Asger F
|
08bc29cddb
|
TS: fix analysis of export= statements
|
2019-04-23 13:09:40 +01:00 |
|
Robert Marsh
|
45a35a8572
|
Merge pull request #1265 from rdmarsh2/rdmarsh/cpp/gvn-string-pooling
C++: string pooling in IR value numbering
|
2019-04-22 09:29:44 -07:00 |
|
Robert Marsh
|
e7ca6c8bd9
|
C++: test for value number string pooling
|
2019-04-19 10:50:52 -07:00 |
|
Robert Marsh
|
3907ef98a3
|
C++: value number string constants
|
2019-04-18 16:14:54 -07:00 |
|
yh-semmle
|
04954f77de
|
Merge pull request #1262 from sb-semmle/more-spring-sources
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
|
2019-04-18 18:08:44 -04:00 |
|
Sebastian Bauersfeld
|
734fe542ab
|
Update change notes.
|
2019-04-18 16:37:08 -04:00 |
|
Robert Marsh
|
c6f01265be
|
Merge pull request #1263 from geoffw0/bufferoverflowqueries
CPP: Resolve overlap between OverflowCalculated.ql and NoSpaceForZeroTerminator.ql
|
2019-04-18 13:21:57 -04:00 |
|
Geoffrey White
|
56e0adf152
|
CPP: Change note.
|
2019-04-18 10:34:20 +01:00 |
|
Geoffrey White
|
57a4e52b47
|
CPP: Remove the overlap between these two queries.
|
2019-04-18 10:33:33 +01:00 |
|
Geoffrey White
|
ca6ba36d87
|
CPP: Unify and improve the MallocCall classes.
|
2019-04-18 10:30:18 +01:00 |
|
Geoffrey White
|
1ba8364c3b
|
CPP: Add more test cases.
|
2019-04-18 10:28:34 +01:00 |
|
Geoffrey White
|
8856442f7f
|
CPP: Add NoSpaceForZeroTerminator to the OverflowCalculated test.
|
2019-04-18 09:19:44 +01:00 |
|
Geoffrey White
|
12650f85c5
|
CPP: Rename a test file.
|
2019-04-18 09:16:55 +01:00 |
|
Sebastian Bauersfeld
|
2f200d7517
|
Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources.
|
2019-04-17 18:02:00 -04:00 |
|
Geoffrey White
|
c674f54129
|
Merge pull request #1259 from xiemaisi/cpp/typo-fix
CPP: Fix two doc comments.
|
2019-04-17 16:48:23 +01:00 |
|
ian-semmle
|
ff574e56be
|
Merge pull request #1260 from nickrolfe/qltest_verbosity
C++: update expected extractor arguments to match qltest runner changes
|
2019-04-17 15:56:22 +01:00 |
|
Max Schaefer
|
a61ca489f1
|
Merge pull request #1258 from asger-semmle/prototype-pollution
JS: prototype pollution query template
|
2019-04-17 12:58:05 +01:00 |
|
Nick Rolfe
|
bf204ecdf8
|
C++: update expected extractor arguments to match qltest runner changes
|
2019-04-17 12:30:04 +01:00 |
|
Max Schaefer
|
599185e125
|
CPP: Fix two doc comments.
|
2019-04-17 10:49:38 +01:00 |
|
Geoffrey White
|
f33b24c917
|
Merge pull request #1239 from jbj/qlformat-1
C++: Autoformat QL code in Architecture and Best Practices
|
2019-04-17 09:56:29 +01:00 |
|
semmle-qlci
|
f36eafce3f
|
Merge pull request #1246 from xiemaisi/js/hardcoded-password
Approved by asger-semmle
|
2019-04-17 08:54:09 +01:00 |
|
Robert Marsh
|
09d0548c81
|
Merge pull request #1237 from geoffw0/commentedoutcode2
CPP: Fix FPs from detecting commented out preprocessor logic
|
2019-04-16 10:31:42 -07:00 |
|
Calum Grant
|
d8b47c8337
|
Merge pull request #1225 from hvitved/csharp/cfg/dynamic-accessor-calls
C#: Improve CFG for (potential) dynamic accessor calls
|
2019-04-16 17:53:12 +01:00 |
|
Asger F
|
48ca4ae0d8
|
JS: prototype pollution query template
|
2019-04-16 17:40:41 +01:00 |
|
Asger F
|
e88e5cf4d7
|
Merge pull request #1256 from Semmle/rc/1.20
Merge 1.20 into master
|
2019-04-16 16:10:36 +01:00 |
|
Geoffrey White
|
2d15163e30
|
CPP: Test of a comment inside #if 0.
|
2019-04-16 15:37:21 +01:00 |
|
Arthur Baars
|
4e10e285a2
|
Merge pull request #1253 from asger-semmle/rc-tscrash
TS: Dont extract redirect SourceFiles
v1.20.1
|
2019-04-16 14:01:25 +02:00 |
|
Asger F
|
fafdd5bbcd
|
TS: Dont extract redirect SourceFiles
|
2019-04-16 10:17:45 +01:00 |
|
semmle-qlci
|
ff25a3ee5a
|
Merge pull request #1243 from asger-semmle/access-path-refinements
Approved by xiemaisi
|
2019-04-16 09:57:51 +01:00 |
|
Max Schaefer
|
65e508ae3b
|
Merge pull request #1252 from esben-semmle/mb/1.20-master
Mergeback: rc/1.20 into Semmle/master
|
2019-04-16 09:27:50 +01:00 |
|
semmle-qlci
|
aeebc3692d
|
Merge pull request #1247 from asger-semmle/tscrash
Approved by xiemaisi
|
2019-04-16 07:59:02 +01:00 |
|
semmle-qlci
|
97018f7c3a
|
Merge pull request #1248 from asger-semmle/ts-full-default
Approved by xiemaisi
|
2019-04-16 07:56:50 +01:00 |
|
Max Schaefer
|
7af4baf57f
|
Merge pull request #1220 from esben-semmle/js/another-getAPropertyAttribut-performance-fix
JS: inline CallToObjectDefineProperty::getAPropertyAttribute
|
2019-04-16 07:55:53 +01:00 |
|
Esben Sparre Andreasen
|
c80ee3df01
|
Mergeback: rc/1.20 into Semmle/master
|
2019-04-16 08:46:15 +02:00 |
|
Asger F
|
abbfe2d5ce
|
TS: Dont extract redirect SourceFiles
|
2019-04-15 18:57:02 +01:00 |
|
Max Schaefer
|
faba019a29
|
Merge pull request #1229 from esben-semmle/js/whitelist-unwrappind
JS: whitelilist delimiter unwrapping for js/incomplete-sanitization
|
2019-04-15 12:20:12 +01:00 |
|
Max Schaefer
|
4c9edafef3
|
Merge pull request #1211 from esben-semmle/js/type-tracking-for-incomplete-hostname-regexp
JS: type tracking for js/incomplete-hostname-regexp
|
2019-04-15 12:19:46 +01:00 |
|
Asger F
|
b6ea121808
|
TS: Make full TS extraction the default in AutoBuild
|
2019-04-15 12:11:05 +01:00 |
|
Max Schaefer
|
1d5bb97121
|
JavaScript: Refine PasswordInConfigurationFile to avoid FPs.
We now exclude passwords that look like they might be filled in via
templating or shell substitution.
|
2019-04-15 12:10:21 +01:00 |
|
Max Schaefer
|
ce53a7d575
|
Merge pull request #1175 from psygnisfive/NullSensitiveContext
[JS] Null Sensitive Context (new library)
|
2019-04-15 08:50:14 +01:00 |
|
Rebecca Valentine
|
fb40548be5
|
fixes semicolon issues
|
2019-04-12 10:56:31 -07:00 |
|
Rebecca Valentine
|
a66d1c0e09
|
fixes test errors
|
2019-04-12 10:39:34 -07:00 |
|
Rebecca Valentine
|
d4f2172bdc
|
void exprs are also ok
|
2019-04-12 10:39:20 -07:00 |
|
Asger F
|
b8ec7083d4
|
JS: Update isBarrier test output
|
2019-04-12 16:35:01 +01:00 |
|
Taus
|
ae6c768db8
|
Merge pull request #1244 from markshannon/fix-semantic-merge-conflict
Python: Fix semantic merge conflict between #1206 and #1240.
|
2019-04-12 14:49:24 +02:00 |
|
Mark Shannon
|
d6ba729dce
|
Python: Fix semantic merge conflict between #1206 and #1240.
|
2019-04-12 12:32:41 +01:00 |
|
Asger F
|
b36075ca46
|
JS: step through refinements in AccessPaths
|
2019-04-12 11:12:50 +01:00 |
|
Asger F
|
720555be45
|
JS: Add test case
|
2019-04-12 11:11:26 +01:00 |
|
Taus
|
707b73c3d0
|
Merge pull request #1240 from markshannon/python-avoid-ssa-defns-in-tests
Python: Remove callsite refinement ESSA definition in tests
|
2019-04-12 12:05:40 +02:00 |
|
Taus
|
607b5fb077
|
Merge pull request #1206 from markshannon/python-taint-flow-classless
Python taint-tracking: Better flow for "generic" taint.
|
2019-04-12 11:54:52 +02:00 |
|