Paolo Tranquilli
23344a7183
Merge branch 'main' into redsun82/swift-linkage-awareness
2023-01-24 15:47:44 +01:00
Jeroen Ketema
ae2fa6c1a4
Merge pull request #11975 from MathiasVP/another-dataflow-loop
...
C++: Add another looping dataflow test
2023-01-24 14:21:16 +01:00
Calum Grant
522c9d640d
Merge pull request #11957 from github/yoff-list-support-for-python-3.11
...
Update supported-versions-compilers.rst
2023-01-24 10:15:11 +00:00
Mathias Vorreiter Pedersen
510211a4c7
C++: Add testcase with looping behavior in C/C++ def-use flow.
2023-01-24 09:44:30 +00:00
Michael Nebel
4df615f994
Merge pull request #11922 from michaelnebel/csharp11/strings
...
C# 11: String related functionality.
2023-01-24 10:31:31 +01:00
Michael Nebel
0b04654f33
C#: Update expected test output.
2023-01-24 09:51:47 +01:00
Michael Nebel
4c966f2b8a
C#: Add some more UTF-8 encoded string examples.
2023-01-24 09:49:38 +01:00
Mathias Vorreiter Pedersen
ca5916f3dc
Merge pull request #11946 from MathiasVP/fix-taint-models-2
2023-01-24 08:13:43 +00:00
dependabot[bot]
fd22c7c73e
Bump serde_json from 1.0.72 to 1.0.91 in /ruby
...
Bumps [serde_json](https://github.com/serde-rs/json ) from 1.0.72 to 1.0.91.
- [Release notes](https://github.com/serde-rs/json/releases )
- [Commits](https://github.com/serde-rs/json/compare/v1.0.72...v1.0.91 )
---
updated-dependencies:
- dependency-name: serde_json
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-24 06:39:13 +00:00
dependabot[bot]
c4bf25f33c
Bump regex from 1.5.5 to 1.7.1 in /ruby
...
Bumps [regex](https://github.com/rust-lang/regex ) from 1.5.5 to 1.7.1.
- [Release notes](https://github.com/rust-lang/regex/releases )
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md )
- [Commits](https://github.com/rust-lang/regex/compare/1.5.5...1.7.1 )
---
updated-dependencies:
- dependency-name: regex
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-24 06:39:09 +00:00
dependabot[bot]
b1f73b59cd
Bump flate2 from 1.0.22 to 1.0.25 in /ruby
...
Bumps [flate2](https://github.com/rust-lang/flate2-rs ) from 1.0.22 to 1.0.25.
- [Release notes](https://github.com/rust-lang/flate2-rs/releases )
- [Commits](https://github.com/rust-lang/flate2-rs/compare/1.0.22...1.0.25 )
---
updated-dependencies:
- dependency-name: flate2
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com >
2023-01-24 06:39:03 +00:00
Arthur Baars
c512eddb69
Merge pull request #11969 from hmac/simplify-ruby-dependabot-config
...
Ruby: Simplify dependabot config
2023-01-24 07:34:45 +01:00
Harry Maclean
8050639b16
Ruby: Simplify dependabot config
...
Dependabot is able to understand cargo workspaces, so it's not necessary
to enumerate each workspace member. It should be enough to configure it
with the workspace root directory. This will hopefully ensure that the
Cargo.lock file gets updated correctly.
2023-01-24 16:37:10 +13:00
Harry Maclean
e6e4e29bf8
Ruby: newline
2023-01-23 21:53:52 +00:00
Harry Maclean
224db456af
Ruby: Simplify isRackResponse
2023-01-23 21:53:09 +00:00
Harry Maclean
60f9635ada
Ruby: Move import
2023-01-23 21:51:27 +00:00
Harry Maclean
c1207e0938
Ruby: Fix rack response tracking
...
Use type tracking instead of getReturningNode, which seems to be faster
and works correctly for the cases I've tried.
2023-01-23 21:43:04 +00:00
erik-krogh
49f5e89f36
update expected output for experimental query
2023-01-23 22:29:49 +01:00
Erik Krogh Kristensen
fc66c905ff
Merge pull request #11859 from erik-krogh/moreShell
...
JS: slightly broaden the regular expression that recognizes bad string-concats used as shell commands
2023-01-23 22:26:17 +01:00
Henry Mercer
21e63a8a86
Merge pull request #11967 from github/codeql-ci/atm/release-0.4.6
...
JS: Bump version numbers of ML-powered packs after 0.4.6 release
2023-01-23 20:43:18 +00:00
Henry Mercer
241951f53e
Merge branch 'main' into codeql-ci/atm/release-0.4.6
2023-01-23 18:24:36 +00:00
github-actions[bot]
be481d975c
JS: Bump version of ML-powered library and query packs to 0.4.7
2023-01-23 18:22:18 +00:00
github-actions[bot]
40a67d61d2
JS: Bump patch version of ML-powered library and query packs
2023-01-23 18:15:56 +00:00
Geoffrey White
25bcaa3a54
Merge pull request #11966 from geoffw0/usenumerics
...
Swift: Use numeric types in CleartextLogging.qll.
2023-01-23 18:06:17 +00:00
Sid Shankar
e32823c3e0
Merge pull request #11964 from github/sidshank/update-supported-language-versions-Jan-2023
...
Update supported language versions in documentation
2023-01-23 12:12:43 -05:00
Geoffrey White
19527016a5
Swift: Use numeric types in CleartextLogging.qll.
2023-01-23 16:52:03 +00:00
Geoffrey White
5ddff790b6
Swift: Autoformat.
2023-01-23 16:46:58 +00:00
Rasmus Wriedt Larsen
0879c8f8e1
Python: Expand comments on C3 MRO
2023-01-23 17:40:24 +01:00
Rasmus Wriedt Larsen
80324735bb
Python: Fixup annotation for CWE-022-PathInjection/pathlib_use.py
2023-01-23 17:40:24 +01:00
Sid Shankar
f77d156e9a
Update supported version of Java
2023-01-23 15:41:35 +00:00
Sid Shankar
444df6fccb
Update supported version of Go
2023-01-23 15:41:02 +00:00
Erik Krogh Kristensen
240248b9cf
Merge pull request #11453 from erik-krogh/unsafeHtmlConstruction
...
RB: add unsafe-html-construction query
2023-01-23 16:40:25 +01:00
erik-krogh
11894144aa
remove regular expression that did nothing
2023-01-23 16:38:09 +01:00
Jeroen Ketema
0a0d6d0841
Merge pull request #11963 from MathiasVP/testcase-with-loop
...
C++: Add testcase with looping behavior
2023-01-23 16:33:36 +01:00
Erik Krogh Kristensen
5be97f3761
Merge pull request #11909 from erik-krogh/concatCode
...
Rb: recognize string concatenations as sinks for unsafe-code-construction
2023-01-23 16:22:46 +01:00
Mathias Vorreiter Pedersen
a217017859
C++: Add testcase with looping behavior in C/C++ use-use flow.
2023-01-23 14:29:39 +00:00
erik-krogh
ae00518ddf
remove the isAdditionalTaintStep predicate from UnsafeHtmlConstructionQuery, as it was not needed
2023-01-23 15:27:19 +01:00
erik-krogh
7c6ee5f293
Merge branch 'main' into unsafeHtmlConstruction
2023-01-23 15:01:01 +01:00
Erik Krogh Kristensen
32c4cf5769
Apply suggestions from code review
...
Co-authored-by: Alex Ford <alexrford@users.noreply.github.com >
2023-01-23 14:58:04 +01:00
erik-krogh
800077dabe
changes based on feedback
2023-01-23 14:54:36 +01:00
Erik Krogh Kristensen
a10b45e0db
Merge pull request #11927 from mvogelgesang/express-rate-limit
...
JS: Updated express-rate-limit example to match implementation examples f…
2023-01-23 14:37:50 +01:00
Jeroen Ketema
05ecd2e015
Merge pull request #11958 from jketema/argv-if-tests
...
C++: Add some additional uncontrolled format string tests
2023-01-23 14:05:07 +01:00
erik-krogh
3cece50f78
add encodeURIComponent as a sanitizer for request-forgery
2023-01-23 13:53:53 +01:00
erik-krogh
be8ef1b324
add failing test
2023-01-23 13:52:36 +01:00
Erik Krogh Kristensen
45aaeb897a
Merge pull request #11955 from erik-krogh/docFrameworks
...
JS: add Fastify and restify to the list of supported frameworks
2023-01-23 13:14:15 +01:00
Philip Ginsbach
78a2dfa7c4
Merge pull request #11939 from github/ginsbach/DocumentNewNamespaces
...
document new namespaces
2023-01-23 12:12:49 +00:00
Chris Smowton
fea97a22c6
Merge pull request #11827 from smowton/smowton/admin/test-gradle-script-parsing
...
Java: Add integration tests for Android projects
2023-01-23 11:39:24 +00:00
Philip Ginsbach
8a3972049b
fix grammar
2023-01-23 11:15:22 +00:00
Jeroen Ketema
cfc0dabad9
C++: Add some additional uncontrolled format string tests
...
These duplicate the `i9` and `i91` tests slightly earlier in the same file, but
use an explicit `if` instead of the ternary operator.
2023-01-23 11:50:45 +01:00
Mathias Vorreiter Pedersen
470abfd0aa
C++: Conflate iterator value and indirection for taint-flow to fix AST dataflow.
2023-01-23 10:40:25 +00:00
