Commit Graph

41418 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
49fa7c8589 Python: update 1.24 changelog 2020-03-24 10:15:36 +01:00
Rasmus Wriedt Larsen
4b8020b98d Python: Autoformat Command.qll 2020-03-24 10:11:57 +01:00
semmle-qlci
4c9a6b73ee Merge pull request #3107 from erik-krogh/FArgs
Approved by esbena
2020-03-24 08:32:56 +00:00
Erik Krogh Kristensen
fa710c5864 Merge remote-tracking branch 'upstream/master' into UrlSearch 2020-03-24 00:23:15 +01:00
Erik Krogh Kristensen
5b4f091257 add test for remote flow sources in WebSockets 2020-03-23 23:58:20 +01:00
Erik Krogh Kristensen
6a1491d83d add SockJS to the existing WebSocket model 2020-03-23 23:56:11 +01:00
Erik Krogh Kristensen
9a18dc32c1 autoformat WebSocket tests 2020-03-23 23:49:26 +01:00
Erik Krogh Kristensen
7b7eddff1e remove previous SockJS implementation, and move example to WebSocket test 2020-03-23 23:45:05 +01:00
Asger F
a1e032bee6 Merge pull request #3098 from kyprizel/master
Experimental SockJS support
2020-03-23 22:39:10 +00:00
yo-h
d315864383 Merge pull request #3108 from aschackmull/java/finalizemethod
Java: Fixup FinalizeMethod definition.
2020-03-23 18:27:57 -04:00
Dave Bartolomeo
bebf89fed5 C++: Accept test diffs
All changes look like real improvements.
2020-03-23 17:20:19 -04:00
kyprizel
dec1b8b070 Update javascript/ql/src/experimental/SockJS/SockJS.qll
Fix comments

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
2020-03-23 22:59:48 +03:00
kyprizel
b90ff5e84d Update javascript/ql/src/experimental/SockJS/SockJS.qll
do not import specific libs

Co-Authored-By: Erik Krogh Kristensen <erik-krogh@github.com>
2020-03-23 22:59:23 +03:00
Jonas Jensen
29c4c8c0b2 C#: Fixup to follow C++ changes 2020-03-23 20:39:43 +01:00
Jonas Jensen
999051d20e C++: QLDoc terminology: object -> mem allocation 2020-03-23 20:32:47 +01:00
Dave Bartolomeo
c5ac357bfc C++/C#: Fix bad overlap sanity failures
`Instruction.getDefinitionOverlap()` depends on `SSAConstruction::getMemoryOperandDefinition()`, which in turn depends on `SSAConstruction::hasMemoryOperandDefinition()`. When the definition in question came from a `Chi` instruction, `hasMemoryOperandDefinition()` incorrectly bound `overlap` to the overlap relationship between the original (non-`Chi`) instruction and the use. The fix is to make use of the `actualDefLocation` parameter to `getDefinitionOrChiInstruction()`, which specifies the location for the result of the `Chi` in that case.
2020-03-23 14:57:41 -04:00
Jonas Jensen
b0d3c9ee6b C++: Fix getExtentOverlap for entire allocation 2020-03-23 19:49:39 +01:00
Dave Bartolomeo
a2741da8e2 C++/C#: Add sanity test for invalid overlap from getDefinitionOverlap()
The result of `getDefinitionOverlap()` should never be `MayPartiallyOverlap`, because if that were the case, we should have inserted as `Chi` instruction and hooked the definition up to that instead.

There are quite a few existing failures.
2020-03-23 14:37:06 -04:00
Rasmus Wriedt Larsen
b567205579 Python: Model fabric v1.x command injection sinks 2020-03-23 17:49:56 +01:00
Rasmus Wriedt Larsen
a57eadaeb6 Python: Model fabric/invoke command injection sinks 2020-03-23 17:33:41 +01:00
Anders Schack-Mulligen
f29f0f418f Dataflow: Exclude flow param-param flow through with identical params. 2020-03-23 17:27:53 +01:00
semmle-qlci
e5590091a0 Merge pull request #3109 from max-schaefer/js/performance-fixes
Approved by asgerf
2020-03-23 16:08:07 +00:00
Rasmus Wriedt Larsen
d475bb998e Python: Add abstract class CommandSink
I'm going to add more in a sec, and listing *all* of them in CommandInjection.ql
started to be silly
2020-03-23 17:04:08 +01:00
intrigus
1f635806b3 Fix copy-paste errors, remove debugging code 2020-03-23 16:49:45 +01:00
intrigus-lgtm
9187bacd3c Apply suggestion from code review
Use getUnderlyingType() to account for named aliases.

Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-03-23 16:45:56 +01:00
Max Schaefer
55e7b22cdf JavaScript: Autoformat. 2020-03-23 14:37:04 +00:00
kyprizel
49e5a22cab Fixed code style for SockJS
also fixed appCreation, thanks to Erik Krogh.
2020-03-23 17:16:17 +03:00
Jonas Jensen
13465921a3 Merge pull request #3092 from dbartol/dbartol/VarArgIR2_ElectricBoogaloo
C++: Better IR for varargs
2020-03-23 14:13:54 +01:00
Erik Krogh Kristensen
833183c706 change note 2020-03-23 14:13:30 +01:00
Erik Krogh Kristensen
7bc7ffffd6 autoformat 2020-03-23 14:10:07 +01:00
Erik Krogh Kristensen
f1e0d37273 Update javascript/ql/test/library-tests/frameworks/Concepts/file-access.js
Co-Authored-By: Asger F <asgerf@github.com>
2020-03-23 14:02:22 +01:00
Sauyon Lee
4ff3177fae Merge pull request #67 from max-schaefer/more-qldoc
Add missing Qldoc for modules.
2020-03-23 05:29:40 -07:00
Max Schaefer
b13e6141a2 JavaScript: Inline promiseStep/4. 2020-03-23 12:01:52 +00:00
Asger F
6c2842bd49 Merge pull request #2919 from asger-semmle/js/property-barriers
JS: Make sanitizers no longer block taint inside an object
2020-03-23 11:43:18 +00:00
Rasmus Wriedt Larsen
dcfc9a8796 Python: TarSlip sanitizer: explain tests with not
It was a bit confusing what was meant before
2020-03-23 12:00:59 +01:00
Anders Schack-Mulligen
4bc0cb0d28 Java: Fixup FinalizeMethod definition. 2020-03-23 11:11:00 +01:00
Erik Krogh Kristensen
2c43d1d731 fix FP in superfluous-trailing-arguments related to Function.arguments 2020-03-23 10:40:35 +01:00
Luke Cartey
9eee16b2d6 Merge pull request #3091 from hvitved/csharp/xpath-injection-more-sinks
C#: Teach XPath injection query about `XPathNavigator`
2020-03-23 09:39:26 +00:00
semmle-qlci
2c7af72f14 Merge pull request #2858 from RasmusWL/python-support-django2
Approved by tausbn
2020-03-23 09:35:46 +00:00
Anders Schack-Mulligen
6d3717cff8 Java: Sharpen return type of LambdaExpr.getStmtBody(). 2020-03-23 10:27:36 +01:00
Anders Schack-Mulligen
c78906500d Java: Fix missing jump step from PostUpdate to capture. 2020-03-23 10:24:25 +01:00
Max Schaefer
62b79721ea Track taint through element writes.
This adds a taint step from `pred` to (the post-update node) of `succ` in `succ[idx] = pred` and its syntactic variants.

Unlike for structs, where partially tainted values are quite common, the theory is that arrays, maps, and slices are usually either completely tainted or completely clean.
2020-03-23 09:15:01 +00:00
Anders Schack-Mulligen
888c504f55 Merge pull request #2903 from hvitved/dataflow/performance
Data flow: Refactoring + performance improvements
2020-03-23 10:01:20 +01:00
intrigus
d81c9b145e Update query help to use goxpath 2020-03-20 21:38:46 +01:00
intrigus
948b79df87 Update xpath example, use goxpath package 2020-03-20 21:38:46 +01:00
intrigus
c7ead88b91 Restructure query, add default sanitizer 2020-03-20 21:38:46 +01:00
intrigus-lgtm
ec40cf0379 Apply suggestions from review
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2020-03-20 21:38:02 +01:00
Jonas Jensen
79d5b88e33 C++: Remove redundant case 2020-03-20 19:40:53 +01:00
Eldar T. Zaitov
ee0b65ad39 Added experimental SockJS support 2020-03-20 21:24:16 +03:00
Dave Bartolomeo
fb71f781a0 C++: Fix formatting 2020-03-20 14:23:58 -04:00