Asger F
8aff66616b
JS: suppress similar alerts from RemotePropertyInjection
2018-11-20 15:57:18 +00:00
Asger F
a2e5003c09
JS: add to security suite
2018-11-20 15:57:18 +00:00
Asger F
2239f863f7
JS: add query MethodNameInjection
2018-11-20 15:57:18 +00:00
Taus
7ba4d71ffb
Merge pull request #494 from markshannon/python-tests
...
QL tests for Python queries and libraries.
2018-11-20 16:00:06 +01:00
Taus
6317546cdb
Merge pull request #493 from markshannon/python-queries
...
Initial commit of Python queries and QL libraries.
2018-11-20 15:59:15 +01:00
Mark Shannon
a135e4665e
Update lgtm.yml file to exclude Python source in query and test folders.
2018-11-20 14:57:36 +00:00
Asger F
bc3b983768
JS: move CodeInjection tests into subfolder
2018-11-20 14:24:37 +00:00
Tom Hvitved
3e78c2671f
C#: Generalize pre-SSA library to include local-scope-like fields/properties
2018-11-20 15:07:44 +01:00
Tom Hvitved
25150265dc
C#: Compute phi inputs in pre-SSA library
...
Logic is copied directly from the ordinary SSA library.
2018-11-20 15:07:43 +01:00
Jonas Jensen
33111b6b27
Merge pull request #498 from geoffw0/test-cleanup
...
CPP: Clean up some test code.
2018-11-20 14:44:52 +01:00
Tom Hvitved
252b756184
Merge pull request #472 from felicity-semmle/csharp/SD-2778-qhelp-update
...
C#: Minor updates for consistency (SD-2778)
2018-11-20 14:28:29 +01:00
semmle-qlci
4b5f24d99e
Merge pull request #449 from hvitved/csharp/ssa/live-at-rank
...
Approved by calumgrant
2018-11-20 13:01:02 +00:00
semmle-qlci
1c1d2e943a
Merge pull request #496 from esben-semmle/js/yui-directives
...
Approved by xiemaisi
2018-11-20 12:59:55 +00:00
semmle-qlci
8333f72030
Merge pull request #470 from esben-semmle/custom-abstract-values-only
...
Approved by xiemaisi
2018-11-20 12:59:35 +00:00
Max Schaefer
c1690a69e5
JavaScript: Make TargetBlank only highlight the first line of the link.
...
Otherwise alerts for multi-line `<a>` elements end up looking very red.
I also took the opportunity to improve the tests slightly.
2018-11-20 12:53:27 +00:00
Esben Sparre Andreasen
82fc8ae32a
JS: support indirection with extra args in js/missing-this-qualifier
2018-11-20 11:29:03 +01:00
Geoffrey White
342164ff71
CPP: Clean up / normalize some test code.
2018-11-20 09:50:59 +00:00
Jonas Jensen
6c0305cb80
Merge pull request #495 from geoffw0/returnvalue
...
CPP: Fix 'Missing return statement'
2018-11-20 10:16:30 +01:00
Jonas Jensen
d7c2f9d185
C++: Remove @precision from AV Rule 78
...
This rule, named "No virtual destructor", was supposed to be superseded
by `cpp/virtual-destructor` in 0c796de83
2018-11-20 09:43:54 +01:00
Jonas Jensen
cc28d04ba7
Merge pull request #405 from geoffw0/selfcompare
...
CPP: Fix false positives in PointlessSelfComparison.ql
2018-11-20 09:25:10 +01:00
Tom Hvitved
9f7eef02ec
C#: Address review comments
2018-11-20 09:24:53 +01:00
Esben Sparre Andreasen
54fea1a4cb
JS: support "xyz:nomunge" YUI compressor directives
2018-11-20 09:00:33 +01:00
Esben Sparre Andreasen
ee7a6af7c7
JS: address review comments
2018-11-20 08:37:23 +01:00
Felicity Chapman
fc6e9be75a
Fix incorrect tag
2018-11-20 07:12:48 +00:00
semmle-qlci
26a248b14a
Merge pull request #487 from xiemaisi/js/lint-join-order
...
Approved by esben-semmle
2018-11-20 06:51:33 +00:00
semmle-qlci
7df397f8ab
Merge pull request #486 from xiemaisi/js/lower-severities
...
Approved by asger-semmle
2018-11-20 06:39:23 +00:00
Mark Shannon
e930b43bf3
Python security queries. Choose a precision reflecting actual precision for Security queries.
2018-11-19 17:10:40 +00:00
Mark Shannon
c2e0ee1c47
Add .qlpath and .project files for Python queries.
2018-11-19 16:28:53 +00:00
semmle-qlci
f5e25e61e0
Merge pull request #490 from xiemaisi/js/remove-actual
...
Approved by asger-semmle
2018-11-19 16:20:19 +00:00
Geoffrey White
5cae65295d
CPP: Fix FPs from AV Rule 114.ql.
2018-11-19 16:09:40 +00:00
Geoffrey White
d18a7012f5
CPP: Add a test case.
2018-11-19 16:08:32 +00:00
Mark Shannon
05b69a1c0f
QL tests for Python queries and libraries.
2018-11-19 15:15:54 +00:00
Aditya Sharad
165bb8b6b8
Merge pull request #488 from pavgust/bump/master-next
...
Mergeback master to next
2018-11-19 15:12:37 +00:00
Mark Shannon
5f58824d1b
Initial commit of Python queries and QL libraries.
2018-11-19 15:10:42 +00:00
Geoffrey White
33130b9800
CPP: Apply recommended fix.
2018-11-19 14:39:28 +00:00
Geoffrey White
6a14748af8
CPP: Add recommended test.
2018-11-19 14:25:11 +00:00
Geoffrey White
646bb01a5f
CPP: Change note.
2018-11-19 14:04:14 +00:00
Jonas Jensen
111df470c3
Merge pull request #485 from geoffw0/limitedscopefunction
...
CPP: Fix Limitedscopefunction.ql
2018-11-19 14:51:20 +01:00
Jonas Jensen
6d17642240
Merge pull request #476 from geoffw0/av_165
...
CPP: Fix AV Rule 165
2018-11-19 14:32:02 +01:00
Jonas Jensen
2ce2c0a876
Merge pull request #475 from geoffw0/av_164
...
CPP: Fix AV Rule 164
2018-11-19 14:23:36 +01:00
Max Schaefer
6021d2499d
JavaScript: Remove accidentally committed .actual file.
2018-11-19 12:24:19 +00:00
Geoffrey White
cf27978325
CPP: Give OffsetUseBeforeRangeCheck.ql a precision.
2018-11-19 11:56:07 +00:00
Geoffrey White
e72505707b
CPP: Check for a range check before the use.
2018-11-19 11:49:22 +00:00
Geoffrey White
6cdfaeea3c
CPP: getAChild() -> getAChild*().
2018-11-19 11:47:14 +00:00
Geoffrey White
01611d4d96
CPP: Add a test for OffsetUseBeforeRangeCheck.ql.
2018-11-19 11:47:14 +00:00
Pavel Avgustinov
16ec9f1aa4
Merge remote-tracking branch 'origin/next' into bump/master-next
2018-11-19 10:37:07 +00:00
Geoffrey White
90c75cd362
Merge pull request #478 from felicity-semmle/cpp/SD-2777-jsf-note
...
C++: Add JSF note to qhelp for sub-set of JSF queries
2018-11-19 09:30:39 +00:00
Max Schaefer
73ad3f5c8a
JavaScript: Tweak JSLint library to avoid bad join order.
2018-11-19 09:12:02 +00:00
Tom Hvitved
dd4c9654f2
Merge pull request #483 from calumgrant/cs/vulnerable-package
...
C#: Remove duplicate results from cs/use-of-vulnerable-package
2018-11-19 10:09:37 +01:00
Max Schaefer
1b59a28be0
JavaScript: Downgrade a few "error" rules to "warning".
...
For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.
2018-11-19 09:09:26 +00:00
