Tom Hvitved
|
17414f0395
|
Merge pull request #451 from jbj/mergeback-20181112
Mergeback master -> next
|
2018-11-13 09:52:33 +01:00 |
|
Max Schaefer
|
851e71c7d0
|
JavaScript: Warn about externs trap cache absence/miss.
|
2018-11-13 08:41:53 +00:00 |
|
Max Schaefer
|
d9d4051184
|
JavaScript: Extract auxiliary method.
|
2018-11-13 08:41:38 +00:00 |
|
Max Schaefer
|
79a6cfdf38
|
JavaScript: Add generic externs for BDD/TDD-style testing frameworks.
|
2018-11-13 08:30:35 +00:00 |
|
Esben Sparre Andreasen
|
5666deac14
|
JS: rename js/useless-defensive-code to js/unneeded-defensive-code
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
1db2e6ca55
|
JS: add source code examples to docstrings
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
3aae1d17db
|
JS: avoid two uses of getChildExpr(0)
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
15123da0b7
|
JS: minor fixup: only traverse LogNotExprs
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
8ea9fd4cca
|
JS: address review comments
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
8b71b25a2a
|
JS: annotate test file with expected results
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
a636319c97
|
JS: change notes for js/useless-defensive-code
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
7d4cf49545
|
JS: fixup double reporting of alerts
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
f440c9221a
|
JS: replace some Expr.stripParens with Expr.getUnderlyingValue
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
358e6188d9
|
JS: downgrade other alerts to js/useless-defensive-code
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
e29c57a58e
|
JS: add whitelist to js/useless-defensive-code
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
b073fcfca2
|
JS: add query: js/useless-defensive-code
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
7b215ecb2b
|
JS: recognize defensive programming patterns using typeof
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
c403416fef
|
JS: recognize defensive expressions that prevents exceptions
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
6e77489a3b
|
JS: add utilities for expression guards to DefensiveProgramming.qll
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
a2ecf40878
|
JS: recognize defensive expressions for null/undefined
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
2b6ef24bc2
|
JS: add utilities to DefensiveProgramming.qll
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
8086e88587
|
JS: add utilities to DefensiveProgramming.qll
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
a5eeba3c3a
|
JS: prepare DefensiveProgramming.qll for additions
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
c2fb14640e
|
JS: move isDefensiveInit to DefensiveProgramming.qll
|
2018-11-13 08:19:38 +01:00 |
|
Esben Sparre Andreasen
|
37b7b39ec6
|
JS: change notes for improved js/request-forgery
|
2018-11-13 08:17:24 +01:00 |
|
Esben Sparre Andreasen
|
577b225429
|
JS: sort change notes table
|
2018-11-13 08:17:24 +01:00 |
|
Esben Sparre Andreasen
|
ce0dd241f6
|
JS: add models of $.ajax, $.getJSON and XMLHttpRequst
|
2018-11-13 08:14:51 +01:00 |
|
semmle-qlci
|
2f0e693b38
|
Merge pull request #450 from xiemaisi/js/improve-externs-extractor-options
Approved by esben-semmle
|
2018-11-12 20:32:35 +00:00 |
|
Felicity Chapman
|
fa8fd0513c
|
Update qhelp for queries with CWE tags
|
2018-11-12 18:00:17 +00:00 |
|
Geoffrey White
|
1c27c5e5ed
|
CPP: Tag Padding queries.
|
2018-11-12 17:45:58 +00:00 |
|
Geoffrey White
|
bcb4ebffc3
|
CPP: Tag NVI queries.
|
2018-11-12 17:45:58 +00:00 |
|
Geoffrey White
|
850937efcc
|
CPP: Tag Include queries.
|
2018-11-12 17:45:58 +00:00 |
|
Geoffrey White
|
93b3165e86
|
CPP: Tag Magic*UseConstant queries.
|
2018-11-12 17:45:58 +00:00 |
|
Max Schaefer
|
663bdd60a0
|
Merge pull request #396 from esben-semmle/js/unconditional-property-override
JS: add query: js/unconditional-property-override
|
2018-11-12 17:10:32 +00:00 |
|
Felicity Chapman
|
2847d5eaac
|
Replace '&' symbols in URL
|
2018-11-12 16:34:19 +00:00 |
|
Geoffrey White
|
1d464ae35d
|
CPP: Merge the ExprHasNoEffect tests.
|
2018-11-12 16:26:50 +00:00 |
|
Geoffrey White
|
1417929cdf
|
CPP: Merge the Todo/FixmeComments tests.
|
2018-11-12 16:26:50 +00:00 |
|
Geoffrey White
|
03cad6c084
|
CPP: Move the AV Rule 97 test.
|
2018-11-12 16:07:03 +00:00 |
|
Geoffrey White
|
2d665e51d0
|
CPP: Move the BitwiseSignCheck.ql test.
|
2018-11-12 16:07:03 +00:00 |
|
Felicity Chapman
|
05930812a1
|
Update for feedback
|
2018-11-12 15:56:10 +00:00 |
|
Felicity Chapman
|
2e8f51a545
|
Update to bring into line with current guidelines
|
2018-11-12 15:30:19 +00:00 |
|
Arthur Baars
|
effabc667c
|
Merge pull request #452 from adityasharad/version/1.18.3-dev
Version: Bump to 1.18.3 dev.
|
2018-11-12 16:01:22 +01:00 |
|
Aditya Sharad
|
271628c280
|
Version: Bump to 1.18.3 dev.
|
2018-11-12 14:55:26 +00:00 |
|
Jonas Jensen
|
0cb09b113f
|
Merge pull request #251 from rdmarsh2/rdmarsh/cpp/sign-analysis
C++: Sign analysis library
|
2018-11-12 15:23:18 +01:00 |
|
Max Schaefer
|
2c1a37c652
|
JavaScript: Add WebRTC externs.
|
2018-11-12 12:25:32 +00:00 |
|
Jonas Jensen
|
1500237009
|
Merge remote-tracking branch 'upstream/master' into mergeback-20181112
|
2018-11-12 13:24:27 +01:00 |
|
Felicity Chapman
|
978fc4928f
|
Fix syntax errors in qhelp files
|
2018-11-12 10:55:13 +00:00 |
|
Felicity Chapman
|
72ac2e5498
|
Fix typos
|
2018-11-12 09:52:00 +00:00 |
|
Tom Hvitved
|
dd6fd400aa
|
Merge pull request #335 from calumgrant/cs/cwe-937
C#: New query VulnerablePackage
|
2018-11-12 10:34:53 +01:00 |
|
Esben Sparre Andreasen
|
eaad84bb4f
|
JS: add support for dis- and conjunctions in SanitizingFunction
|
2018-11-12 10:23:52 +01:00 |
|