Commit Graph

36554 Commits

Author SHA1 Message Date
Timo Müller
1fd2be3879 Added more clear reference
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-05-04 13:57:19 +02:00
Timo Müller
7026d82a72 Fixed typo
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-05-04 13:53:14 +02:00
Timo Müller
f28e994121 Update java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.qhelp
More descriptive (and PC) description.

Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
2021-05-04 13:52:47 +02:00
Nick Rolfe
647c108c0b Merge remote-tracking branch 'origin/main' into type_tracking 2021-05-04 12:38:16 +01:00
Arthur Baars
1a94fb47b6 Merge pull request #172 from github/update-testoutput
Update expected test output
2021-05-04 13:37:37 +02:00
CodeQL CI
b160badbf6 Merge pull request #5768 from erik-krogh/cacheMore
Approved by esbena
2021-05-04 04:16:15 -07:00
Tony Torralba
6e94dc5b85 Autoformatting 2021-05-04 13:15:20 +02:00
Felicity Chapman
616a57d6d4 Update article with code scanning example 2021-05-04 12:11:18 +01:00
Tamás Vajk
05c045070e Merge pull request #5810 from tamasvajk/feature/culture
C#: Use invariant culture in the extractor
2021-05-04 13:09:38 +02:00
Mathias Vorreiter Pedersen
568724bffd C#: Fix getInstructionOpcode to make sure IRConstruction.qll compiles for C#. 2021-05-04 13:00:40 +02:00
Arthur Baars
27538cb11d Update expected test output 2021-05-04 12:43:43 +02:00
Marcono1234
ab90fe18fd Docs: Use GitHub links for guides, improve formatting 2021-05-04 12:35:23 +02:00
Nick Rolfe
53deede8ab Remove unnecessary local flow inside type-tracking store step 2021-05-04 11:32:57 +01:00
Nick Rolfe
35ee62c689 Use splitting-aware nodes for type-tracking store/load steps 2021-05-04 11:31:03 +01:00
Mathias Vorreiter Pedersen
ded377bcd2 C++: Reorder getInstructionOpcode to produce better RA. 2021-05-04 12:13:34 +02:00
Tony Torralba
f79d2e06f9 Fix failing checks 2021-05-04 11:29:09 +02:00
Tamas Vajk
c547907784 C#: Use invariant culture in the extractor 2021-05-04 11:17:33 +02:00
Anders Schack-Mulligen
5bcf810a7c Merge pull request #5821 from JarLob/patch-1
Update UncaughtServletException.qhelp
2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen
9ee9186a1a Merge pull request #5825 from github/yo-h/java-diagnostic-queries
Java: split extractor diagnostics query into two
2021-05-04 10:12:32 +02:00
Erik Krogh Kristensen
aaf754ebf5 recognize more library input 2021-05-04 10:06:14 +02:00
Tony Torralba
6b79ca6403 Fix warning 2021-05-04 09:32:03 +02:00
CodeQL CI
6931d9a6f7 Merge pull request #5785 from edvraa/httponlyjs
Approved by esbena
2021-05-03 23:14:26 -07:00
luchua-bc
703fbf139a Add more methods and update the library name 2021-05-04 02:54:49 +00:00
yo-h
edf1a90161 Java: split extractor diagnostics query into two 2021-05-03 20:27:07 -04:00
edvraa
6fa2f1e653 update test message 2021-05-04 00:32:01 +03:00
Jonathan Leitschuh
dfad1fc740 [Java] Add support for com.google.common.base.MoreObjects#firstNonNull 2021-05-03 12:58:00 -04:00
Taus
483199878d Merge pull request #5793 from RasmusWL/fix-qldoc
Python: Minor fix to Django RawSQL QLDoc
2021-05-03 18:18:02 +02:00
Tony Torralba
e68c6e66a5 Remove qlref file 2021-05-03 17:53:37 +02:00
Tony Torralba
745a6f6fb4 Getters called on parameters propagate taint 2021-05-03 17:43:33 +02:00
Mathias Vorreiter Pedersen
2912c2e7f5 C++: Add more CWE tags to queries in the code scanning suite. 2021-05-03 16:58:47 +02:00
Edwin
27c680e28b Apply suggestions from code review
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
2021-05-03 16:41:09 +03:00
Jaroslav Lobačevski
38bce39baa Update UncaughtServletException.qhelp
There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
2021-05-03 15:06:57 +03:00
Tony Torralba
4d5ec87de9 Use InlineTest 2021-05-03 13:27:24 +02:00
Tony Torralba
4bfd34b1fe Moved from experimental 2021-05-03 13:15:24 +02:00
Arthur Baars
6adff6f195 Merge pull request #171 from github/self_nodes
Create synthetic `self` nodes for calls without explicit receivers
2021-05-03 12:59:11 +02:00
edvraa
cef845ac47 Support string expressions 2021-05-03 13:46:56 +03:00
Tony Torralba
38e052482c More csv sinks and sources 2021-05-03 12:44:53 +02:00
edvraa
ea38f0d3bd a new test for simple flow 2021-05-03 12:19:05 +03:00
edvraa
000826af11 typo 2021-05-03 12:18:43 +03:00
Tom Hvitved
182b2d0457 C#: Improve CFG for constructors when there are multiple implementations 2021-05-03 10:46:36 +02:00
Tom Hvitved
633f228dc2 C#: Add CFG tests for partial classes 2021-05-03 10:23:29 +02:00
Tom Hvitved
bb1cb73675 Merge pull request #5795 from hvitved/csharp/implicit-constructor-inits
C#: Extract implicit constructor initializer calls
2021-05-03 10:21:04 +02:00
Tom Hvitved
b77b3da8d6 C#: Add change note 2021-05-03 09:40:13 +02:00
Jonas Jensen
c05ef1225c Merge pull request #5803 from MathiasVP/no-magic-in-getUnspecifiedType
C++: Add nomagic to getUnspecifiedType
2021-05-03 09:03:58 +02:00
edvraa
65183cde80 Move to experimental 2021-05-03 09:59:52 +03:00
edvraa
bd99114cd6 Comments added 2021-05-03 09:55:04 +03:00
luchua-bc
4709e8139d JPython code injection 2021-05-03 01:43:56 +00:00
edvraa
a24c1c8114 fix comment 2021-05-03 00:36:38 +03:00
edvraa
fa94fedfc3 simple dataflow for sensitive name 2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2 check for sensitive property name 2021-05-03 00:31:29 +03:00