41418 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Tom Hvitved	b3990c5a1d	Data flow: Revert reordering changes in flowStore and flowRead	2019-12-02 14:25:59 +01:00
Tom Hvitved	5baa133e6c	Data flow: Sync files	2019-12-02 13:41:17 +01:00
Max Schaefer	ec2ba735de	JavaScript: Update Dependencies library to not rely on Files being Locatable. ... Previously, we would consider an HTML file to be a dependent of all scripts embedded in it. Now we instead consider each JavaScript toplevel inside the HTML file to be a dependent, which is more sensible anyway.	2019-12-02 12:40:49 +00:00
Tom Hvitved	b1245eeac8	Data flow: Various performance tweaks	2019-12-02 13:38:10 +01:00
Nick Rolfe	d293418672	Merge pull request #2478 from jbj/mergeback-20191202 ... Mergeback from rc/1.23 to master	2019-12-02 12:28:20 +00:00
Max Schaefer	ce6d031ce9	Update .lgtm.yml to classify examples.	2019-12-02 12:04:28 +00:00
Calum Grant	fcd13dc595	Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode ... # Conflicts: # change-notes/1.24/analysis-csharp.md	2019-12-02 12:03:11 +00:00
Erik Krogh Kristensen	ea9d6189de	update expected test outpu	2019-12-02 12:52:39 +01:00
semmle-qlci	ceb9fff70c	Merge pull request #2479 from max-schaefer/localTaintStep ... Approved by asgerf	2019-12-02 11:35:43 +00:00
semmle-qlci	dc7a0c1b91	Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator ... Approved by calumgrant	2019-12-02 11:01:35 +00:00
Max Schaefer	aeda2d68f8	JavaScript: Introduce localTaintStep predicate. ... It's sometimes useful for exploratory queries, and the other languages have it as well.	2019-12-02 09:43:08 +00:00
Jonas Jensen	5b24b1efc3	Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 ... Conflicts solved: javascript/extractor/src/com/semmle/js/extractor/Main.java javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js	2019-12-02 09:57:34 +01:00
Erik Krogh Kristensen	c6c1ebe81a	Merge remote-tracking branch 'upstream/master' into typeAheadSink	2019-12-02 08:41:49 +01:00
Paulino Calderon	8026925a3a	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql ... Added missing quotes. Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:39:50 -05:00
Paulino Calderon	879d34d24d	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp ... Missing comma. Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:39:29 -05:00
Paulino Calderon	22964cba74	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp ... Rephrasing. Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:39:04 -05:00
Paulino Calderon	a2dfd551f6	Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp ... built in to built-in Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>	2019-11-29 22:38:42 -05:00
Tom Hvitved	c845a1ba91	C#: Improve performance of dispatch library	2019-11-29 15:32:00 +01:00
Jonas Jensen	4494d61e56	Merge pull request #2473 from aschackmull/java/field-flow-rev-read ... Java/C++/C#: Bugfix for field flow through reverse read.	2019-11-29 14:45:12 +01:00
Calum Grant	a4251f67a2	C#: Analysis change notes.	2019-11-29 10:32:04 +00:00
Calum Grant	30a2620a8c	C#: Tidy up docs, query metadata and add tests.	2019-11-29 10:31:58 +00:00
Tom Hvitved	a062d7d41c	C#: Add regression test	2019-11-29 10:10:24 +01:00
Max Schaefer	f958916c76	Merge pull request #2330 from erik-krogh/exceptionXss ... JS: Added query for detecting XSS that happens through an exception	2019-11-29 09:04:45 +00:00
semmle-qlci	a40ad9f276	Merge pull request #2456 from felicitymay/1.23/SD-4095-finalize-change-notes-js ... Approved by erik-krogh, max-schaefer	2019-11-29 08:59:29 +00:00
Anders Schack-Mulligen	333d0a69d2	Java/C++/C#: Bugfix for field flow through reverse read.	2019-11-29 09:38:24 +01:00
Geoffrey White	3477c4a8fb	Update cpp/ql/src/semmle/code/cpp/commons/Alloc.qll ... Co-Authored-By: Jonas Jensen <jbj@github.com>	2019-11-28 17:30:36 +00:00
Geoffrey White	aae9f88413	CPP: Model 'alloca'.	2019-11-28 17:27:37 +00:00
semmle-qlci	73e08eba43	Merge pull request #2468 from max-schaefer/js/regexp-predecessor ... Approved by asgerf	2019-11-28 16:57:31 +00:00
Jonas Jensen	763b18cd11	Merge remote-tracking branch 'upstream/master' into StackVariable ... Conflicts: change-notes/1.24/analysis-cpp.md cpp/ql/src/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql	2019-11-28 17:51:20 +01:00
Jonas Jensen	d816701e07	Revert "C++: Use StackVariable in Nullness.qll" ... It looks like allowing statics in `Nullness.qll` is fine since it's a "may be null" analysis rather than a "must be null" analysis. This reverts commit f5b9837e19.	2019-11-28 17:44:42 +01:00
Jonas Jensen	d22df24cab	Merge pull request #2467 from geoffw0/speedup1 ... CPP: Speed up isCompiledAsC.	2019-11-28 17:31:27 +01:00
semmle-qlci	198b3b34a3	Merge pull request #2432 from asger-semmle/install-typescript-deps ... Approved by max-schaefer	2019-11-28 16:08:46 +00:00
Max Schaefer	7487c79271	JavaScript: Add missing qldoc.	2019-11-28 15:54:52 +00:00
Max Schaefer	47cbf0bf88	JavaScript: Override Locatable.getLocation() for @files.	2019-11-28 15:54:03 +00:00
Max Schaefer	a788bf87a0	JavaScript: Fix RegExpTerm.getPredecessor and getSuccessor. ... These were originally meant to give you the term that is textually matched right before/right after the receiver. When I introduced support for lookbehinds, I changed the behaviour to give you the term that is _operationally_ matched before/after the receiver (remember that lookbehinds are implemented by reverse-matching). However, I think that's rarely ever what you want, and is wrong for the only two uses of these predicates, where it's the textual matching order that we are after, not the operational order. Consequently, I've changed the semantics back and updated the comments to hopefully clarify the intention.	2019-11-28 15:14:50 +00:00
Tom Hvitved	04cecc04dd	C#: Update EntityFrameworkCore test	2019-11-28 15:28:50 +01:00
Paulino Calderon	eeffd7cf8d	Adds CodeQL query to check for Pages validateRequest directive	2019-11-28 14:22:08 +00:00
Tom Hvitved	af453d081e	C#: Only track taint through conversion operators defined in libraries	2019-11-28 15:21:04 +01:00
semmle-qlci	d59ea3d53c	Merge pull request #2466 from esbena/js/fix-mjs-check ... Approved by asgerf	2019-11-28 13:37:43 +00:00
Taus	20513561a0	Merge pull request #2459 from RasmusWL/python-modernise-TurboGears-library ... Python: modernise TurboGears library	2019-11-28 14:36:01 +01:00
Tom Hvitved	ba4fb82a08	C#: Add DB upgrade script	2019-11-28 14:30:21 +01:00
Tom Hvitved	b79fc87961	C#: Split up localvars database relation into two relations	2019-11-28 14:30:21 +01:00
semmle-qlci	2b0eef3b14	Merge pull request #2448 from tausbn/python-use-import-python-consistently ... Approved by RasmusWL	2019-11-28 12:47:00 +00:00
Geoffrey White	b1c992e85f	CPP: Speed up isCompiledAsC (x3).	2019-11-28 11:28:38 +00:00
Esben Sparre Andreasen	4e0dfce427	JS: cache charpred for NodeJS::Require	2019-11-28 08:10:25 +01:00
Esben Sparre Andreasen	d909653a6b	JS: simplify charpred for NodeJS::Require	2019-11-28 08:10:25 +01:00
Calum Grant	5833b15f0e	C#: Analysis change notes.	2019-11-27 17:30:02 +00:00
Calum Grant	d001c3c2d2	C#: Restructure files.	2019-11-27 17:29:53 +00:00
Calum Grant	c906a8238d	C#: Edit qhelp for cs/insecure-request-validation-mode	2019-11-27 16:37:37 +00:00
Calum Grant	4b19f3b6a4	C#: Whitespace edit and edit query metadata.	2019-11-27 16:37:37 +00:00