Commit Graph

33884 Commits

Author SHA1 Message Date
semmle-qlci
ecad925101 Merge pull request #2631 from hvitved/dataflow/generalize-flow-summaries
Approved by aschackmull
2020-02-17 18:22:46 +00:00
yo-h
d3b1729864 Merge pull request #2793 from aschackmull/java/format-taint-step
Java: Add String.format as default taint step.
2020-02-17 12:50:12 -05:00
Alexander Eyers-Taylor
c685b348c3 Merge pull request #2837 from jf205/monotonic-aggregates
docs: expand QL book entry on monotonic aggregates
2020-02-17 17:05:54 +00:00
james
d5ff8f2b8e docs: technical feedback 2020-02-17 16:20:31 +00:00
Rasmus Wriedt Larsen
adec76d041 Python: Follow conventions of getASomething
When multiple results are available, we usually name the function
`getAnArgument` or `getASomething`. The support for django copied the way bottle
did things, so this commits cleans up both
2020-02-17 16:55:55 +01:00
Rasmus Wriedt Larsen
362e7aebbb Python: Add HttpRedirectSinks test for django 2020-02-17 16:54:06 +01:00
Rasmus Wriedt Larsen
a3c6472b9b Python: Improve django tests (and prepare for v2 + v3 support) 2020-02-17 16:39:01 +01:00
Tom Hvitved
0e7838aca5 Data flow: Sync files 2020-02-17 15:08:26 +01:00
Tom Hvitved
c7aa31d90a Address review comments 2020-02-17 15:07:53 +01:00
Erik Krogh Kristensen
56e5bd50f6 update expected output 2020-02-17 14:55:08 +01:00
James Fletcher
a3fc2eac9c Merge pull request #2834 from shati-patel/2160-prep-ql-language
Minor update to QL language topics
2020-02-17 13:44:54 +00:00
Anders Schack-Mulligen
cabe627d1e Java: Fix qldoc. 2020-02-17 14:44:12 +01:00
Erik Krogh Kristensen
2885d48ad0 changes based on review 2020-02-17 14:44:10 +01:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
Asger Feldthaus
9249b92d85 JS: Fix typo in comment 2020-02-17 12:48:13 +00:00
Esben Sparre Andreasen
8a9587fc91 JS: fix RegExp::getSuccessor/getPredecessor for sequence end/starts 2020-02-17 13:40:53 +01:00
Erik Krogh Kristensen
d1a58f1d17 Merge remote-tracking branch 'upstream/master' into CVE74 2020-02-17 13:18:52 +01:00
Erik Krogh Kristensen
b07f3d36d8 qldoc on splitPath 2020-02-17 13:17:12 +01:00
Erik Krogh Kristensen
5375604109 calling pop or shift on a SplitPath returns a PosixPath 2020-02-17 13:15:46 +01:00
Shati Patel
c5eec30713 Tidy up QLDoc spec 2020-02-17 12:07:15 +00:00
Shati Patel
2ce1ad1818 Rename "QLDoc specification" to "QLDoc comment specification" 2020-02-17 12:07:15 +00:00
Shati Patel
c846f536c4 Remove numbering 2020-02-17 12:07:15 +00:00
Esben Sparre Andreasen
c5ee436b16 JS: add RegExp::getSuccessor/getPredecessor tests 2020-02-17 13:06:55 +01:00
Erik Krogh Kristensen
3855268201 use RegExpCreationNode 2020-02-17 13:02:47 +01:00
Erik Krogh Kristensen
46cbeb0bc6 add more steps to the SplitPath label 2020-02-17 12:58:27 +01:00
semmle-qlci
23ed2bcc64 Merge pull request #2782 from asger-semmle/js/export-as-ns
Approved by erik-krogh, max-schaefer
2020-02-17 11:22:58 +00:00
Taus
03ae7831ad Merge pull request #2711 from RasmusWL/python-fix-import-deprecated-module
Python: fix alerts for py/import-deprecated-module
2020-02-17 11:46:12 +01:00
Taus
df3ac49c28 Merge pull request #2700 from RasmusWL/python-taint-iterable-unpacking
Python: Handle iterable unpacking in taint tracking
2020-02-17 11:44:25 +01:00
Taus
990d1c1663 Merge pull request #2802 from RasmusWL/python-fix-fp-py/import-own-module
Python: Fix FP for py/import own module
2020-02-17 11:23:11 +01:00
Tom Hvitved
8e325ead91 Add change notes 2020-02-17 11:00:10 +01:00
Tom Hvitved
dcdb5299f0 C#: Update expected test output 2020-02-17 10:52:02 +01:00
Tom Hvitved
7eae5f913c C#: Update data-flow test 2020-02-17 10:45:44 +01:00
Tom Hvitved
28307399f8 Data flow: Sync files 2020-02-17 10:45:35 +01:00
Tom Hvitved
bc6c4744b1 Data flow: Follow-up changes to FlowExploration module 2020-02-17 10:43:26 +01:00
Tom Hvitved
307ac7f0b3 Data flow: Remove UntypedAccessPath again 2020-02-17 10:32:27 +01:00
Jonas Jensen
0aba965a9e C++: Don't mention deprecated class
The language tests were failing because they don't tolerate mentioning a
deprecated class anywhere.
2020-02-16 09:43:25 +01:00
Jonas Jensen
a59c0facee C++: Accept test changes for IR libs
This is for the tests in the ql repo. There are also changed tests in
the internal repo.
2020-02-15 21:12:20 +01:00
Jonas Jensen
f4ba56f0c0 C++: Use IR for security.TaintTracking and GVN 2020-02-15 21:10:29 +01:00
Jonas Jensen
e95ebb25a5 C++: Ensure tainted_diff.ql keeps using old lib
Without this, the test will compare the IR to itself after we enable it.
2020-02-15 21:10:29 +01:00
Jonas Jensen
0628625a76 Merge pull request #2835 from MathiasVP/value-number-perf
C++: Value number performance fix
2020-02-15 20:40:53 +01:00
Mathias Vorreiter Pedersen
8cda847dbc C++: Add TLoadTotalOverlapValueNumber to getKind predicate in AST GVN wrapper 2020-02-15 09:37:45 -07:00
Jonas Jensen
49d2f5a60b C++: autoformat 2020-02-15 09:41:27 +01:00
SpaceWhite
0be6f84387 Add sample 2020-02-15 16:49:33 +09:00
SpaceWhite
1ad7bd9684 add sample code 2020-02-15 16:46:09 +09:00
SpaceWhite
a29ccd674f Initial commit 2020-02-15 16:27:03 +09:00
Dave Bartolomeo
867581df91 Merge pull request #2844 from MathiasVP/value-numbering-performance-fix-2
C++: Ensure that there is just one overlap for an operand in value numbering
2020-02-14 16:40:03 -07:00
Robert Marsh
7abd289d7d C++: reinclude IRType in total load value numbers 2020-02-14 13:34:29 -08:00
Robert Marsh
f3c788d1e9 Merge pull request #2843 from jbj/ValueNumbering-import-order
C++: Change import order for stable cache checksum
2020-02-14 13:34:20 -05:00
Mathias Vorreiter Pedersen
8b8a8cae5b C++/C#: Sync identical files 2020-02-14 16:11:57 +01:00