Asger F
f9d7f8ba11
JS: fix links in qhelp
2018-12-19 10:10:56 +00:00
semmle-qlci
595634126f
Merge pull request #706 from asger-semmle/jquery-location-sink
...
Approved by esben-semmle
2018-12-18 21:14:08 +00:00
Asger F
f57454951b
JS: move <ul> outside of <p> element
2018-12-18 14:15:12 +00:00
Asger F
1246de466a
JS: add change note
2018-12-18 13:58:03 +00:00
Asger F
7f538e82c0
JS: add test case for non-whitelisted use of location
2018-12-18 13:55:05 +00:00
Asger F
02978c97f1
JS: whitelist $(location) in simple cases
2018-12-18 13:11:42 +00:00
Asger F
c17eca90a1
JS: add test case for $(location)
2018-12-18 13:06:12 +00:00
calumgrant
b051b7546d
Merge pull request #638 from hvitved/csharp/split-dominance-performance
...
C#: Speedup `Assertions::strictlyDominates()` and `ControlFlowElement::controlsBlock()`
2018-12-18 13:05:36 +00:00
Jonas Jensen
97fc4b0c8e
Merge pull request #703 from aeyerstaylor/fix-optimiser-performance
...
C++: Improve optimiser performance
2018-12-18 12:26:16 +00:00
ian-semmle
d2d119eb75
Merge pull request #700 from jbj/mergeback-20181217
...
Mergeback master -> next
2018-12-18 12:18:54 +00:00
Tom Hvitved
edf1df1577
C#: Remove tests for deprecated predicates
2018-12-18 10:43:12 +01:00
semmle-qlci
c37d655fe8
Merge pull request #697 from esben-semmle/js/fix-heuristics-compilation-time
...
Approved by asger-semmle
2018-12-18 09:07:36 +00:00
semmle-qlci
7fd1d64d97
Merge pull request #699 from esben-semmle/js/add-lastIndexOf
...
Approved by asger-semmle
2018-12-18 09:07:17 +00:00
Dave Bartolomeo
63a2670fcd
C++: Don't have ReachableBlock extends IRBlock
2018-12-17 13:10:53 -08:00
Dave Bartolomeo
fda8605aae
C++: One Unreached per function
2018-12-17 11:03:15 -08:00
Asger F
e1c25c81f6
JS: add change note
2018-12-17 16:34:35 +00:00
Asger F
2044f5fe89
TS: reorganize convertBinaryExpression and create AssignmentExpression when appropriate
2018-12-17 16:23:46 +00:00
alexet
d61022ffcc
C++: Improve optimiser performance
2018-12-17 16:11:23 +00:00
Asger F
cc0961a988
TS: translate logical operators correctly
2018-12-17 15:41:15 +00:00
Asger F
d595f20cb1
JS: add to correctness-more suite
2018-12-17 15:29:10 +00:00
Tom Hvitved
d9ae5933d4
C#: Remove deprecated predicates
2018-12-17 16:20:41 +01:00
Asger F
280382e91e
JS: whitelist if array access at another index is seen
2018-12-17 15:19:26 +00:00
Tom Hvitved
e14259126e
Merge pull request #658 from calumgrant/cs/extractor/for-is
...
C#: Fix extraction bug for variable declarations in for condition
2018-12-17 16:16:00 +01:00
Anders Schack-Mulligen
d3f6362ba2
Java: Add missing override annotations.
2018-12-17 15:40:46 +01:00
Tom Hvitved
e822510d6b
C#: Fix typo
2018-12-17 15:33:05 +01:00
calumgrant
6648c8414f
Merge pull request #680 from hvitved/csharp/data-flow-performance-tweaks
...
C#: Minor data flow performance tweaks
2018-12-17 14:25:51 +00:00
calumgrant
dbd0c7e80a
Merge pull request #674 from hvitved/csharp/cache-get-label
...
C#: Cache `NamedElement::getLabel()`
2018-12-17 14:24:01 +00:00
calumgrant
f50d0e373a
Merge pull request #642 from hvitved/csharp/extractor/nullness-refactorings
...
C#: nullness related extractor refactorings
2018-12-17 14:16:51 +00:00
Asger F
5040d3e26c
JS: add query for loop index bug
2018-12-17 13:35:44 +00:00
Jonas Jensen
5ac5aa0c2a
Merge remote-tracking branch 'upstream/master' into mergeback-20181217
2018-12-17 13:42:45 +01:00
Esben Sparre Andreasen
4a631b42d4
JS: use .lastIndexOf in js/incomplete-url-substring-sanitization
2018-12-17 13:22:31 +01:00
Asger F
7adf1d9958
Merge pull request #631 from esben-semmle/js/bad-url-regexing
...
JS: add query: js/incomplete-url-regexp
2018-12-17 11:53:22 +00:00
Tom Hvitved
5f269b2d87
Merge branch 'master' into cs/extractor/for-is
2018-12-17 11:14:50 +01:00
Esben Sparre Andreasen
50cba92f5f
JS: remove slow test Security/heuristics/AdditionalCommandInjections
2018-12-17 10:58:46 +01:00
Tom Hvitved
ada0115d6a
C#: Remove getUrl() predicates
...
As described on https://lgtm.com/help/ql/locations#providing-location-information ,
there is no need to provide a `getUrl()` predicate, when there is a `getLocation()`
predicate. Not only is it redundant, but it can also be slow because of string
construction.
2018-12-17 10:52:24 +01:00
Esben Sparre Andreasen
3cd62234d4
JS: change notes for js/request-forgery improvements
2018-12-17 10:33:39 +01:00
Esben Sparre Andreasen
c6b4e29b93
JS: add "host" as a sink for js/request-forgery
2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
60fe0176ed
JS: add ClientRequest::getHost
2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
3a5962aa34
JS: minor fixups in ClientRequests.qll
2018-12-17 10:32:30 +01:00
Anders Schack-Mulligen
01f58758f1
Merge pull request #693 from sb-semmle/remove-duplicate-predicate
...
Remove a duplicated predicate.
2018-12-17 08:47:33 +00:00
Raul Garcia
0531602454
Update .gitignore
2018-12-14 15:47:04 -08:00
Raul Garcia
f8ab945b91
Merge branch 'master' into users/raulga/c6324
2018-12-14 15:46:38 -08:00
Raul Garcia
16f2bacf4d
cpp - Using the return value of a strcpy or related string copy function in an if statement
2018-12-14 15:42:49 -08:00
Dave Bartolomeo
56bb9dcde0
C++: Remove infeasible edges to reachable blocks
...
The existing unreachable IR removal code only retargeted an infeasible edge to an `Unreached` instruction if the successor of the edge was an unreachable block. This is too conservative, because it doesn't remove an infeasible edge that targets a block that is still reachable via other paths. The trivial example of this is `do { } while (false);`, where the back edge is infeasible, but the body block is still reachable from the loop entry.
This change retargets all infeasible edges to `Unreached` instructions, regardless of the reachability of the successor block.
2018-12-14 12:13:22 -08:00
Sebastian Bauersfeld
c35fc82218
Remove a duplicated predicate.
2018-12-14 12:59:49 -05:00
Geoffrey White
b8877f1d5f
Merge pull request #690 from jbj/prepareQueries-fix-warnings-2
...
C++: Delete dead code with warnings in it
2018-12-14 14:23:19 +00:00
Tom Hvitved
91e4f7ad83
C#: Make cs/dereferenced-value-may-be-null a path query
2018-12-14 12:07:16 +00:00
Esben Sparre Andreasen
487b8c52c6
JS: fix <p></p> issue
2018-12-14 13:04:10 +01:00
Tom Hvitved
e2f271bddb
C#: Add more guard implication steps
2018-12-14 12:03:32 +00:00
Tom Hvitved
078dc7b6c0
C#: Fix false positives in cs/dereferenced-value-may-be-null
2018-12-14 12:03:32 +00:00
