-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Diff-informed queries: phase 3 (non-trivial locations) #19957
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
d10c
wants to merge
103
commits into
github:main
Choose a base branch
from
d10c:d10c/diff-informed-phase-3
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
+11,480
−2,113
Draft
Changes from all commits
Commits
Show all changes
103 commits
Select commit
Hold shift + click to select a range
3ef2e0a
Actions: patch-generated stubs
d10c bc3e982
Actions: ArgumentInjection
d10c 0232dee
Actions: ArtifactPoisoning
d10c ede4d44
Actions: CodeInjection
d10c 454c825
Actions: CommandInjection
d10c fc8a757
Actions: EnvPathInjection
d10c 08df17f
Actions: EnvVarInjection
d10c 55ed8e9
C++: patch-generated stubs
d10c d924a90
C++: OverflowDestination
d10c 7b52e81
C++: NonConstantFormat
d10c d1b8f4e
C++: LeapYear
d10c 011507a
C++: CWE-020/ExternalAPIs (+ add tests based on qhelp)
d10c 98eaae0
C++: TaintedPath
d10c 242bc3d
C++: ExecTainted
d10c a58acdb
C++: CgiXss
d10c 7e4b2c8
C++: SqlTainted
d10c 1c30a95
C++: OverrunWriteProductFlow (revert because product flows cannot be …
d10c 350f566
C++: UnboundedWrite
d10c 21dd827
C++: ImproperNullTerminationTainted
d10c 443c5fb
C++: ArithmeticTainted
d10c 43921ce
C++: ArithmeticUncontrolled
d10c 08d2343
C++: ArithmeticWithExtremeValues
d10c 39d0ae7
C++: TaintedAllocationSize
d10c a4df621
C++: AuthenticationBypass
d10c 61b8a48
C++: SSLResultConflation
d10c 21df636
C++: CleartextBufferWrite
d10c 1e40445
C++: CleartextFileWrite
d10c 340a043
C++: CleartextTransmission
d10c 708db01
C++: CleartextSqliteDatabase (+ tests)
d10c ee25fec
C++: UseOfHttp
d10c 753e28e
C++: InsufficientKeySize
d10c 70990db
C++: IteratorToExpiredContainer
d10c c250f8e
C++: UnsafeCreateProcessCall
d10c 666efdf
C++: UnsafeDaclSecurityDescriptor
d10c 0da4f6c
C++: TaintedCondition
d10c 9a902dd
C++: TypeConfusion
d10c a54f75d
C++: ArrayAccessProductFlow (revert because product flows cannot be d…
d10c a161dd3
C++: ConstantSizeArrayOffByOne
d10c e023b41
C++: DecompressionBombs
d10c 7e0cb19
C#: patch-generated stubs
d10c 8e80b8f
C#: ConditinalBypass
d10c 4347820
C#: ExternalAPIsQuery/UntrustedDataToExternalAPI
d10c 6ddef99
C#: UnsafeDeserialization
d10c e0254bc
C#: HardcodedConnectionString
d10c 1be5eba
Go: patch-generated stubs
d10c 3440b06
Go: AllocationSizeOverflow
d10c 6b871bc
Go: CommandInjection
d10c 9a2d7a3
Go: ExternalAPIs
d10c a535157
Go: HardcodedCredentials
d10c a09f750
Go: IncorrectIntegerConversion
d10c 4bf054c
Go: InsecureRandomness
d10c f9a271e
Go: ReflectedXss
d10c 3e17d3a
Go: RequestForgery
d10c 601b987
Go: SafeUrlFlow
d10c 4da6199
Go: UnhandledCloseWritableHandle
d10c 0c0de89
Go: InsecureHostKeyCallback
d10c 9ec8576
Go: BadRedirectCheck
d10c ac2bae6
Go: AuthCookie/CookieWithoutHttpOnly/BoolToGin
d10c ebee081
Go: SensitiveConditionBypass
d10c 9882a00
Go: ConditionalBypass
d10c b423a99
Go: SSRF
d10c e5f0576
Java: patch-generated stubs
d10c e4d0209
Java: PolynomialReDos (keep excluded)
d10c 2903228
Java: AndroidSensitiveCommuniation: (convert test to qlref)
d10c 68d133b
Java: ArithmeticTainted
d10c 077814e
Java: ArithmeticUncontrolled
d10c ae5b456
Java: ConditionalBypass (enable diff-informed + convert test to qlref)
d10c dd7470d
Java: ExternalAPIs (enable diff-informed + add tests based on qhelp)
d10c a5b773e
Java: ExternallyControlledFormatString
d10c 57e643c
Java: ImproperValidationOfArray...
d10c 1a2f959
Java: InsecureCookie
d10c f4074df
Java: InsecureLdapAuth
d10c 09b805b
Java: MaybeBrokenCryptoAlgorithm
d10c 90ae98f
Java: LogInjection (convert test to qlref)
d10c b54734c
Java: SensitiveLogInfo (convert test to qlref)
d10c 1644fb1
Java: SqlConcatenated
d10c 24e06ea
Java: SqlInjection
d10c d0da8b3
Java: TempDirLocalInformationDisclosure
d10c d216f6b
Java: TrustBoundaryViolations (convert test to qlref)
d10c 1b689ff
Java: UnsafeCertTrust (+ convert test to qlref)
d10c 5ec4516
Java: AndroidWebViewSettingsAllowsContentAccess
d10c 8d778f4
JS: patch-generated stubs
d10c be73e65
JS: IndirectCommandInjection
d10c 6775c36
JS: NosqlInjection, SqlInjection
d10c 38f953c
JS: ShellCommandInjection
d10c bbaaf2e
JS: EnvValueAndKeyInjection
d10c 8422641
JS: decodeJwtWithoutVerification
d10c eeada7a
Python: patch-generated stubs
d10c f545b94
Python: LdapInjection
d10c 2a15bce
Python: WeakSensitiveDatHashing
d10c e23c7f6
Python: PossibleTimingAttackAgainstHash (+ selecting source node inst…
d10c 9fb0625
Python: TimingAttackAgainstHash (+ new test)
d10c 68ce699
Ruby: patch-generated stubs
d10c bff0771
Ruby: MissingFullAnchor
d10c ab78839
Ruby: PolynomialReDoS: keep excluded
d10c db2a64f
Ruby: WeakSensitiveDataHashing
d10c eac30c2
Ruby: WeakFilePermissions
d10c 8a02c56
Rust: patch-generated stubs
d10c c98398d
Rust: AccessAfterLifetime
d10c 7633b34
Swift: patch-generated stubs
d10c 18fbdb7
Swift: CleartextStorageDatabase
d10c c5f1e06
Swift: CleartextStoragePreferences
d10c 08c4cc2
Swift: UnsafeWebViewFetch
d10c File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check warning
Code scanning / CodeQL
Redundant import Warning