Rasmus Wriedt Larsen
428c2a3fda
Merge branch 'main' into python-command-execution-modeling
2020-09-30 17:38:59 +02:00
Matthew Gretton-Dann
e0ca4dafb8
Add support for Variable.is_constinit()
2020-09-30 16:31:45 +01:00
Rasmus Wriedt Larsen
c4a2e1d6d1
Python: Rewrite attribute lookup helpers for better performance
...
Not that they actually had a huge problem right now, just that using the old
pattern HAS lead to bad performance in the past. See
https://github.com/github/codeql/pull/4361
2020-09-30 17:31:20 +02:00
Geoffrey White
952cc89c2a
C++: Improve make_pair in stl.h (using remove_reference).
2020-09-30 16:17:06 +01:00
Geoffrey White
7ecd229ce7
C++: Improve make_pair in stl.h (jbj solution).
2020-09-30 16:16:53 +01:00
Geoffrey White
282d3e8f7e
Merge pull request #4322 from jbj/range-analysis-custom-defs
...
C++: Support custom defs in SimpleRangeAnalysis
2020-09-30 15:43:32 +01:00
Taus
32bf7d6bdf
Merge pull request #4256 from fatenhealy/Noblowfish
...
CWE-327 BrokenCryptoAlgorithm recommendation to AES instead of Blowfish
2020-09-30 16:15:46 +02:00
Rasmus Lerchedahl Petersen
b0ed7af897
Python: Approximate **arg -> **param
2020-09-30 15:54:12 +02:00
Rasmus Lerchedahl Petersen
4ae422ce16
Python: Add test for extraneous overflow arguments
2020-09-30 15:28:29 +02:00
Erik Krogh Kristensen
bfb653a34a
rename getAReference to getAnImmediateUse
2020-09-30 15:15:49 +02:00
Erik Krogh Kristensen
eb973b39fe
Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll
...
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com >
2020-09-30 15:12:17 +02:00
Arthur Baars
cf6036f9b4
Java: fix some android database sinks
2020-09-30 14:42:19 +02:00
Faten Healy
03d8fc7296
changed to AES
2020-09-30 22:18:36 +10:00
Jonas Jensen
3af3d87ecd
C++: Change note for several range-analysis PRs
2020-09-30 13:52:23 +02:00
Erik Krogh Kristensen
d316cb512e
deprecate exports and replace uses with the new getAnExportedValue
2020-09-30 13:46:28 +02:00
Rasmus Wriedt Larsen
4adc26eb62
Python: Fix command injection example code
...
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`
So it doesn't follow the pattern of the rest of the test file.
2020-09-30 13:38:37 +02:00
Taus
d694777894
Merge pull request #4369 from RasmusWL/python-ospathjoin-taintstep
...
Python: Add taint-step for os.path.join
2020-09-30 13:35:16 +02:00
Erik Krogh Kristensen
b24e959033
add getAnInvocation to the ApiGraphs API
2020-09-30 13:33:36 +02:00
Rasmus Wriedt Larsen
9c1253c8af
Python: Remove flow out of CommandInjection sinks
2020-09-30 13:29:40 +02:00
Erik Krogh Kristensen
b720bfdd11
Apply suggestions from code review
...
Co-authored-by: Asger F <asgerf@github.com >
2020-09-30 13:26:51 +02:00
Rasmus Lerchedahl Petersen
00966bba0d
Python: update test expectations
2020-09-30 13:11:23 +02:00
Rasmus Wriedt Larsen
a2d12f0440
Python: Update CommandInjection.expected
2020-09-30 13:00:10 +02:00
Jonas Jensen
b1c826e5c0
Merge pull request #4135 from rdmarsh2/rdmarsh2/cpp/output-iterators-1
...
C++: Output iterators in AST taint tracking
2020-09-30 12:54:55 +02:00
Arthur Baars
061c2a754f
Java: tests for android database flow steps
2020-09-30 12:42:19 +02:00
Arthur Baars
a13e845127
Java: tests for android database sinks
2020-09-30 12:42:19 +02:00
Arthur Baars
39f5284dcc
Java: add stubs for some android database classes
2020-09-30 12:33:33 +02:00
Arthur Baars
449fb24ef6
Java: android add taint and SQL sink for ContentProvider/Resolver
2020-09-30 12:33:32 +02:00
Arthur Baars
efd5b6ff66
Java: SQLite: make classes private
2020-09-30 12:32:27 +02:00
Arthur Baars
28c965765b
Move query sinks into SQLite.qll
2020-09-30 12:32:27 +02:00
Arthur Baars
b3aae276ba
Add types to SQLite.qll
2020-09-30 12:32:24 +02:00
Arthur Baars
6db4f839cb
Java: add Android database taint and SQL injection sinks
2020-09-30 12:31:11 +02:00
Rasmus Lerchedahl Petersen
30d048f9d4
Python: Support unpacking of keyword arguments.
2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
e02cfbf6b0
Python: Support keyword overflow arguments
2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
27af9bbae8
Python: Support overflow positional arguments
...
Currently ignoring starred arguments
2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
8f2ef94b3e
Python: Hook up keyword arguments
2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
f5244aab8c
Python: Add testfiles
2020-09-30 11:54:40 +02:00
Rasmus Wriedt Larsen
1595fed2d6
Python: Add preliminary taint tests for pathlib
2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen
0542c3b91e
Python: Model os.path.join and add taint-step
2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen
efa2484718
Python: Add taint test for os.path.join
...
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen
aa6fad558c
Python: Minor cleanup in taint-step tests
2020-09-30 11:15:53 +02:00
Erik Krogh Kristensen
e0b25798ff
remove type-tracking from getAReference, and rewrite qldocs
2020-09-30 10:36:08 +02:00
Rasmus Wriedt Larsen
b3efa28277
Merge branch 'main' into python-command-execution-modeling
2020-09-30 10:24:11 +02:00
Jonas Jensen
68f6d93325
C++: Autoformat fixup
2020-09-30 09:49:56 +02:00
Anders Schack-Mulligen
8d4f7e2db7
Merge pull request #4366 from joefarebrother/field-rvalue-lvalue
...
Java: Make `FieldRead` and `FieldWrite` extend `RValue` and `LValue`
2020-09-30 07:55:24 +02:00
Ian Lynagh
d5f8cbc50c
C++: Accept test changes in unnamed entity naming
2020-09-29 17:30:33 +01:00
Erik Krogh Kristensen
65441705ef
renamings based on review
2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
c3f5a6dcac
introduce API::Node::getACall()
2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
69f4ac25c4
renamings based on review
2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
1596436f7e
rename getASourceUse to getAReference
2020-09-29 18:23:10 +02:00
Erik Krogh Kristensen
adc05022f3
update comment in test case
...
Co-authored-by: Max Schaefer <54907921+max-schaefer@users.noreply.github.com >
2020-09-29 18:21:41 +02:00
