intrigus
c88f07dde4
Java: Accept test output
2021-01-11 13:42:07 +01:00
intrigus
33b0ff28d8
Java: Update test
2021-01-11 13:42:07 +01:00
intrigus
9e2ef9bd74
Java: Filter results by feature flags.
...
This ignores results that are guarded by a feature flag
that suggests an intentionally insecure feature.
Inspired by Go's `InsecureFeatureFlag.qll` and
`DisabledCertificateCheck.ql`.
2021-01-11 13:42:07 +01:00
intrigus
a62a2e58dd
Java: Improve QL-Doc
2021-01-11 13:42:07 +01:00
intrigus
d98b171998
Java: Make EnvTaintedMethod public + QL-Doc
2021-01-11 13:42:07 +01:00
intrigus
e021158b5f
Java: Tighter model of HostnameVerifier#verify
...
This more tightly models `HostnameVerifier#verify` previously it
was possible to accidentally match other methods called `verify`.
2021-01-11 13:42:07 +01:00
intrigus
0a9df07df7
Apply suggestions from review.
2021-01-11 13:42:07 +01:00
intrigus
70b0703952
Java: Remove overlapping code
2021-01-11 13:42:07 +01:00
intrigus
3da1cb0879
Java: Add unsafe hostname verification query
2021-01-11 13:42:07 +01:00
intrigus
8df5d77398
Java: Model HostnameVerifier method
...
Model `HostnameVerifier#setDefaultHostnameVerifier`
2021-01-11 13:42:06 +01:00
Anders Schack-Mulligen
3a2dd8f1ed
Merge pull request #4867 from RasmusWL/java-externalapis-taint-step
...
Java: Fix taint-step handling for untrusted-data-external-api
2021-01-11 13:36:59 +01:00
madneal
4e373aaf29
replace error with errors
2021-01-11 19:38:27 +08:00
Rasmus Wriedt Larsen
7d94bab75e
Merge branch 'main' into django-request-handler-without-route
2021-01-11 12:24:41 +01:00
madneal
e0fc9bac08
add error for shotString
2021-01-11 19:15:22 +08:00
Rasmus Wriedt Larsen
828bb9a902
Python: Small refactor for request param modeling in Django
2021-01-11 11:29:54 +01:00
Esben Sparre Andreasen
580a24e982
JS: rewrite js/incomplete-multi-character-sanitization
2021-01-11 11:26:45 +01:00
Rasmus Wriedt Larsen
141b9adc4d
Python: Minor refactoring
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2021-01-11 11:18:59 +01:00
Geoffrey White
cf1d1dc5c0
C++: Remove old tags.
2021-01-11 09:31:06 +00:00
Mathias Vorreiter Pedersen
46393c33ef
C++: Fix bad join orders introduced in previous commit.
2021-01-11 09:19:58 +01:00
madneal
1e2487320c
address #4932,fix for errors of Binding behavior
2021-01-09 21:38:25 +08:00
Mathias Vorreiter Pedersen
a00bd7ae02
C++: Respond to review comments.
2021-01-08 19:47:02 +01:00
Geoffrey White
70ce5fde75
C++: Improve metadata for GlobalNamespaceClasses.ql.
2021-01-08 18:27:06 +00:00
Geoffrey White
a6937beee3
Merge branch 'main' into sqltaint
2021-01-08 17:27:43 +00:00
Geoffrey White
7f0209f72e
Merge branch 'main' into modelclasses
2021-01-08 17:11:25 +00:00
Shati Patel
b794fcb841
Merge pull request #4925 from shati-patel/fix-links
...
Fix broken links in CodeQL documentation
2021-01-08 16:35:15 +00:00
Shati Patel
53c46edc1c
Address review comments
2021-01-08 15:20:40 +00:00
Rasmus Wriedt Larsen
00c253a710
Java: Don't ignore local taint steps (fixup)
2021-01-08 15:29:01 +01:00
Anders Schack-Mulligen
e5b4975450
Merge pull request #4675 from luchua-bc/cleartext-storage-shared-prefs
...
Java: Query to detect cleartext storage of sensitive information using Android SharedPreferences
2021-01-08 12:41:34 +01:00
Tamás Vajk
136e5c93d1
Merge pull request #4672 from tamasvajk/feature/extract-anon-types
...
C#: Extract anonymous types explicitly
2021-01-08 11:54:37 +01:00
CodeQL CI
807fc94627
Merge pull request #4921 from erik-krogh/moreShellSan
...
Approved by esbena
2021-01-08 00:58:26 -08:00
Tamas Vajk
800fd94572
Add DB upgrade folder
2021-01-08 08:20:49 +01:00
Tamas Vajk
056dbe31d5
C#: Remove throw completion from StringLiteral
2021-01-08 08:14:08 +01:00
Erik Krogh Kristensen
6423c32990
Update javascript/ql/src/semmle/javascript/security/dataflow/UnsafeShellCommandConstructionCustomizations.qll
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2021-01-07 22:02:39 +01:00
Shati Patel
cdcb4a9599
Fix redirects from Sphinx linkcheck
2021-01-07 15:45:40 +00:00
Shati Patel
3da66b7fd9
Fix broken links from Sphinx linkcheck
2021-01-07 15:45:28 +00:00
Tamas Vajk
f971f42bb1
Add new stats file
2021-01-07 15:24:10 +01:00
Tamas Vajk
fdf5cf9dd0
C#: Extract anonymous types explicitly
2021-01-07 15:24:10 +01:00
Tom Hvitved
63f76b1b43
C#: Uniform treatment of all SSA definitions
2021-01-07 15:16:44 +01:00
Tom Hvitved
8d77f4bac9
C#: Remove ImplicitUntrackedDefinition
2021-01-07 15:16:39 +01:00
luchua-bc
606d0946fc
Update qldoc
2021-01-07 14:05:12 +00:00
Tamás Vajk
3b16d2689d
Merge pull request #4821 from tamasvajk/feature/csharp9-cil-init-prop
...
C#: Extract init only accessors from CIL
2021-01-07 15:04:40 +01:00
CodeQL CI
c193d9f375
Merge pull request #4823 from erik-krogh/furtherReDoS
...
Approved by esbena
2021-01-07 05:24:07 -08:00
Erik Krogh Kristensen
7eab08511b
add source code examples to blocksCharInAccess
2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
8b03ab0c01
update docstring for getAShellChar
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2021-01-07 13:58:26 +01:00
Erik Krogh Kristensen
2aa59a3f8b
support sanitizers that sanitize individual chars in js/shell-command-constructed-from-input
2021-01-07 13:58:25 +01:00
Mathias Vorreiter Pedersen
13a67c906e
Merge pull request #4810 from geoffw0/multtoalloc
...
C++: Query for multiplications used in allocations.
2021-01-07 13:48:58 +01:00
luchua-bc
b54e5b1c49
Revamp the library module
2021-01-07 12:44:59 +00:00
ihsinme
2d6dafc6be
Update MemoryLeakOnFailedCallToRealloc.ql
2021-01-07 15:44:50 +03:00
ihsinme
f378c14659
Update MemoryLeakOnFailedCallToRealloc.expected
2021-01-07 15:43:58 +03:00
ihsinme
592cd284e8
Update test.c
2021-01-07 15:41:31 +03:00
