Asger F
a374540c55
JS: Range analysis library
2018-11-29 11:22:13 +00:00
Max Schaefer
8637eaf100
JavaScript: Address review comments.
2018-11-29 10:48:44 +00:00
Felicity Chapman
f6fe8d5a28
Text updates for consistency and clarity
2018-11-29 10:20:13 +00:00
mc
83d4fb6711
Merge pull request #559 from xiemaisi/js/invalid-dynamic-method-call
...
JavaScript: Documentation review for new query `UnvalidatedDynamicMethodCall`.
2018-11-29 09:59:53 +00:00
Max Schaefer
5f16406ad7
JavaScript: Add new query HardcodedDataInterpretedAsCode.
2018-11-29 09:52:31 +00:00
Max Schaefer
94a5722c2a
JavaScript: Model taint propagation through new Buffer and Buffer.from.
2018-11-29 09:52:31 +00:00
Max Schaefer
4091cf410d
JavaScript: Improve detection of require calls.
2018-11-29 09:52:31 +00:00
Jonas Jensen
d991fa84b1
Merge pull request #552 from geoffw0/move-security-tests-add
...
CPP: Add the Semmle security tests.
2018-11-29 10:49:20 +01:00
Max Schaefer
506236994f
JavaScript: Address doc review comments.
2018-11-29 09:49:13 +00:00
Geoffrey White
9d95291124
CPP: Delete the CPython queries and libraries.
2018-11-29 09:29:46 +00:00
Geoffrey White
909ff428ac
CPP: Deprecate the CPython queries.
2018-11-29 09:28:29 +00:00
Tom Hvitved
ab7a094439
C#: Include CFG splits in Ssa::Definition::toString()
...
Just like syntax elements can be split in the control flow graph, so can SSA
definitions. To make this clear, and to make debugging easier, this commit
adds the splits as a prefix in the textual representation of SSA definitions.
2018-11-29 10:00:08 +01:00
semmle-qlci
d64067aaae
Merge pull request #558 from xiemaisi/js/sanitise-access-paths
...
Approved by asger-semmle
2018-11-29 08:27:58 +00:00
Dave Bartolomeo
40864f9ebb
C++: Fix GVN test expectation
2018-11-28 14:07:23 -08:00
semmle-qlci
d31c9950f9
Merge pull request #566 from ian-semmle/defuse_test
...
Approved by dave-bartolomeo
2018-11-28 20:48:14 +00:00
Geoffrey White
d261f1b6d2
CPP: Deprecate the PointsTo tests.
2018-11-28 20:23:33 +00:00
calum
f2d7b6ebe9
C#: Change notes.
2018-11-28 20:21:34 +00:00
Tom Hvitved
3eb163f656
C#: Account for split SSA definitions in guards library
...
On 03e69e9945
2018-11-28 20:00:13 +01:00
Tom Hvitved
1a25f0a068
C#: Add test for guard inside a split CFG block
2018-11-28 19:59:05 +01:00
Dave Bartolomeo
d7938362dd
C++: Rename Chi IPA types to match classes
2018-11-28 10:33:04 -08:00
Geoffrey White
1232694340
CPP: Add external/jpl tags.
2018-11-28 18:18:28 +00:00
calum
6c6d7e4fff
C#: Fix false-positives in cs/index-out-of-bounds.
2018-11-28 17:42:08 +00:00
Taus
595e6fcbf8
Merge pull request #550 from markshannon/python-weak-crypto
...
Python: Query for use of weak crypto keys.
2018-11-28 18:21:27 +01:00
Mark Shannon
a345727f71
Python fix up tags in qhelp.
2018-11-28 17:14:07 +00:00
Ian Lynagh
6cb6b1c07d
C++: Tweak the defuse test
...
It looks like this is what it was originally intended to do.
2018-11-28 17:11:17 +00:00
Mark Shannon
b3eaa46f14
Python: Use consistent abbreviations in weak-crypto query message.
2018-11-28 16:58:22 +00:00
Mark Shannon
4f0a666a43
Python: Tweak name of new query and add change note.
2018-11-28 16:58:22 +00:00
Mark Shannon
3c4c8cf7d3
Python: Add qhelp for new query.
2018-11-28 16:57:34 +00:00
Mark Shannon
1065ad0ce7
Python: Weak crypto query.
2018-11-28 16:57:34 +00:00
Mark Shannon
2bf98b805d
Python: Delete some misleading qhelp and rename a couple of queries.
2018-11-28 16:53:38 +00:00
Taus
c75fa28510
Merge pull request #538 from markshannon/python-jinja2-autoescape
...
Python: New query to check for use of jinja2 templates without auto-escaping
2018-11-28 17:32:17 +01:00
Mark Shannon
21246dcbf2
Python: clean up change notes and query help.
2018-11-28 15:02:47 +00:00
Geoffrey White
0eb0bf988e
CPP: Fix for virtual method calls.
2018-11-28 14:19:24 +00:00
Asger F
8017df1750
JS: add change note for UselessConditional.ql
2018-11-28 14:14:58 +00:00
Esben Sparre Andreasen
f3889e715e
JS: simplify isReactImportForJSX to isReactForJSX
2018-11-28 15:06:53 +01:00
Anders Schack-Mulligen
ae44b90456
Java: Normalize parentheses.
2018-11-28 15:01:25 +01:00
Max Schaefer
45574d4eaa
JavaScript: Minor change to documentation to facilitate opening another PR.
2018-11-28 13:53:28 +00:00
semmle-qlci
57a976d668
Merge pull request #555 from xiemaisi/js/invalid-dynamic-method-call
...
Approved by esben-semmle
2018-11-28 13:52:51 +00:00
Anders Schack-Mulligen
e2dd0ea083
Java: Add 2 double-checked-locking queries.
2018-11-28 13:52:34 +01:00
Max Schaefer
fb78e14db1
JavaScript: Add support for sanitising dynamic property accesses.
...
This generalises our previous handling of sanitisers operating on property accesses to support dynamic property accesses where the property name is an SSA variable by representing them as access paths.
2018-11-28 12:37:53 +00:00
Esben Sparre Andreasen
72092529d1
JS: add change note for js/unused-local-variable
2018-11-28 13:25:26 +01:00
Esben Sparre Andreasen
f3c90114df
JS: add empty 1.20 change note
2018-11-28 13:24:26 +01:00
Esben Sparre Andreasen
54e2215db4
JS: support require in isReactImportForJSX
2018-11-28 13:16:55 +01:00
Esben Sparre Andreasen
737a816e6f
JS: refactor isReactImportForJSX
2018-11-28 13:16:55 +01:00
Max Schaefer
9c98aaf4bd
JavaScript: Refactor a few predicates to avoid materialisations.
2018-11-28 10:51:29 +00:00
Mark Shannon
eefb45c94b
Python: jinja2-without-escaping query: Clean up query and account for Template class in tests.
2018-11-28 10:46:44 +00:00
Mark Shannon
dff36e22ff
Fix typo.
2018-11-28 10:46:44 +00:00
Mark Shannon
1080525d7d
Python: Add missing test stub.
2018-11-28 10:45:48 +00:00
Mark Shannon
2518ac561e
Python: Add change note for jinja2-autoescape query.
2018-11-28 10:45:48 +00:00
Mark Shannon
243280dc00
Python: New query to check for use of jinja2 templates without auto-escaping.
2018-11-28 10:45:19 +00:00
