-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Diff-informed queries: phase 3 (non-trivial locations) #19957
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
d10c
wants to merge
102
commits into
github:main
Choose a base branch
from
d10c:d10c/diff-informed-phase-3
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
Show all changes
102 commits
Select commit
Hold shift + click to select a range
af50027
Actions: patch-generated stubs
d10c 19fd24d
Actions: ArgumentInjection
d10c d65a1af
Actions: ArtifactPoisoning
d10c 56b6628
Actions: CodeInjection
d10c 8b44465
Actions: CommandInjection
d10c b129b68
Actions: EnvPathInjection
d10c 862ccce
Actions: EnvVarInjection
d10c e44e1cb
C++: patch-generated stubs
d10c c94f12f
C++: OverflowDestination
d10c 1dc93ac
C++: NonConstantFormat
d10c 4f9dc4b
C++: LeapYear
d10c 0d18ce4
C++: CWE-020/ExternalAPIs (+ add tests based on qhelp)
d10c 87889d6
C++: TaintedPath
d10c b15a644
C++: ExecTainted
d10c 7fe3ccd
C++: CgiXss
d10c 2900785
C++: SqlTainted
d10c e00ed39
C++: OverrunWriteProductFlow (revert because product flows cannot be …
d10c 4e3f4bf
C++: UnboundedWrite
d10c bad3e3e
C++: ImproperNullTerminationTainted
d10c 7cbfa8e
C++: ArithmeticTainted
d10c a73032f
C++: ArithmeticUncontrolled
d10c 066adde
C++: ArithmeticWithExtremeValues
d10c 07189fe
C++: TaintedAllocationSize
d10c c744d1e
C++: AuthenticationBypass
d10c a6046f3
C++: SSLResultConflation
d10c fd0d513
C++: CleartextBufferWrite
d10c 1cb5977
C++: CleartextFileWrite
d10c 8a3c2c0
C++: CleartextTransmission
d10c ee596cd
C++: CleartextSqliteDatabase (+ tests)
d10c 1f915b0
C++: UseOfHttp
d10c f1408de
C++: InsufficientKeySize
d10c c94973a
C++: IteratorToExpiredContainer
d10c a4ec01e
C++: UnsafeCreateProcessCall
d10c b54fad7
C++: UnsafeDaclSecurityDescriptor
d10c b09f370
C++: TaintedCondition
d10c f2f16dc
C++: TypeConfusion
d10c e34b169
C++: ArrayAccessProductFlow (revert because product flows cannot be d…
d10c 0601afa
C++: ConstantSizeArrayOffByOne
d10c 2bbebf5
C++: DecompressionBombs
d10c 264eda8
C#: patch-generated stubs
d10c 63ee16d
C#: ConditinalBypass
d10c 4235828
C#: ExternalAPIsQuery/UntrustedDataToExternalAPI
d10c 81fcaee
C#: UnsafeDeserialization
d10c 3efbd04
C#: HardcodedConnectionString
d10c 53631b0
Go: patch-generated stubs
d10c a5285d4
Go: AllocationSizeOverflow
d10c fb3b60e
Go: CommandInjection
d10c c69da7e
Go: ExternalAPIs
d10c fb2c1d3
Go: HardcodedCredentials
d10c cf34854
Go: IncorrectIntegerConversion
d10c d47d028
Go: InsecureRandomness
d10c 7b9f4d3
Go: ReflectedXss
d10c b806789
Go: RequestForgery
d10c 66d4a56
Go: SafeUrlFlow
d10c 9b91481
Go: UnhandledCloseWritableHandle
d10c ca0ff8a
Go: InsecureHostKeyCallback
d10c 4f29748
Go: BadRedirectCheck
d10c e82ed49
Go: AuthCookie/CookieWithoutHttpOnly/BoolToGin
d10c bfddddc
Go: SensitiveConditionBypass
d10c e2e5e6f
Go: ConditionalBypass
d10c c73f6c0
Go: SSRF
d10c cd46516
Java: patch-generated stubs
d10c 5101710
Java: AndroidSensitiveCommuniation: (convert test to qlref)
d10c 34b788d
Java: ArithmeticTainted
d10c 672fc96
Java: ArithmeticUncontrolled
d10c 51456ea
Java: ConditionalBypass (enable diff-informed + convert test to qlref)
d10c 5d400d7
Java: ExternalAPIs (enable diff-informed + add tests based on qhelp)
d10c aff0c6e
Java: ExternallyControlledFormatString
d10c e5cc465
Java: ImproperValidationOfArray...
d10c 7c5c650
Java: InsecureCookie
d10c a5dd768
Java: InsecureLdapAuth
d10c 1ec25ff
Java: MaybeBrokenCryptoAlgorithm
d10c 78caea3
Java: LogInjection (convert test to qlref)
d10c 4f2f876
Java: SensitiveLogInfo (convert test to qlref)
d10c 1072b58
Java: SqlConcatenated
d10c 69f8688
Java: SqlInjection
d10c 51bcd34
Java: TempDirLocalInformationDisclosure
d10c b0a314c
Java: TrustBoundaryViolations (convert test to qlref)
d10c 900b4a3
Java: UnsafeCertTrust (+ convert test to qlref)
d10c 633c6ca
Java: AndroidWebViewSettingsAllowsContentAccess
d10c 02693a6
JS: patch-generated stubs
d10c b7f4255
JS: IndirectCommandInjection
d10c 031e4c8
JS: NosqlInjection, SqlInjection
d10c 9fc93e0
JS: ShellCommandInjection
d10c 5112eb3
JS: EnvValueAndKeyInjection
d10c 427a852
JS: decodeJwtWithoutVerification
d10c e0cd030
Python: patch-generated stubs
d10c 58e9e4a
Python: LdapInjection
d10c 86671a9
Python: WeakSensitiveDatHashing
d10c fbdf962
Python: PossibleTimingAttackAgainstHash (+ selecting source node inst…
d10c 195b013
Python: TimingAttackAgainstHash (+ new test)
d10c 83586ff
Ruby: patch-generated stubs
d10c 5a8c2c9
Ruby: MissingFullAnchor
d10c 5a130fe
Ruby: WeakSensitiveDataHashing
d10c 525ca3b
Ruby: WeakFilePermissions
d10c d39010b
Rust: patch-generated stubs
d10c 67d615a
Rust: AccessAfterLifetime
d10c 0d20533
Swift: patch-generated stubs
d10c 9cb57cc
Swift: CleartextStorageDatabase
d10c 02d7fea
Swift: CleartextStoragePreferences
d10c 057e266
Swift: UnsafeWebViewFetch
d10c 3e3e856
Swift: InsecureTLSQuery
d10c File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check warning
Code scanning / CodeQL
Redundant import Warning