Edward Minnix III
733a00039e
Merge pull request #12864 from egregius313/egregius313/java/mad/update-typeAsModel
...
Java: Erase generics in `typeAsModel` predicate used in model generator
2023-05-02 15:28:51 -04:00
Geoffrey White
54a4b898a3
Swift: Re-run codegen.
2023-05-02 17:46:59 +01:00
Geoffrey White
a698f3fcb9
Merge branch 'main' into modernsec3
2023-05-02 17:35:08 +01:00
Owen Mansel-Chan
0c6efb8c84
Add telemetry-only diagnostics
2023-05-02 17:17:06 +01:00
Owen Mansel-Chan
3bfcbbf7af
Add unit test
2023-05-02 17:17:05 +01:00
Owen Mansel-Chan
0710ed97db
Refactor to be more easily testable
2023-05-02 17:17:05 +01:00
Owen Mansel-Chan
2db304edee
Choose which version to install and write file
2023-05-02 17:17:04 +01:00
Mathias Vorreiter Pedersen
7fa6894aaf
C++: Ensure that product dataflow library enters/leaves through the same call.
2023-05-02 17:13:36 +01:00
Geoffrey White
bb6aa11ce5
Swift: Additional test case.
2023-05-02 17:12:44 +01:00
Geoffrey White
ca50f1117e
Swift: Hide locationless results in the inlineexpectations test (there's no way to make them expected).
2023-05-02 16:57:29 +01:00
Alex Ford
388b2abf68
Merge pull request #12821 from maikypedia/maikypedia/ruby-ssti
...
Ruby: Add Rails `render inline:` as Template Injection Sink
2023-05-02 16:56:27 +01:00
Alex Ford
82c025020d
Merge remote-tracking branch 'origin/main' into maikypedia/ruby-ssti
2023-05-02 16:18:41 +01:00
Alex Ford
a571bc64ac
ruby: regenerate TemplateInjection.expected
2023-05-02 16:14:20 +01:00
Sim4n6
019b85beb6
Add Unicode Bypass Validation query, test and help file
2023-05-02 15:36:39 +01:00
Sim4n6
083cd612cd
add a change note markdown
2023-05-02 15:17:03 +01:00
Sim4n6
1fa1a4e268
Add Unicode Bypass Validation query tests and help
2023-05-02 15:09:16 +01:00
Robert Marsh
2bfa8b661b
C++: a some QLDoc to new range analysis wrapper
2023-05-02 09:43:25 -04:00
Mathias Vorreiter Pedersen
2e5a04854e
Merge pull request #12989 from MathiasVP/add-fp-overrun-write-product-flow
...
C++: Add testcase with `cpp/overrun-write` FP
2023-05-02 14:33:34 +01:00
Tony Torralba
ec44aa2597
Add change note
2023-05-02 15:31:20 +02:00
Tony Torralba
34f978ed26
Move manual models out of the generated directory
2023-05-02 15:29:28 +02:00
Owen Mansel-Chan
644d7f18c2
Factor out tryReadGoDirective()
2023-05-02 14:15:03 +01:00
Owen Mansel-Chan
5e87111a8b
Stop using deprecate io/ioutil package
2023-05-02 14:15:02 +01:00
Owen Mansel-Chan
1e2bdd88b1
Add --identify-environment flag
2023-05-02 14:15:01 +01:00
Mathias Vorreiter Pedersen
635d290504
C++: Add testcase with FP.
2023-05-02 13:51:16 +01:00
Rasmus Wriedt Larsen
c89b57997a
Python: Change variable capture tests to use fresh variable names
...
Instead of reusing `nonSink0` for both captureOut1NotCalled and
captureOut2NotCalled tests (I used 1/2 naming scheme to match things up
nicely).
I also added a comment highlighting that `m` is the function that is not
called (since I overlooked that initially :O)
2023-05-02 14:13:56 +02:00
Asger F
67afbee06d
Merge pull request #12825 from smiddy007/JS-Allow-Truncated-Hash-Forge-NonKeyCipher
...
JS: Allow NonKeyCiphers to include truncated SHA-512 MDs in Forge JS libr…
2023-05-02 13:59:30 +02:00
Anders Schack-Mulligen
353d5f82a6
Merge pull request #12984 from aschackmull/dataflow/instanceof-node
...
Dataflow: Replace "extends Node" with "instanceof Node".
2023-05-02 13:52:33 +02:00
Asger F
0ce27d13a7
Merge pull request #12985 from asgerf/rb/meta-query-sql-injection
...
Ruby: add SQL injection sinks to meta query
2023-05-02 13:35:06 +02:00
Stephan Brandauer
f1644adca9
add internal tag to extraction queries; use 'ml' in query ids, instead of 'ml-powered'
2023-05-02 13:30:22 +02:00
Stephan Brandauer
bb7e473cbf
use the name callable, instead of callee for methods, functions
2023-05-02 13:22:31 +02:00
Stephan Brandauer
f7f6f104d0
use NegativeEndpointType class; replace link to slack discussion
2023-05-02 13:15:30 +02:00
Mathias Vorreiter Pedersen
ab67103e6e
Merge pull request #12966 from MathiasVP/dataflow-for-static-vars
...
C++: Dataflow for static local variables
2023-05-02 11:52:43 +01:00
github-actions[bot]
18d4af994d
Post-release preparation for codeql-cli-2.13.1
2023-05-02 10:50:20 +00:00
Geoffrey White
664500d2e6
Swift: Fix member variable sinks in swift/hardcoded-key.
2023-05-02 11:26:21 +01:00
Geoffrey White
adbd2c467d
Swift: Fix member variable sinks in swift/path-ionjection.
2023-05-02 11:26:20 +01:00
Tony Torralba
564bb1ccb0
Manual fixes
2023-05-02 11:27:48 +02:00
Anders Schack-Mulligen
97cd3b8576
Java: Force high precision for MapValueContent.
2023-05-02 11:19:21 +02:00
Asger F
04e393fcf8
JS: Change note
2023-05-02 11:02:58 +02:00
Paolo Tranquilli
c65c65557d
Swift: accept string representation changes in test
2023-05-02 10:49:31 +02:00
Anders Schack-Mulligen
ca09649679
Dataflow: Forward hasLocationInfo.
2023-05-02 10:48:32 +02:00
Asger F
f59c149bae
Ruby: add SQL injection sinks to meta query
2023-05-02 10:46:55 +02:00
Paolo Tranquilli
3685590a12
Swift: remove version control markers
2023-05-02 10:45:43 +02:00
Paolo Tranquilli
7adcd0d043
Swift: small tweak to visitBuiltinType
2023-05-02 10:45:43 +02:00
Paolo Tranquilli
87c73879cb
Swift: add explanation to getExtensionIndex
2023-05-02 10:45:43 +02:00
Paolo Tranquilli
826d7c7dbe
Swift: preload extension indexes
...
Finding each extension declaration separately within its parent seemed
to create an `O(n^2)` noticeable performance problem. This is solved
by preloading indexes and storing them in a map, so as to iterate
through the parent of an extension only once per parent instead of once
per extension.
2023-05-02 10:45:43 +02:00
Paolo Tranquilli
146591934a
Swift: clean up SwiftMangler
2023-05-02 10:45:43 +02:00
Paolo Tranquilli
f6a6958c03
Swift: mangle ParameterizedProtocolType
2023-05-02 10:45:43 +02:00
Alex Denisov
92c20be038
Swift: change indexing for extension declarations to make them more stable
2023-05-02 10:45:42 +02:00
Alex Denisov
6c954eae3c
Swift: handle isolated types
2023-05-02 10:45:42 +02:00
Paolo Tranquilli
dfbc248e78
Swift: mangle opened archetype and fix global actor
2023-05-02 10:45:42 +02:00
