253f932d2a
Python: Use data flow consistency checks from shared pack
2023-08-30 15:29:41 +02:00
9af706c2a5
Swift: Use data flow consistency checks from shared pack
2023-08-30 15:29:41 +02:00
db304d118b
C++: Use data flow consistency checks from shared pack
2023-08-30 15:29:41 +02:00
fefe64bf0c
Java: Use data flow consistency checks from shared pack
2023-08-30 15:29:41 +02:00
5c8367a695
C#: Use data flow consistency checks from shared pack
2023-08-30 15:29:41 +02:00
c4b626a416
Ruby: Use data flow consistency checks from shared pack
2023-08-30 15:29:41 +02:00
de7c9bdd9b
Data flow: Add consistency checks to shared ql pack
2023-08-30 15:29:41 +02:00
62c2316124
Merge pull request #14084 from RasmusWL/flask-jsonify
...
Python: Remove XSS FP from use of `flask.jsonify`
2023-08-30 13:07:54 +02:00
6a21fa04cd
Merge pull request #14034 from geoffw0/hostname
...
Swift: New query: Incomplete regular expression for hostnames
2023-08-30 11:33:36 +01:00
c32c4bb6d2
Merge pull request #14086 from hvitved/csharp/perf-fixes
...
C#: Various performance fixes
2023-08-30 12:13:52 +02:00
39b45fa24f
Merge pull request #13943 from geoffw0/weakhashexample
...
Swift: Update the weak sensitive data hashing examples and qhelp
2023-08-30 10:36:23 +01:00
f88428f3fd
Merge pull request #14085 from michaelnebel/csharp/use-stubs-5
...
C#: Use stubs in unit tests.
2023-08-30 11:07:53 +02:00
a966944fd8
Merge pull request #14083 from michaelnebel/csharp/autobuilderimports
...
C#: Re-factor using statements order in autobuilder.
2023-08-30 08:16:03 +02:00
9bf5999ca0
Merge pull request #14093 from github/dependabot/cargo/ql/chrono-0.4.27
...
Bump chrono from 0.4.26 to 0.4.27 in /ql
2023-08-30 07:42:44 +02:00
e3ff7644f7
Bump chrono from 0.4.26 to 0.4.27 in /ql
...
Bumps [chrono](https://github.com/chronotope/chrono ) from 0.4.26 to 0.4.27.
- [Release notes](https://github.com/chronotope/chrono/releases )
- [Changelog](https://github.com/chronotope/chrono/blob/main/CHANGELOG.md )
- [Commits](https://github.com/chronotope/chrono/compare/v0.4.26...v0.4.27 )
---
updated-dependencies:
- dependency-name: chrono
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2023-08-30 03:14:05 +00:00
125629a7e2
Swift: Delete 'usually'.
2023-08-29 23:25:22 +01:00
210a5bfff2
Update swift/ql/src/queries/Security/CWE-328/WeakSensitiveDataHashing.qhelp
...
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2023-08-29 23:24:12 +01:00
7006cfd8f8
Swif: Fix paragraph breaks.
2023-08-29 23:00:17 +01:00
e226c564b6
C#: Base WriteOnlyContainer test on stubs.
2023-08-29 16:24:01 +02:00
35a1dd8ba9
C#: Base Useless Code tests on stubs.
2023-08-29 16:20:59 +02:00
e9b3f1282a
C#: Base UseBraces tests on stubs.
2023-08-29 16:05:15 +02:00
8624ff12be
Merge pull request #14082 from hvitved/csharp/bump-dependencies
...
C#: Bump all dependencies
2023-08-29 15:52:40 +02:00
fc850b18fe
C#: Base ReadOnlyContainer tests on stubs.
2023-08-29 15:36:03 +02:00
7d7a893b55
C#: Base Performance tests on stubs.
2023-08-29 15:34:33 +02:00
41726f52a2
Merge pull request #13954 from github/kaeluka/add-provenance-to-metadata
...
Java: Automodel: Add Candidates for Regression Testing
2023-08-29 14:33:02 +01:00
6760dd9121
C#: Base Nullness tests on stubs.
2023-08-29 15:30:24 +02:00
b3be4797e2
C#: Base the Metrics tests on stubs.
2023-08-29 15:23:42 +02:00
c906009e5b
C#: Base the MagicConstants tests on stubs.
2023-08-29 15:19:19 +02:00
4c16f1be8b
C#: Base the Likely Bugs tests on stubs.
2023-08-29 15:16:48 +02:00
ae4c76c788
Merge pull request #13975 from yoff/python/parsemodechars-not-chars
2023-08-29 14:05:57 +02:00
08c24930ac
C#: Base the Language Abuse tests on stubs.
2023-08-29 11:39:47 +02:00
7611bfb149
C#: Apply closed-world assumption for type-parameter qualifiers in dynamic calls
2023-08-29 11:27:45 +02:00
1da885fae2
C#: Fix bad join in SSA library
...
```
[2023-08-29 10:10:29] Evaluated non-recursive predicate SsaImpl#75014cd4::Cached::lastRefBeforeRedefExt#4#ffff@4207c208 in 27604ms (size: 7511062).
Evaluated relational algebra for predicate SsaImpl#75014cd4::Cached::lastRefBeforeRedefExt#4#ffff@4207c208 with tuple counts:
9905038 ~9% {5} r1 = SCAN Ssa#da392372::Make#SsaImpl#75014cd4::SsaInput#::lastRefRedefExt#5#fffff OUTPUT In.2, In.3, In.1, In.0, In.4
{5} r2 = r1 AND NOT _SsaImpl#75014cd4::SsaInput::variableRead#4#ffff_3012#join_rhs_const_false#antijoin_rhs(Lhs.0, Lhs.1, Lhs.2)
4605608 ~0% {4} r3 = SCAN r2 OUTPUT In.3, In.0, In.1, In.4
4510888816 ~0% {5} r4 = JOIN _SsaImpl#75014cd4::SsaInput::variableRead#4#ffff_3012#join_rhs_const_false#antijoin_rhs WITH project#Ssa#da392372::Make#SsaImpl#75014cd4::SsaInput#::lastRefRedefExt#5#fffff_1203#join_rhs ON FIRST 2 OUTPUT Rhs.2, Lhs.2, Lhs.0, Lhs.1, Rhs.3
5294405 ~82% {4} r5 = JOIN r4 WITH SsaImpl#75014cd4::adjacentDefReachesReadExt#6#ffffff_014523#join_rhs ON FIRST 4 OUTPUT Lhs.0, Rhs.4, Rhs.5, Lhs.4
9900013 ~28% {4} r6 = r3 UNION r5
return r6
```
2023-08-29 11:26:30 +02:00
e219281016
C#: Speed up `ForwarderAssertMethod`
...
Avoids the following bad predicate
```
[2023-08-29 10:03:13] (252s) Tuple counts for _Callable#f85cebf6::Callable::getBody#0#dispred#ff_Variable#afb43847::Variable::getAnAccess#0#dispre__#join_rhs/5@43feb6tl after 4m0s:
4416261 ~203% {4} r1 = JOIN _Callable#f85cebf6::Callable::getAParameter#0#dispred#ff_10#join_rhs_Variable#afb43847::Variable::ge__#shared WITH Callable#f85cebf6::Callable::getBody#0#dispred#ff ON FIRST 1 OUTPUT Lhs.1 'arg1', Lhs.2 'arg2', Lhs.0 'arg3', Rhs.1 'arg4'
1189565718 ~152% {5} r2 = JOIN r1 WITH Variable#afb43847::Variable::getAnAccess#0#dispred#ff ON FIRST 1 OUTPUT Rhs.1 'arg0', Lhs.0 'arg1', Lhs.1 'arg2', Lhs.2 'arg3', Lhs.3 'arg4'
return r2
```
2023-08-29 11:25:20 +02:00
946854bd17
C#: Base the EmptyBlock test on stubs.
2023-08-29 11:24:10 +02:00
1ac9d2ee5b
CFG: Compute `splitsToString` using `concat`, and exclude partial split sets
2023-08-29 11:23:56 +02:00
7068da25f0
C#: Base the Documentation tests on stubs.
2023-08-29 11:22:51 +02:00
dd274422d1
Merge pull request #14079 from bgrainger/fix-unsynchronized-static-access-docs
...
Delete thin space from documentation
2023-08-29 11:17:52 +02:00
f2bf540209
C#: Base the Dead Code tests on stubs.
2023-08-29 11:15:43 +02:00
49d510018d
Python: Add change-note
2023-08-29 11:11:32 +02:00
0b2458d065
Python: Improve modeling of Flask `jsonify`
...
I also tested whether `Flask.jsonify` or `Flask().jsonify` worked, but
they do not.
2023-08-29 11:11:32 +02:00
26319bfc04
Python: Fix Flask `jsonify` XSS regression
...
The reason the result was found before, is that `jsonify(data)` was
modeled as TWO separate subclasses of `Http::Server::HttpResponse`, one
because of the implicit construction in return
(FlaskRouteHandlerReturn), and one from the `jsonify` call
(FlaskJsonifyCall). Due to the QL evaluation, we got a combination from
the two, meaning mime-type from FlaskRouteHandlerReturn and body from
FlaskJsonifyCall...
2023-08-29 11:11:32 +02:00
de76c0749a
Java: Automodel Framework Mode: Add Candidates for Regression Testing
2023-08-29 09:53:55 +01:00
d14ad92dbd
Merge pull request #14006 from MathiasVP/promote-invalid-pointer-deref-out-of-experimental
...
C++: Promote `cpp/invalid-pointer-deref` out of experimental
2023-08-29 09:38:56 +01:00
b36fd9fdab
Python: Add jsonify XSS regression example
2023-08-29 10:38:49 +02:00
f3a77c6006
Merge pull request #14060 from MathiasVP/fix-compare-where-assign-meant-fp
...
C++: Fix FP in `cpp/compare-where-assign-meant`
2023-08-29 09:38:39 +01:00
dbdb433957
Merge pull request #14058 from alexet/delete-or-delete-array
...
CPP: Add parent class for delete and delete[]
2023-08-29 09:38:07 +01:00
d3ba7e6b3c
C#: Re-factor using statements order in autobuilder.
2023-08-29 10:10:30 +02:00
5f4861f72e
Merge pull request #14069 from michaelnebel/csharp/nugetexe
...
C#: Download `nuget.exe` in the dependency manager (if not present).
2023-08-29 10:04:50 +02:00
5de8d9181d
C#: Address review comments.
2023-08-29 09:33:11 +02:00
Tom Hvitved
Rasmus Wriedt Larsen
Mathias Vorreiter Pedersen
Geoffrey White
Michael Nebel
Erik Krogh Kristensen
dependabot[bot]
Jean Helie
yoff