Mark Shannon
39861597e5
Python points-to: Fix up handiling of metaclasses, new-style and type-heirarchy failure analysis.
2019-05-10 13:02:36 +01:00
Max Schaefer
79e01a2de5
Merge pull request #1305 from aschackmull/java/abstract-flowsources
...
Java: Introduce an abstract class RemoteFlowSource to ease customization.
2019-05-10 11:42:15 +01:00
Mark Shannon
75feab53db
Python QL: Clean up pruning code, renaming and adding comments for clarity.
2019-05-10 10:59:44 +01:00
Max Schaefer
9ec366cf88
JavaScript: Move support for optional catch to ES2019.
2019-05-10 08:27:25 +01:00
Max Schaefer
d93d68d7f5
JavaScript: Add parser support for Unicode newlines in string literals.
2019-05-10 08:16:20 +01:00
Max Schaefer
31f80df7dc
JavaScript: Add YAML file types to versions-compilers.csv.
2019-05-10 08:09:46 +01:00
Max Schaefer
86a7fa3abb
JavaScript: Make extractor default to ECMA 2019.
...
Also introduces an enum constant for ECMA 2020 (not used anywhere yet).
2019-05-10 08:09:46 +01:00
Mark Shannon
bbf7ff9a3f
Python: do pruning in QL.
2019-05-09 17:58:36 +01:00
Max Schaefer
b478c0ddaa
JavaScript: Further broaden the whitelist in PasswordInConfigurationFile.
2019-05-09 17:07:59 +01:00
Mark Shannon
93f0b8f1b7
Python points-to: Fix up support for six.add_metaclass()
2019-05-09 15:15:40 +01:00
Mark Shannon
92d0aef6f4
Rename super_() to superType() for better consistency.
2019-05-09 14:47:12 +01:00
Anders Schack-Mulligen
66813a91ef
Java: Postpone deprecation to separate PR.
2019-05-09 13:40:25 +02:00
Tom Hvitved
e3b83d04f5
C#: Refactor predicates in Variable class to be defined by dispatch
2019-05-09 11:53:42 +02:00
semmle-qlci
9653fbd4f7
Merge pull request #1311 from emarteca/unreachableThrows
...
Approved by xiemaisi
2019-05-09 10:37:41 +01:00
Ellen Arteca
893f62f334
Stylistic issue: replace \"eg\" by \"example\", as requested
2019-05-09 09:30:12 +01:00
Ellen Arteca
a12d12d59a
JavaScript: Update UnreachableStmt query so unreachable throws no longer gives an alert
2019-05-08 16:25:54 +01:00
semmle-qlci
13e04f459d
Merge pull request #1310 from xiemaisi/js/fix-hardcoded-pw-fps
...
Approved by asger-semmle
2019-05-08 14:08:36 +01:00
Asger F
27e8ea85f7
JS: Fix bug from sorting lines
2019-05-08 10:42:14 +01:00
Max Schaefer
c16e9a77f3
JavaScript: Fix a few false positives in PasswordInConfigurationFile.
2019-05-08 08:26:05 +01:00
Tom Hvitved
8adbfdaae7
Merge pull request #1275 from calumgrant/cs/roslyn-3.0.0
...
C#: Update nuget packages
2019-05-08 08:49:45 +02:00
Tom Hvitved
a89505ba32
C#: Simplify DataFlow::Node::getType()
2019-05-07 20:52:38 +02:00
calum
c28fa7ed3f
C#: Handle VarPatternSyntax class introduced by Roslyn 3.0.0
2019-05-07 18:01:37 +01:00
calum
8a78c8f124
C#: Update xunit and other dependencies.
2019-05-07 18:01:36 +01:00
calum
d84fcbeedb
C#: Fix extractor errors.
2019-05-07 18:01:36 +01:00
calum
b7875aef20
C#: Update nuget packages
2019-05-07 18:01:36 +01:00
Asger F
86885f4ff0
JS: Address comments
2019-05-07 18:00:36 +01:00
Asger F
7c9d20ae81
JS: Implement for TrackedNode to maintain consistency
2019-05-07 17:38:43 +01:00
Max Schaefer
d23c48330c
Merge pull request #1307 from asger-semmle/exclude-js-testcases
...
JS: Exclude test cases from extraction
2019-05-07 16:41:08 +01:00
Asger F
331cc497e6
JS: Exclude test cases from extraction
2019-05-07 14:36:35 +01:00
Tom Hvitved
272545a63c
Add pragma[nomagic] to getExplicitArgument()
2019-05-07 15:34:27 +02:00
Asger F
a3cf07af7e
JS: Add flow steps through iteration callback
2019-05-07 13:52:31 +01:00
Asger F
e7bf485807
JS: Add another interprocedural flow test case
2019-05-07 10:33:01 +01:00
Asger F
3cbd6d3786
JS: Test case for nested statements
2019-05-07 10:26:30 +01:00
Asger F
f3a4acf0b2
JS: Add async functions to test
2019-05-07 10:11:42 +01:00
Asger F
1f897b4b63
JS: step through Error constructor and accept the potential FP
2019-05-07 10:11:41 +01:00
Asger F
b0090c2fe6
JS: Add test case for flow through new Error()
2019-05-07 10:11:41 +01:00
Asger F
36cefd8fc6
JS: Track taint through exceptions
2019-05-07 10:11:41 +01:00
Tom Hvitved
7b7a1ecea0
C#: Move DelegateDataFlow.qll into internal folder
2019-05-06 14:54:11 +02:00
Tom Hvitved
c6a471e4b6
C#: Adopt shared data flow implementation
...
- General refactoring to fit with the shared data flow implementation.
- Move CFG splitting logic into `ControlFlowReachability.qll`.
- Replace `isAdditionalFlowStepIntoCall()` with `TaintedParameterNode`.
- Redefine `ReturnNode` to be the actual values that are returned, which should
yield better path information.
- No longer consider overrides in CIL calls.
2019-05-06 14:54:11 +02:00
Tom Hvitved
a6fa6dfd74
C#: Add shared data flow files
2019-05-06 14:54:11 +02:00
Tom Hvitved
26debb846c
C#: Change ImplicitCapturedArgumentNode::toString()
2019-05-06 14:54:11 +02:00
Jonas Jensen
639d715d03
Merge pull request #1226 from hvitved/dataflow/prepare-for-csharp
...
Generalize data-flow library in preparation for C# adoption
2019-05-06 14:42:46 +02:00
Anders Schack-Mulligen
f367427fb8
Java: Deprecate RemoteUserInput.
2019-05-06 13:43:58 +02:00
Jonas Jensen
b52015a584
C++: QLDoc for QualifiedName.qll
2019-05-06 11:28:56 +02:00
Jonas Jensen
56e88cbac0
C++: Use underlyingElement for QualifiedName calls
...
Since the types in `QualifiedName.qll` are raw db types, callers need to
use `underlyingElement` and `unresolveElement` as appropriate. This has
no effect right now but will be needed when we switch the AST type
hierarchy to `newtype`s.
2019-05-06 11:24:28 +02:00
Jonas Jensen
662d55fd72
C++: Add tests for qualified names
2019-05-06 10:58:05 +02:00
Jonas Jensen
98657ebea7
C++: Change note for hasGlobalName
2019-05-06 10:14:44 +02:00
Calum Grant
19c7360e19
Merge pull request #1301 from hvitved/csharp/more-dataflow-tests
...
C#: Add more data flow tests
2019-05-03 16:41:21 +01:00
Anders Schack-Mulligen
10a6362357
Java: Introduce an abstract class RemoteFlowSource to ease customization.
2019-05-03 15:48:22 +02:00
Tom Hvitved
d9bf0a670e
Data flow: Address review comments
2019-05-03 15:00:48 +02:00
