Geoffrey White
|
c2ddf25f11
|
Merge branch 'main' into constcrypto
|
2025-07-17 16:13:58 +01:00 |
|
Anders Schack-Mulligen
|
996de78a66
|
Java: Prune PathGraph for CsrfUnprotectedRequestType.ql
|
2025-07-17 15:06:38 +02:00 |
|
Anders Schack-Mulligen
|
1485d7072d
|
Merge pull request #19885 from aschackmull/java/annotated-exit-cfg
Java: Add AnnotatedExitNodes to the CFG.
|
2025-07-17 15:02:24 +02:00 |
|
Nora Dimitrijević
|
4342b2b799
|
[DIFF-INFORMED] Swift: UnsafeWebViewFetch
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql#L24
|
2025-07-17 14:59:09 +02:00 |
|
Nora Dimitrijević
|
b1e723991e
|
[DIFF-INFORMED] Swift: InsecureTLS
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql#L18
|
2025-07-17 14:59:07 +02:00 |
|
Nora Dimitrijević
|
6dea73b081
|
[DIFF-INFORMED] Swift: CleartextStoragePreferences
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-312/CleartextStoragePreferences.ql#L32
|
2025-07-17 14:59:05 +02:00 |
|
Nora Dimitrijević
|
cd3fa64ee3
|
[DIFF-INFORMED] Swift: CleartextStorageDatabase
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-311/CleartextStorageDatabase.ql#L33
|
2025-07-17 14:59:03 +02:00 |
|
Michael Nebel
|
2f29459cda
|
Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck
Ql4ql: Quality query tagging.
|
2025-07-17 14:53:14 +02:00 |
|
Idriss Riouak
|
36ebe99f2f
|
Merge pull request #19707 from microsoft/lwsimpkins/fix-qhelp-upstream
fix qhelp files
|
2025-07-17 14:51:01 +02:00 |
|
Nora Dimitrijević
|
4b6135c0f7
|
[DIFF-INFORMED] Ruby: MissingFullAnchor
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/ruby/ql/src/queries/security/cwe-020/MissingFullAnchor.ql#L18
|
2025-07-17 14:44:02 +02:00 |
|
Owen Mansel-Chan
|
af977e9ac7
|
Merge pull request #20067 from owen-mc/java/unsafe-deserialization-mad-sinks
Java: allow the definition of `java/unsafe-deserialization` sinks using data extensions
|
2025-07-17 13:42:31 +01:00 |
|
Nora Dimitrijević
|
20030d56a5
|
[DIFF-INFORMED] Python: (Possible)TimingAttackAgainstHash
|
2025-07-17 14:40:31 +02:00 |
|
Nora Dimitrijević
|
9408a96ba5
|
[TEST] Python: TimingAttackAgainstHash: add qlref test to existing source (TODO: add source with true positive)
|
2025-07-17 14:40:29 +02:00 |
|
Kasper Svendsen
|
a807db52ad
|
Merge pull request #19872 from github/kaspersv/overlay-java-enable
Overlay: Enable overlay compilation for Java
|
2025-07-17 14:38:17 +02:00 |
|
Geoffrey White
|
27bea33508
|
Rust: Accept consistency check change.
|
2025-07-17 12:44:31 +01:00 |
|
Jeroen Ketema
|
acc66c7b58
|
Merge pull request #19984 from jketema/jketema/sec-shared
Make a proper shared library out of the concept related libraries
|
2025-07-17 13:25:33 +02:00 |
|
Geoffrey White
|
69064b7f7f
|
Rust: Update the model.
|
2025-07-17 12:20:34 +01:00 |
|
Owen Mansel-Chan
|
6629bd8279
|
No need to deprecate classes when module is deprecated
|
2025-07-17 11:52:31 +01:00 |
|
Owen Mansel-Chan
|
b361f76643
|
Delete unused private class
|
2025-07-17 11:36:06 +01:00 |
|
Nora Dimitrijević
|
8824677e87
|
[DIFF-INFORMED] Go: BadRedirectCheck
|
2025-07-17 11:46:54 +02:00 |
|
Nora Dimitrijević
|
b4010ac2b4
|
[DIFF-INFORMED] Go: InsecureHostKeyCallback
|
2025-07-17 11:46:53 +02:00 |
|
Nora Dimitrijević
|
188fc0d933
|
[DIFF-INFORMED] Go: UnhandledCloseWritableHandle
|
2025-07-17 11:46:51 +02:00 |
|
Nora Dimitrijević
|
7b759f44f8
|
[DIFF-INFORMED] Go: AuthCookie
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-1004/CookieWithoutHttpOnly.ql#L97
|
2025-07-17 11:46:49 +02:00 |
|
Nora Dimitrijević
|
a1fe72c423
|
[DIFF-INFORMED] Go: SSRF
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-918/SSRF.ql#L23
|
2025-07-17 11:46:47 +02:00 |
|
Nora Dimitrijević
|
7bd6703f19
|
[DIFF-INFORMED] Go: ConditionalBypass
|
2025-07-17 11:46:46 +02:00 |
|
Nora Dimitrijević
|
19b373aa90
|
[DIFF-INFORMED] Go: SensitiveConditionBypass
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/experimental/CWE-807/SensitiveConditionBypass.ql#L33
|
2025-07-17 11:46:44 +02:00 |
|
Nora Dimitrijević
|
d6ef585110
|
[DIFF-INFORMED] Go: RequestForgery, SafeUrlFlow
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-918/RequestForgery.ql#L21
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-601/OpenUrlRedirect.ql#L24
|
2025-07-17 11:46:42 +02:00 |
|
Nora Dimitrijević
|
8c8625d912
|
[DIFF-INFORMED] Go: ReflectedXss
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-079/ReflectedXss.ql#L23
|
2025-07-17 11:46:40 +02:00 |
|
Nora Dimitrijević
|
4b473622bc
|
[DIFF-INFORMED] Go: InsecureRandomness
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-338/InsecureRandomness.ql#L19
|
2025-07-17 11:46:39 +02:00 |
|
Nora Dimitrijević
|
ce7eb9b16a
|
[DIFF-INFORMED] Go: IncorrectIntegerConversion
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-681/IncorrectIntegerConversionQuery.ql#L23
|
2025-07-17 11:46:37 +02:00 |
|
Nora Dimitrijević
|
f228818b1f
|
[DIFF-INFORMED] Go: HardcodedCredentials
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-798/HardcodedCredentials.ql#L62
|
2025-07-17 11:46:35 +02:00 |
|
Nora Dimitrijević
|
109f6ddc2d
|
[DIFF-INFORMED] Go: ExternalAPIs
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-020/UntrustedDataToExternalAPI.ql#L18
|
2025-07-17 11:46:33 +02:00 |
|
Nora Dimitrijević
|
89f760460b
|
[DIFF-INFORMED] Go: CommandInjection
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-078/CommandInjection.ql#L28
|
2025-07-17 11:46:30 +02:00 |
|
Nora Dimitrijević
|
e0d16a863b
|
[DIFF-INFORMED] Go: AllocationSizeOverflow
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/go/ql/src/Security/CWE-190/AllocationSizeOverflow.ql#L24
|
2025-07-17 11:46:29 +02:00 |
|
Geoffrey White
|
944fd2aa11
|
Rust: Add explicit types in some (not all) of the test cases.
|
2025-07-17 10:45:40 +01:00 |
|
Anders Schack-Mulligen
|
448cc82ef9
|
Kotlin: Accept more test changes.
|
2025-07-17 11:21:27 +02:00 |
|
Anders Schack-Mulligen
|
54775e0958
|
Java: Adjust Paths.qll
|
2025-07-17 11:21:26 +02:00 |
|
Anders Schack-Mulligen
|
e7a6259bd7
|
Java: Accept test changes.
|
2025-07-17 11:21:26 +02:00 |
|
Anders Schack-Mulligen
|
fbe79e8a52
|
Java: Add AnnotatedExitNodes to the CFG.
|
2025-07-17 11:21:26 +02:00 |
|
Joe Farebrother
|
680e31dc48
|
Modernize raise-not-implemented
|
2025-07-17 10:02:00 +01:00 |
|
Owen Mansel-Chan
|
53e1939b60
|
Merge pull request #20053 from owen-mc/go/fix-dataflowconsistency
Go: Fix compilation of DataFlowImplConsistency.qll
|
2025-07-17 09:22:12 +01:00 |
|
Michael Nebel
|
01738c2e42
|
Merge pull request #19940 from michaelnebel/csharp/fixmodels
C#: Improve some existing manual models.
|
2025-07-17 07:58:14 +02:00 |
|
Kevin Stubbings
|
f86152d3bd
|
Add sanitizer changes and fix test
|
2025-07-16 21:27:33 +00:00 |
|
Jeroen Ketema
|
eabe651edf
|
Merge pull request #20069 from jketema/spaceship-ir
C++: Support the spaceship operator in the IR
|
2025-07-16 21:45:39 +02:00 |
|
Jeroen Ketema
|
29a6af4efd
|
C++: Fix instruction class name
|
2025-07-16 18:11:17 +02:00 |
|
Jeroen Ketema
|
f319381f27
|
C++: Support the spaceship operator in the IR
|
2025-07-16 17:53:55 +02:00 |
|
Geoffrey White
|
62b7d84638
|
Rust: Add Sqlx as MaD sinks instead.
|
2025-07-16 16:36:42 +01:00 |
|
Geoffrey White
|
87deab861f
|
Rust: Remove Sqlx.qll.
|
2025-07-16 16:23:50 +01:00 |
|
Geoffrey White
|
6f5e4ef5b9
|
Merge branch 'main' into sqlx
|
2025-07-16 15:59:42 +01:00 |
|
Jeroen Ketema
|
9b8302f983
|
Merge pull request #20068 from jketema/spaceship-test
C++: Add test that shows that IR generation for `<=>` is broken
|
2025-07-16 16:50:25 +02:00 |
|