Robert Marsh
cfd9c9d137
C++: Update doc for `getMinimumKeySize
...
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com >
2022-02-16 14:53:09 -05:00
Ian Lynagh
a448db11b5
Merge pull request #8052 from igfoo/igfoo/descendent
...
Spelling: Use "descendant" rather than "descendent" for consistency
2022-02-16 18:03:52 +00:00
Robert Marsh
3637078a26
C++: change note for insufficient key size
2022-02-16 12:43:39 -05:00
Asger Feldthaus
8ac0ec8dfc
JS: Write help for ClientSideRequestForgery
2022-02-16 18:33:31 +01:00
Robert Marsh
d3665f935e
C++: add sample code for InsufficientKeySize.qhelp
2022-02-16 12:30:41 -05:00
luchua-bc
f136ea0f6f
Switch to the shared PathSanitizer library
2022-02-16 16:06:28 +00:00
Nick Rolfe
26e7f3273b
Merge pull request #8044 from github/nickrolfe/db_upgrade_script
...
Language-agnostic document on db up-/downgrades
2022-02-16 15:02:04 +00:00
