Joe
c3320eeb3c
Java: Improve getAPrimaryQlClass
...
Implement it for more types
Fix typos
2020-09-15 14:45:48 +01:00
Joe
908f025888
Java: PrintAst: Fix a couple of issues related to Annotations
2020-09-15 14:45:48 +01:00
Joe
c20f802666
Java: PrintAst: Supprt generic parameters
2020-09-15 14:45:48 +01:00
Joe
19af3e5e30
Java: Add PrintAST
2020-09-15 14:45:48 +01:00
Anders Schack-Mulligen
159353d545
Merge pull request #4269 from joefarebrother/PrintAST-java-rename
...
Java: Rename PrintAst.qll to PrettyPrintAst.qll
2020-09-15 15:43:24 +02:00
Jonas Jensen
bdce24735c
C++: Add flow through arrays
...
This works by adding data-flow edges to skip over array expressions when
reading from arrays. On the post-update side, there was already code to
skip over array expressions when storing to arrays. That happens in
`valueToUpdate` in `AddressFlow.qll`, which needed just a small tweak to
support assignments with non-field expressions at the top-level LHS,
like `*a = ...` or `a[0] = ...`.
The new code in `AddressFlow.qll` is copy-pasted from `EscapesTree.qll`,
and there is already a note in these files saying that they share a lot
of code and must be maintained in sync.
2020-09-15 14:46:11 +02:00
Jonas Jensen
27b8dc2b13
C++: Add tests for flow through arrays
2020-09-15 14:19:34 +02:00
Mathias Vorreiter Pedersen
3005f252ca
C++: Fix annotation
2020-09-15 13:34:50 +02:00
Mathias Vorreiter Pedersen
0ba72c6685
C++: Accept changes.
2020-09-15 12:49:22 +02:00
Mathias Vorreiter Pedersen
265a641d06
C++: Use the underlying type to check whether a type is a single-field struct.
2020-09-15 12:49:16 +02:00
CodeQL CI
951e3093d2
Merge pull request #4231 from erik-krogh/CVE767
...
Approved by asgerf
2020-09-15 03:47:40 -07:00
Mathias Vorreiter Pedersen
d18dd5ab09
C++: Add testcase demonstrating the underlying problem in 6ca9c449af.
2020-09-15 12:32:15 +02:00
Joe
efe3ac0a37
Java: Rename the existing file called PrintAst.qll
2020-09-15 11:30:56 +01:00
Erik Krogh Kristensen
2de94abe9f
Merge pull request #4244 from erik-krogh/badJQueryJoin
...
JS: Fix Bad join orders in UnsafeJQueryPlugin
2020-09-15 12:29:25 +02:00
Erik Krogh Kristensen
fa255f3534
add test for self.importScripts(..)
2020-09-15 12:23:48 +02:00
Jonas Jensen
25412da845
Merge pull request #4253 from geoffw0/stringstream2
...
C++: Model more stringstream features
2020-09-15 12:19:26 +02:00
Erik Krogh Kristensen
cc5109d693
Update change-notes/1.26/analysis-javascript.md
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2020-09-15 12:14:51 +02:00
Tamas Vajk
23a9d0764e
Java: Fix range analysis false negative
2020-09-15 12:09:05 +02:00
Mathias Vorreiter Pedersen
1fbb0fbf54
Merge pull request #4266 from geoffw0/cwe190tests
...
C++: CWE-190 Tests.
2020-09-15 12:08:00 +02:00
Tamas Vajk
c66473cb8a
Java: Add test for range analysis
2020-09-15 12:07:30 +02:00
Tom Hvitved
d095d6b56b
Merge pull request #4139 from hvitved/csharp/cfg/foreach-loop-empty
...
C#: Skip `foreach` loop bodies in the CFG when the iteration expression is empty
2020-09-15 09:30:29 +02:00
Mathias Vorreiter Pedersen
0c14e2b69a
C++: Fix annotations in taint.cpp
2020-09-14 23:08:50 +02:00
Mathias Vorreiter Pedersen
3e56db7f83
C++: Make fieldReadStep private
2020-09-14 20:52:55 +02:00
Mathias Vorreiter Pedersen
7cd6137b34
Merge branch 'main' into mathiasvp/array-field-flow
2020-09-14 20:45:06 +02:00
Geoffrey White
6ca9c449af
C++: Add a test demonstrating the recent regression.
2020-09-14 17:55:20 +01:00
Rasmus Lerchedahl Petersen
839cd829ce
Python: Fix formatting
2020-09-14 18:48:55 +02:00
yoff
5efc06da2c
Update python/ql/src/experimental/dataflow/internal/DataFlowPublic.qll
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2020-09-14 17:08:39 +02:00
Rasmus Lerchedahl Petersen
4c02852358
Python: add missing * (and a rename)
2020-09-14 16:56:46 +02:00
Erik Krogh Kristensen
03a3c4f4b2
update expected output
2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
f4f96ce04d
use new source in client-side-url-redirect test
2020-09-14 16:50:47 +02:00
Erik Krogh Kristensen
cb7de2714a
add onmessage handlers registered using global property as PostMessageEventHandler
2020-09-14 16:50:45 +02:00
Asger F
c106b6777c
Merge pull request #4254 from asgerf/js/bump-extractor-version-string
...
JS: Bump extractor version string
2020-09-14 15:17:29 +01:00
Erik Krogh Kristensen
283be19201
add change-note for importScripts
2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
6e84ac8e6c
add test for importScripts
2020-09-14 16:02:34 +02:00
Erik Krogh Kristensen
2e3df74dce
add importScripts as a sink for js/client-side-unvalidated-url-redirection
2020-09-14 16:02:34 +02:00
Geoffrey White
22097a9e13
C++: Add some CWE-190 tests I had lying around.
2020-09-14 14:39:02 +01:00
Rasmus Lerchedahl Petersen
ecc5a4a1f6
Python: testIsTrue -> branch
2020-09-14 15:32:03 +02:00
yoff
2a4e28db16
Apply suggestions from code review
...
Will make the same renames in the changed code also..
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2020-09-14 15:28:01 +02:00
Rasmus Lerchedahl Petersen
033529e85e
Python: avoid creating big predicate
2020-09-14 15:24:46 +02:00
Rasmus Lerchedahl Petersen
543876f980
Python: Fix getAGuardedNode
2020-09-14 14:46:15 +02:00
Ian Lynagh
826c40fcac
C++: Deprecate Location subclasses
...
The main Location class should always be used.
2020-09-14 13:14:18 +01:00
Tamás Vajk
d21c101c0d
Merge pull request #4041 from tamasvajk/feature/update-roslyn
...
C#: upgrade Roslyn dependencies to version 3.7
2020-09-14 13:57:36 +02:00
Tamás Vajk
f5f4b8e25b
C#: Enable nullability of Semmle.Extraction.CSharp.Standalone ( #4115 )
2020-09-14 13:43:57 +02:00
Tom Hvitved
0fb9dc5bac
C#: Adjust caching of tuple types
2020-09-14 11:24:46 +02:00
Geoffrey White
6b035df660
C++: Repair taint flow from previous.
2020-09-14 10:21:43 +01:00
Tom Hvitved
19746023d9
C#: Tidy code for constructing underlying tuple structs
2020-09-14 10:08:58 +02:00
Erik Krogh Kristensen
6fb534f178
fix catastrophic join order in UnsafeJQueryPlugin
2020-09-14 09:59:48 +02:00
Erik Krogh Kristensen
9502869e3c
improve join-order for aliasPropertyPresenceStep
2020-09-14 09:59:22 +02:00
Jonas Jensen
021aa647c1
Merge pull request #4142 from MathiasVP/mathiasvp/read-step-without-memory-operands
...
C++: Use IR alias analysis for field flow
2020-09-14 09:37:27 +02:00
Mathias Vorreiter Pedersen
78b24b76a0
C++: Remove the problematic taint tracking rule. It seems like we get the flows from dataflow already now.
2020-09-14 09:26:41 +02:00
