Rasmus Lerchedahl Petersen
41c9394b4b
Python: update qhelp and example
2021-03-14 09:22:47 +01:00
Rasmus Lerchedahl Petersen
0d8f8d2cc5
Python, doc: subsection on local sources
...
also remove references to `parameterNode` which is not available yet.
2021-03-13 08:15:42 +01:00
Marcono1234
a457f5cc4a
Add missing quote in documentation
2021-03-13 05:01:56 +01:00
yoff
a760ed8c55
Merge pull request #5388 from tausbn/python-api-graph-builtins
...
Python: Support built-ins in API graphs
2021-03-12 17:45:59 +01:00
Tamas Vajk
27048191c8
C#: Add dataflow test for tuple-positional pattern
2021-03-12 17:14:24 +01:00
Arthur Baars
3e5ff1d042
AST: order edges by target node
...
When printing a tree CodeQL iterates over the nodes and
for each node prints the successor edges as children. If the
the successor edges are ordered by target node then the children
printe in the right order in the expected output.
2021-03-12 16:52:34 +01:00
Erik Krogh Kristensen
1dcfc3840d
add test
2021-03-12 16:25:33 +01:00
Erik Krogh Kristensen
f357b73f94
require that the MetacharEscapeSanitizer is a global replace call
2021-03-12 16:18:47 +01:00
Tamas Vajk
9ff304ca6b
Fix missing variable binding
2021-03-12 16:14:32 +01:00
Taus
dfc0e9b906
Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces
...
Python: Port py/bind-socket-all-network-interfaces query
2021-03-12 16:04:19 +01:00
Rasmus Lerchedahl Petersen
748749c32a
Python, doc: Describe smoother syntax
2021-03-12 16:02:20 +01:00
Anders Schack-Mulligen
5aa9c2bd19
Dataflow: One more pragma.
2021-03-12 15:59:19 +01:00
CodeQL CI
cb6ee547ca
Merge pull request #5379 from asgerf/js/d3
...
Approved by erik-krogh
2021-03-12 06:49:48 -08:00
Taus
c6d6d07720
Apply suggestions from code review
2021-03-12 14:28:59 +01:00
Taus
ffe5d30c2b
Apply suggestions from code review
...
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com >
2021-03-12 14:27:07 +01:00
Taus Brock-Nannestad
f05313435d
Python: Move typePreservingStep into Private
2021-03-12 14:06:39 +01:00
Chris Smowton
92d61354d4
Remove abstract class RandomNumberGenerator
2021-03-12 13:04:31 +00:00
Asger Feldthaus
a2d1e88bb3
JS: Update more test expectations
2021-03-12 12:57:21 +00:00
Taus Brock-Nannestad
9b8056371f
Python: Make the type tracking implementation shareable
2021-03-12 13:51:24 +01:00
luchua-bc
1a2e341b7c
Refactor the business logic of the query into a separate predicate
2021-03-12 12:19:37 +00:00
Anders Schack-Mulligen
a8b84e430f
Merge pull request #5390 from Marcono1234/patch-2
...
Java: Fix documentation mistake in Modules.qll
2021-03-12 12:51:24 +01:00
Anders Schack-Mulligen
c9786df760
Merge pull request #5344 from smowton/smowton/feature/commons-object-utils
...
Java: Add models for flow- and taint-preserving functions in Commons ObjectUtils
2021-03-12 12:46:31 +01:00
Anders Schack-Mulligen
195ed0173c
Merge pull request #5393 from aschackmull/java/taint-not-value-step
...
Java: Remove value steps from taint steps.
2021-03-12 12:44:48 +01:00
Taus Brock-Nannestad
978200e2ad
Python: Distinguish between Python 2 and 3
...
Also moves the filtering on `name` to before the big disjunction in
`MkModuleImport`.
2021-03-12 12:35:23 +01:00
Chris Smowton
58d5c2c32d
Abbreviate redundant value-flow / taint-flow tests
2021-03-12 10:53:27 +00:00
Cornelius Riemenschneider
0274162c4d
Merge pull request #5385 from github/igfoo/failed_extractions
...
C++: Add FailedExtractions.ql
2021-03-12 11:14:06 +01:00
Anders Schack-Mulligen
1d3ad0cb52
Java: Remove value steps from taint steps.
2021-03-12 11:09:53 +01:00
Jonas Jensen
2d4f624935
Merge pull request #5381 from MathiasVP/fix-link-in-CONTRIBUTING
...
Fix dead link in CONTRIBUTING.md
2021-03-12 10:27:45 +01:00
Asger Feldthaus
5d6a93332f
JS: Autoformat
2021-03-12 08:28:32 +00:00
Erik Krogh Kristensen
d7b0f628a1
add test
2021-03-12 00:03:20 +01:00
Erik Krogh Kristensen
ae805eb939
don't filter away templated URLs in RemoteServerResponse
2021-03-11 23:52:24 +01:00
Marcono1234
edeb08480e
Java: Fix documentation mistake in Modules.qll
2021-03-11 23:45:59 +01:00
Taus Brock-Nannestad
fe3824c202
Python: Document API graphs
2021-03-11 23:11:23 +01:00
Taus Brock-Nannestad
c7b2b719cf
Python: Support builtins in API graphs
2021-03-11 23:03:18 +01:00
luchua-bc
c8b1bc3a89
Enhance the query
2021-03-11 21:41:34 +00:00
Mathias Vorreiter Pedersen
5667901a2a
C++: Accept test changes after merge from main (which changed the path explanations).
2021-03-11 21:16:57 +01:00
Ian Lynagh
75ebb348a0
C++: Add name/description to FailedExtractions.ql
2021-03-11 18:44:24 +00:00
luchua-bc
0a35feef76
Exclude CSRF cookies to reduce FPs
2021-03-11 17:28:07 +00:00
luchua-bc
57953c523c
Update qldoc
2021-03-11 17:16:36 +00:00
Mathias Vorreiter Pedersen
a2d75c4fed
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2021-03-11 18:06:37 +01:00
Asger Feldthaus
a03cb11257
JS: Include $().prop() source in XssThroughDom
2021-03-11 16:27:31 +00:00
Chris Smowton
82a000bcca
Improve change note
...
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com >
2021-03-11 16:22:56 +00:00
Chris Smowton
6508a223c3
Remove useless =y value specification from inline test expectations
2021-03-11 16:22:56 +00:00
Chris Smowton
b5268def16
Add models for CONST_BYTE and CONST_SHORT
2021-03-11 16:22:56 +00:00
Chris Smowton
1c1ca70027
Add models for flow- and taint-preserving functions in Commons ObjectUtils.
...
These should all be value-preserving, but we don't support value-preserving varargs methods yet.
2021-03-11 16:22:54 +00:00
Asger Feldthaus
2f3a76c43b
JS: Handle global variable d3
2021-03-11 16:17:27 +00:00
Asger Feldthaus
3b11958e33
JS: Expand D3 model a bit
2021-03-11 16:13:02 +00:00
Arthur Baars
cde496cc4c
Merge pull request #152 from github/aibaars/fix-vars
...
Fix VariableRead/WriteAcess for instance and class variables
2021-03-11 17:05:56 +01:00
Erik Krogh Kristensen
3005439a6a
cache the BasicBlock charpred
2021-03-11 16:09:47 +01:00
Erik Krogh Kristensen
5afb7e05ee
cache AccessPath::getAnInstanceIn
2021-03-11 16:09:24 +01:00
