Tom Hvitved
6208071575
Merge pull request #10874 from hvitved/ruby/fix-test-syntax-error
...
Ruby: Fix syntax error in a test
2022-10-18 19:28:17 +02:00
Chris Smowton
b148e3168f
Java models-as-data: infer Kotlin $default models from that of its parent function
2022-10-18 18:17:08 +01:00
Geoffrey White
027b71381a
Swift: annotate all cases.
2022-10-18 16:38:02 +01:00
Paolo Tranquilli
65fd9cbf9c
Swift: docname and desc examples
2022-10-18 17:05:19 +02:00
Paolo Tranquilli
35c1d311c5
Swift: add doc name override
2022-10-18 17:04:51 +02:00
Paolo Tranquilli
8de7df9c21
Swift: add auto-generated docs for getters
2022-10-18 17:04:51 +02:00
Paolo Tranquilli
4d87abed0e
Swift: generate docname in qlgen
2022-10-18 17:04:51 +02:00
Paolo Tranquilli
5f7fa6f915
Swift: generate class docs
...
Python docstrings in `schema.py` are now added to the generated classes.
As an example, a docstring is added to `Expr`.
2022-10-18 17:04:51 +02:00
Paolo Tranquilli
f41fd81965
Swift: add docstring parsing
2022-10-18 16:54:26 +02:00
Tom Hvitved
61b9065135
Ruby: Fix syntax error in a test
2022-10-18 16:49:32 +02:00
Geoffrey White
73f977c98c
Merge pull request #10510 from geoffw0/staticfn
...
C++: Fix FPs for cpp/unused-static-function in files that were not extracted completely
2022-10-18 14:53:49 +01:00
Tony Torralba
1d745a6365
Merge pull request #10774 from atorralba/atorralba/swift/url-field-summaries
...
Swift: Add summaries for tainted URL fields
2022-10-18 15:32:23 +02:00
Arthur Baars
14f150c1f3
Merge pull request #10872 from aibaars/set-output
...
CI: update actions/cache to v3
2022-10-18 15:09:29 +02:00
Arthur Baars
55bda34a45
Ruby: drop beta notice
2022-10-18 15:07:35 +02:00
Jean Helie
e2462d8a2e
Merge pull request #10871 from github/atm-model-pack-update/f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d
...
ATM: Update model pack to version 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d
2022-10-18 14:55:21 +02:00
Paolo Tranquilli
fd46592dfb
Merge pull request #10869 from github/redsun82/swift-no-base-suffix
...
Swift: replace `Base` suffix with `Generated::` module
2022-10-18 14:28:08 +02:00
AlexDenisov
5e17861066
Merge pull request #10870 from github/redsun82/swift-rm-schema.yml
...
Swift: remove obsolete `schema.yml`
2022-10-18 14:23:48 +02:00
Arthur Baars
f56e155080
CI: update actions/cache to v3
2022-10-18 14:07:52 +02:00
github-actions[bot]
fa274e4375
ATM: Update ML model to 0.2.1-2022-09-06-08h55m54s.bubbly-basin-xpztl8fh.f3c3c9360a727959e428ecc6932257e6a546dc65d8a9baac525a49247123822d
2022-10-18 11:53:42 +00:00
Paolo Tranquilli
8a839c8b96
Swift: remove obsolete schema.yml
2022-10-18 12:51:56 +02:00
Paolo Tranquilli
9c7eec5e44
Swift: remove debug print from qlgen.py
2022-10-18 12:48:18 +02:00
Tony Torralba
0eeaf71716
Simplify models by introducing TaintInheritingContent
2022-10-18 12:36:18 +02:00
Paolo Tranquilli
e29fe54b3c
Swift: remove redudant import
2022-10-18 12:35:35 +02:00
Paolo Tranquilli
f4f5e3e382
Swift: remove redundant module namespace
2022-10-18 12:32:31 +02:00
Paolo Tranquilli
af3f782ad5
Swift: fix TypeDecl.qll
2022-10-18 12:21:06 +02:00
Paolo Tranquilli
581939d139
Swift: replace non-genereated Base suffixes
...
This is the effect of running
```
find swift/ql/lib/codeql/swift/elements -type f | xargs sed -ri 's/\b([A-Z]\w+)Base\b/Generated::\1/g'
```
followed by reformatting.
2022-10-18 12:21:06 +02:00
Paolo Tranquilli
307c885c1f
Swift: use Generated:: instead of Base suffix
...
This commit changes `codegen` and the generated classes.
2022-10-18 12:21:06 +02:00
Chris Smowton
2713b3ee06
Comment extraction: don't treat anonymous classes differently
2022-10-18 11:10:29 +01:00
Calum Grant
643cfced6a
Merge pull request #10837 from github/calumgrant/ruby-frameworks2
...
Ruby: Add more frameworks to the list of supported frameworks
2022-10-18 11:06:14 +01:00
Tamás Vajk
0069fd9681
Merge pull request #10860 from tamasvajk/kotlin-clinit-static
...
Kotlin: Add `static` modifier to `clinit`
2022-10-18 11:39:34 +02:00
Chris Smowton
50f99d8e82
Don't produce interface forwarders directed at an abstract target
2022-10-18 10:31:01 +01:00
erik-krogh
8a3e255e12
remove FPs in rb/stored-xss from spurious sources
2022-10-18 11:07:48 +02:00
Chris Smowton
67aa6c7737
Merge pull request #10822 from smowton/smowton/feature/kotlin-collection-literals
...
Koltin: support collection literals
2022-10-18 09:45:59 +01:00
erik-krogh
e47e20c5e7
remove use of HtmlSafeCall from tests
2022-10-18 10:43:24 +02:00
erik-krogh
5a98f66bef
simplify the modeling of html_safe. Any call to html_safe is now considered an XSS sink
2022-10-18 10:43:22 +02:00
Alex Denisov
0c3fd9fdcf
Swift: %/\t/\s/
2022-10-18 10:17:02 +02:00
Alex Denisov
ad9f5efcd7
Swift: stream directly instead of using intermediate string
2022-10-18 10:15:16 +02:00
Alex Denisov
eba7f1a744
Swift: simplify Bazel a bit
2022-10-18 10:04:50 +02:00
Tom Hvitved
19bcd287cb
Merge pull request #10867 from hvitved/ruby/orm-tracking-redundant-additional-step
...
Ruby: Remove redundant additional flow step from `OrmTracking::Configuration`
2022-10-18 10:03:51 +02:00
Tom Hvitved
d362296f1c
Merge pull request #10864 from hvitved/ruby/get-a-barrier-node-join-fix
...
Ruby: Fix bad join-order in `BarrierGuard::getABarrierNode`
2022-10-18 10:03:02 +02:00
Alex Denisov
a3b5f2239d
Swift: do not use C casts
2022-10-18 10:01:02 +02:00
Alex Denisov
44c26be2c4
Swift: make dealing with CF types typesafe
2022-10-18 09:53:06 +02:00
Tom Hvitved
1266d248ed
Ruby: Remove redundant additional flow step from OrmTracking::Configuration
2022-10-18 09:33:29 +02:00
Tamas Vajk
b67a8877a7
Kotlin: Add static modifier to clinit
2022-10-18 09:26:06 +02:00
Alex Denisov
d97669f9aa
Swift: add CMake target for xcode-autobuilder
2022-10-18 09:22:40 +02:00
Alex Denisov
6d754c42d7
Swift: do not use relative include paths
2022-10-18 09:14:48 +02:00
Alex Denisov
023fea68d0
Merge branch 'main' into alexdenisov/xcode-autobuilder
2022-10-18 09:12:47 +02:00
Tamás Vajk
543e2f5aab
Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers
...
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
2022-10-18 09:10:57 +02:00
Jami Cogswell
5f39888a2d
minor code restructure
2022-10-17 16:28:06 -04:00
Tom Hvitved
6c765a95ff
Ruby: Fix bad join-order in BarrierGuard::getABarrierNode
...
Before
```
Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@6c9d334e with tuple counts:
0 ~0% {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0
554860 ~0% {2} r2 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
1 ~0% {1} r3 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1
1 ~0% {1} r4 = r1 UNION r3
7 ~0% {1} r5 = JOIN r2 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1
3045081 ~1% {3} r6 = JOIN DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
3045081 ~1% {3} r7 = JOIN r6 WITH ControlFlowGraph#46cebcbd::CfgNode::getBasicBlock#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
554860 ~1% {3} r8 = JOIN r7 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2
1462917146 ~0% {3} r9 = JOIN r8 WITH SsaImpl#ff97b16a::Cached::getARead#1#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
5082692 ~1% {4} r10 = JOIN r9 WITH DataFlowPublic#e1781e31::guardControlsBlock#3#fff_102#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Rhs.2, Lhs.1
33 ~0% {1} r11 = JOIN r10 WITH BarrierGuards#2462899b::stringConstArrayInclusionCall#3#fff ON FIRST 3 OUTPUT Lhs.3
57 ~0% {1} r12 = JOIN r10 WITH BarrierGuards#2462899b::stringConstCompare#3#fff ON FIRST 3 OUTPUT Lhs.3
90 ~0% {1} r13 = r11 UNION r12
97 ~0% {1} r14 = r5 UNION r13
98 ~0% {1} r15 = r4 UNION r14
return r15
```
After
```
[2022-10-17 20:35:01] Evaluated non-recursive predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar in 65ms (size: 98).
Evaluated relational algebra for predicate XSS#e59174e9::Shared::Sanitizer#class#f@487a64ar with tuple counts:
0 ~0% {1} r1 = JOIN ActionView#3462bac2::RailsHtmlEscaping#f WITH project#DataFlowPublic#e1781e31::CallNode::getArgument#1#dispred#fff#3 ON FIRST 1 OUTPUT Lhs.0
33 ~0% {1} r2 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3
33 ~0% {1} r3 = r1 UNION r2
57 ~1% {1} r4 = JOIN DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::guardChecksSsaDef#3#fff WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::guardControlsSsaDef#4#ffff ON FIRST 3 OUTPUT Rhs.3
554860 ~0% {2} r5 = JOIN SsaImpl#ff97b16a::Cached::getARead#1#ff_10#join_rhs WITH DataFlowPrivate#462ff392::Cached::TExprNode#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1
1 ~0% {1} r6 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstArrayInclusionCall#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1
7 ~0% {1} r7 = JOIN r5 WITH DataFlowPublic#e1781e31::BarrierGuard#BarrierGuards#2462899b::stringConstCompare#::getAMaybeGuardedCapturedDef#0#f ON FIRST 1 OUTPUT Lhs.1
8 ~0% {1} r8 = r6 UNION r7
65 ~2% {1} r9 = r4 UNION r8
98 ~1% {1} r10 = r3 UNION r9
return r10
```
2022-10-17 20:39:30 +02:00
