Anders Schack-Mulligen
041af38934
Merge pull request #3697 from intrigus-lgtm/patch-1
...
Fix typo
2020-06-12 10:04:40 +02:00
semmle-qlci
6f40fc2eae
Merge pull request #3678 from Marcono1234/patch-1
...
Approved by shati-patel
2020-06-12 08:49:53 +01:00
Anders Schack-Mulligen
421a548e42
Update java/ql/src/semmle/code/java/Expr.qll
2020-06-12 09:24:37 +02:00
Jonas Jensen
abd05bcff1
Merge pull request #3596 from robertbrignull/more-suites
...
Add more code-scanning suites
2020-06-12 09:08:20 +02:00
semmle-qlci
035d8ea24c
Merge pull request #3690 from asger-semmle/js/fix-lgtm-filters-comment
...
Approved by max-schaefer
2020-06-12 07:40:58 +01:00
Esben Sparre Andreasen
1bdae109c5
Merge pull request #3686 from esbena/js/insecure-http-options
...
JS: add query js/disabling-certificate-validation
2020-06-12 08:40:12 +02:00
semmle-qlci
5c2f1169d0
Merge pull request #3679 from asger-semmle/js/dom-value-ref-restriction
...
Approved by erik-krogh, esbena
2020-06-12 07:39:26 +01:00
Esben Sparre Andreasen
243e3ad9e3
Merge pull request #3672 from esbena/js/server-crashing-route-handler
...
JS: add initial version of ServerCrash.ql
2020-06-12 08:38:37 +02:00
Robert Marsh
65f4ef712e
C++: accept false positive tests after merge
...
The IR false positives are due to the same path length limit as the AST
false positives on the same line.
2020-06-11 15:27:13 -07:00
Erik Krogh Kristensen
5b491313ad
add simple query for detecting sensitive files downloaded over unsecure connection
2020-06-11 23:19:28 +02:00
Erik Krogh Kristensen
065cb04202
make PropNode private again
2020-06-11 23:19:03 +02:00
Erik Krogh Kristensen
ef72c03ca9
use simpler taint-step for DestructingPattern
2020-06-11 23:16:46 +02:00
Marcono1234
7cd6dd27a6
Add link to Java regex Pattern documentation to language.rst
...
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com >
2020-06-11 23:02:59 +02:00
intrigus-lgtm
422b059aec
Fix typo
2020-06-11 22:54:13 +02:00
Robert Marsh
a7efa0d602
Merge branch 'master' into ir-this-parameter-2
2020-06-11 13:21:52 -07:00
Mathias Vorreiter Pedersen
b78c06559e
Merge pull request #3691 from geoffw0/reftest
...
C++: Add a test case for CWE-114 involving pointers and references.
2020-06-11 22:02:45 +02:00
Geoffrey White
fdd7ad2300
C++: Add a SideEffectFunction model to 'system'.
2020-06-11 18:59:17 +01:00
Geoffrey White
e8b34e07f8
C++: Add an AliasFunction model to 'system'.
2020-06-11 18:44:41 +01:00
Geoffrey White
7fee2c239d
C++: Add an ArrayFunction model to 'system'.
2020-06-11 18:44:09 +01:00
Geoffrey White
b38a7a9ffc
C++: Fill out ArrayFunction model for 'fgets'.
2020-06-11 18:20:24 +01:00
Robert Marsh
ae46a8d8a1
Merge pull request #3692 from igfoo/blockstmt
...
C++: Fix reference to `Block`
2020-06-11 09:49:19 -07:00
Geoffrey White
40c20f2731
C++: Add the test for DefaultTaintTracking as well.
2020-06-11 17:37:05 +01:00
Geoffrey White
2f192f6a0c
C++: Add a test of char* -> std::string -> char* taint.
2020-06-11 17:37:05 +01:00
Dave Bartolomeo
41df7000c5
Merge from master, including fixing up merge conflicts
2020-06-11 12:20:46 -04:00
Ian Lynagh
fd88289e46
C++: Fix reference to Block
...
We don't call it `BlockStmt`.
2020-06-11 16:50:23 +01:00
Asger Feldthaus
475c631ff9
JS: Fix a misleading javadoc comment
2020-06-11 16:16:51 +01:00
Dave Bartolomeo
b116a3e8ea
C#: Rename IR module references to point to experimental
2020-06-11 10:24:01 -04:00
Anders Schack-Mulligen
c961a31789
Java: Add Expr.getAnEnclosingStmt.
2020-06-11 13:46:12 +02:00
semmle-qlci
c2de54f5ca
Merge pull request #3685 from shati-patel/ast-go-edits
...
Approved by felicitymay, owen-mc
2020-06-11 12:43:20 +01:00
Esben Sparre Andreasen
169c8909df
formatting
2020-06-11 13:28:26 +02:00
Esben Sparre Andreasen
bc7f02156b
JS: replace class with two predicates (and improve alert message)
2020-06-11 13:20:46 +02:00
Erik Krogh Kristensen
7c7af8d841
less heuristics when flagging division that is rounded
2020-06-11 12:55:13 +02:00
Erik Krogh Kristensen
f1b24ba901
use type inference to detect string concatenations
2020-06-11 12:34:58 +02:00
Esben Sparre Andreasen
2e059376fd
JS: add query js/disabling-certificate-validation
2020-06-11 12:32:01 +02:00
Erik Krogh Kristensen
f634c62af5
remove redundant check
2020-06-11 12:18:41 +02:00
Shati Patel
2874050503
CodeQL for Go: Edit AST reference
2020-06-11 10:49:19 +01:00
Rasmus Wriedt Larsen
a24974b194
Python: Add missing <p> to qhelp
2020-06-11 11:45:38 +02:00
Anders Schack-Mulligen
f23eb0432e
Java: Improve qldoc for JavadocTag.
2020-06-11 11:44:50 +02:00
Rasmus Wriedt Larsen
33a9fb6034
Python: Reorder XSLT qhelp to be valid
2020-06-11 11:30:54 +02:00
Tom Hvitved
ca531cbb9a
C#: Rename a class
2020-06-11 11:26:25 +02:00
Tom Hvitved
8395980fb1
C#: Recognize more calls to IHtmlHelper.Raw
...
Generalize logic by recognizing not only calls to
`Microsoft.AspNetCore.Mvc.ViewFeatures.HtmlHelper.Raw()`, but calls to all `Raw()`
methods that implement `Microsoft.AspNetCore.Mvc.Rendering.IHtmlHelper.Raw()`.
2020-06-11 11:26:25 +02:00
Erik Krogh Kristensen
c375a0c611
fix compilation and update expected output
2020-06-11 11:16:38 +02:00
Owen Mansel-Chan
ab52010674
Give general syntax instead of examples for exprs
2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
3ca5d34d9b
Add more links to java AST class reference
...
Using the explicit hyperlink target feature of rst to keep the text in
the tables short and put all the URLs at the end of the document
2020-06-11 10:06:46 +01:00
Owen Mansel-Chan
84a4630eaf
Move explicit hyperlink targets to the bottom
2020-06-11 10:06:42 +01:00
Erik Krogh Kristensen
1124816f73
fixing FPs in js/biased-cryptographic-random
2020-06-11 11:06:02 +02:00
Calum Grant
5e021c24c1
Merge pull request #3652 from hvitved/csharp/dataflow/impl-layer
...
C#: Refactor data-flow predicates defined by dispatch
2020-06-11 10:01:50 +01:00
Asger Feldthaus
4bb2e8b637
JS: Update test externs and include array indices
2020-06-11 09:53:55 +01:00
Pavel Avgustinov
60df00c7e3
Merge pull request #3669 from github/sj-patch-contributing-SLA
...
Update CONTRIBUTING.md to clarify that CLAs are no longer required
2020-06-11 09:17:11 +01:00
Shati Patel
d9d0903084
Merge pull request #3681 from github/rc/1.24
...
Merge rc/1.24 into master
2020-06-11 09:00:57 +01:00
