Rasmus Wriedt Larsen
81b29316e1
Merge pull request #4737 from yoff/python-dataflow-add-cast-nodes
...
Python: Force read- and store steps to add nodes.
2021-02-25 14:28:54 +01:00
Tamás Vajk
9ae22cbebd
Merge pull request #5189 from tamasvajk/feature/refactor-3
...
C#: Split 'Context' class between CIL and source extraction
2021-02-25 14:28:25 +01:00
Arthur Baars
fa7adee245
Merge pull request #142 from github/aibaars/clean-up
...
Remove as many references to TreeSitter::Generated
2021-02-25 14:28:09 +01:00
Bas van Schaik
5ecd2317b0
Merge pull request #5212 from github/sj-patch-1
...
Include @xcorail (GHSL) in code reviews for `experimental` queries
2021-02-25 12:58:12 +00:00
Arthur Baars
9800e3f930
Add some TODO comments
2021-02-25 13:43:36 +01:00
Taus
d326d40d71
Merge pull request #5252 from RasmusWL/test-cleanup
...
Python: Minor cleanup of test setup
2021-02-25 13:33:10 +01:00
Mathias Vorreiter Pedersen
d33209388d
C++: Fix test annotations. Also exclude static locals from the query and add a testcase for this.
2021-02-25 13:25:11 +01:00
Taus
01d581ecf3
Merge pull request #5250 from tausbn/python-port-re-security-queries
...
Python: Port URL sanitisation queries to API graphs
2021-02-25 13:13:55 +01:00
Arthur Baars
f3d1c804be
Update test data
2021-02-25 12:57:18 +01:00
Arthur Baars
7c0ea7b3bc
CFG: add AstNode for @in
2021-02-25 12:57:18 +01:00
Arthur Baars
b16d6bf5b4
CFG: make isValidFor work for hidden nodes
2021-02-25 12:57:18 +01:00
Arthur Baars
9fc5c43412
Clean-up Completion.qll
2021-02-25 12:57:18 +01:00
Arthur Baars
999b82ca73
Remove imports of TreeSitter
2021-02-25 12:57:18 +01:00
Arthur Baars
d30912611b
Merge pull request #136 from github/aibaars/child-parent
...
Finish AST and add consistency query
2021-02-25 12:54:45 +01:00
Joe Farebrother
41b7db144d
Allow for array types in model signatures
2021-02-25 11:40:48 +00:00
Arthur Baars
27a2310840
CFG: sort expected output by file path and line
2021-02-25 12:27:11 +01:00
Max Schaefer
f93937f40a
Add change note.
2021-02-25 10:51:01 +00:00
Rasmus Lerchedahl Petersen
64c0eaf305
Python: Update test expectations
2021-02-25 11:49:57 +01:00
yoff
f15084254b
Add comment explaining tacky nature of code
2021-02-25 11:49:57 +01:00
Rasmus Lerchedahl Petersen
5b51a3461d
Python: Force read- and store steps to add nodes.
...
This gives muche nicer path explanations on some snapshots.
It is achieved by making stepped-to nodes `CastNode`s.
This seems somewhat reasonable as types then to change, when we move
between content and container.
We could probably refine it, though.
2021-02-25 11:49:57 +01:00
Max Schaefer
3fe249f25c
Address review comments.
2021-02-25 10:48:23 +00:00
Erik Krogh Kristensen
de6b604930
cache RemoteFlowSource
2021-02-25 11:41:08 +01:00
Erik Krogh Kristensen
86bc7d3e1a
avoid a ValueNode x TypeTracker join in Hapi::RouteSetup::getARouteHandler
2021-02-25 11:41:08 +01:00
Erik Krogh Kristensen
d35ea7fb15
always get a good join-order in getAnAliasedSourceNode
2021-02-25 11:41:08 +01:00
Rasmus Wriedt Larsen
472ff97561
Docs: Add crypto to supported Python frameworks
2021-02-25 11:31:03 +01:00
Rasmus Wriedt Larsen
4610b1b392
Pyhton: Use type back-tracking for keysize on key-generation
...
Internal evaluation showed that this didn't perform better than normal (forward)
type-tracking, but it feels more like the right approach.
2021-02-25 11:31:00 +01:00
Rasmus Wriedt Larsen
c195c64982
Python: Use type-tracking for integer literal tracking
...
Like we've done for pretty much everything else. An experiment to see what this
means for query performance.
2021-02-25 11:30:56 +01:00
Rasmus Wriedt Larsen
27987717dc
Merge branch 'main' into crypto
2021-02-25 11:30:32 +01:00
Asger Feldthaus
55a1ab5714
JS: Autoformat
2021-02-25 10:20:13 +00:00
Tamas Vajk
a5543c689e
C#: Fix potentially concurrent file moves
2021-02-25 10:35:49 +01:00
Arthur Baars
87b2c142bc
Update qldoc
2021-02-25 10:23:29 +01:00
Arthur Baars
4ba0f3088a
Use strictcount
2021-02-25 10:21:07 +01:00
Arthur Baars
0f940349ba
AST: rename getExpr predicates to more meaningful names
2021-02-25 10:11:29 +01:00
Max Schaefer
2e252ba3e4
JavaScript: Learn that receivers of DOM event handlers are themselves DOM nodes.
2021-02-25 09:06:58 +00:00
Max Schaefer
ae2a5da63f
JavaScript: Add new tests for recognising receiver of event handler as DOM element.
2021-02-25 09:04:46 +00:00
haby0
0521ef87da
Merge remote-tracking branch 'upstream/main' into JsonHijacking
2021-02-25 16:31:14 +08:00
Jonas Jensen
2b54c33904
Merge pull request #5257 from MathiasVP/doh-its-2021-mathias
...
C++: Turns out we're in 2021 and not 2020.
2021-02-25 09:30:08 +01:00
Rasmus Lerchedahl Petersen
aba22689fa
Python: Add change note
2021-02-25 09:25:17 +01:00
Rasmus Lerchedahl Petersen
86cec40286
Python: update test
2021-02-25 09:22:57 +01:00
Anders Schack-Mulligen
f0d3841369
Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage
...
CWE-1104: Maven POM dependence upon Bintray/JCenter
2021-02-25 09:08:31 +01:00
Rasmus Lerchedahl Petersen
780a6a96f8
Python: Add concept tests
2021-02-25 08:54:42 +01:00
Rasmus Lerchedahl Petersen
41743b6afa
Python: restrict to caught exceptions
...
also modernise code
2021-02-25 07:53:35 +01:00
Rasmus Lerchedahl Petersen
24b51e8851
Merge branch 'main' of github.com:github/codeql into python-port-stacktrace-exosure
2021-02-25 07:24:41 +01:00
Rasmus Lerchedahl Petersen
76f080978a
Python: Add missing QLDoc
2021-02-24 23:35:44 +01:00
Rasmus Lerchedahl Petersen
192988077e
Python: Move <ul> outside of <p>
2021-02-24 23:28:13 +01:00
Artem Smotrakov
e02b51f42b
Improved SpringHttpInvokerUnsafeDeserialization.qhelp
2021-02-24 22:35:20 +01:00
Artem Smotrakov
aac0c27dcd
Added tests for SpringHttpInvokerUnsafeDeserialization.ql
2021-02-24 22:35:20 +01:00
Artem Smotrakov
95284ad71d
Added SpringHttpInvokerUnsafeDeserialization.qhelp and example
2021-02-24 22:35:20 +01:00
Artem Smotrakov
476309af6d
Added SpringHttpInvokerUnsafeDeserialization.ql
2021-02-24 22:35:20 +01:00
Artem Smotrakov
34b6ed0a05
Removed commented code from JexlUberspect
2021-02-24 22:31:03 +01:00
