Rasmus Wriedt Larsen
2541af6587
Python: Rewrite py/flask-debug
2022-10-04 20:41:18 +02:00
Rasmus Wriedt Larsen
05bca0249c
Python: Expand test for py/flask-debug
...
(I couldn't see one using positional argument)
2022-10-04 20:39:08 +02:00
Tom Hvitved
aae9a58ca3
Ruby: Remove ValuePairContent
2022-10-04 20:10:51 +02:00
Nick Rolfe
d69a658e06
Merge pull request #10673 from github/nickrolfe/no_abstract
...
Ruby: remove public abstract classes for Action{View,Controller}
2022-10-04 17:49:59 +01:00
Mathias Vorreiter Pedersen
4d697cd369
C++: Rephrase QLDoc.
2022-10-04 17:15:08 +01:00
Nick Rolfe
2e80926951
Ruby: fix a couple of references to deprecated names
2022-10-04 16:45:08 +01:00
Mathias Vorreiter Pedersen
32839021f8
C++: Fix join that might blow up in the future.
2022-10-04 16:43:02 +01:00
Nick Rolfe
445241fd95
Ruby: add missing qldoc comment
2022-10-04 16:31:54 +01:00
Nick Rolfe
2315a177fe
Ruby: add changenote for ActionView/Controller class renames
2022-10-04 16:22:11 +01:00
Nick Rolfe
227100d883
Ruby: make old class names available as deprecated aliases
2022-10-04 16:11:43 +01:00
Ed Minnix
3c7f5420db
Update metadata to match CWE-926
2022-10-04 10:48:05 -04:00
Geoffrey White
6380cc82ce
Merge pull request #10681 from geoffw0/classorstruct
...
Swift: Use ClassOrStructDecl
2022-10-04 15:44:28 +01:00
Ed Minnix
f888c4b279
Move files from CWE-276 to CWE-926
2022-10-04 10:40:34 -04:00
Geoffrey White
0ed89fb11a
Swift: Use ClassOrStructDecl.
2022-10-04 15:10:41 +01:00
Geoffrey White
d4742d22a0
Swift: 'Data' should be a struct.
2022-10-04 15:10:41 +01:00
Alex Ford
703829c647
Ruby: use taint tracking for rb/sensitive-get-query
2022-10-04 15:04:41 +01:00
Geoffrey White
e196caa7bd
Merge pull request #10595 from MathiasVP/swift-class-or-struct
...
Swift: Add `ClassOrStructDecl` class
2022-10-04 14:56:53 +01:00
Tamas Vajk
ea0a04a74f
Kotlin: extract unary plus and minus operators
2022-10-04 15:18:35 +02:00
Tamas Vajk
2e72ec748f
Kotlin: add numeric unary operator test cases
2022-10-04 15:18:35 +02:00
Erik Krogh Kristensen
264d74f996
Merge pull request #10676 from erik-krogh/kernelOpenMsg
...
RB: add a link to the source in the alert-message for `rb/kernel-open`
2022-10-04 15:18:15 +02:00
Michael Nebel
52d2dd71c0
Java: Make equivalent fix to the telemetry queries as made for C#.
2022-10-04 15:16:21 +02:00
Michael Nebel
6c6b4ce131
C#: Fix issue with TestLibraries not being excluded in the Telemetry queries and add Moq as a testlibrary.
2022-10-04 14:58:37 +02:00
Ian Lynagh
db673c0355
Merge pull request #10646 from tamasvajk/kotlin-java-kotlin-function-mapping
...
Kotlin: Simplify `kotlinFunctionToJavaEquivalent`
2022-10-04 13:46:22 +01:00
Rasmus Wriedt Larsen
60527dfc17
Python: Fix py/meta/alerts/remote-flow-sources-reach
2022-10-04 14:42:51 +02:00
erik-krogh
dedbe66619
update expected output
2022-10-04 14:16:07 +02:00
Michael Nebel
3455dd5e06
C#: Re-factor telemetry queries to avoid code duplication.
2022-10-04 14:13:50 +02:00
Tamas Vajk
81fffce79b
Kotlin: Extract parameter modifiers (noinline, crossinline)
2022-10-04 14:02:06 +02:00
Michael Nebel
2bbfdcf598
C#: Use api info string ordering and results to avoid multiplicity issues.
2022-10-04 13:51:35 +02:00
Erik Krogh Kristensen
5ba7c13ecd
fix alert-message by adding the link
...
Co-authored-by: Arthur Baars <aibaars@github.com >
2022-10-04 13:50:25 +02:00
erik-krogh
d370b2a51e
simplify the where clause of rb/kernel-open
2022-10-04 13:49:50 +02:00
Arthur Baars
ae7e6ef701
Ruby: update dependencies
2022-10-04 13:44:22 +02:00
erik-krogh
bf74481f65
add a link to the source in the alert-message for rb/kernel-open
2022-10-04 13:41:50 +02:00
Tamas Vajk
09051e76cf
Kotlin: extract isEnumConstant relation
2022-10-04 13:30:02 +02:00
Tamas Vajk
876bea653d
Kotlin: Add test case for missing enum constants
2022-10-04 13:29:15 +02:00
Tamas Vajk
d2861361d9
Kotlin: extract implInterface
2022-10-04 13:12:01 +02:00
Tamas Vajk
d50be83f57
Kotlin: add test to distinguish implements vs extends
2022-10-04 13:10:19 +02:00
Arthur Baars
88b5d4da16
Ruby: extend may have multiple arguments
2022-10-04 12:58:50 +02:00
Arthur Baars
ab3a62de3c
Update ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowPrivate.qll
2022-10-04 12:58:50 +02:00
Tom Hvitved
6e61ef10b8
Ruby: Add another dataflow copy
2022-10-04 12:58:50 +02:00
Tom Hvitved
9d7d6c29f9
Review comments
2022-10-04 12:58:50 +02:00
Tom Hvitved
77c47bc856
Ruby: Add another call graph test
2022-10-04 12:58:49 +02:00
Arthur Baars
44cc6f7350
Ruby: improve tracking of regular expressions
...
There are two flavours of `match?`. If the receiver of `match?` has type String
then the argument to `match?` is a regular expression. However, if the receiver of
`match?` has type Regexp then the argument is the text.
The role of receiver and argument flips depending on the type of the receiver, this
caused a lot of false positives when looking for string-like literals that are
used as a regular expression.
This commit attempts to improve things by trying to determine whether the type of the
receiver is known to be of type Regexp. In such cases we know that the argument
is unlikely to be regular expression.
2022-10-04 12:58:49 +02:00
Arthur Baars
0160c374e4
Ruby: add flow summaries for Object#dup and Kernel#tap
2022-10-04 12:58:49 +02:00
Arthur Baars
5d55daa491
Ruby: use resolveConstantReadAccess instead of trackModuleAccess for 'extend' calls
...
This avoids non-linear recursion at the cost of losing some results.
2022-10-04 12:58:49 +02:00
Arthur Baars
c2b98a4761
Ruby: add support for 'extend' method
2022-10-04 12:58:49 +02:00
Arthur Baars
09bc78eafc
Ruby: local dataflow step for || and &&
2022-10-04 12:58:49 +02:00
Arthur Baars
e95b5468d9
Ruby: use Dataflow for Pathname instead of TypeTracking
2022-10-04 12:58:49 +02:00
Arthur Baars
f9b952f04f
Ruby: Pathname use TypeTracker instead of local flow
2022-10-04 12:58:49 +02:00
Jami Cogswell
25cb3236a2
apply review suggestions
2022-10-04 12:33:24 +02:00
Jami Cogswell
91db1be399
update Intent file
2022-10-04 12:33:24 +02:00
