Geoffrey White
2d4a2e0d44
C++: Test spacing.
2021-12-07 11:58:06 +00:00
Rasmus Wriedt Larsen
ee23799a59
Merge pull request #7319 from RasmusWL/js-cwe-328
...
JS: Tag queries with CWE-328
2021-12-07 11:40:33 +01:00
Anders Schack-Mulligen
6c739b67fa
Merge pull request #7318 from RasmusWL/java-cwe-328
...
Java: Tag queries with CWE-328
2021-12-07 11:39:48 +01:00
Asger Feldthaus
23480b2d8f
JS: Remove stray TODO
2021-12-07 10:49:14 +01:00
Asger F
614c80706f
Apply suggestions from code review
...
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com >
2021-12-07 10:48:44 +01:00
Asger Feldthaus
5559681916
JS: Change note
2021-12-07 10:46:18 +01:00
Asger Feldthaus
635ac0a209
JS: Fix perf issue in data flow step generation
2021-12-07 10:46:18 +01:00
Asger Feldthaus
da8e67b7ee
JS: Use routing trees to detect deeply tainted req.body
2021-12-07 10:46:18 +01:00
Asger Feldthaus
7492293c5b
JS: Add test with route handler indirection
2021-12-07 10:46:18 +01:00
Asger Feldthaus
3cbe94ac0a
JS: Add consistency checks to TemplateObjectInjection test
2021-12-07 10:46:18 +01:00
Asger Feldthaus
64db70f3ac
JS: Add explicit body-parsers to TemplateObjectInjection test
2021-12-07 10:46:18 +01:00
Asger Feldthaus
8af430d40f
JS: Shift line numbers in TemplateObjectInjection test
2021-12-07 10:46:17 +01:00
Asger Feldthaus
5f8ea3965d
JS: Do not flag auth endpoints that are immune to Login CSRF
2021-12-07 10:46:17 +01:00
Asger Feldthaus
66b1612e5e
JS: Treat non-cookie based auth as CSRF preventer
2021-12-07 10:46:17 +01:00
Asger Feldthaus
b73219392b
JS: Improve precision of missing CSRF middleware
2021-12-07 10:46:17 +01:00
Asger Feldthaus
d0e94e655d
JS: Exclude error handling from auth calls
2021-12-07 10:46:17 +01:00
Asger Feldthaus
400bf10cc3
JS: Move fastify-specific route handler step into extension point
2021-12-07 10:46:17 +01:00
Asger Feldthaus
71820569e1
JS: Instantiate for Fastify
2021-12-07 10:46:15 +01:00
Asger Feldthaus
cfb9265f0a
JS: Add template steps for res.locals.x
2021-12-07 10:44:53 +01:00
Asger Feldthaus
5269933461
JS: Port missing rate limiting query
2021-12-07 10:44:19 +01:00
Asger Feldthaus
389a3c9073
JS: Port CSRF query
2021-12-07 10:43:06 +01:00
Asger Feldthaus
16fa066636
JS: Fix false negative in Mongo model
2021-12-07 10:43:05 +01:00
Asger Feldthaus
3dd5d4d7b4
JS: Instantiate for Express and add tests
2021-12-07 10:43:03 +01:00
Erik Krogh Kristensen
3ebf1e3c13
Add codeql-go sources ( 894102defd)
2021-12-07 10:42:38 +01:00
Erik Krogh Kristensen
a3d11c61a8
QL: Add codeql-go sources ( 894102defd)
2021-12-07 10:42:38 +01:00
Erik Krogh Kristensen
d852b28653
Add codeql sources ( 3c59aa319e)
2021-12-07 10:42:34 +01:00
Erik Krogh Kristensen
44c3787457
QL: Add codeql sources ( 3c59aa319e)
2021-12-07 10:42:34 +01:00
Asger Feldthaus
aae4260819
JS: Routing model
2021-12-07 10:41:55 +01:00
Asger Feldthaus
e9575c3df6
JS: Support AdditionalUseStep in API graphs
2021-12-07 10:41:52 +01:00
Erik Krogh Kristensen
3c59aa319e
Merge pull request #7245 from erik-krogh/explicit-this-all-the-places
...
All langs: apply the explicit-this patch to all remaining code
2021-12-07 10:40:26 +01:00
Taus
7cd9369d91
Python: Autoformat
2021-12-07 09:29:24 +00:00
Taus
33a9f86f54
Python: Change integer in trois.py
2021-12-07 08:54:07 +00:00
Taus
dd33f4f4d2
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2021-12-07 09:48:53 +01:00
Harry Maclean
6f42153eac
Ruby: Include empty StmtSequences in CFG
...
Empty StmtSequences appear, for example, in the `else` branch of `if`
statements like the following:
foo
if cond
bar
else
end
baz
Before this change, the CFG for this code would look like this:
foo
│
│
▼
cond
│
true │
▼
bar
│
│
▼
if
│
│
▼
baz
i.e. there is linear flow through the condition, the `then` branch, and
out of the if. This doesn't account for the possibility that the
condition is false and `bar` is not executed. After this change, the CFG
looks like this:
foo
│
│
▼
cond
│ │
true │ │ false
▼ │
bar │
│ │
│ │
▼ ▼
if
│
│
▼
baz
i.e. we correctly account for the `false` condition.
2021-12-07 16:01:50 +13:00
Geoffrey White
4e68a4670b
Merge pull request #7322 from MathiasVP/fix-performance-of-unused-static-functions
...
C++: Fix performance of 'cpp/unused-static-function'.
2021-12-06 17:30:51 +00:00
Mathias Vorreiter Pedersen
4765772725
C++: Fix performance of 'cpp/unused-static-function'.
2021-12-06 16:41:10 +00:00
Tom Hvitved
243b92b28c
C#: Avoid CIL instructions with multiple types
2021-12-06 14:42:41 +01:00
Tom Hvitved
60c0bcf8f7
C#: Include dup instructions in CIL ExprMissingType consistency test
2021-12-06 14:37:07 +01:00
Tom Hvitved
c39fe59a04
C#: Populate UnknownType
2021-12-06 14:09:17 +01:00
Rasmus Wriedt Larsen
7ae1047fda
JS: Tag queries with CWE-328
...
CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html
2021-12-06 14:02:24 +01:00
Rasmus Wriedt Larsen
ff9ed0d4fb
Java: Tag queries with CWE-328
...
CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html
Since weak hash functions (md5/sha1) are considered for the
`java/weak-cryptographic-algorithm` query. See
caeeebf572/java/ql/lib/semmle/code/java/security/Encryption.qll (L148)
2021-12-06 13:59:00 +01:00
Tom Hvitved
5dbbb86d46
Ruby: Restructure ParameterNode(Impl)
2021-12-06 13:43:19 +01:00
Tom Hvitved
728e3abee5
Ruby: Tweak Method::isPrivate join-orders
2021-12-06 13:36:48 +01:00
Tom Hvitved
36569f997f
Ruby: Add InlineFlowTest.qll
2021-12-06 13:35:07 +01:00
Benjamin Muskalla
557cb0a09e
Add job name
2021-12-06 11:42:03 +01:00
Benjamin Muskalla
657c576186
Skip diffs if same branch
2021-12-06 11:30:14 +01:00
Benjamin Muskalla
38debc0b64
Remove push trigger
2021-12-06 11:21:15 +01:00
Mathias Vorreiter Pedersen
6b1ac73a46
Merge pull request #7177 from ihsinme/ihsinme-patch-6141
...
fix request for cpp exceptions
2021-12-06 09:24:59 +00:00
Anders Schack-Mulligen
de1269f18f
Merge pull request #7308 from github/workflow/coverage/update
...
Update CSV framework coverage reports
2021-12-06 09:58:49 +01:00
github-actions[bot]
c46ede02e6
Add changed framework coverage reports
2021-12-06 00:09:47 +00:00
