42524 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Jeroen Ketema	b3ac7bda35	C++: Remove redundant parentheses	2022-06-23 07:25:53 +02:00
Jeroen Ketema	9cfd1a84b6	C++: Remove out-of-date comment, as we use mangled names in ResolveClass.qll	2022-06-23 07:24:04 +02:00
AlexDenisov	decb136471	Update swift/extractor/SwiftExtractor.cpp ... Co-authored-by: Paolo Tranquilli <redsun82@github.com>	2022-06-23 07:23:17 +02:00
thiggy1342	e838b83f5f	attempt to introduce dataflow tracking	2022-06-23 02:21:47 +00:00
Robert Marsh	813a8548d7	C++: accept test changes for globals in data flow	2022-06-22 16:42:42 -04:00
Geoffrey White	07b89b89d7	Swift: Clean up a bit.	2022-06-22 19:35:37 +01:00
Geoffrey White	19026e9ed5	Swift: Work around toString change.	2022-06-22 19:16:09 +01:00
Geoffrey White	da7f49155d	Swift: Use dataflow.	2022-06-22 19:16:09 +01:00
Geoffrey White	28d801fde3	Swift: CWE-135 query sources and sinks.	2022-06-22 19:16:08 +01:00
Robert Marsh	b609f1ea52	Merge pull request #9668 from MathiasVP/expr-nodes-for-properties ... Swift: Make sure property setters and getters also have `ExprNodes`	2022-06-22 14:09:46 -04:00
Robert Marsh	42929a70e8	Swift: implement LambdaCall in dataflow library	2022-06-22 17:30:54 +00:00
Andrew Eisenberg	5432be7b3a	Merge pull request #9667 from github/nickrolfe/js_downgrades ... JS: create downgrades pack	2022-06-22 10:30:41 -07:00
Mathias Vorreiter Pedersen	77b8ceb976	Swift: Make sure property setters and getters also have ExprNodes.	2022-06-22 17:53:41 +01:00
Nick Rolfe	d91e8a6309	JS: create downgrades pack	2022-06-22 17:31:49 +01:00
AlexDenisov	19bc9cf301	Merge pull request #9666 from github/redsun82/swift-code-reorg ... Swift: reorganize code	2022-06-22 18:28:08 +02:00
Paolo Tranquilli	cfde68023d	Swift: fix includes jumbled by IDE	2022-06-22 18:17:40 +02:00
Paolo Tranquilli	22321aa124	Swift: reorganize code ... Visitor code has been split between header and sources to speed up incremental build. Moreover the code was reorganized using a new `infra` bazel package (and `visitors` got promoted to a bazel package as well).	2022-06-22 18:11:58 +02:00
Paolo Tranquilli	7c958dfbb9	Merge pull request #9639 from github/redsun82/swift-extraction ... Swift: some expression extractions	2022-06-22 17:19:20 +02:00
Paolo Tranquilli	e25f22da26	Merge main into redsun82/swift-extraction	2022-06-22 16:54:52 +02:00
Chris Smowton	46e6203493	Merge pull request #9626 from smowton/smowton/fix/dont-emit-synthetic-parameter-names ... Kotlin: don't emit synthetic parameter names	2022-06-22 15:30:54 +01:00
Paolo Tranquilli	1fc2bc4938	Swift: really fix tests	2022-06-22 16:15:02 +02:00
Jeroen Ketema	f9e09da604	Merge pull request #9643 from jketema/namespace-variable-test ... C++: Add variable in namespace test	2022-06-22 15:58:26 +02:00
Mathias Vorreiter Pedersen	43bfa2af55	Merge pull request #9635 from MathiasVP/swift-add-remote-flow-sources ... Swift: Add `RemoteFlowSource`	2022-06-22 14:41:19 +01:00
Mathias Vorreiter Pedersen	a293fd1f3e	Merge pull request #9638 from geoffw0/stringlengthconflation ... Swift: String length conflation tests (for CVE-2022-23625)	2022-06-22 14:39:34 +01:00
Chris Smowton	00b4070866	Merge pull request #9659 from smowton/smowton/admin/invert-java-log-injection-query ... Java: Report log-injection at the source rather than the sink	2022-06-22 14:27:50 +01:00
Mathias Vorreiter Pedersen	07c4308a32	Merge branch 'main' into swift-add-remote-flow-sources	2022-06-22 14:27:44 +01:00
Robert Marsh	d13d4c6cd1	Merge pull request #9623 from MathiasVP/swift-interpretElement0 ... Swift: Interpret MaD strings	2022-06-22 09:27:13 -04:00
Geoffrey White	e07df0d0c8	Swift: make setters private in test.	2022-06-22 14:13:30 +01:00
Mathias Vorreiter Pedersen	1febe87356	Merge pull request #9644 from jketema/class-entry-fix ... C++: Ensure we can round trip between (forward) class declarations	2022-06-22 14:12:11 +01:00
Chris Smowton	44cf260762	Merge pull request #9571 from smowton/smowton/fix/array-variance-lowering ... Kotlin: Implement array type variance lowering	2022-06-22 13:38:21 +01:00
Chris Smowton	1f9f6d7c33	Java: Report log-injection at the source rather than the sink ... This should remove the problem of excessive grouping of different alerts that share a sink location, often due to wrapper functions that form the ultimate sink of all logging calls in a given codebase.	2022-06-22 13:05:20 +01:00
Tony Torralba	cc354caa1f	Merge pull request #9319 from atorralba/atorralba/add-editable-valueof-step ... Kotlin: Add taint step for String.valueOf(Editable)	2022-06-22 13:50:30 +02:00
Geoffrey White	f9e1e630f7	Swift: more accurate NSObject / NSString hierarchy in test.	2022-06-22 12:36:40 +01:00
Tamás Vajk	c0e115700d	Merge pull request #9647 from tamasvajk/kotlin-when-branch-encl-stmt ... Kotlin: Fix enclosing statement of `when` branches	2022-06-22 13:18:56 +02:00
Michael Nebel	8899bf7f05	C#: Update tests.	2022-06-22 13:03:23 +02:00
Michael Nebel	0ef97b41c8	C#: Update .NET Runtime models and add sources and sinks.	2022-06-22 13:03:10 +02:00
Jeroen Ketema	b1dd8da587	C++: Fix query formatting	2022-06-22 12:59:49 +02:00
Ian Lynagh	c7a6b1e9a7	Merge pull request #9640 from igfoo/igfoo/vis ... Kotlin/Java: Add the beginnings of a "visibility" consistency query	2022-06-22 11:34:15 +01:00
Paolo Tranquilli	3ed783df7f	Swift: fix tests	2022-06-22 12:14:47 +02:00
Paolo Tranquilli	aea4910be4	Merge pull request #9620 from github/redsun82/swift-codespace ... Swift: add devcontainer setup	2022-06-22 11:52:08 +02:00
Rasmus Wriedt Larsen	876ba71d9b	Python/JS/Ruby: Add change-note	2022-06-22 11:14:05 +02:00
Paolo Tranquilli	ee5c30ebda	Merge main into redsun82/swift-extraction	2022-06-22 11:11:20 +02:00
Paolo Tranquilli	e0784e0680	Swift: fix update-codeql ... Also require sudo at the start of the script if updating.	2022-06-22 11:05:30 +02:00
Rasmus Wriedt Larsen	2ce4b7b9fc	SensitiveDataHeuristics: sync	2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen	4be375521f	Python: Handle _ in sensitive-data-sources	2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen	4a844312f4	Python: _ in var name not handled by sensitive-data-sources	2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen	5dc2bb717a	Python: ignore common words (certain/concert) as sensitive source	2022-06-22 11:05:05 +02:00
Paolo Tranquilli	4377fb0552	Swift: auto-install codeql on codespace	2022-06-22 10:51:30 +02:00
Anders Schack-Mulligen	df6d68b215	Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class ... Dataflow: Deprecate BarrierGuard class	2022-06-22 10:44:08 +02:00
Michael Nebel	24ba5cc06e	Merge pull request #9025 from michaelnebel/csharp/generatedrefactor ... C#: Provenance column in Models as Data CSV format.	2022-06-22 10:34:31 +02:00