erik-krogh
b1957623c1
add browser history as XSS sink
2023-04-12 13:38:18 +02:00
Erik Krogh Kristensen
8cb54b748b
Merge pull request #12787 from tyage/add-router-sink
...
JS: Add New XSS sink - Next.js router.push/replace
2023-04-12 13:30:21 +02:00
Alexandre Boulgakov
64443dfdcf
Swift: Add named predicates for known KeyPathComponent kinds.
2023-04-12 12:06:14 +01:00
Mathias Vorreiter Pedersen
d1e3c1b407
C++: Fix joins in 'select' of 'cpp/constant-array-overflow'.
2023-04-12 11:39:35 +01:00
Mathias Vorreiter Pedersen
ab70f5722e
C++: More QLDoc.
2023-04-12 11:22:31 +01:00
Michael Nebel
c787bb2ff9
C#: Re-factor the callablereturnarg tests.
2023-04-12 11:47:42 +02:00
Michael Nebel
9c5b8e2894
C#: Update expected output of tests using the inline flow test framework.
2023-04-12 11:15:15 +02:00
Michael Nebel
5c586c3afd
C#: Re-factor the InlineFlowTest framework.
2023-04-12 11:15:15 +02:00
Michael Nebel
61b8f97b75
C#: Re-factor the flowsources test.
2023-04-12 11:15:15 +02:00
Michael Nebel
f00c97810a
C#: Re-factor the NHibernate test.
2023-04-12 11:15:14 +02:00
Michael Nebel
9c60c4b3d9
C#: Re-factor the JsonNet test.
2023-04-12 11:15:14 +02:00
Michael Nebel
1f0fbfaef0
C#: Re-factor the EntityFramework test.
2023-04-12 11:15:14 +02:00
Michael Nebel
4023cd3b4c
C#: Re-factor the dataflow/global tests.
2023-04-12 11:15:14 +02:00
Michael Nebel
a2c7388282
C#: Re-factor the ExternalFlow test.
2023-04-12 11:15:14 +02:00
Michael Nebel
bd886202f6
C#: Re-factor the Async test.
2023-04-12 11:15:14 +02:00
Michael Nebel
a98cf0ae45
C#: Re-factor the GlobalTaintTracking test.
2023-04-12 11:15:14 +02:00
Michael Nebel
0dc612f23f
C#: Re-factor the TaintTracking test.
2023-04-12 11:15:14 +02:00
Mathias Vorreiter Pedersen
49cceb2901
C++: Fix joins.
2023-04-12 09:58:24 +01:00
Michael Nebel
b5b0d60074
Merge pull request #12731 from michaelnebel/csharp/refactorcleatextstorage
...
C#: Re-factor CleartextStorage to use the new API.
2023-04-12 09:32:56 +02:00
Tony Torralba
cc6a923eef
Merge pull request #12798 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2023-04-12 09:04:53 +02:00
erik-krogh
fe5e4845b1
use 1-based column locations for diagnostics
2023-04-12 08:14:15 +02:00
github-actions[bot]
a55f5ed933
Add changed framework coverage reports
2023-04-12 00:15:16 +00:00
Geoffrey White
cdcee5cc75
Swift: Add high-level CryptoSwift sinks.
2023-04-11 19:59:43 +01:00
Geoffrey White
539f8f0f70
Swift: Add mid-level CryptoSwift sinks and prevent duplication that results. Overall this doesn't give us any new results in tests, but makes paths shorter, and in the real world I expect it to add reliability.
2023-04-11 19:54:55 +01:00
Geoffrey White
51a62b54ee
Swift: Add low-level CryptoSwift sinks.
2023-04-11 19:54:48 +01:00
Geoffrey White
d299d92025
Swift: Prevent potentially misleading duplicate results.
2023-04-11 19:39:09 +01:00
Geoffrey White
4995f13234
Swift: Add tests for swift/weak-sensitive-data-hashing on CryptoSwift.
2023-04-11 18:46:38 +01:00
Geoffrey White
03a4084c11
Swift: Update some sinks to CSV format.
2023-04-11 18:10:54 +01:00
Geoffrey White
256c3f66ca
Swift: Various minor fixes / consistency improvements to sinks.
2023-04-11 17:04:09 +01:00
Arthur Baars
83cd55cb29
Js/Yaml: add getFile() predicate
2023-04-11 16:01:44 +01:00
Robert Marsh
18c3feb9d8
C++: remove commented-out code
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2023-04-11 10:41:18 -04:00
Mathias Vorreiter Pedersen
259d5b6452
C++: Add use-after-free change note.
2023-04-11 15:30:51 +01:00
Mathias Vorreiter Pedersen
c1960c6ff9
C++: Add double-free change note.
2023-04-11 15:30:51 +01:00
Mathias Vorreiter Pedersen
3c88590df2
C++: Accept test changes for the new use-after-query.
2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
725004a6fe
C++: Modernize use-after-free query using dataflow.
2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
17fe5f2317
C++: Change the id of the experimental double-free query to not overlap with the new non-experimental one.
2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
a8151b4ee4
C++: Add double-free tests.
2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
fb2ec15dad
C++: Add double-free query documentation.
2023-04-11 15:21:21 +01:00
Mathias Vorreiter Pedersen
cc12e74c23
C++: Add double-free query.
2023-04-11 14:44:15 +01:00
Mathias Vorreiter Pedersen
dfe00ffe4b
C++: Add a flow-after-free library.
2023-04-11 14:40:17 +01:00
erik-krogh
3c4bd5b6a7
forward toString() etc. predicates from YamlNode to Locatable
2023-04-11 15:37:01 +02:00
erik-krogh
b5e90483f5
improve the ESLint model to avoid overriding Yaml classes
2023-04-11 15:36:18 +02:00
Alexandre Boulgakov
b900185ae3
Swift: Add db upgrade/downgrade scripts for key-path component extraction.
...
I've marked both scripts as "partial" since we're extracting different AST components for key-paths and don't have a good way to convert between them in QL. Each deletes the corresponding tables, but leaves non-key-path functionality intact.
2023-04-11 14:00:13 +01:00
Mathias Vorreiter Pedersen
d65bb3b232
C++: Make basic block information available from dataflow nodes.
2023-04-11 13:52:26 +01:00
yoff
9e3d57d442
Update python/ql/test/library-tests/ApiGraphs/py3/test_captured_flask.py
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2023-04-11 14:34:40 +02:00
Alexandre Boulgakov
35a2d55d18
Swift: Extract structured keypath components.
...
Changes in swift/ql/lib are generated by swift/codegen without manual intervention.
2023-04-11 13:34:17 +01:00
Alexandre Boulgakov
2b1dea56b5
Swift: Add error query to AST tests.
...
Preexisting errors are left to be fixed later.
2023-04-11 13:34:16 +01:00
Jami
b7c7449b08
Merge pull request #12739 from jcogs33/jcogs33/add-one-more-top500-model
...
Java: add summary model for `UnsupportedOperationException(String)` constructor
2023-04-11 08:25:36 -04:00
Asger F
aef0fa3c8a
JS: Expand QLDoc
2023-04-11 14:16:36 +02:00
Asger F
d702c7b990
Merge pull request #12759 from asgerf/js/getset-in-pattern
...
JS: Fix parsing of 'get' or 'set' pattern with a default value
2023-04-11 14:03:00 +02:00
