Erik Krogh Kristensen
9a78d38df0
add a new LoadStoreStep as a StepSummary for TypeTracking
2020-03-25 23:54:56 +01:00
semmle-qlci
e7fd97e72b
Merge pull request #3119 from erik-krogh/SockJS
...
Approved by esbena
2020-03-25 21:36:29 +00:00
Tom Hvitved
95b6f6aee0
C#: Add change note
2020-03-25 20:05:39 +01:00
Tom Hvitved
54677189de
C#: Introduce RemoteFlowSink class
2020-03-25 20:05:39 +01:00
Tom Hvitved
142737dc61
C#: Move HtmlSinks from XSS.qll into separate file
2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b
C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources}
2020-03-25 20:05:39 +01:00
Erik Krogh Kristensen
4b0bc6b2b3
autoformat
2020-03-25 19:47:41 +01:00
Dave Bartolomeo
f981ce6be4
Merge pull request #3122 from jbj/getParameter-docs
...
C++: Improve QLDoc for Function.getParameter
2020-03-25 12:59:28 -04:00
Calum Grant
87970337ae
C#: Improvements to buildless extraction, particularly for .NET Core.
2020-03-25 15:27:48 +00:00
Jonas Jensen
b622d62d3c
C++: Wire up param/arg indirections in data flow
2020-03-25 15:23:43 +01:00
Jonas Jensen
bc3bdbb11b
C++: Improve QLDoc for Function.getParameter
2020-03-25 15:21:24 +01:00
Dave Bartolomeo
1edd492abf
C++: Late fix for PR feedback
...
I missed this suggestion before I merged the original PR. Fixing it now before I forget.
2020-03-25 10:10:30 -04:00
Asger Feldthaus
ad1e0ec50b
JS: Inline variable again
2020-03-25 14:01:33 +00:00
Dave Bartolomeo
376779421d
Merge pull request #2975 from rdmarsh2/printir-generate-all
...
C++/C#: generate IR for funcs excluded in PrintIR
2020-03-25 09:45:02 -04:00
Tom Hvitved
7ac25d2439
C#: Add more tests for cs/information-exposure-through-exception
2020-03-25 14:33:49 +01:00
Asger Feldthaus
54021a1c30
JS: Update old entry point and add a test
2020-03-25 13:24:18 +00:00
Asger Feldthaus
a78f1b864b
JS: Fix trailing whitespace
2020-03-25 12:45:48 +00:00
Asger Feldthaus
6c9e35c22e
JS: Skip .js files with a same-named .ts file next to it
2020-03-25 12:45:37 +00:00
semmle-qlci
cf5b1f0cd5
Merge pull request #3019 from erik-krogh/ArrayStep
...
Approved by asgerf
2020-03-25 12:08:44 +00:00
Erik Krogh Kristensen
abcdfe3c53
use LibraryName class for websocket library names
2020-03-25 13:06:21 +01:00
Rasmus Wriedt Larsen
dc9dbf3682
Python: Autoformat
2020-03-25 11:56:18 +01:00
Jonas Jensen
2b2667aef7
Merge remote-tracking branch 'upstream/master' into detect-conflated-memory
...
Conflicts:
cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/IRSanity.qll
cpp/ql/src/semmle/code/cpp/ir/implementation/raw/IRSanity.qll
cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/IRSanity.qll
cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity.expected
cpp/ql/test/library-tests/ir/ir/aliased_ssa_sanity_unsound.expected
cpp/ql/test/library-tests/ir/ir/raw_sanity.expected
cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
cpp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity_unsound.expected
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity.expected
cpp/ql/test/library-tests/ir/ssa/aliased_ssa_sanity_unsound.expected
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity.expected
cpp/ql/test/library-tests/ir/ssa/unaliased_ssa_sanity_unsound.expected
cpp/ql/test/library-tests/syntax-zoo/aliased_ssa_sanity.expected
cpp/ql/test/library-tests/syntax-zoo/raw_sanity.expected
cpp/ql/test/library-tests/syntax-zoo/unaliased_ssa_sanity.expected
csharp/ql/src/semmle/code/csharp/ir/implementation/raw/IRSanity.qll
csharp/ql/src/semmle/code/csharp/ir/implementation/unaliased_ssa/IRSanity.qll
csharp/ql/test/library-tests/ir/ir/raw_ir_sanity.expected
csharp/ql/test/library-tests/ir/ir/unaliased_ssa_sanity.expected
2020-03-25 11:55:39 +01:00
Rasmus Wriedt Larsen
12c6997e7b
Python: Reduce result set in custom taint sanitizer
2020-03-25 11:55:29 +01:00
Erik Krogh Kristensen
f7faaa634f
change-note
2020-03-25 11:37:39 +01:00
semmle-qlci
a413a3254b
Merge pull request #3114 from RasmusWL/python-add-fp-for-non-callable
...
Approved by tausbn
2020-03-25 10:34:50 +00:00
semmle-qlci
ac7c74dcee
Merge pull request #3111 from RasmusWL/python-fabric-command-injection
...
Approved by BekaValentine
2020-03-25 10:07:33 +00:00
Mathias Vorreiter Pedersen
ae076da517
Merge pull request #3112 from dbartol/codeql-c-analysis/34-Bad-Overlap
...
C++/C#: Fix invalid overlap
2020-03-25 10:40:39 +01:00
Erik Krogh Kristensen
f2b9e2019c
remove isRelevant from flowStep
2020-03-25 09:46:07 +01:00
Erik Krogh Kristensen
6f0e507242
outline predicate to fix join-ordering
2020-03-25 09:44:03 +01:00
Erik Krogh Kristensen
3000486b35
add more isRelevant calls
2020-03-25 09:42:24 +01:00
yo-h
116c13eb18
Merge pull request #3106 from aschackmull/java/getstmtbody-type
...
Java: Sharpen return type of LambdaExpr.getStmtBody().
2020-03-24 19:20:57 -04:00
Erik Krogh Kristensen
1d8e103322
autoformat
2020-03-25 00:19:23 +01:00
Mathias Vorreiter Pedersen
f92dd3c565
C++: Autoformat
2020-03-24 22:28:55 +01:00
Mathias Vorreiter Pedersen
077c282cd3
C++: Add field flow and accept tests
2020-03-24 22:28:54 +01:00
Mathias Vorreiter Pedersen
a5f08e1ea6
C++: Split parameter node class into an explicit and implicit version
2020-03-24 22:28:54 +01:00
Mathias Vorreiter Pedersen
22381f3ee6
C++: Demonstrate amount of field flow already present
2020-03-24 22:28:54 +01:00
yo-h
ac68b62b48
Merge pull request #3115 from aschackmull/java/experimental-dir
...
Java: Fix directory structure in experimental.
2020-03-24 16:50:28 -04:00
Aditya Sharad
a6e039b284
Java: Add tests for Jackson taint steps.
...
Add stubs for jackson-databind-2.10.
Based on http://fasterxml.github.io/jackson-databind/javadoc/2.10 .
Test taint through Jackson serialization APIs.
2020-03-24 12:59:24 -07:00
Aditya Sharad
7de8b48692
Java: Add taint steps through Jackson serialization methods.
2020-03-24 12:59:14 -07:00
Dave Bartolomeo
2b69cc9738
C#: Make IRConfiguration.qll just forward to the implementation
...
Just like C++ already does.
2020-03-24 13:33:50 -04:00
Max Schaefer
efbcec09ef
JavaScript: Add type tracking to Postgres model.
2020-03-24 17:30:07 +00:00
Anders Schack-Mulligen
75523e4eb8
Java: Fix directory structure in experimental.
2020-03-24 16:47:55 +01:00
Jonas Jensen
8f419d1676
C++: Fix conflated-memory sanity query
...
I had included `InitializeNonLocal` in the recursion because it made
everything look better in the presence of a bug that's since been fixed.
Taking it out means the sanity test is again aligned with the old
`isChiForAllAliasedMemory`.
2020-03-24 16:46:59 +01:00
Jonas Jensen
4e588869d8
C++: Sync identical files
2020-03-24 16:46:42 +01:00
Dave Bartolomeo
cc76782545
Merge remote-tracking branch 'upstream/master' into codeql-c-analysis/34-Bad-Overlap
2020-03-24 11:38:39 -04:00
semmle-qlci
ce0b72f949
Merge pull request #3093 from erik-krogh/MorePathSinks
...
Approved by asgerf
2020-03-24 14:26:41 +00:00
Anders Schack-Mulligen
d8edae96df
Java: Add test.
2020-03-24 15:24:17 +01:00
Rasmus Wriedt Larsen
05ecfc83f7
Python: Add test-case with swapped decorator order
2020-03-24 14:18:46 +01:00
Jonas Jensen
27832148a9
C++: Phi-node conflation is not about vvars
2020-03-24 13:56:42 +01:00
Jonas Jensen
95a8dcb3fd
C++: failing test for non-conflated escaped var
2020-03-24 13:31:08 +01:00
