Tom Hvitved
ee01e9ab35
Merge pull request #12554 from hvitved/ruby/clear-text-logging-hashes
...
Ruby: Rely on built-in hash-flow in clear text storage query
2023-03-17 09:21:11 +01:00
Harry Maclean
5332344e5d
Work around github actions bug
2023-03-17 12:13:30 +13:00
Harry Maclean
2abb03304d
Install required dependencies for gh in centos 7
2023-03-17 11:56:04 +13:00
Harry Maclean
c447e125bb
Ruby: Install gh cli in centos7 test
2023-03-17 10:59:49 +13:00
Harry Maclean
2c63dbad67
Merge pull request #11954 from hmac/sinatra
...
Ruby: Model Sinatra
2023-03-17 10:46:52 +13:00
erik-krogh
f1094cd3d6
bump to stable release
2023-03-16 22:38:54 +01:00
Harry Maclean
d4020ad305
Ruby: Run extractor test on centos 7
2023-03-17 10:38:45 +13:00
erik-krogh
f3c7aed1f9
bump to RC
2023-03-16 22:37:58 +01:00
erik-krogh
e00c41c6e2
add change-note and bump version
2023-03-16 22:37:56 +01:00
erik-krogh
a63739915d
add test confirming support for const type parameters
2023-03-16 22:37:35 +01:00
erik-krogh
2c1c41d8a3
add test confirming end-to-end support for well-typed decorators with the new TS 5.0 type ClassMethodDecoratorContext
2023-03-16 22:37:35 +01:00
erik-krogh
d47659b48e
upgrade to TypeScript 5.0 beta, and unbreak things that broke
2023-03-16 22:37:35 +01:00
Maiky
37e42bb05b
Missing markdown extension
2023-03-16 20:45:35 +01:00
Mathias Vorreiter Pedersen
ebab6ecc30
Merge pull request #12559 from MathiasVP/test9-range-check
2023-03-16 19:18:38 +00:00
Henry Mercer
74cc1a42d0
JS: Update for renamed com.semmle.util.diagnostics package
2023-03-16 18:19:10 +00:00
Geoffrey White
880f948763
Merge pull request #12560 from geoffw0/testcustominterp
...
Swift: Add taint test for custom string interpolation.
2023-03-16 17:44:37 +00:00
Mathias Vorreiter Pedersen
406d02253d
C++: Add 'range(x)' call demonstrating missing bounds.
2023-03-16 17:08:53 +00:00
Geoffrey White
3a04e42ae0
Swift: Add taint test for string interpolation.
2023-03-16 17:04:46 +00:00
Chris Smowton
3e9924fcd2
Add change note
2023-03-16 15:35:00 +00:00
Chris Smowton
647bd44666
Go: exclude net/http.Header.Set and .Del from go/untrusted-data-to-external-api
...
These functions (and doubtless many others) are write-only with respect to their receiver argument, so it doesn't really make sense to flag externally-controlled data flowing there.
2023-03-16 15:31:35 +00:00
Ian Lynagh
f9bb0df6a2
Kotlin: Update expected PrintAst output
2023-03-16 15:20:07 +00:00
Ian Lynagh
13c2ef8c20
Java: PrintAst: Improve the ranking or callables
...
We now look not only at how many parameters each callable has, but what
its full signature is. This allows us to give a consistent order to
Test(Throwable) { ... }
Test(String) { ... }
2023-03-16 15:20:07 +00:00
Maiky
a229f7a832
Solve merge conflict and add a change note
2023-03-16 16:15:02 +01:00
Tom Hvitved
f35fb13723
Add change note
2023-03-16 15:18:47 +01:00
Tom Hvitved
9d3863eccc
Ruby: Rely on built-in hash-flow in clear text storage query
2023-03-16 14:55:06 +01:00
Asger F
bce1f29a7e
JS: Add change note
2023-03-16 14:55:00 +01:00
Asger F
86a06bde72
JS: Flag crypto operations with weak block mode
2023-03-16 14:52:52 +01:00
Asger F
e907d685f4
JS: Add crypto test with AES-ECB
2023-03-16 14:52:18 +01:00
Tom Hvitved
ae10e6e08f
Ruby: Add a test that shows FP/FN for clear text logging query
2023-03-16 14:38:45 +01:00
Jeroen Ketema
66b03dbd1d
Apply suggestions from code review
2023-03-16 14:29:16 +01:00
Jeroen Ketema
e7079b35bc
Apply suggestions from code review
2023-03-16 14:28:17 +01:00
erik-krogh
880632f536
use Number.qll to parse hex numbers in regex parsing for Python/Java
2023-03-16 14:25:53 +01:00
Michael Nebel
3fea9e4d0b
Sync files.
2023-03-16 14:12:29 +01:00
Michael Nebel
2e86bbd6cd
Java: Introduce helper predicate to avoid empty predicate in IPA branch.
2023-03-16 14:11:53 +01:00
github-actions[bot]
fe4d27e8cc
Release preparation for version 2.12.5
2023-03-16 12:58:50 +00:00
Geoffrey White
170fde5bc0
Swift: Add some more test cases.
2023-03-16 12:53:06 +00:00
Michael Nebel
a9e5b34ad6
Merge pull request #12200 from michaelnebel/csharp/viablestatic
...
C#: Support for virtual dispatch for operators.
2023-03-16 13:36:00 +01:00
erik-krogh
f718d78a9a
avoid redundant sources
2023-03-16 13:34:01 +01:00
Mathias Vorreiter Pedersen
d02a50a504
Merge pull request #10817 from github/mathiasvp/replace-ast-with-ir-use-usedataflow
...
C++: Replace AST with IR use-use dataflow
2023-03-16 12:31:01 +00:00
erik-krogh
b208988675
Py: add test for problematic regex
2023-03-16 12:21:00 +01:00
erik-krogh
54ec047433
ReDoS: put an artificial limitation on the analysis in polynomial-redos for large regular expressions
2023-03-16 12:20:53 +01:00
Tom Hvitved
1d0b3d4112
Ruby: Ssa::WriteDefinition::getWriteAccess should return a CFG node
2023-03-16 11:28:24 +01:00
Chris Smowton
3ff60e076c
Merge pull request #12548 from github/dependabot/github_actions/actions/setup-go-4
...
Bump actions/setup-go from 3 to 4
2023-03-16 10:21:51 +00:00
erik-krogh
8bc8342c7c
Py:don't parse regular expressions in system-code
2023-03-16 10:41:30 +01:00
Erik Krogh Kristensen
be8f04a997
Merge pull request #12525 from github/dependabot/cargo/ql/serde-1.0.156
...
Bump serde from 1.0.155 to 1.0.156 in /ql
2023-03-16 10:36:11 +01:00
Erik Krogh Kristensen
48f889b055
Merge pull request #12496 from github/dependabot/cargo/ql/chrono-0.4.24
...
Bump chrono from 0.4.23 to 0.4.24 in /ql
2023-03-16 10:35:59 +01:00
Jeroen Ketema
8aa9207281
Merge remote-tracking branch 'upstream/main' into mathiasvp/replace-ast-with-ir-use-usedataflow
2023-03-16 10:28:44 +01:00
Tom Hvitved
a13b6ed230
Merge pull request #12536 from hvitved/dataflow/call-enclosing-callable-consistency-check
...
Data flow: Add consistency check for `DataFlowCall::getEnclosingCallable`
2023-03-16 10:19:42 +01:00
Geoffrey White
7feab09ea9
Swift: Specialize the additional taint step a bit more.
2023-03-16 08:57:31 +00:00
Rasmus Wriedt Larsen
b3a49ab143
Merge pull request #12467 from RasmusWL/kwargs-parameter-position-fixup
...
Python/Ruby: Use new parameter position for synthetic hash-splat instead
2023-03-16 09:52:46 +01:00
