Owen Mansel-Chan
|
7e42ccfbf1
|
Don't cache defaultTaintSanitizerGuard for java
|
2022-01-13 11:36:20 +00:00 |
|
Michael Nebel
|
7c11e2d7e9
|
C#: Add a consistency test for getAPrimaryQlClass
|
2022-01-13 12:20:42 +01:00 |
|
Michael Nebel
|
6b937a939b
|
C#: Add getAPrimaryQlClass overrides
|
2022-01-13 12:20:41 +01:00 |
|
Stephan Brandauer
|
40ad88ba53
|
Merge pull request #7474 from kaeluka/db-reads-as-taint-sources
JS: DB reads as taint sources
|
2022-01-13 12:06:48 +01:00 |
|
Michael Nebel
|
8583a4ffea
|
Merge pull request #7583 from michaelnebel/csharp/fix-broken-test
C#: Narrow string interpolation expressions to a specific single file in testcase.
|
2022-01-13 11:37:52 +01:00 |
|
Erik Krogh Kristensen
|
89bab6ae12
|
Merge pull request #7097 from erik-krogh/railsReDoS
JS/PY/RB: support a limited number of ranges for ReDoS analysis
|
2022-01-13 11:04:36 +01:00 |
|
Stephan Brandauer
|
93507a2d71
|
combine two implementations for database-accesses as remote flow sources
|
2022-01-13 10:53:58 +01:00 |
|
Michael Nebel
|
aacb03a74b
|
C#: Narrow string interpolation expressions to a specific single file in testcase.
|
2022-01-13 10:25:33 +01:00 |
|
Stephan Brandauer
|
63aaf24063
|
base implementation of Sequelize model on models-as-data
|
2022-01-13 09:41:25 +01:00 |
|
Anders Schack-Mulligen
|
da69886777
|
Merge pull request #7580 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2022-01-13 09:26:00 +01:00 |
|
Sebastian Bauersfeld
|
a6e4f29560
|
Java: Use the interface instead of the abstract class
|
2022-01-13 14:13:36 +07:00 |
|
Sebastian Bauersfeld
|
69f329ffec
|
Java: Add test cases for AbstractMessageSource.getMessage() methods
|
2022-01-13 14:13:27 +07:00 |
|
Sebastian Bauersfeld
|
39b6678b7d
|
Java: Add test case for StringEscapeUtils.escapeJson() taint step.
|
2022-01-13 11:18:37 +07:00 |
|
github-actions[bot]
|
625836a3be
|
Add changed framework coverage reports
|
2022-01-13 00:11:30 +00:00 |
|
Andrew Eisenberg
|
8a4120a08d
|
Changenotes: Add changenotes for upgrades refactoring
|
2022-01-12 11:38:43 -08:00 |
|
Andrew Eisenberg
|
e435a3e9c3
|
Changenotes: Add changenotes for upgrades refactoring
|
2022-01-12 11:36:31 -08:00 |
|
Henry Mercer
|
1c3c9216f5
|
Merge pull request #7576 from github/henrymercer/js-bump-atm-versions
JS: Bump ATM pack versions to 0.0.4
|
2022-01-12 16:53:10 +00:00 |
|
Stephan Brandauer
|
09a28c428c
|
base implementation of Spanner model on models-as-data
|
2022-01-12 17:07:16 +01:00 |
|
Henry Mercer
|
9abc3411a4
|
JS: Bump ATM pack versions to 0.0.4
|
2022-01-12 15:19:13 +00:00 |
|
Robert Marsh
|
5031d6c4a3
|
Merge pull request #7566 from MathiasVP/smaller-join-in-reachesRefParameter
C++: Smaller join in `reachesRefParameter`
|
2022-01-12 10:04:35 -05:00 |
|
Owen Mansel-Chan
|
8e8278764b
|
Add predicate defaultTaintSanitizerGuard for each language
This was done manually, as these files are not synced by sync-files.py.
|
2022-01-12 14:44:56 +00:00 |
|
Owen Mansel-Chan
|
c112980b81
|
Sync TaintTrackingImpl.qll
Done automatically using sync-files.py
|
2022-01-12 14:44:55 +00:00 |
|
Owen Mansel-Chan
|
9ec3d7787c
|
Add option for default taint sanitizer guard
This allows languages to specify A sanitizer guard in all
global taint flow configurations but not in local taint.
|
2022-01-12 14:44:55 +00:00 |
|
github-actions[bot]
|
8a2d92badc
|
Post-release preparation for codeql-cli-2.7.5
|
2022-01-12 13:28:43 +00:00 |
|
github-actions[bot]
|
970e8e1f91
|
Post-release preparation for codeql-cli-2.7.5
|
2022-01-12 13:28:33 +00:00 |
|
Henry Mercer
|
7f61738a23
|
Use US English spelling
|
2022-01-12 13:07:09 +00:00 |
|
Henry Mercer
|
6e37a65e84
|
Remove CodeToFeatures AST library
|
2022-01-12 12:47:28 +00:00 |
|
Henry Mercer
|
957e34d8a7
|
Make function body features library independent of CodeToFeatures AST
|
2022-01-12 12:47:28 +00:00 |
|
Henry Mercer
|
9e50ce873d
|
Move function body features into their own file
|
2022-01-12 12:47:28 +00:00 |
|
Henry Mercer
|
865fb5d0ef
|
Migrate representative entity -> representative function
|
2022-01-12 12:47:27 +00:00 |
|
Henry Mercer
|
0e5b493d0e
|
Remove CodeToFeatures AST consistency checks
We no longer use the `CodeToFeatures` AST, therefore these checks are
defunct.
|
2022-01-12 12:47:27 +00:00 |
|
Henry Mercer
|
387829bbb4
|
Extract body tokens from the JS AST, not the CodeToFeatures AST
|
2022-01-12 12:47:25 +00:00 |
|
Henry Mercer
|
3ef69763a7
|
Merge pull request #7567 from github/henrymercer/atm-body-tokens-perf-opt
ATM: Optimize body tokens by pushing in size restriction
|
2022-01-12 12:45:27 +00:00 |
|
Tamás Vajk
|
9065a7f320
|
Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr
Java: Fix toString on field declarations with single field
|
2022-01-12 13:03:16 +01:00 |
|
Tony Torralba
|
8a80e02861
|
Merge pull request #7574 from pwntester/improve_strings_qll
Add models for AbstractStringBuilder.substring,subsequence,getChars
|
2022-01-12 12:01:28 +01:00 |
|
Tony Torralba
|
c2105e506b
|
Added test cases
|
2022-01-12 11:06:58 +01:00 |
|
Alvaro Muñoz Sanchez
|
715d372572
|
Add models for AbstractStringBuilder.substring,subsequence,getChars
|
2022-01-12 10:54:27 +01:00 |
|
Anders Schack-Mulligen
|
c6a9b2b6ff
|
Merge pull request #7572 from github/workflow/coverage/update
Update CSV framework coverage reports
|
2022-01-12 09:39:14 +01:00 |
|
Mathias Vorreiter Pedersen
|
9e51908b02
|
Merge pull request #7551 from MathiasVP/fix-join-orders-in-unsigned-difference-expr-query
C++: Fix join orders in `cpp/unsigned-difference-expression-compared-zero`
codeql-cli/v2.7.5
|
2022-01-12 08:29:03 +00:00 |
|
Tamas Vajk
|
b9e0310aa2
|
Java: Fix toString on field declarations with single field
|
2022-01-12 09:22:16 +01:00 |
|
Michael Nebel
|
f17c110f51
|
Merge pull request #7562 from michaelnebel/csharp/record-seal-tostring
C#: Record types are allowed to seal ToString (test only).
|
2022-01-12 08:08:32 +01:00 |
|
luchua-bc
|
263dbd33f6
|
Optimize the query
|
2022-01-12 02:33:17 +00:00 |
|
github-actions[bot]
|
c79e8ab440
|
Add changed framework coverage reports
|
2022-01-12 00:10:48 +00:00 |
|
Andrew Eisenberg
|
e4eb2c2a59
|
Update docs on the output of resolve qlpacks
The output has changed and there are no more upgrades
packs. There are also other changes included here.
|
2022-01-11 15:54:53 -08:00 |
|
Andrew Eisenberg
|
da4f1d86aa
|
Merge pull request #7355 from github/aeisenberg/remove-upgrades
Move upgrades into standard library packs
|
2022-01-11 14:09:10 -08:00 |
|
Andrew Eisenberg
|
2b8e4b2ffa
|
Merge pull request #628 from github/aeisenberg/upgrades/work
Push upgrades pack into lib pack
|
2022-01-11 14:09:06 -08:00 |
|
Andrew Eisenberg
|
6ceebc7d1e
|
Merge branch 'main' into aeisenberg/upgrades/work
|
2022-01-11 11:27:35 -08:00 |
|
Andrew Eisenberg
|
07228672df
|
Merge branch 'main' into aeisenberg/remove-upgrades
|
2022-01-11 11:25:27 -08:00 |
|
Mathias Vorreiter Pedersen
|
c45127fdd6
|
Merge pull request #7541 from github/rdmarsh2/dataflow-ipa-params
C++: Use an IPA type rather than negative indexes for argument/parameter matching in data flow
|
2022-01-11 16:52:13 +00:00 |
|
Tony Torralba
|
7b0d9ea525
|
Merge pull request #7054 from atorralba/atorralba/promote-log-injection
Java: Promote Log Injection from experimental
|
2022-01-11 17:26:18 +01:00 |
|