Jonas Jensen
|
27b5902258
|
Merge pull request #2707 from geoffw0/taint-format
C++: Add TaintFunction model to FormattingFunction
|
2020-01-29 08:20:34 +01:00 |
|
Robert Marsh
|
9504da54d1
|
Merge pull request #2713 from MathiasVP/dynamic-cast-taint-propagation
C++: Taint propagation through dynamic_cast
|
2020-01-28 15:09:49 -05:00 |
|
yo-h
|
97069a7988
|
Merge pull request #2683 from aschackmull/java/lshift32
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
|
2020-01-28 13:30:26 -05:00 |
|
Mathias Vorreiter Pedersen
|
67d29e31cc
|
C#: Sync identical files
|
2020-01-28 17:52:45 +01:00 |
|
Mathias Vorreiter Pedersen
|
c1091a03d0
|
C++: Accept output
|
2020-01-28 17:38:35 +01:00 |
|
Mathias Vorreiter Pedersen
|
46ce228bce
|
C++: Add instruction for CheckedConvertOrNull and handle it in alias analysis and data flow
|
2020-01-28 17:36:17 +01:00 |
|
Mathias Vorreiter Pedersen
|
928b0c50d2
|
C++: Add test demonstrating false negative when using dynamic_cast
|
2020-01-28 17:31:53 +01:00 |
|
Geoffrey White
|
fc1816cbd7
|
C++: Update change note.
|
2020-01-28 14:53:18 +00:00 |
|
Geoffrey White
|
f02ffcbbd2
|
C++: Modify ParameterIndex to account for varargs.
|
2020-01-28 14:53:18 +00:00 |
|
Geoffrey White
|
d66f608d41
|
C++: Taint from FormattingFunction varargs.
|
2020-01-28 14:53:18 +00:00 |
|
Geoffrey White
|
8b215c155e
|
C++: Correct a few test comments.
|
2020-01-28 14:51:46 +00:00 |
|
Geoffrey White
|
b1f66ae825
|
C++: Fix warnings.
|
2020-01-28 14:51:46 +00:00 |
|
yo-h
|
95d138bf00
|
Merge pull request #2659 from aschackmull/java/remove-parexpr
Java: Update dbscheme for ParExpr removal.
|
2020-01-28 09:50:06 -05:00 |
|
Jonas Jensen
|
24a50fceef
|
Merge pull request #2709 from MathiasVP/ql-tests-taint-tracking-fixup
C++: Fix annotations in testcase file
|
2020-01-28 14:52:55 +01:00 |
|
Mathias Vorreiter Pedersen
|
287af2bdec
|
C++: Fix annotations in testcase file
|
2020-01-28 13:51:36 +01:00 |
|
Geoffrey White
|
01dc3661b7
|
C++: Autoformat.
|
2020-01-28 12:17:56 +00:00 |
|
semmle-qlci
|
5ab6457370
|
Merge pull request #2699 from asger-semmle/js/callback-doc-typo
Approved by max-schaefer
|
2020-01-28 11:00:49 +00:00 |
|
Jonas Jensen
|
23030aa324
|
Merge pull request #2706 from MathiasVP/ql-tests-taint-tracking
Ql tests for virtual dispatch taint tracking
|
2020-01-28 11:56:10 +01:00 |
|
Mathias Vorreiter Pedersen
|
611d9553dd
|
C++: Fix formatting
|
2020-01-28 10:22:33 +01:00 |
|
Anders Schack-Mulligen
|
0b3c90b526
|
Java: Fix whitespace query.
|
2020-01-28 10:15:48 +01:00 |
|
Anders Schack-Mulligen
|
34e6679afd
|
Java: Add upgrade script.
|
2020-01-28 10:15:48 +01:00 |
|
Anders Schack-Mulligen
|
f8805ebb24
|
Java: Update 2 queries.
|
2020-01-28 10:15:48 +01:00 |
|
Anders Schack-Mulligen
|
4bd332ddca
|
Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests.
|
2020-01-28 10:15:48 +01:00 |
|
Anders Schack-Mulligen
|
597d8e7d94
|
Java: Update dbscheme for ParExpr removal.
|
2020-01-28 10:15:48 +01:00 |
|
Anders Schack-Mulligen
|
dc7e8ad2ff
|
Java: Reword help according to review comment.
|
2020-01-28 10:13:35 +01:00 |
|
Anders Schack-Mulligen
|
a99a6f79cd
|
Apply suggestions from code review
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
|
2020-01-28 10:13:35 +01:00 |
|
Anders Schack-Mulligen
|
4cb28d9b1d
|
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
|
2020-01-28 10:13:34 +01:00 |
|
Mathias Vorreiter Pedersen
|
130911ad44
|
C++: Accept new output in already existing test
|
2020-01-28 10:00:52 +01:00 |
|
Mathias Vorreiter Pedersen
|
fd79e7991d
|
C++: Add tests demonstrating differences between AST virtual dispatch analysis and IR virtual dispatch analysis
|
2020-01-28 10:00:21 +01:00 |
|
Geoffrey White
|
1ddabee1b8
|
C++: Change note.
|
2020-01-28 08:46:46 +00:00 |
|
Geoffrey White
|
30580e97dc
|
C++: Add a TaintFunction model to FormattingFunction.
|
2020-01-28 08:46:46 +00:00 |
|
Geoffrey White
|
1d46971bb7
|
C++: Add an ArrayFunction model to FormattingFunction.
|
2020-01-28 08:46:46 +00:00 |
|
Geoffrey White
|
06f5720cd5
|
C++: Add taint tests of formatting functions.
|
2020-01-28 08:46:46 +00:00 |
|
yo-h
|
8c00671f24
|
Merge pull request #2698 from aschackmull/java/changenote-csrf-query
Java: Add change note for java/spring-disabled-csrf-protection.
|
2020-01-27 21:09:15 -05:00 |
|
Robert Marsh
|
a9bcc1dcc6
|
Merge pull request #2667 from dbartol/dbartol/NoEscape
C++/C#: Make escape analysis unsound by default
|
2020-01-27 19:17:33 -05:00 |
|
Robert Marsh
|
c7975e83a7
|
Merge pull request #2657 from jbj/DefaultTaintTracking-models
C++: wire up models library to DefaultTaintTracking
|
2020-01-27 17:41:54 -05:00 |
|
Dave Bartolomeo
|
7df3cf4c23
|
C++: Accept more test output after merge
|
2020-01-27 13:48:43 -07:00 |
|
Dave Bartolomeo
|
3b3502060b
|
Merge remote-tracking branch 'upstream/master' into dbartol/NoEscape
|
2020-01-27 13:29:18 -07:00 |
|
Robert Marsh
|
79a72a3496
|
Merge pull request #2680 from geoffw0/modelstrndup
CPP: Model strndup.
|
2020-01-27 15:19:52 -05:00 |
|
Dave Bartolomeo
|
40952f85a9
|
C++: Accept test diffs
|
2020-01-27 10:31:18 -07:00 |
|
Robert Marsh
|
4d743d2bce
|
Merge pull request #2692 from jbj/pure-string-read
C++: Model that string functions read their buffer
|
2020-01-27 11:40:03 -05:00 |
|
Anders Schack-Mulligen
|
3745388069
|
Merge pull request #2602 from chrisgavin/suspicious-date-format
Java: Add a query for suspicious date format patterns.
|
2020-01-27 16:29:48 +01:00 |
|
Geoffrey White
|
4778914154
|
CPP: Repair flow.
|
2020-01-27 14:08:03 +00:00 |
|
Geoffrey White
|
d9f6895602
|
CPP: 'sometimes copying' is considered data flow.
|
2020-01-27 14:07:39 +00:00 |
|
Jonas Jensen
|
0e3ed2dfa6
|
C++: Remove test for unrelated issue
The issue for that test is being tested and fixed on PR #2686. Adding a
test here will cause a semantic merge conflict.
|
2020-01-27 14:25:28 +01:00 |
|
Asger Feldthaus
|
3d567eb889
|
JS: Close an unterminated code block
|
2020-01-27 12:03:58 +00:00 |
|
Chris Gavin
|
484333b192
|
Java: Update help and description of java/suspicious-date-format.
|
2020-01-27 11:57:59 +00:00 |
|
Chris Gavin
|
0e8d435ca1
|
Java: Add a test for java/suspicious-date-format.
|
2020-01-27 11:57:59 +00:00 |
|
Chris Gavin
|
708890add3
|
Java: Add a change note for java/suspicious-date-format.
|
2020-01-27 11:57:56 +00:00 |
|
Chris Gavin
|
88146295f9
|
Java: Add a query for suspicious date format patterns.
|
2020-01-27 11:57:18 +00:00 |
|