Max Schaefer
6021d2499d
JavaScript: Remove accidentally committed .actual file.
2018-11-19 12:24:19 +00:00
Geoffrey White
cf27978325
CPP: Give OffsetUseBeforeRangeCheck.ql a precision.
2018-11-19 11:56:07 +00:00
Geoffrey White
e72505707b
CPP: Check for a range check before the use.
2018-11-19 11:49:22 +00:00
Geoffrey White
6cdfaeea3c
CPP: getAChild() -> getAChild*().
2018-11-19 11:47:14 +00:00
Geoffrey White
01611d4d96
CPP: Add a test for OffsetUseBeforeRangeCheck.ql.
2018-11-19 11:47:14 +00:00
Pavel Avgustinov
16ec9f1aa4
Merge remote-tracking branch 'origin/next' into bump/master-next
2018-11-19 10:37:07 +00:00
Geoffrey White
90c75cd362
Merge pull request #478 from felicity-semmle/cpp/SD-2777-jsf-note
...
C++: Add JSF note to qhelp for sub-set of JSF queries
2018-11-19 09:30:39 +00:00
Max Schaefer
73ad3f5c8a
JavaScript: Tweak JSLint library to avoid bad join order.
2018-11-19 09:12:02 +00:00
Tom Hvitved
dd4c9654f2
Merge pull request #483 from calumgrant/cs/vulnerable-package
...
C#: Remove duplicate results from cs/use-of-vulnerable-package
2018-11-19 10:09:37 +01:00
Max Schaefer
1b59a28be0
JavaScript: Downgrade a few "error" rules to "warning".
...
For all of these queries, the results we tend to see in practice are certainly worth investigating, but aren't crashing bugs, so making them warnings seems more appropriate.
2018-11-19 09:09:26 +00:00
Max Schaefer
db175f5584
JavaScript: Sort change notes alphabetically.
2018-11-19 09:00:38 +00:00
semmle-qlci
9e4aeb36a6
Merge pull request #436 from asger-semmle/url-concat
...
Approved by xiemaisi
2018-11-19 08:57:24 +00:00
semmle-qlci
328c86c552
Merge pull request #479 from asger-semmle/typescript-extractor-perf1
...
Approved by xiemaisi
2018-11-19 08:53:41 +00:00
semmle-qlci
128118cfa7
Merge pull request #481 from asger-semmle/typescript-jsx
...
Approved by xiemaisi
2018-11-19 08:53:15 +00:00
yh-semmle
47b9218b05
Merge pull request #480 from aschackmull/java/path-problem-conversion
...
Java: Convert security queries to path-problem.
2018-11-18 20:55:52 -05:00
Felicity Chapman
d4bcc1e9d4
Add note to further file
2018-11-17 13:03:48 +00:00
Felicity Chapman
5c924307ca
Remove incorrect comment from query
2018-11-17 13:03:46 +00:00
Felicity Chapman
9ce1a2a040
Add JSF note to qhelp for sub-set of JSF queries
2018-11-17 13:03:45 +00:00
Geoffrey White
a51b9847b2
CPP: Modify similar query as well.
2018-11-16 22:49:35 +00:00
Geoffrey White
9f688eb7e2
CPP: Exclude variables that have non-function accesses.
2018-11-16 22:48:30 +00:00
Geoffrey White
2d07410f97
CPP: Exclude variables that are part of an interface.
2018-11-16 22:46:11 +00:00
Geoffrey White
b70c572e34
CPP: Add a test for LimitedScopeFunction.
2018-11-16 22:44:41 +00:00
Geoffrey White
1cba1d0b1a
CPP: Modify similar query as well.
2018-11-16 22:38:20 +00:00
Geoffrey White
e253ab54d7
CPP: Exclude variables that are part of an interface.
2018-11-16 22:38:16 +00:00
Geoffrey White
0e5d23e78b
CPP: Add a test of LimitedScopeFile.
2018-11-16 22:37:30 +00:00
calum
1aa5e24108
C#: Remove duplicate results from cs/use-of-vulnerable-package
2018-11-16 16:50:35 +00:00
Asger F
84c1ba0b31
TS: fix the fix
2018-11-16 14:39:43 +00:00
Asger F
a35061ee79
TS: dont create JSON nodes in convertJsxSelfClosingElement
2018-11-16 12:58:14 +00:00
Asger F
d839fcdafc
TS: refactor to fix AutoBuildTest
2018-11-16 12:52:26 +00:00
Anders Schack-Mulligen
918fc90515
Java: Add change note.
2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen
deb61d6f29
Java: Update test output.
2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen
5e03b6f681
Java: Convert security queries to path-problems.
2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen
437b2c1503
Java: Cosmetic changes and missing overrides.
2018-11-16 13:48:50 +01:00
calum
cf4b04a3ee
C#: Address review comments - adding .getNode() where appropriate.
2018-11-16 11:52:20 +00:00
Asger F
c06c9a02f7
JS: fix copy pasta and test output
2018-11-16 10:47:02 +00:00
Asger F
dd5f485fff
JS: use original sanitizer for SSRF query
2018-11-16 10:46:14 +00:00
Asger F
0153a4794e
JS: add change note
2018-11-16 10:44:52 +00:00
Asger F
6ec13feab4
JS: recognize sanitizing slashes in URL redirection queries
2018-11-16 10:43:25 +00:00
Asger F
b5d3dd5e22
TS: do more work in parallel
2018-11-16 10:39:27 +00:00
calum
e908b090fd
C#: Always use PathNode in a path-problem query.
2018-11-16 10:32:24 +00:00
calum
eddc52852d
C#: Convert security queries to path-problem and update qltest expected output.
2018-11-16 10:31:20 +00:00
semmle-qlci
0647743333
Merge pull request #467 from xiemaisi/js/amd-imports
...
Approved by asger-semmle
2018-11-16 09:31:50 +00:00
Tom Hvitved
57bbe0291b
Merge pull request #393 from calumgrant/cs/extractor/dynamic-type-name
...
C#: Minor extractor fixes
2018-11-16 09:09:46 +01:00
calum
9eed758642
C#: Update change notes.
2018-11-15 18:28:17 +00:00
calum
090e896ff5
C#: Change Property TagStackBehaviour to push a tag, to give the expression body a tag stack.
2018-11-15 18:28:17 +00:00
calum
bb49fe170b
C# extractor: Handle the type name of dynamic.
2018-11-15 18:27:53 +00:00
semmle-qlci
536f3f36b8
Merge pull request #428 from hvitved/csharp/more-guards
...
Approved by calumgrant
2018-11-15 15:07:56 +00:00
Asger F
737ec70ca2
Merge pull request #460 from xiemaisi/js/in-dist-trap-cache
...
JavaScript: Teach `AutoBuild` to use in-dist externs trap cache.
2018-11-15 13:08:44 +00:00
Geoffrey White
0d7c5eaa6e
Merge pull request #441 from felicity-semmle/cpp/SD-2777-cwe-qhelp
...
C++: Bring qhelp inline with current guidelines, part 1 (SD-2777)
2018-11-15 11:38:23 +00:00
Tom Hvitved
5f118d423f
Merge pull request #477 from calumgrant/cs/indent-change-notes
...
C#: Fix indentation in change notes.
2018-11-15 11:56:01 +01:00
