Permalink
Commits on Jan 6, 2022
-
Merge pull request #7525 from MathiasVP/remove-rank-in-ssa-internals
C++: Remove `rank` aggregate in `SsaInternals`
Commits on Oct 7, 2021
-
Merge pull request #6814 from MathiasVP/fix-qldoc-in-copy-instruction
C++/C#: Fix QLDoc of `CopyInstruction`
Commits on Sep 28, 2021
Commits on Sep 27, 2021
Commits on Sep 24, 2021
Commits on Sep 22, 2021
-
-
-
C++: Accept command injection test changes
Making the DefaultTaintTracking configurations inactive removed many unneeded nodes and edges from the PathGraph predicates.
-
-
Merge branch 'main' into rdmarsh2/improve-exec-tainted
Manual fix for conflict in Models.qll
-
Commits on Sep 21, 2021
-
C++: move resolveCall to its own file for perf
This avoids a performance issue in DataFlowImpl::localFlowStep when the DataFlow::Configuration subclasses in DefaultTaintTracking are active in the same query as other Configuration subclasses. ResolveCall.qll is kept internal for the moment.
-
Merge pull request #6133 from MathiasVP/promote-sql-pqxx
C++: Promote `cpp/sql-injection-via-pqxx` out of experimental
-
Merge pull request #6409 from JordyZomer/main
cpp: Add query to detect unsigned integer to signed integer conversio…
Commits on Sep 17, 2021
Commits on Sep 15, 2021
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
C++: Refactor ExecTainted.ql to need concatenation
This makes ExecTainted report results only when the tainted value does not become the start of the string which is eventually run as a shell command. The theory is that those cases are likely to be deliberate, and part of the expected threat model of the program (e.g. $CC in make). This lines up better with the results I considered fixable true positives in LGTM testing