semmle-qlci
|
317356e591
|
Merge pull request #2898 from asger-semmle/js/prototype-pollution-isobject-sanitizers
Approved by erik-krogh
|
2020-02-24 13:35:32 +00:00 |
|
Jonas Jensen
|
2d9df70abc
|
Merge pull request #2887 from MathiasVP/fix-ir-gen-switch
C++: Fix IR generation for switch statements
|
2020-02-24 13:29:27 +01:00 |
|
semmle-qlci
|
94aa77748d
|
Merge pull request #2810 from erik-krogh/CVE74
Approved by asgerf
|
2020-02-24 11:32:42 +00:00 |
|
Asger Feldthaus
|
f923b24bc5
|
JS: Fix test
|
2020-02-24 11:19:23 +00:00 |
|
Mathias Vorreiter Pedersen
|
ed430ce855
|
C++/C#: Bind parameter in new case.
|
2020-02-24 09:12:14 +01:00 |
|
Mathias Vorreiter Pedersen
|
af364e66fc
|
C++/C#: Move sanity check inside InstructionSanity module and accept tests
|
2020-02-23 20:53:49 +01:00 |
|
Taus
|
285be2893c
|
Merge pull request #2893 from BekaValentine/python-objectapi-to-valueapi-unnecessarylambda
Python: ObjectAPI to ValueAPI: UnnecessaryLambda
|
2020-02-21 22:23:02 +01:00 |
|
Taus
|
e444fb8bfa
|
Merge pull request #2818 from BekaValentine/objectapi-to-valueapi-hashedbutnohash
Python: ObjectAPI to ValueAPI: HashedButNoHash
|
2020-02-21 22:19:58 +01:00 |
|
Asger Feldthaus
|
d1df251b92
|
JS: Proto pollution: Add is-plain-object sanitizer
|
2020-02-21 14:38:33 +00:00 |
|
Mathias Vorreiter Pedersen
|
d9753b0ca5
|
C++/C#: Accept test output after adding sanity check to Instruction.qll
|
2020-02-21 15:09:53 +01:00 |
|
semmle-qlci
|
ee5cf95f5b
|
Merge pull request #2892 from asger-semmle/js/field-methods
Approved by esbena
|
2020-02-21 13:49:42 +00:00 |
|
semmle-qlci
|
e163d8d8c8
|
Merge pull request #2796 from asger-semmle/js/partial-invoke-receiver
Approved by esbena
|
2020-02-21 13:48:43 +00:00 |
|
Mathias Vorreiter Pedersen
|
da41cbca06
|
C#: Add similar fix to translation of switch statements in C#
|
2020-02-21 13:33:54 +01:00 |
|
Rasmus Wriedt Larsen
|
abbc9293db
|
Merge pull request #2891 from tausbn/python-special-operations
Python: Add AST support for special operations.
|
2020-02-21 13:16:22 +01:00 |
|
semmle-qlci
|
382e4bc06a
|
Merge pull request #2895 from max-schaefer/js/improve-param-qldoc
Approved by asgerf
|
2020-02-21 12:01:02 +00:00 |
|
Asger Feldthaus
|
01fed95fe6
|
JS: Add change note
|
2020-02-21 11:49:20 +00:00 |
|
Max Schaefer
|
75495d7aad
|
Update javascript/ql/src/semmle/javascript/Variables.qll
Co-Authored-By: Asger F <asgerf@github.com>
|
2020-02-21 10:06:32 +00:00 |
|
Geoffrey White
|
ad45a4b079
|
Merge pull request #2890 from nickrolfe/range_based_for
C++: add more extensive test for desugaring of range-based-for loops
|
2020-02-21 09:31:34 +00:00 |
|
Max Schaefer
|
fc4afe6eb2
|
JavaScript: Improve qldoc for Parameter to clarify that it also contains catch-clause parameters.
|
2020-02-21 09:14:00 +00:00 |
|
Anders Schack-Mulligen
|
771cb754c2
|
Merge pull request #2822 from hvitved/dataflow/node-cand-simple-call-context
Data flow: Track simple call contexts in `nodeCand[Fwd]1`
|
2020-02-21 10:02:06 +01:00 |
|
Jonas Jensen
|
1d786abebd
|
Merge pull request #2881 from rdmarsh2/ir-release-note
C++/Docs: release notes for IR taint tracking and GVN
|
2020-02-21 09:49:16 +01:00 |
|
Tom Hvitved
|
0cc3218115
|
Merge pull request #2872 from aschackmull/dataflow/pathstep-localflow-join
Java/C++/C#: Improve join-order in pathStep predicate
|
2020-02-21 09:39:17 +01:00 |
|
Rebecca Valentine
|
df7f43ee86
|
Adds modernization
|
2020-02-20 17:07:56 -08:00 |
|
Mathias Vorreiter Pedersen
|
780010d8f9
|
C++/C#: Sync identical files
|
2020-02-20 22:15:06 +01:00 |
|
Mathias Vorreiter Pedersen
|
6c08783158
|
C++: Accept output
|
2020-02-20 22:13:37 +01:00 |
|
Mathias Vorreiter Pedersen
|
4545ad0f93
|
C++: Add sanity check to Instruction.qll
|
2020-02-20 22:09:02 +01:00 |
|
Mathias Vorreiter Pedersen
|
76e5bd59df
|
C++: Change edge to DefaultEdge
|
2020-02-20 22:08:16 +01:00 |
|
Robert Marsh
|
7a7444b4e1
|
Docs: Simplify change note
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
|
2020-02-20 12:50:52 -08:00 |
|
Tom Hvitved
|
a772b82fea
|
Address review comments
|
2020-02-20 19:48:49 +01:00 |
|
Taus Brock-Nannestad
|
913db460b2
|
Python: Add AST support for special operations.
These have the form `$name(arg1, arg2, ...)` and currently have no semantics.
They may be useful for testing purposes, however.
|
2020-02-20 18:05:37 +01:00 |
|
Nick Rolfe
|
46b226e0c5
|
C++: add more extensive test for desugaring of range-based-for loops
|
2020-02-20 16:15:22 +00:00 |
|
semmle-qlci
|
2df3fe8f36
|
Merge pull request #2883 from asger-semmle/typescript-3.7.5
Approved by erik-krogh
|
2020-02-20 15:59:36 +00:00 |
|
Mathias Vorreiter Pedersen
|
c5f38eecfe
|
C++: Fix IR generation and accept output
|
2020-02-20 15:37:02 +01:00 |
|
Mathias Vorreiter Pedersen
|
051d574ffd
|
C++: Add switch testcases demonstrating incorrect IR
|
2020-02-20 15:31:44 +01:00 |
|
Erik Krogh Kristensen
|
03e295ef11
|
Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74
|
2020-02-20 12:19:32 +01:00 |
|
semmle-qlci
|
f6af5da7f7
|
Merge pull request #2778 from erik-krogh/FalsySanitizer
Approved by asgerf
|
2020-02-20 11:17:03 +00:00 |
|
Erik Krogh Kristensen
|
63036aa444
|
Merge branch 'master' of git.semmle.com:Semmle/ql into CVE74
|
2020-02-20 12:09:06 +01:00 |
|
semmle-qlci
|
8b277f7226
|
Merge pull request #2868 from asger-semmle/js/missing-await-void
Approved by max-schaefer
|
2020-02-20 10:56:47 +00:00 |
|
Asger Feldthaus
|
6448acfa88
|
TS: Depend on TypeScript 3.7.5
|
2020-02-20 10:53:17 +00:00 |
|
semmle-qlci
|
091c6c063c
|
Merge pull request #2856 from esbena/js/fix-RegExp-getPredecessor-getSuccessor
Approved by max-schaefer
|
2020-02-20 09:50:52 +00:00 |
|
Jonas Jensen
|
97035aeb63
|
Merge pull request #2848 from geoffw0/model-sideeffects
C++: Disambiguate SideEffectFunction QLDoc.
|
2020-02-20 10:30:53 +01:00 |
|
Erik Krogh Kristensen
|
80962803b0
|
update doc for VarAccessBarrier, and make the class private
|
2020-02-20 10:09:32 +01:00 |
|
Erik Krogh Kristensen
|
2d437efdfd
|
corrections on qldoc
Co-Authored-By: Asger F <asgerf@github.com>
|
2020-02-20 09:54:11 +01:00 |
|
Dave Bartolomeo
|
4f1a23e248
|
"Fix" spelling
|
2020-02-19 15:57:31 -07:00 |
|
Dave Bartolomeo
|
5263222dc2
|
"Fix" spelling
|
2020-02-19 15:57:19 -07:00 |
|
Robert Marsh
|
d151c2eeb7
|
C++: change note for IR-based GVN
|
2020-02-19 14:39:36 -08:00 |
|
Robert Marsh
|
8ea5739b7a
|
C++: release note for DefaultTaintTracking
|
2020-02-19 14:32:49 -08:00 |
|
Robert Marsh
|
de66841263
|
Merge pull request #2873 from geoffw0/fixasttest2
C++: Fix another test that should be working on the AST dataflow.
|
2020-02-19 14:13:44 -08:00 |
|
Robert Marsh
|
82f2540dde
|
Merge pull request #2871 from geoffw0/fixasttest
C++: Fix a test that should be working on the AST dataflow.
|
2020-02-19 10:55:13 -08:00 |
|
Asger Feldthaus
|
479770dc07
|
JS: Recognize class members in more cases
|
2020-02-19 17:04:41 +00:00 |
|