Commit Graph

36554 Commits

Author SHA1 Message Date
edvraa
7ab91bb185 Inline getOptionsArgument 2021-05-03 00:09:15 +03:00
ihsinme
bb97507ebc Update test.c 2021-05-02 22:59:56 +03:00
ihsinme
21f43252e6 Update DeclarationOfVariableWithUnnecessarilyWideScope.expected 2021-05-02 22:59:04 +03:00
ihsinme
0935c5a0f2 Update DeclarationOfVariableWithUnnecessarilyWideScope.ql 2021-05-02 22:58:30 +03:00
ihsinme
8c3980d80b Update cpp/ql/src/experimental/Security/CWE/CWE-1126/DeclarationOfVariableWithUnnecessarilyWideScope.c
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
2021-05-02 22:54:43 +03:00
Tony Torralba
53e04d0d96 Refactor to CSV sink model 2021-04-30 17:53:43 +02:00
Mario Campos
ae857db657 Add React Native to JavaScript frameworks
According to @asgerf, React Native is already supported 🎉
2021-04-30 10:47:08 -05:00
Timo Mueller
c22eeacbfc Fixed accidential double init of variable 2021-04-30 16:28:56 +02:00
Timo Mueller
61d053f6b3 Fixed missing metadata description 2021-04-30 16:28:17 +02:00
Timo Mueller
15a3068f8a Added query for insecure environment configuration RMI JMX (CVE-2016-8735) 2021-04-30 16:23:17 +02:00
Chris Smowton
b2c0259197 Merge pull request #5631 from haby0/UseOfLessTrustedSource
[Java] CWE-348: Using a client-supplied IP address in a security check
2021-04-30 15:20:53 +01:00
Nick Rolfe
5dc910d0db Move track predicate to LocalSourceNode 2021-04-30 15:05:12 +01:00
Nick Rolfe
37c8d8a252 Rename getCallable to getTarget 2021-04-30 14:41:50 +01:00
Nick Rolfe
fdccd5da7e Add AstNode::isSynthesized() 2021-04-30 11:58:54 +01:00
haby0
fdcc517b9f UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck" 2021-04-30 17:43:34 +08:00
haby0
f41301f8f5 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java
Co-authored-by: Chris Smowton <smowton@github.com>
2021-04-30 16:55:17 +08:00
haby0
0691cac5ab Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
Co-authored-by: Chris Smowton <smowton@github.com>
2021-04-30 16:54:41 +08:00
haby0
8142810455 Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
Co-authored-by: Chris Smowton <smowton@github.com>
2021-04-30 16:54:28 +08:00
Tom Hvitved
ecd40e5cae Merge pull request #5808 from intrigus-lgtm/fix-lambda-typos
Fix typo.
2021-04-30 09:08:28 +02:00
haby0
711a74c9c9 Eliminate false positives\ 2021-04-30 10:31:40 +08:00
intrigus
08731fc6cf Fix typo. 2021-04-29 20:26:34 +02:00
Alex Ford
2c8a4f833f make rb/overly-permissive-file a proper path-problem 2021-04-29 19:11:39 +01:00
Nick Rolfe
e87bf57bc5 Avoid recursion in IPA construction 2021-04-29 18:04:15 +01:00
Alex Ford
4375452866 more IntegerLiteral.getValue improvements 2021-04-29 17:08:33 +01:00
Alex Ford
05adfec03d account for more patterns in IntegerLiteral.getValue 2021-04-29 17:02:54 +01:00
Alex Ford
35d5bae10e run formatter 2021-04-29 16:16:09 +01:00
Alex Ford
efa323c304 rb/overly-permissive-file use QL bitwise operators 2021-04-29 16:08:42 +01:00
Alex Ford
46a14b2826 move parseInt logic into getValue method predicate on IntegerLiteral 2021-04-29 15:54:22 +01:00
Alex Ford
1c89bbe188 fix select format of rb/overly-permissive-file 2021-04-29 15:44:54 +01:00
Nick Rolfe
bd6fe41388 Merge IPA branches for implicit self 2021-04-29 15:38:58 +01:00
Alex Ford
2c0fc7d193 parse integer permission args as ints instead of using regex matches 2021-04-29 15:34:10 +01:00
Jorge
bd4b189373 Polish documentation consistency
Co-authored-by: yoff <lerchedahl@gmail.com>
2021-04-29 16:26:28 +02:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse
[Java] JWT without signature check.
2021-04-29 14:41:11 +01:00
Geoffrey White
c4069362ce Merge pull request #5804 from MathiasVP/improve-detect-and-handle-memory-allocation-errors
C++: Improve qhelp and tests for cpp/detect-and-handle-memory-allocation-errors
2021-04-29 14:34:41 +01:00
haby0
e813257431 use hardCode 2021-04-29 21:23:52 +08:00
Anders Schack-Mulligen
404a6c1506 Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs
Document `SpringProperty::getSetterMethod`.
2021-04-29 15:10:58 +02:00
Anders Schack-Mulligen
c78285e557 Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent
Java: Add StmtParent as superclass of SwitchExpr
2021-04-29 15:02:05 +02:00
Nick Rolfe
59c83b7b8f Add clarifying comment 2021-04-29 14:00:27 +01:00
Nick Rolfe
9540125771 Remove fromGeneratedInclSynth predicate 2021-04-29 13:58:16 +01:00
Tom Hvitved
c3890a9435 C#: Adjust CFG for instance constructors 2021-04-29 14:05:42 +02:00
Tom Hvitved
ee62522c51 C#: Extract implicit constructor initializer calls 2021-04-29 14:05:42 +02:00
Mathias Vorreiter Pedersen
c67ab8f1f0 C++: Respond to review comments. 2021-04-29 14:01:04 +02:00
Chris Smowton
2787c2f874 Document SpringProperty::getSetterMethod. 2021-04-29 12:28:26 +01:00
Arthur Baars
300a54384f Add TypeTracker to identical-files.json 2021-04-29 12:20:14 +02:00
Arthur Baars
f07c58ee07 Update codeql submodule 2021-04-29 12:13:11 +02:00
Mathias Vorreiter Pedersen
e81b40978e C++: Improve the description tag. 2021-04-29 12:10:29 +02:00
Nick Rolfe
96ddd55191 Apply suggestions from code review
Co-authored-by: Arthur Baars <aibaars@github.com>
2021-04-29 12:07:32 +02:00
Nick Rolfe
c1c437f020 Minimal implementation of shared type-tracking library 2021-04-29 12:07:32 +02:00
Arthur Baars
6693c5bdd0 Merge pull request #5395 from tausbn/python-share-typetracker
Python: Make the type tracking implementation shareable
2021-04-29 12:06:12 +02:00
Mathias Vorreiter Pedersen
9e39b08325 C++: Improve the qhelp for cpp/detect-and-handle-memory-allocation-errors. 2021-04-29 11:58:36 +02:00