Henning Makholm
534e771309
Merge pull request #5934 from github/hmakholm/pr/monotonic-agg
...
QL language reference: add monotonic aggregate example
2021-06-01 13:10:50 +02:00
Taus
53b7492aa3
Generate QLDoc for getChild
2021-06-01 10:57:39 +00:00
Taus
6cf7a12c8c
Undo field name escaping
2021-06-01 10:56:45 +00:00
Tamás Vajk
e7a349be2d
Merge pull request #5978 from tamasvajk/fix/change-note-workflow
...
Fix change note workflow to handle paginated results
2021-06-01 12:50:32 +02:00
Anders Schack-Mulligen
fc913e744e
Java: Minor model fix.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
dbe352f3ff
Java: Remove deprecated tests.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
901996f9fd
Java: Add collection flow test.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
43d1b0ab27
Java: Update qltests.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
a40880af70
Java: Add read-as-taint and config-dependent store-as-taint.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
2f087e17cb
Java: Allow <> in types for now.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3f538e7fac
Java: Update some models.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
9e313d0cf6
Java: Remove container taint steps.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
3b6cef4f74
Java: Add container flow models.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ffd52bb673
Java: Fix bug in matching generic signatures.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
1001dd84e6
Java: Switch array steps and one containerstep.
2021-06-01 11:47:52 +02:00
Anders Schack-Mulligen
ce509eb7e1
Merge pull request #5927 from aschackmull/dataflow/flowthrough-dispatch-perf
...
Dataflow: Improve performance in flow-through pruning
2021-06-01 11:46:22 +02:00
Anders Schack-Mulligen
a4661e1aca
Merge pull request #5704 from edvraa/regexj
...
Java: Regex injection
2021-06-01 11:45:59 +02:00
Artem Smotrakov
8dc1451d42
Better recommendation in UnsafeDeserializationRmi.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-06-01 12:16:09 +03:00
Erik Krogh Kristensen
0b225419a3
Merge pull request #5977 from security-prince/patch-1
...
Adding reference link for csurf
2021-06-01 11:07:36 +02:00
Tom Hvitved
5771b0420f
Merge pull request #5936 from hvitved/csharp/cfg/perf-tweaks
...
C#: Various CFG related performance tweaks
2021-06-01 11:06:01 +02:00
Anders Schack-Mulligen
5d21c64247
Dataflow: qldoc fix.
2021-06-01 10:49:47 +02:00
Tamas Vajk
bc02f28ddd
Fix change note workflow to handle paginated results
2021-06-01 10:44:44 +02:00
Jonas Jensen
2261085cfe
Merge pull request #5973 from MathiasVP/more-uncontrolled-arith-improvements
...
C++: More `cpp/uncontrolled-arithmetic` improvements
2021-06-01 10:44:29 +02:00
Anders Schack-Mulligen
4f9a6c151b
Dataflow: Code review fixes.
2021-06-01 10:29:17 +02:00
Mathias Vorreiter Pedersen
8765c33847
C++: Also check the number of parameters to keep the tests happy.
2021-06-01 10:17:57 +02:00
Ishaq Mohammed
96150a455d
Update javascript/ql/src/Security/CWE-352/MissingCsrfMiddleware.qhelp
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2021-06-01 13:47:43 +05:30
Ishaq Mohammed
975355de4a
Adding reference link for csurf
2021-06-01 13:41:25 +05:30
Mathias Vorreiter Pedersen
615c805b2c
C++: Only use std::rand as a source of randomness.
2021-06-01 09:28:06 +02:00
Taus
d38520dc73
Escape field names correctly
...
This should make `field('unique', $.whatever)` valid again.
2021-05-31 20:56:29 +00:00
Taus
64090b086c
Autogenerate QLDoc for TreeSitter.qll
...
It's not quite perfect, as there's still some QLDoc missing on the
various `getChild` methods, but it wasn't immediately clear to me how
to get this working (especially since the QLDoc would ideally be
different depending on whether there was a child index or not).
Then again, `getChild` probably has a pretty intuitive meaning...
2021-05-31 20:54:10 +00:00
Henning Makholm
70b9739d2d
QL language reference: add monotonic aggregate example
...
It's easier to understand what's going on if we start with a
(contrived) example that _doesn't_ involve recursion.
2021-05-31 21:23:08 +02:00
Tom Hvitved
3ffef634d7
More synthesis refactoring
...
- Join `TElementReferenceSynth` and `TMethodCallSynth`.
- Move arity and setter information into `MethodCallKind`.
- Add `Synthesis::methodCall` for specifying which method calls need synthesis.
2021-05-31 16:29:41 +02:00
Mathias Vorreiter Pedersen
41c93d92d7
C++: Remove FPs from right shifts and explicitly bounded random functions.
2021-05-31 15:40:02 +02:00
Mathias Vorreiter Pedersen
10755ece88
C++: Add testcase with bounded randomness source.
2021-05-31 15:33:39 +02:00
Anders Schack-Mulligen
683f853fa5
Dataflow: Fix another bad join order.
2021-05-31 15:14:13 +02:00
Erik Krogh Kristensen
85bd8f1020
add change-note for TypeScript 4.3
2021-05-31 13:08:52 +02:00
Erik Krogh Kristensen
e6b1c61e81
add tests for TypeScript 4.3
2021-05-31 13:08:43 +02:00
Erik Krogh Kristensen
2cc2d116bc
bump extractor version
2021-05-31 13:08:24 +02:00
Erik Krogh Kristensen
35d7fda5e2
update typescript to 4.3 in the extractor
2021-05-31 13:08:09 +02:00
Mathias Vorreiter Pedersen
6d7b95c15d
Merge pull request #5966 from erik-krogh/overrideConsistency
...
CPP/C#: make some parameter names consistent with the names used in the super class
2021-05-31 11:57:10 +02:00
Jonas Jensen
4e502d10d6
Merge pull request #5951 from MathiasVP/optimize-switcCase-getAStmt
...
C++: Remove large antijoin in `SwitchCase.getAStmt`
2021-05-31 11:50:32 +02:00
Taus
bae3728e3c
Merge pull request #5945 from RasmusWL/minor-qldoc-cleanup
...
Python: Minor QLDoc cleanup
2021-05-31 11:40:44 +02:00
Taus
d9911a016e
Merge pull request #5933 from RasmusWL/expand-use-of-input-test
...
Python: Expand test of py/use-of-input
2021-05-31 11:39:33 +02:00
Mathias Vorreiter Pedersen
b4e4c12d0f
C++: Use a rank aggregate for a much better implementation.
2021-05-31 11:17:09 +02:00
Taus
9abe340a1f
Fix getQLDoc compilation error
2021-05-31 08:55:27 +00:00
Taus
cbd0caa4ab
QL: Fix getQLDoc compilation error
2021-05-31 08:55:27 +00:00
Jonas Jensen
f97b8ad1d4
Merge pull request #5961 from MathiasVP/fix-FPs-in-incorrect-allocation-error-handling
...
C++: Exclude custom `operator new` from `cpp/incorrect-allocation-error-handling`
2021-05-31 10:54:59 +02:00
Mathias Vorreiter Pedersen
66d284ee59
Merge pull request #5766 from ihsinme/ihsinme-patch-267
...
CPP: Add query for CWE-415 Double Free
2021-05-31 10:51:32 +02:00
Taus
3cdc6a18ae
Merge branch 'main' into dbscheme-and-qlpack-support
2021-05-31 10:50:39 +02:00
Taus
ada77a3c8b
QL: Merge branch 'main' into dbscheme-and-qlpack-support
2021-05-31 10:50:39 +02:00