calumgrant
dbd0c7e80a
Merge pull request #674 from hvitved/csharp/cache-get-label
...
C#: Cache `NamedElement::getLabel()`
2018-12-17 14:24:01 +00:00
calumgrant
f50d0e373a
Merge pull request #642 from hvitved/csharp/extractor/nullness-refactorings
...
C#: nullness related extractor refactorings
2018-12-17 14:16:51 +00:00
Asger F
5040d3e26c
JS: add query for loop index bug
2018-12-17 13:35:44 +00:00
Jonas Jensen
5ac5aa0c2a
Merge remote-tracking branch 'upstream/master' into mergeback-20181217
2018-12-17 13:42:45 +01:00
Esben Sparre Andreasen
4a631b42d4
JS: use .lastIndexOf in js/incomplete-url-substring-sanitization
2018-12-17 13:22:31 +01:00
Asger F
7adf1d9958
Merge pull request #631 from esben-semmle/js/bad-url-regexing
...
JS: add query: js/incomplete-url-regexp
2018-12-17 11:53:22 +00:00
Tom Hvitved
5f269b2d87
Merge branch 'master' into cs/extractor/for-is
2018-12-17 11:14:50 +01:00
Esben Sparre Andreasen
50cba92f5f
JS: remove slow test Security/heuristics/AdditionalCommandInjections
2018-12-17 10:58:46 +01:00
Tom Hvitved
ada0115d6a
C#: Remove getUrl() predicates
...
As described on https://lgtm.com/help/ql/locations#providing-location-information ,
there is no need to provide a `getUrl()` predicate, when there is a `getLocation()`
predicate. Not only is it redundant, but it can also be slow because of string
construction.
2018-12-17 10:52:24 +01:00
Esben Sparre Andreasen
3cd62234d4
JS: change notes for js/request-forgery improvements
2018-12-17 10:33:39 +01:00
Esben Sparre Andreasen
c6b4e29b93
JS: add "host" as a sink for js/request-forgery
2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
60fe0176ed
JS: add ClientRequest::getHost
2018-12-17 10:32:30 +01:00
Esben Sparre Andreasen
3a5962aa34
JS: minor fixups in ClientRequests.qll
2018-12-17 10:32:30 +01:00
Anders Schack-Mulligen
01f58758f1
Merge pull request #693 from sb-semmle/remove-duplicate-predicate
...
Remove a duplicated predicate.
2018-12-17 08:47:33 +00:00
Raul Garcia
0531602454
Update .gitignore
2018-12-14 15:47:04 -08:00
Raul Garcia
f8ab945b91
Merge branch 'master' into users/raulga/c6324
2018-12-14 15:46:38 -08:00
Raul Garcia
16f2bacf4d
cpp - Using the return value of a strcpy or related string copy function in an if statement
2018-12-14 15:42:49 -08:00
Dave Bartolomeo
56bb9dcde0
C++: Remove infeasible edges to reachable blocks
...
The existing unreachable IR removal code only retargeted an infeasible edge to an `Unreached` instruction if the successor of the edge was an unreachable block. This is too conservative, because it doesn't remove an infeasible edge that targets a block that is still reachable via other paths. The trivial example of this is `do { } while (false);`, where the back edge is infeasible, but the body block is still reachable from the loop entry.
This change retargets all infeasible edges to `Unreached` instructions, regardless of the reachability of the successor block.
2018-12-14 12:13:22 -08:00
Sebastian Bauersfeld
c35fc82218
Remove a duplicated predicate.
2018-12-14 12:59:49 -05:00
Geoffrey White
b8877f1d5f
Merge pull request #690 from jbj/prepareQueries-fix-warnings-2
...
C++: Delete dead code with warnings in it
2018-12-14 14:23:19 +00:00
Tom Hvitved
91e4f7ad83
C#: Make cs/dereferenced-value-may-be-null a path query
2018-12-14 12:07:16 +00:00
Esben Sparre Andreasen
487b8c52c6
JS: fix <p></p> issue
2018-12-14 13:04:10 +01:00
Tom Hvitved
e2f271bddb
C#: Add more guard implication steps
2018-12-14 12:03:32 +00:00
Tom Hvitved
078dc7b6c0
C#: Fix false positives in cs/dereferenced-value-may-be-null
2018-12-14 12:03:32 +00:00
Tom Hvitved
287ce4e683
C#: Add more nullness tests
2018-12-14 12:03:32 +00:00
Max Schaefer
5ccad6ffc2
JavaScript: Minor improvements.
2018-12-14 11:56:59 +00:00
Max Schaefer
3e04f53ed2
Merge pull request #688 from adityasharad/merge/master-next-141218
...
Merge master into next.
2018-12-14 11:48:00 +00:00
Jonas Jensen
23a2bf1756
C++: Delete dead code with warnings in it
2018-12-14 10:59:41 +00:00
Tom Hvitved
654f2ae290
C#: Address review comment
2018-12-14 10:38:34 +00:00
Aditya Sharad
7bc729a7dc
Merge master into next.
2018-12-14 10:16:47 +00:00
Tom Hvitved
56b80ae13a
C#: Add getALocation() for namespaces and namespace declarations
2018-12-14 10:16:20 +00:00
Esben Sparre Andreasen
bb3e3a541d
JS: address doc review comments
2018-12-14 10:24:30 +01:00
semmle-qlci
936094d0b6
Merge pull request #671 from xiemaisi/js/more-unhelpful-magic
...
Approved by asger-semmle
2018-12-14 08:44:45 +00:00
Max Schaefer
f9106b3bfe
Merge pull request #685 from asger-semmle/useless-conditional-as-value
...
JS: fix FPs in UselessConditional
2018-12-14 08:44:10 +00:00
semmle-qlci
7f21f145e2
Merge pull request #678 from asger-semmle/function-receiver
...
Approved by xiemaisi
2018-12-14 08:39:04 +00:00
Tom Hvitved
b11d5c5075
Merge pull request #679 from calumgrant/cs/omitted-array-size
...
C#: Extract stackalloc initializers
2018-12-14 07:48:46 +01:00
Arthur Baars
18eb60b98e
Merge pull request #687 from adityasharad/merge/master-next-131218
...
Merge master into next.
2018-12-13 19:43:58 +01:00
Aditya Sharad
f71e5ac338
Merge master into next.
2018-12-13 17:57:31 +00:00
Anders Schack-Mulligen
7656936cad
Java: Remove Metrics/queries.xml
2018-12-13 17:43:26 +00:00
Asger F
f737830f18
JS: fix typo
2018-12-13 15:56:00 +00:00
Asger F
ae4b55de9a
JS: fix FPs in UselessConditional
2018-12-13 15:41:41 +00:00
Geoffrey White
b21e832ee2
Merge pull request #683 from jbj/prepareQueries-fix-warnings
...
C++: Fix all prepareQueries errors and warnings
2018-12-13 15:30:44 +00:00
calum
9fba643fb0
C#: Address review comments.
2018-12-13 13:53:58 +00:00
Arthur Baars
1158708ea4
Merge pull request #684 from adityasharad/merge/1.19-next-131218
...
Merge rc/1.19 into next.
2018-12-13 14:14:42 +01:00
Aditya Sharad
ce8ca5979b
Merge rc/1.19 into next.
2018-12-13 12:23:59 +00:00
calumgrant
16c065274d
Merge pull request #666 from hvitved/csharp/useless-upcast-performance
...
C#: Improve performance of `cs/useless-upcast`
2018-12-13 12:04:12 +00:00
Jonas Jensen
bee2ddaf26
C++: Fix all prepareQueries errors and warnings
...
With these changes we can run `odasa prepareQueries --check-only
--fail-on-warnings` on the C++ query directory. Two changes were needed:
1. The `Metrics/queries.xml` file had to be deleted. It existed because
the built distribution has a different file layout, where `Metrics`
is moved to the top-level query dir `odasa-cpp-metrics`. Since
internal PR 28230 this file is created as needed as part of the dist
build process, so it doesn't need to be checked in with the sources.
2. All uses of the `deprecated` and stubbed-out Objective C classes were
removed.
2018-12-13 11:13:50 +00:00
Aditya Sharad
fb82811545
Merge pull request #681 from jbj/import-dataflow-clash
...
C++: Fix name clash in data flow imports
2018-12-13 10:22:32 +00:00
Asger F
cb349348e7
JS: rename getThisParameter to getReceiver
2018-12-13 10:19:44 +00:00
Geoffrey White
ca999473b0
CPP: Change note.
2018-12-13 10:17:43 +00:00
