Anders Schack-Mulligen
a29f615da0
Java: Add additional taint steps through collections.
2019-01-28 14:34:09 +01:00
Tom Hvitved
86721ff800
C#: Add more documentation to SuccSplits module
2019-01-28 14:12:17 +01:00
Asger F
5d4192ce0a
JS: change note
2019-01-28 13:04:28 +00:00
Taus
e891ab7a54
Merge pull request #834 from markshannon/python-move-test-to-internal
...
Python: Remove AST test (it will be added to the extractor tests).
2019-01-28 14:03:33 +01:00
Asger F
3245142203
JS: Dont flag empty string as hardcoded username
2019-01-28 13:01:52 +00:00
Mark Shannon
4e5d4e265c
Add change note.
2019-01-28 13:01:04 +00:00
Mark Shannon
3992346add
Python: Fix up mutating-descriptor query to only flag mutation when they occur during descriptor protocol.
2019-01-28 12:57:18 +00:00
Mark Shannon
53fbf51ee8
Python: Fix handling of enum members in python/ql/src/Expressions/IsComparisons.qll.
2019-01-28 12:20:31 +00:00
Mark Shannon
5da209f876
Python: add failing test for comparison using 'is' and enum members.
2019-01-28 12:19:54 +00:00
Mark Shannon
1bec219048
Python: Remove AST test (it will be added to the extractor tests).
2019-01-28 11:41:12 +00:00
Mark Shannon
b841ecbb7c
Python: Fix tornado and twisted request attribute tracking; 'path' attribute can be trusted, but 'uri' and 'arguments' cannot.
2019-01-28 11:26:00 +00:00
Jonas Jensen
ccfb1c229a
Merge pull request #831 from geoffw0/query-tags-5
...
CPP: Tweak tags for consistency
2019-01-28 10:55:09 +01:00
Geoffrey White
bf7cdad736
CPP: Change note.
2019-01-28 09:31:06 +00:00
Esben Sparre Andreasen
239fe6e419
fixup! JS: sharpen the js/trivial-conditional whitelist
2019-01-28 10:18:03 +01:00
semmle-qlci
962416ffc2
Merge pull request #805 from asger-semmle/callback-taint-source
...
Approved by xiemaisi
2019-01-28 08:45:37 +00:00
semmle-qlci
8b029a2d9f
Merge pull request #827 from xiemaisi/js/duplicate-toplevel-percent
...
Approved by esben-semmle
2019-01-28 08:40:23 +00:00
Jonas Jensen
4d441a3bdb
Merge pull request #824 from geoffw0/fread
...
CPP: Add 'fread' to BufferAccess.qll
2019-01-28 09:07:22 +01:00
Jonas Jensen
0dad04bd7e
Merge pull request #829 from geoffw0/deprecate-fpv
...
CPP: Deprecate FunctionPointerVariable and FunctionPointerMemberVariable
2019-01-28 08:47:49 +01:00
semmle-qlci
65b64c7c05
Merge pull request #645 from sb-semmle/configuration-file-library
...
Approved by yh-semmle
2019-01-26 02:06:16 +00:00
Robert Marsh
9decbd9c9f
C++: new irreducible CFG test for range analysis
2019-01-25 13:12:40 -08:00
Esben Sparre Andreasen
ef3b107cc1
JS: sharpen the js/trivial-conditional whitelist
2019-01-25 18:19:45 +01:00
Geoffrey White
1328cb8013
CPP: Tweak tags for consistency across near duplicate queries.
2019-01-25 16:50:05 +00:00
Mark Shannon
3850f87879
Make qhelp for 'Incomplete URL substring sanitization' consistent across languages.
2019-01-25 16:47:23 +00:00
Geoffrey White
98ba308207
CPP: Use memberMayBeVarSize.
2019-01-25 16:40:11 +00:00
Geoffrey White
c527f9c90c
CPP: Upgrade precision to high.
2019-01-25 16:38:25 +00:00
Jonas Jensen
c90d4bb24c
Merge pull request #822 from geoffw0/query-tags-4
...
CPP: Query tags 4
2019-01-25 17:08:56 +01:00
semmle-qlci
d8947a71a5
Merge pull request #735 from asger-semmle/string-ops
...
Approved by xiemaisi
2019-01-25 15:15:19 +00:00
Taus
fc00e0a64a
Merge pull request #796 from markshannon/python-import-used-in-doctest
...
Python: Fix 'unused import' for doctests and typehints.
2019-01-25 16:14:08 +01:00
Asger F
ccbfaa7c9e
JS: explain return step more thoroughly
2019-01-25 15:12:24 +00:00
Geoffrey White
7bc734aa50
CPP: Deprecate FunctionPointerVariable and FunctionPointerMemberVariable.
2019-01-25 14:57:37 +00:00
Max Schaefer
254fafc6ce
JavaScript: Round down percentage in DuplicateToplevel.ql.
...
All the other duplication queries already do this.
2019-01-25 22:44:07 +08:00
Max Schaefer
39191ed6f1
JavaScript: Add more statements to test cases for DuplicateToplevel.
...
Now both `a.js` and `b.js` have ten (non-block) statements, which allows for more interesting tests.
2019-01-25 22:42:51 +08:00
Geoffrey White
704a220a29
CPP: Add query ID to change note.
2019-01-25 14:42:44 +00:00
Geoffrey White
f98abd6bf8
CPP: Add query ID to change note.
2019-01-25 14:41:12 +00:00
Jonas Jensen
ba8bf94d7b
C++: Account for chi nodes in back-edge detection
2019-01-25 15:32:19 +01:00
Jonas Jensen
560dbdf984
C++: Test demonstrating chi node back edge bug
...
This test shows that the back-edge detection does not properly account
for chi nodes in the translation to aliased SSA.
2019-01-25 15:28:53 +01:00
Tom Hvitved
ed8112a538
C#: Cleanup dotnet install script after installation in autobuilder
2019-01-25 15:26:03 +01:00
Tom Hvitved
50522caa6e
C#: Improve performance of CFG split set computation
...
Rewrite the predicate `succSplits()` and the construction of the IPA type `TSplits`.
The two are now mutually dependent, see more in the comment for the module
`SuccSplits`.
2019-01-25 14:35:56 +01:00
Jonas Jensen
9963270d63
C++: Annotate back edges in IR debug output
2019-01-25 14:16:45 +01:00
Geoffrey White
95eea5cc00
CPP: Change note.
2019-01-25 13:08:28 +00:00
Geoffrey White
1a044a0a22
CPP: Add 'fread' to BufferAccess.qll.
2019-01-25 12:58:25 +00:00
Geoffrey White
fd6365838b
CPP: Add test cases involving fread.
2019-01-25 12:58:25 +00:00
semmle-qlci
247d615c01
Merge pull request #802 from Semmle/xiemaisi-patch-5-1
...
Approved by asger-semmle
2019-01-25 12:32:43 +00:00
Mark Shannon
6ddbed7d95
Python: Minor tweaks to qldoc and release note.
2019-01-25 11:34:41 +00:00
Jonas Jensen
62509ffb69
C++: Add a back-edge safeguard
...
This prevents loops of non-back-edges on ChakraCore (see #811 ).
2019-01-25 12:12:31 +01:00
Asger F
8294aeea74
JS: fix doc comments
2019-01-25 11:12:07 +00:00
Tom Hvitved
078becc57b
C#: Address review comments
2019-01-25 12:06:34 +01:00
Asger F
c48b529846
JS: autoformat
2019-01-25 11:06:31 +00:00
Asger F
3bbe542ef4
JS: fix whitespace
2019-01-25 11:06:17 +00:00
Jonas Jensen
5b2b961a44
C++: Fix comment (edge is not unique)
2019-01-25 11:28:23 +01:00
