-
Notifications
You must be signed in to change notification settings - Fork 1.7k
Diff-informed queries: phase 3 (non-trivial locations) #19957
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Draft
d10c
wants to merge
72
commits into
github:main
Choose a base branch
from
d10c:d10c/diff-informed-phase-3
base: main
Could not load branches
Branch not found: {{ refName }}
Loading
Could not load tags
Nothing to show
Loading
Are you sure you want to change the base?
Some commits from the old base branch may be removed from the timeline,
and old review comments may become outdated.
Draft
Changes from all commits
Commits
Show all changes
72 commits
Select commit
Hold shift + click to select a range
dfd98c8
Actions: patch-generated stubs
d10c 6115a9e
Actions: ArgumentInjection
d10c 283f467
Actions: ArtifactPoisoning
d10c bf7fc73
Actions: CodeInjection
d10c 61d9418
Actions: CommandInjection
d10c f3ea6c9
Actions: EnvPathInjection
d10c 46c4451
Actions: EnvVarInjection
d10c 520339a
C++: patch-generated stubs
d10c 4017197
C#: patch-generated stubs
d10c c015301
C#: ConditinalBypass
d10c 5b38790
C#: ExternalAPIsQuery/UntrustedDataToExternalAPI
d10c 572cca9
C#: UnsafeDeserialization
d10c a8b2523
C#: HardcodedConnectionString
d10c 34a7701
Go: patch-generated stubs
d10c a4b6937
Go: AllocationSizeOverflow
d10c 773ba3d
Go: CommandInjection
d10c bfe1517
Go: ExternalAPIs
d10c 15b6063
Go: HardcodedCredentials
d10c 5dccba3
Go: IncorrectIntegerConversion
d10c fc39971
Go: InsecureRandomness
d10c 6c119d9
Go: ReflectedXss
d10c 264d949
Go: RequestForgery
d10c 165dc33
Go: SafeUrlFlow
d10c e57b47c
Go: UnhandledCloseWritableHandle
d10c 1b5e998
Go: InsecureHostKeyCallback
d10c 1fde1a6
Go: BadRedirectCheck
d10c 754baaf
Go: AuthCookie/CookieWithoutHttpOnly/BoolToGin
d10c 79cf6fd
Go: SensitiveConditionBypass
d10c fd6ca2e
Go: ConditionalBypass
d10c 0ab18eb
Go: SSRF
d10c 8f99f41
Java: patch-generated stubs
d10c eb0bde7
Java: PolynomialReDos (keep excluded)
d10c 488f211
Java: AndroidSensitiveCommuniation: (convert test to qlref)
d10c 6c2b42b
Java: ArithmeticTainted
d10c 15c88b0
Java: ArithmeticUncontrolled
d10c 1e8462b
Java: ConditionalBypass (enable diff-informed + convert test to qlref)
d10c 0fa5f66
Java: ExternalAPIs (enable diff-informed + add tests based on qhelp)
d10c 6f7ac14
Java: ExternallyControlledFormatString
d10c fed5777
Java: ImproperValidationOfArray...
d10c a777bed
Java: InsecureCookie
d10c fe08cce
Java: InsecureLdapAuth
d10c b376381
Java: MaybeBrokenCryptoAlgorithm
d10c 61ddff6
Java: LogInjection (convert test to qlref)
d10c 197ffa0
Java: SensitiveLogInfo (convert test to qlref)
d10c a45d780
Java: SqlConcatenated
d10c 098cea4
Java: SqlInjection
d10c eceb5b2
Java: TempDirLocalInformationDisclosure
d10c 6987334
Java: TrustBoundaryViolations (convert test to qlref)
d10c e76a1f7
Java: UnsafeCertTrust (+ convert test to qlref)
d10c ffc467a
Java: AndroidWebViewSettingsAllowsContentAccess
d10c aa90f3c
JS: patch-generated stubs
d10c 87c01d8
JS: IndirectCommandInjection
d10c fbd9c03
JS: NosqlInjection, SqlInjection
d10c 9c19cc0
JS: ShellCommandInjection
d10c 27e79d3
JS: EnvValueAndKeyInjection
d10c 4efdb98
JS: decodeJwtWithoutVerification
d10c 391b5d2
Python: patch-generated stubs
d10c 0ba3f22
Python: LdapInjection
d10c f9304f4
Python: WeakSensitiveDatHashing
d10c e069641
Python: PossibleTimingAttackAgainstHash (+ selecting source node inst…
d10c 2470c7b
Python: TimingAttackAgainstHash (+ new test)
d10c 15c29c0
Ruby: patch-generated stubs
d10c 801f66e
Ruby: MissingFullAnchor
d10c 0d29d9b
Ruby: PolynomialReDoS: keep excluded
d10c 31e7129
Ruby: WeakSensitiveDataHashing
d10c ff9b24b
Ruby: WeakFilePermissions
d10c 45a19ee
Rust: patch-generated stubs
d10c 14e27e8
Rust: AccessAfterLifetime
d10c f7854de
Swift: patch-generated stubs
d10c 9badc48
Swift: CleartextStorageDatabase
d10c 9f8b149
Swift: CleartextStoragePreferences
d10c c70036d
Swift: UnsafeWebViewFetch
d10c File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Check warning
Code scanning / CodeQL
Redundant import Warning