Ziemowit Laski
ed67c9fd5a
[CPP-370] Rewrite of NonConstantFormat.ql using the taint tracking library.
2019-05-21 06:18:31 -07:00
Ziemowit Laski
a962cff5df
[CPP-370] Intermediate commit, file not in usable state.
2019-05-21 06:18:31 -07:00
Ziemowit Laski
fae55d5493
[CPP-370] First attempt at isAdditionalFlowStep().
2019-05-21 06:18:30 -07:00
Ziemowit Laski
012140fcd3
[CPP-370] Reformat query.
2019-05-21 06:18:30 -07:00
Ziemowit Laski
775861c386
[CPP-370] Minor textual tweaks.
2019-05-21 06:18:30 -07:00
Ziemowit Laski
de10598dd6
[CPP-370] NonConstantFormat.expected changed for some reason.
2019-05-21 06:18:30 -07:00
Ziemowit Laski
ffddc5bff6
[CPP-370] Update the NonConstantFormat.expected result template.
2019-05-21 06:18:30 -07:00
Ziemowit Laski
0c86d4c112
[CPP-370] Tentative implementation of NonConstantFormat.ql using the global
...
DataFlow library. This is intended solely for further discussion.
2019-05-21 06:18:30 -07:00
Ziemowit Laski
21eb00a5df
[CPP-370] Minor fix to QHELP file.
2019-05-21 06:18:30 -07:00
Asger F
faa47029d5
JS: Mark exceptional nodes as incomplete
2019-05-21 13:51:59 +01:00
Asger F
68ae409947
JS: Test for mismatch between taint and type inference
2019-05-21 13:26:02 +01:00
Edoardo Pirovano
9d2580f778
JS: Fix performance regression of query.
2019-05-21 12:26:11 +01:00
semmle-qlci
8cd3cb501a
Merge pull request #1346 from xiemaisi/js/revert-1078
...
Approved by esben-semmle
2019-05-21 12:19:57 +01:00
Max Schaefer
cf22761ccc
JavaScript: Add CWE-1022 to TargetBlank.
2019-05-21 12:16:32 +01:00
semmle-qlci
fe920ecfaa
Merge pull request #1331 from asger-semmle/destructuring-assignment-fix
...
Approved by xiemaisi
2019-05-21 11:32:36 +01:00
semmle-qlci
2b5b8751ea
Merge pull request #1316 from asger-semmle/incorrect-suffix-check-fps
...
Approved by esben-semmle, xiemaisi
2019-05-21 11:30:37 +01:00
Esben Sparre Andreasen
3af3c5413b
Merge pull request #1318 from asger-semmle/prototype-pollution-query2
...
Move prototype pollution query into suite
2019-05-21 12:23:41 +02:00
Robert Marsh
2dd1c06409
C++: fix use of getUnspecifiedType on Node
2019-05-21 11:06:15 +01:00
Max Schaefer
924664afcf
JavaScript: Manually revert #1078 .
...
In its present form, `getAnUndefinedReturn` does not handle `finally`
blocks correctly. For example, in this snippet
```
try {
return 42;
} finally {
cleanup();
}
```
the call to `cleanup` is erroneously considered an undefined return.
We currently don't use the predicate anywhere, so it seems best to back
it out for the time being.
2019-05-21 08:26:58 +01:00
Denis Levin
eacded27a9
Japanese Era and Leap Year checks (Likely Bugs)
2019-05-20 15:54:57 -07:00
yh-semmle
29ae7b5c3c
Merge pull request #1322 from aschackmull/java/deprecate-remoteuserinput
...
Java: Deprecate RemoteUserInput
2019-05-20 12:56:51 -04:00
semmle-qlci
56ab013114
Merge pull request #1340 from xiemaisi/js/es2019
...
Approved by asger-semmle
2019-05-20 16:47:09 +01:00
Asger F
ba69e19e95
JS: Address doc review
2019-05-20 16:46:27 +01:00
Max Schaefer
7b7f92c19e
JavaScript: Introduce SSA::definition and SSA::variable.
2019-05-20 16:22:01 +01:00
Max Schaefer
fb744a6c53
JavaScript: Introduce Parameter.getVariable().
2019-05-20 16:01:12 +01:00
Geoffrey White
67527820a1
Merge pull request #1335 from EdoDodo/optimise-preprocessor
...
C++: Optimise quadratic code in PreprocessorBranchDirective
2019-05-20 15:58:33 +01:00
Max Schaefer
2cb33f6088
JavaScript: Introduce DataFlow::ExprNode and exprNode for consistency with other languages.
2019-05-20 15:55:03 +01:00
Anders Schack-Mulligen
48b19f1fea
Java: Replace ValidatedVariable with guarded accesses.
2019-05-20 16:46:11 +02:00
Anders Schack-Mulligen
d0de0254e1
Java: Check compilation unit of the same element in both disjuncts.
2019-05-20 16:41:08 +02:00
yh-semmle
5466ae619d
Merge pull request #1317 from aschackmull/java/domedge
...
Java: Refactor Guard.controls in terms of dominating edges.
2019-05-20 10:40:10 -04:00
Robert Marsh
dbdaa1d3f3
C++: Replace getUnderlyingType().getUnspecifiedType()
2019-05-20 15:23:08 +01:00
Robert Marsh
e899120270
C++: replace getType().getUnspecifiedType()
2019-05-20 15:08:28 +01:00
Robert Marsh
a72fff7ed0
C++: add getUnspecifiedType() for exprs and decls
2019-05-20 14:49:19 +01:00
Anders Schack-Mulligen
9ebeac25ad
Merge pull request #1329 from hvitved/dataflow/performance
...
Data flow: performance improvements
2019-05-20 14:27:03 +02:00
Edoardo Pirovano
30198c326d
C++: Optimise quadratic code in PreprocessorBranchDirective
2019-05-20 12:57:47 +01:00
Tom Hvitved
e1d4166e3c
C#: Data flow through this parameter
2019-05-20 13:42:32 +02:00
Esben Sparre Andreasen
c651e3a155
JS: Add queries to the manual suite for LGTM constistency
2019-05-20 12:32:11 +02:00
Asger F
d4880540e8
JS: Update .expected after rebasing
2019-05-20 11:21:50 +01:00
Tom Hvitved
bc00877ff2
Data flow: Add nomagic to storeCand()
2019-05-20 12:05:20 +02:00
Max Schaefer
b62be049ec
JavaScript: Add change note.
2019-05-20 10:56:37 +01:00
Asger F
9989fcee21
JS: Add DataFlow::Configuration test
2019-05-20 09:22:02 +01:00
Asger F
87e0831872
JS: Fix flow for nested destructurings
2019-05-20 09:22:02 +01:00
Tom Hvitved
360c7a1ac5
Address review comments
2019-05-20 09:59:17 +02:00
yh-semmle
6468721f76
Merge pull request #1324 from aschackmull/java/switchexpr-nullness
...
Java: Add SwitchExpr to Nullness::dereference.
2019-05-19 22:24:27 -04:00
yh-semmle
e5f4d475d0
Merge pull request #1320 from aschackmull/java/guardslogic-perf
...
Java: Fix join-order for GuardsLogic::conditionalAssign.
2019-05-19 22:23:18 -04:00
Geoffrey White
36cd4d44d1
CPP: Cache Expr.getType().
2019-05-17 16:18:41 +01:00
Mark Shannon
f057d5cb6b
Python: Speed up MRO calculation a bit.
2019-05-17 14:05:39 +01:00
Mark Shannon
685826e436
Python points-to: Prevent bad magic.
2019-05-17 14:04:57 +01:00
Mark Shannon
f975b8b87d
Python: Avoid bad magic.
2019-05-17 12:15:51 +01:00
Kevin Backhouse
63794c89db
Merge pull request #1 from geoffw0/assignadd
...
CPP: Tests for: Better overflow detection for AssignAdd/AssignSub
2019-05-17 09:41:29 +01:00
