Skip to content
Permalink
main

Commits on Jan 13, 2022

  1. Merge pull request #7587 from owen-mc/add-default-taint-sanitizer-guard 

    Dataflow: Add default taint sanitizer guard
    @aschackmull
    aschackmull committed Jan 13, 2022
    c44cf29

  2. Merge pull request #7561 from aschackmull/java/misc-perf 

    Java: A few perf fixes for getASupertype*().
    @aschackmull
    aschackmull committed Jan 13, 2022
    61490e7

  3. Merge pull request #7548 from zbazztian/spring-taint-summaries 

    Java: Add Spring and Apache Common Langs taint flow steps
    @aschackmull
    aschackmull committed Jan 13, 2022
    69973da

  4. Don't cache defaultTaintSanitizerGuard for java

    @owen-mc
    owen-mc committed Jan 13, 2022
    7e42ccf

  5. Merge pull request #7474 from kaeluka/db-reads-as-taint-sources 

    JS: DB reads as taint sources
    @kaeluka
    kaeluka committed Jan 13, 2022
    40ad88b

  6. Merge pull request #7583 from michaelnebel/csharp/fix-broken-test 

    C#: Narrow string interpolation expressions to a specific single file in testcase.
    @michaelnebel
    michaelnebel committed Jan 13, 2022
    8583a4f

  7. Merge pull request #7097 from erik-krogh/railsReDoS 

    JS/PY/RB: support a limited number of ranges for ReDoS analysis
    @erik-krogh
    erik-krogh committed Jan 13, 2022
    89bab6a

  8. combine two implementations for database-accesses as remote flow sources

    @kaeluka
    kaeluka committed Jan 13, 2022
    93507a2

  9. C#: Narrow string interpolation expressions to a specific single file… 

    … in testcase.
    @michaelnebel
    michaelnebel committed Jan 13, 2022
    aacb03a

  10. base implementation of Sequelize model on models-as-data

    @kaeluka
    kaeluka committed Jan 13, 2022
    63aaf24

  11. Merge pull request #7580 from github/workflow/coverage/update 

    Update CSV framework coverage reports
    @aschackmull
    aschackmull committed Jan 13, 2022
    da69886

  12. Java: Use the interface instead of the abstract class

    @zbazztian
    zbazztian committed Jan 13, 2022
    a6e4f29

  13. Java: Add test cases for AbstractMessageSource.getMessage() methods

    @zbazztian
    zbazztian committed Jan 13, 2022
    69f329f

  14. Java: Add test case for StringEscapeUtils.escapeJson() taint step.

    @zbazztian
    zbazztian committed Jan 13, 2022
    39b6678

  15. Add changed framework coverage reports

    @github-actions
    github-actions committed Jan 13, 2022
    625836a

Commits on Jan 12, 2022

  1. Merge pull request #7576 from github/henrymercer/js-bump-atm-versions 

    JS: Bump ATM pack versions to 0.0.4
    @henrymercer
    henrymercer committed Jan 12, 2022
    1c3c921

  2. base implementation of Spanner model on models-as-data

    @kaeluka
    kaeluka committed Jan 12, 2022
    09a28c4

  3. JS: Bump ATM pack versions to 0.0.4

    @henrymercer
    henrymercer committed Jan 12, 2022
    9abc341

  4. Merge pull request #7566 from MathiasVP/smaller-join-in-reachesRefPar… 

    …ameter

C++: Smaller join in `reachesRefParameter`
    @rdmarsh2
    rdmarsh2 committed Jan 12, 2022
    5031d6c

  5. Add predicate defaultTaintSanitizerGuard for each language 

    This was done manually, as these files are not synced by sync-files.py.
    @owen-mc
    owen-mc committed Jan 12, 2022
    8e82787

  6. Sync TaintTrackingImpl.qll 

    Done automatically using sync-files.py
    @owen-mc
    owen-mc committed Jan 12, 2022
    c112980

  7. Add option for default taint sanitizer guard 

    This allows languages to specify A sanitizer guard in all
global taint flow configurations but not in local taint.
    @owen-mc
    owen-mc committed Jan 12, 2022
    9ec3d77

  8. Merge pull request #7567 from github/henrymercer/atm-body-tokens-perf… 

    …-opt

ATM: Optimize body tokens by pushing in size restriction
    @henrymercer
    henrymercer committed Jan 12, 2022
    3ef6976

  9. Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr 

    Java: Fix toString on field declarations with single field
    @tamasvajk
    tamasvajk committed Jan 12, 2022
    9065a7f

  10. Merge pull request #7574 from pwntester/improve_strings_qll 

    Add models for AbstractStringBuilder.substring,subsequence,getChars
    @atorralba
    atorralba committed Jan 12, 2022
    8a80e02

  11. Added test cases

    @atorralba
    atorralba committed Jan 12, 2022
    c2105e5

  12. Add models for AbstractStringBuilder.substring,subsequence,getChars

    @pwntester
    pwntester committed Jan 12, 2022
    715d372

  13. Merge pull request #7572 from github/workflow/coverage/update 

    Update CSV framework coverage reports
    @aschackmull
    aschackmull committed Jan 12, 2022
    c6a9b2b

  14. Java: Fix toString on field declarations with single field

    @tamasvajk
    tamasvajk committed Jan 12, 2022
    b9e0310

  15. Merge pull request #7562 from michaelnebel/csharp/record-seal-tostring 

    C#: Record types are allowed to seal ToString (test only).
    @michaelnebel
    michaelnebel committed Jan 12, 2022
    f17c110

  16. Add changed framework coverage reports

    @github-actions
    github-actions committed Jan 12, 2022
    c79e8ab

Commits on Jan 11, 2022

  1. Merge pull request #7355 from github/aeisenberg/remove-upgrades 

    Move upgrades into standard library packs
    @aeisenberg
    aeisenberg committed Jan 11, 2022
    da4f1d8

  2. Merge branch 'main' into aeisenberg/remove-upgrades

    @aeisenberg
    aeisenberg committed Jan 11, 2022
    0722867

  3. Merge pull request #7541 from github/rdmarsh2/dataflow-ipa-params 

    C++: Use an IPA type rather than negative indexes for argument/parameter matching in data flow
    @MathiasVP
    MathiasVP committed Jan 11, 2022
    c45127f

  4. Merge pull request #7054 from atorralba/atorralba/promote-log-injection 

    Java: Promote Log Injection from experimental
    @atorralba
    atorralba committed Jan 11, 2022
    7b0d9ea
Older