41812 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Asger Feldthaus	8753632193	JS: Fix bug in reachableFromStoreBase	2022-03-17 17:30:46 +01:00
Asger Feldthaus	8c6ca6582e	JS: Add test showing missing flow	2022-03-17 17:30:46 +01:00
Geoffrey White	ff3bedcab9	C++: Fix expensive getWideCharType().	2022-03-17 14:41:57 +00:00
Mathias Vorreiter Pedersen	abe30457ee	Python: Accept test changes.	2022-03-17 14:03:58 +01:00
Tom Hvitved	79ea2a3a9c	Data flow: Sync files	2022-03-17 14:03:58 +01:00
Tom Hvitved	4df12dc6e6	Data flow: State-changing taint steps should not be stepped over by the big step relation	2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen	2b9408b0c3	Concepts: Add some architecture documentation	2022-03-17 13:49:10 +01:00
Harry Maclean	36c421346b	Introduce ConceptsShared.qll	2022-03-17 13:49:10 +01:00
Erik Krogh Kristensen	870521bd1e	Merge pull request #8473 from erik-krogh/redundantAnyCast ... QL: expand redundant-inline-cast, and rename to redundant-cast	2022-03-17 10:41:50 +01:00
Erik Krogh Kristensen	fe94421d32	rename redundant-inline-cast to redundant-cast	2022-03-17 10:25:40 +01:00
Erik Krogh Kristensen	f3ca6bbc2e	PY: update expected output after fixing bug in flask model	2022-03-17 09:42:30 +01:00
Erik Krogh Kristensen	879680057e	fix all ql/unused-field warnings	2022-03-17 09:41:42 +01:00
Erik Krogh Kristensen	d5fd0d6724	add ql/unused-field query	2022-03-17 09:40:16 +01:00
Erik Krogh Kristensen	86398a8c65	Merge pull request #8304 from erik-krogh/xssUrl ... JS: Refactor the XSS / Client-side-url queries	2022-03-17 09:13:09 +01:00
4B5F5F4B	d4c7314484	Delete cve-2016-6480.ql ... commit by mistake	2022-03-17 09:49:28 +08:00
Erik Krogh Kristensen	4b50c68934	exclude annotation names	2022-03-16 22:59:01 +01:00
Erik Krogh Kristensen	2a196611af	add not as a keyword	2022-03-16 22:59:01 +01:00
Erik Krogh Kristensen	86c8737250	remove string constants from mentioned non-params	2022-03-16 22:59:01 +01:00
Erik Krogh Kristensen	35c3c62f9e	apply suggestions from code review	2022-03-16 22:59:01 +01:00
Erik Krogh Kristensen	daed33f5af	JS: fix more instances of ql/missing-parameter-qldoc	2022-03-16 22:58:28 +01:00
Erik Krogh Kristensen	3762ce2c72	QL: also report missing QLDoc for parameters when no parameters are documented	2022-03-16 22:56:54 +01:00
Erik Krogh Kristensen	f204a41122	QL: fix ql/missing-parameter-qldoc error in QL-for-QL	2022-03-16 22:56:53 +01:00
Erik Krogh Kristensen	53760799fc	sync files	2022-03-16 22:56:53 +01:00
Erik Krogh Kristensen	efba220b45	JS: fix most ql/missing-parameter-qldoc issues	2022-03-16 22:56:52 +01:00
Erik Krogh Kristensen	ecd3aceb07	QL: add test for ql/missing-parameter-qldoc	2022-03-16 22:54:35 +01:00
Erik Krogh Kristensen	af112a011a	QL: Add query detecting suspiciously missing parameters from the QLDoc of a predicate	2022-03-16 22:54:35 +01:00
Erik Krogh Kristensen	8c6022b78a	QL: add query detecting inconsistent deprecations	2022-03-16 22:37:34 +01:00
Erik Krogh Kristensen	aa8b7c8679	update reference to deprecated class name	2022-03-16 22:32:54 +01:00
Erik Krogh Kristensen	6cdc38748c	update expected output	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	d8a5947a08	simplify TaintedUrlSuffix::source() to only consider window.location based sources	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	b3de5d94a6	move PrefixStringSanitizer to the Query.qll file, and have it extend LabeledSanitizerGuardNode	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	562dce57e8	rename isXSSSink to isXssSink	2022-03-16 22:32:09 +01:00
Erik Krogh Kristensen	f083e87fa1	refactor the js/xss query to use three flowlabels and one configuration	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	87842bb8b7	add client-side-url sinks that may execute JavaScript as XSS sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	b471fec149	split interpretsArgumentsAsURL out of interpretsArgumentsAsHTML, and use it to generalize AttributeUrlSink	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	2576e1f655	add utility predicate to get client-side remote-flow-sources that contain a URL query/fragment	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	67e6a4c716	add a isXSSSink predicate to the client-side-url-redirection sinks	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	fc79242674	add tests	2022-03-16 22:32:08 +01:00
Erik Krogh Kristensen	559f03ebbc	remove unnecessary module qualifier	2022-03-16 22:32:07 +01:00
Erik Krogh Kristensen	2d9d383c55	remove unused import	2022-03-16 22:32:07 +01:00
Arthur Baars	1a51f0cf56	Ruby: regex: fix getGroupNumber ... non-capture groups should not have a group number	2022-03-16 18:50:51 +01:00
Dave Bartolomeo	606e015afb	Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysis.qll ... Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-03-16 13:07:35 -04:00
Dave Bartolomeo	e275ab3951	Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll ... Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-03-16 13:07:15 -04:00
Dave Bartolomeo	6adc11b10e	Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll ... Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-03-16 13:07:08 -04:00
Dave Bartolomeo	b36281dd8c	Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll ... Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-03-16 13:07:02 -04:00
Dave Bartolomeo	db4963ada0	Update cpp/ql/lib/experimental/semmle/code/cpp/semantic/analysis/RangeAnalysisSpecific.qll ... Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2022-03-16 13:06:54 -04:00
Michael Nebel	4a68b74aa3	C#: Re-use the asPartialModel for DataFlowPrivate in tests.	2022-03-16 17:02:00 +01:00
Michael Nebel	115cef2484	C#: Move asPartialModel into DataFlowPrivate (to enable re-use).	2022-03-16 16:44:24 +01:00
Arthur Baars	f95e1efb67	Ruby: remove wrong clause	2022-03-16 16:25:42 +01:00
Arthur Baars	fb8cc6e1a4	Ruby: String.index method returns 'nil', not '-1'	2022-03-16 16:18:19 +01:00