Erik Krogh Kristensen
3a1a94b8af
Merge pull request #10798 from erik-krogh/matchCaseReg
...
Rb: add case-when expressions as a sink to rb/polynomial-redos
2022-10-13 13:55:42 +02:00
Arthur Baars
6ea2b87224
Merge pull request #10811 from aibaars/silence-warning
...
Ruby: remove warning
2022-10-13 13:38:25 +02:00
Tom Hvitved
758494b10a
Merge pull request #10790 from hvitved/csharp/avoid-get-a-reachable-read
...
C#: Deprecate `AssignableRead::getAReachableRead`
2022-10-13 13:25:01 +02:00
Tom Hvitved
19e3d7cdb2
Merge pull request #10769 from hvitved/csharp/cil-ssa-data-flow-nodes
...
C#: Include CIL SSA definitions in `DataFlow::Node`
2022-10-13 13:24:44 +02:00
Anders Schack-Mulligen
d79a7e863a
Merge pull request #10806 from aschackmull/dataflow/additional
...
Dataflow: Add additional annotation.
2022-10-13 13:02:48 +02:00
Arthur Baars
16b035600e
Ruby: remove warning
2022-10-13 13:01:06 +02:00
Calum Grant
8305a634fa
Update Ruby frameworks
2022-10-13 11:50:30 +01:00
sylwia-budzynska
fec3ab7e01
Update Frameworks.qll
2022-10-13 12:46:20 +02:00
Calum Grant
7db37d9201
Update supported Ruby version
2022-10-13 11:46:14 +01:00
Sylwia Budzynska
5f737c82a4
Resolve confilct
2022-10-13 12:43:47 +02:00
Alex Ford
a65850e922
Merge pull request #10784 from alexrford/ruby/pathname-existence
...
Ruby: model `Pathname#existence` extension from `ActiveSupport`
2022-10-13 11:38:22 +01:00
Sylwia Budzynska
646c9b559b
Add tests
2022-10-13 12:36:57 +02:00
Sylwia Budzynska
e41d79e37d
Add python cx_oracle, phoenixdb, pyodbc models
2022-10-13 12:36:41 +02:00
erik-krogh
3a3a5aa17c
add case-in as a sink for polynomial-redos
2022-10-13 12:36:07 +02:00
Alvaro Muñoz
468628525e
Change to camelcase
2022-10-13 12:18:07 +02:00
Alvaro Muñoz
ea8edb8408
initial tests
2022-10-13 11:32:21 +02:00
Anders Schack-Mulligen
30a891c2e7
Java: Fix compilation errors.
2022-10-13 11:19:57 +02:00
Anders Schack-Mulligen
51dfb319f5
Java: autoformat
2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
ac3379657d
Java: qldoc fix and changenote.
2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
5b8fa3f8f9
Java: Add test for Stream.collect.
2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
8c7b6d6f20
Java: Add support for synthetic callables with flow summaries and model Stream.collect.
2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
036724ce8d
Dataflow: Sync.
2022-10-13 11:03:30 +02:00
Anders Schack-Mulligen
c4915b27e7
Dataflow: Add additional annotation.
2022-10-13 11:03:08 +02:00
Tamás Vajk
6c781b5b1a
Merge pull request #10789 from tamasvajk/kotlin-useless-params
...
Kotlin: reduce FPs in useless parameter check for Kotlin code
2022-10-13 09:40:54 +02:00
Jami Cogswell
e0f0d554cb
condense code
2022-10-12 22:18:07 -04:00
Harry Maclean
a3c14f7f46
Update test
2022-10-13 13:57:28 +13:00
Harry Maclean
8e55e62b15
Ruby: Add change note
2022-10-13 13:24:16 +13:00
Harry Maclean
4686718630
Ruby: Add kind to Http::Server::RequestInputAccess
...
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
2022-10-13 13:24:16 +13:00
Harry Maclean
9eff4936cf
Ruby: Restrict request methods to user-controlled
2022-10-13 13:24:16 +13:00
Harry Maclean
ad464abde2
Ruby: Model more params accesses
2022-10-13 13:24:16 +13:00
Erik Krogh Kristensen
10aab81f42
Merge pull request #10799 from jsoref/spelling-nfautils
...
ReDoS: Spelling nfautils
2022-10-12 23:09:06 +02:00
Jami Cogswell
bcb506b637
add placeholder qldocs
2022-10-12 17:04:51 -04:00
Jami Cogswell
bfbb6db436
clean up code
2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0
refactor code into InsufficientKeySize.qll
2022-10-12 15:39:57 -04:00
Henry Mercer
c3af41b907
Merge pull request #10781 from github/codeql-ci/js/ml-powered-pack-release-0.3.5
...
JS: Bump version numbers of ML-powered packs after 0.3.5 release
2022-10-12 20:20:31 +01:00
Josh Soref
09c8a98761
spelling: representation
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a
spelling: repeatable
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b
spelling: pattern
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-12 15:20:24 -04:00
Asger F
d28b9af8bd
Merge pull request #10791 from asgerf/rb/rails-render-file
...
Ruby: treat render 'file:' argument as a file system access
2022-10-12 21:18:32 +02:00
Josh Soref
c7ae0728f3
spelling: javascript
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-12 15:02:00 -04:00
Josh Soref
98b317d1a5
spelling: escape
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-12 15:02:00 -04:00
Josh Soref
370da943dc
spelling: abcdefghijklmnopqrstuvwxyz
...
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com >
2022-10-12 15:02:00 -04:00
Rasmus Lerchedahl Petersen
fb90089973
python: rewrite model for Aiohttp
2022-10-12 20:15:49 +02:00
Rasmus Lerchedahl Petersen
db616a526a
python: rewrite models using subscripts
...
more rewrites could be done to these models
for instance, I think the extra taint configuration could be removed,
but here I just wanted to illustrate the benefits of the new API graph.
2022-10-12 20:15:49 +02:00
Rasmus Lerchedahl Petersen
0b8e908823
Python: fix def nodes for subscript
...
We were using `getMember` for dictionaries, these are now getIndex
Also add convenience predicate for string keys
2022-10-12 20:13:48 +02:00
erik-krogh
66b3fe3425
add case-when expressions as a sink to rb/polynomial-redos
2022-10-12 19:57:01 +02:00
Chris Smowton
429d400125
Kotlin: fix bit-inversion operator for Byte and Short types
2022-10-12 17:23:16 +01:00
Jeroen Ketema
99b9101455
Merge pull request #10796 from github/nickrolfe/implicit_this
...
C++: use explicit `this`
2022-10-12 18:11:06 +02:00
Nick Rolfe
cfb9277cd7
C++: use explicit this
2022-10-12 16:11:45 +01:00
Alex Ford
0536d4b540
Merge branch 'main' into ruby/activejob-deserialize
2022-10-12 15:04:12 +01:00
