85368 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Michael Nebel	cc4f3f6234	C#: Re-factor CodeInjection to use the new API.	2023-03-29 13:19:56 +02:00
Michael Nebel	60c5bbde0f	C#: Re-factor ConditionalBypass to use the new API.	2023-03-29 13:19:56 +02:00
Michael Nebel	cab976cf8f	C#: Re-factor CommandInjection to use the new API.	2023-03-29 13:19:56 +02:00
Michael Nebel	c03ce2f63b	C#: Re-factor HardCodedSymmetricEncryptionKey to use the new API.	2023-03-29 13:19:56 +02:00
Michael Nebel	5278bbcaaa	C#: Re-factor SymmetricKeyTaintTrackingConfiguration to use the new API.	2023-03-29 13:19:56 +02:00
Paolo Tranquilli	2cfecac545	Swift: remove debug prints	2023-03-29 13:14:44 +02:00
Jeroen Ketema	0acca2ba76	Merge pull request #12687 from jketema/unit-2 ... Make imports of `codeql.util.Unit` private	2023-03-29 13:07:12 +02:00
Mathias Vorreiter Pedersen	1dd3e385ab	Merge pull request #12133 from d10c/swift/case-let-dataflow ... Swift: `case let` dataflow	2023-03-29 11:31:48 +01:00
Nora Dimitrijević	d0de4a5d93	Merge branch 'main' into swift/case-let-dataflow	2023-03-29 11:55:34 +02:00
Nora Dimitrijević	70ed8c6e8f	Swift: add QLdoc to Pattern	2023-03-29 11:52:50 +02:00
Nora Dimitrijević	3fbf90cbd7	Swift: add ConstructorDecl.isFailable/0	2023-03-29 11:52:50 +02:00
Tamás Vajk	08d2d3b96b	Merge pull request #12699 from tamasvajk/fix/ruby-makefile ... Ruby: Adjust Makefile after shared library refactoring	2023-03-29 11:48:24 +02:00
Rasmus Wriedt Larsen	86333e3ba5	Python: Remove duplicate results from azure blob query	2023-03-29 11:47:29 +02:00
Rasmus Wriedt Larsen	32d52c023e	Python: Allow any order for azure blob query ... By only allowing the sink in the state where encryption v1 is used, we can handle the new case where the order of attribute assignment is flipped. However, we get a few too many paths because we can have multiple sources reaching the same sink... let's fix in next commit.	2023-03-29 11:42:01 +02:00
Anders Schack-Mulligen	7844384768	Java: Add change note.	2023-03-29 11:39:07 +02:00
Rasmus Wriedt Larsen	480f171d9b	Python: Add azure blob tests with swapped order ... Just shows we need to use some state in the query to get the correct behavior.	2023-03-29 11:25:37 +02:00
Rasmus Wriedt Larsen	683985a00a	Python: Expand azure blob modeling ... Now we can differentiate between the classes	2023-03-29 11:24:36 +02:00
Paolo Tranquilli	f3f17791c3	Swift: extract all source files in WMO mode ... WMO stands for whole module optimization. It's a compilation mode where all sources of a module are compiled together, e.g. ``` swift-frontend -emit-module A.swift B.swift -o Module.swiftmodule ``` This is opposed to incremental mode, where one would do something like ``` swift-frontend -emit-module -primary-file A.swift B.swift -module-name Module -o Module~A.swiftmodule swift-frontend -emit-module A.swift -primary-file B.swift -module-name Module -o Module~B.swiftmodule swift-frontend -merge-modules Module~A.swiftmodule Module~B.swiftmodule -o Module.swiftmodule ``` In WMO mode we were skipping extraction of all files after the first one, because we were filtering in only files with an associated output, and internally swift only assigns the output to the first input file in WMO mode (which is just an implementation detail). This patch refines that filter, by getting all input source files in case there are no primary inputs.	2023-03-29 10:39:58 +02:00
Asger F	f8e76b5347	Ruby: do not depend on trackDefNode in isDef	2023-03-29 10:31:42 +02:00
Asger F	2ef1743bf4	Merge pull request #11615 from asgerf/js/extension-docs ... JS: docs for customizing library models with data extensions	2023-03-29 10:20:53 +02:00
Tamas Vajk	85d824b96b	Ruby: Adjust Makefile after shared library refactoring	2023-03-29 10:12:10 +02:00
Edward Minnix III	e39318853f	Merge pull request #12693 from atorralba/atorralba/java/insecure-ldap-auth-tag ... Java: Fix InsecureLdapAuth tags	2023-03-28 14:56:56 -04:00
Nora Dimitrijević	55ce9760e1	Merge branch 'main' into swift/case-let-dataflow	2023-03-28 18:20:33 +02:00
Nora Dimitrijević	2a5f29cd0f	Swift: remove getIdentityPreservingEnclosingPattern ... The Pattern public interface doesn't really need it.	2023-03-28 18:18:32 +02:00
Mathias Vorreiter Pedersen	8021958ac5	C++: Accept test changes.	2023-03-28 16:50:18 +01:00
Mathias Vorreiter Pedersen	6699a0cb1a	C++: Add range analysis for binary multiplication.	2023-03-28 16:50:18 +01:00
Jeroen Ketema	a381aa4d37	Swift: Use DataFlow::ConfigSig in InsufficientHashIterations.ql	2023-03-28 17:39:58 +02:00
Jeroen Ketema	60f033f10c	Swift: Use DataFlow::ConfigSig in ConstantSalt.ql	2023-03-28 17:39:18 +02:00
Jeroen Ketema	b97b3d9975	Swift: Use DtatFlow::ConfigSig in InsecureTLS.ql	2023-03-28 17:38:46 +02:00
Jeroen Ketema	42248220b4	Swift: Use DataFlow::ConfigSig in WeakSensitiveDataHashing.ql	2023-03-28 17:38:11 +02:00
Jeroen Ketema	a8599eb689	Swift: Use DataFlow::ConfigSig in ECBEncryption.ql	2023-03-28 17:37:37 +02:00
Jeroen Ketema	cc23ba3698	Swift: Use DataFlow::ConfigSig in HardcodedEncryptionKey.ql	2023-03-28 17:37:05 +02:00
Jeroen Ketema	1592b578d9	Swift: Use DataFlow::ConfigSig in ConstantPassword.ql	2023-03-28 17:36:37 +02:00
Jeroen Ketema	31512b8627	Swift: Use DataFlow::ConfigSig in StaticInitializationVector.ql	2023-03-28 17:36:00 +02:00
Asger F	080acdbfff	JS: remove links to docs file... again	2023-03-28 17:29:26 +02:00
smiddy007	0eb61d39d3	formatting	2023-03-28 11:28:32 -04:00
smiddy007	fe3b0a56ca	Removed unnecessary field	2023-03-28 11:27:23 -04:00
smiddy007	8e9f2185c8	Merge branch 'main' into improve-insufficient-pw-hash-query	2023-03-28 11:15:10 -04:00
smiddy007	123eb1e57b	Update javascript/ql/lib/semmle/javascript/frameworks/CryptoLibraries.qll ... Co-authored-by: Asger F <asgerf@github.com>	2023-03-28 11:14:28 -04:00
Tony Torralba	ce191e1f9f	Fix InsecureLdapAuth tags	2023-03-28 17:10:33 +02:00
Edward Minnix III	b00104ebe3	Merge pull request #12458 from egregius313/egregius313/promote-insecure-ldap-authentication ... Java: Promote LDAP Authentication Query	2023-03-28 10:39:17 -04:00
Edward Minnix III	97ec808a6f	Make configuration public ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-03-28 10:28:15 -04:00
Erik Krogh Kristensen	13c0effbd2	change to minor change	2023-03-28 15:27:16 +02:00
erik-krogh	4b3a419509	just use quoteWithBackticks	2023-03-28 15:23:15 +02:00
Erik Krogh Kristensen	451f6f01bb	Merge pull request #12633 from erik-krogh/more-global-flow ... JS: better callgraph support for global variables	2023-03-28 15:19:50 +02:00
Nora Dimitrijević	94614320b5	Swift: refactor OptionalSomeDecl -> OptionalSomeContentSet	2023-03-28 15:15:16 +02:00
Anders Schack-Mulligen	7c74fd07e9	Merge pull request #12684 from aschackmull/dataflow/remove-footgun ... Dataflow: Remove accidentally exposed predicates.	2023-03-28 15:14:58 +02:00
Michael Nebel	9966e09fd7	C#: Add operator dataflow test case with checked and unchecked examples.	2023-03-28 15:05:48 +02:00
Michael Nebel	50c3c159a9	C#: Make checked and unchecked as a local flow step.	2023-03-28 15:03:33 +02:00
Nora Dimitrijević	ea9e8e7ddb	Swift: fix bad join order in Pattern.getImmediateMatchingExpr ... On Signal-iOS, this snippet: ```codeql class Pattern extends Generated::Pattern { ... Expr getImmediateMatchingExpr() { ... exists(PatternBindingDecl v, int i | v.getPattern(i) = this and result = v.getInit(i) ) ... } ... } ``` Had the following join order: ``` 33926 ~0% {3} r8 = SCAN PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediateInit#1#dispred#fff OUTPUT In.1, In.0, In.2 2565045964 ~0% {4} r9 = JOIN r8 WITH pattern_binding_decl_patterns_102#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2, Rhs.2 33926 ~0% {2} r10 = JOIN r9 WITH Synth#5f134a93::Synth::convertPatternBindingDeclToRaw#1#ff ON FIRST 2 OUTPUT Lhs.3, Lhs.2 33926 ~2% {2} r11 = JOIN r10 WITH Synth#5f134a93::Synth::convertPatternFromRaw#1#ff ON FIRST 1 OUTPUT Rhs.1, Lhs.1 33926 ~1% {2} r12 = JOIN r11 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 33926 ~4% {2} r13 = JOIN r12 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 ``` After applying `pragma[only_bind_out]` to `this`: ``` 198815 ~1% {2} r4 = SCAN Synth#5f134a93::Synth::TPattern#f OUTPUT In.0, In.0 198815 ~0% {2} r5 = JOIN r4 WITH Element#e67432df::Generated::Element::resolve#ff_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.1 75626 ~0% {3} r6 = JOIN r5 WITH PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediatePattern#1#dispred#fff_201#join_rhs ON FIRST 1 OUTPUT Rhs.1, Rhs.2, Lhs.1 33926 ~1% {2} r7 = JOIN r6 WITH PatternBindingDecl#ab5153b9::Generated::PatternBindingDecl::getImmediateInit#1#dispred#fff ON FIRST 2 OUTPUT Rhs.2, Lhs.2 33926 ~4% {2} r8 = JOIN r7 WITH Element#e67432df::Generated::Element::resolve#ff ON FIRST 1 OUTPUT Lhs.1, Rhs.1 ```	2023-03-28 14:57:05 +02:00