Граф коммитов

10954 Коммитов

Автор SHA1 Сообщение Дата
semmle-qlci 7e093a8e5c
Merge pull request #3041 from erik-krogh/JQueryAjax
Approved by esbena
2020-03-14 22:31:59 +00:00
semmle-qlci ff03478ae8
Merge pull request #3049 from asger-semmle/js/fix-cyclic-join
Approved by erik-krogh
2020-03-14 16:19:25 +00:00
Erik Krogh Kristensen 486efbab77 refactor based on review 2020-03-14 14:53:38 +01:00
semmle-qlci 20cae302fd
Merge pull request #3054 from erik-krogh/NoDeferred
Approved by asgerf
2020-03-14 13:36:16 +00:00
Esben Sparre Andreasen 4d6aa20990
Merge pull request #3004 from esbena/js/additional-mongodb-and-mongoose-injection-sinks
JS: Mongoose and MongoDB improvements
2020-03-14 12:31:43 +01:00
Robert Marsh e9459992a1
Merge pull request #3061 from MathiasVP/fix-constant-comparison
C++: Fix getValue in SimpleRangeAnalysis
2020-03-13 11:13:22 -07:00
Mathias Vorreiter Pedersen 09984a4068 C++: The extractor already provides the getValue result when the variable is a local variable. Thus we can simplify the QL code. 2020-03-13 17:57:01 +01:00
Mathias Vorreiter Pedersen e1942bbee1 C++: Fix false positives 2020-03-13 17:09:57 +01:00
Mathias Vorreiter Pedersen cc25298f67 C++: Demonstrate false positives when a const variable is initialized in a parameter list 2020-03-13 17:00:54 +01:00
Anders Schack-Mulligen 9fc75f1f92
Merge pull request #2850 from SpaceWhite/CWE-094
ScriptEngine java code injection
2020-03-13 13:43:09 +01:00
Anders Schack-Mulligen 2a2484ee0f
Merge pull request #2800 from SpaceWhite/CWE-643
CWE-643 XPathInjection on java
2020-03-13 13:40:17 +01:00
semmle-qlci 25b9fcfafd
Merge pull request #3058 from asger-semmle/js/may-receive-argument-fix
Approved by max-schaefer
2020-03-13 11:49:49 +00:00
Felicity Chapman d7f37056a6
Merge pull request #3042 from felicitymay/merge-123-master-2
Merge rc/1.23 into master
2020-03-13 11:18:43 +00:00
Rasmus Wriedt Larsen b45f8ff41d
Merge pull request #3053 from tausbn/python-make-test-not-depend-on-minor-version
Python: Make two tests not depend on minor Python version.
2020-03-13 10:56:40 +01:00
Felicity Chapman 7779862671
Merge pull request #3052 from felicitymay/2176-cobol
Remove information about COBOL analysis
2020-03-13 08:50:35 +00:00
yo-h 5104fd8692
Merge pull request #3051 from aschackmull/java/queue-taint-steps
Java: Add taint steps for java.util.Queue methods.
2020-03-12 20:54:11 -04:00
Felicity Chapman 9d32ae7fc1
Apply suggestions from code review
Replace COBOL with Go

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2020-03-12 19:32:30 +00:00
Taus Brock-Nannestad 3d0ee90880 Python: Make two tests not depend on minor Python version.
For syntax errors, we simply report the major version.

For unused imports, we were getting a result for `typing.py` when run under
Python 3.7.3. To prevent this import from being considered, I've set the maximum
import depth to `0`.
2020-03-12 18:19:53 +01:00
Felicity Chapman 8c931bfc66 Remove information about COBOL analysis 2020-03-12 16:37:29 +00:00
Asger Feldthaus 2bdf26a8f1 JS: Remove unneeded forwarding method 2020-03-12 15:48:47 +00:00
Asger Feldthaus 788c0f9037 JS: Refactor metadata class a bit 2020-03-12 15:45:22 +00:00
Erik Krogh Kristensen 799c3eb06c remove model of Deferred 2020-03-12 16:38:20 +01:00
Asger Feldthaus ddab13ab44 JS: Add a comment 2020-03-12 15:29:51 +00:00
Anders Schack-Mulligen 99c55b6edb Java: Add taint steps for java.util.Queue methods. 2020-03-12 15:02:06 +01:00
Taus 099997088a
Merge pull request #3005 from RasmusWL/python-modernise-string-taint
Python: Modernise StringKind files
2020-03-12 15:01:18 +01:00
Asger Feldthaus 4391b70b5f JS: Fix perf issue in mayReceiveArgument 2020-03-12 13:45:34 +00:00
Jonas Jensen 917b984909
Merge pull request #3050 from geoffw0/mismatching_placement_new
C++: Fix mismatching new/free FP in template code.
2020-03-12 12:42:29 +01:00
SpaceWhite 300aee39be nit: add dot to qhelp 2020-03-12 20:38:03 +09:00
SpaceWhite bb1ea94c54 Nit: Fix qhelp and ql autoformat 2020-03-12 20:35:01 +09:00
SpaceWhite 822bfcd36c Nit: fix qhelp 2020-03-12 20:25:23 +09:00
Erik Krogh Kristensen 172c5ccaca changes based on review 2020-03-12 11:04:33 +01:00
semmle-qlci 4355f8d2b4
Merge pull request #3023 from erik-krogh/RedundantUpdate
Approved by esbena
2020-03-12 09:34:53 +00:00
Pavel Avgustinov ecded4c11c
Merge pull request #3048 from jbj/desemmlify
Docs: Remove some Semmle references
2020-03-12 09:27:36 +00:00
Geoffrey White f84c94b5fb C++: Change note. 2020-03-11 18:11:51 +00:00
Geoffrey White b2c5ce8dbd C++: Exclude code in templates. 2020-03-11 18:11:45 +00:00
Geoffrey White d454c8457d C++: Test case. 2020-03-11 18:09:09 +00:00
Rasmus Wriedt Larsen e52fec03f8 Python: Fix code formatting 2020-03-11 18:16:55 +01:00
Asger Feldthaus 1a1b7d4ee0 JS: Switch to whitelisting allowed properties 2020-03-11 16:09:14 +00:00
Erik Krogh Kristensen 2c18144560 change note 2020-03-11 17:01:41 +01:00
Erik Krogh Kristensen d32d14f572 model `responseText` and `responseXml` on jqXHR objects 2020-03-11 17:00:44 +01:00
Rebecca Valentine f80e206d33
Merge pull request #3008 from RasmusWL/python-modernise-security-files
Python: modernise remaining security files
2020-03-11 08:56:19 -07:00
Erik Krogh Kristensen 26d8e33434 Autoformat 2020-03-11 16:42:48 +01:00
Jonas Jensen 86ad4d0357 Docs: Remove some Semmle references
The only Semmle references now left in the public Markdown files are in
URLs and in legal text. There are also two Semmle references left in
`docs/language/vale-styles/README.md` because I didn't understand them
well enough to change them.
2020-03-11 15:20:15 +01:00
Erik Krogh Kristensen dd261c51f7 add change note 2020-03-11 14:42:57 +01:00
Erik Krogh Kristensen e88dac3dea remove FP for js/redundant-operation 2020-03-11 14:42:32 +01:00
yo-h 38581663a4
Merge pull request #3047 from aschackmull/java/typeflow-testcase
Java: Add test case to typeflow qltest.
2020-03-11 09:25:36 -04:00
Asger Feldthaus 6645df93ad JS: Blacklist another cyclic property 2020-03-11 13:09:37 +00:00
semmle-qlci 1d5fba85f9
Merge pull request #3034 from esbena/js/sharpen-useless-regexp-character-escape
Approved by asgerf
2020-03-11 12:29:45 +00:00
Ian Lynagh 9265540704
Merge pull request #2911 from matt-gretton-dann/ql-docs/update-supported-languages
QL docs: update supported C/C++ language versions
2020-03-11 12:14:14 +00:00
Anders Schack-Mulligen e1a0c2d846 Java: Add minor test case to typeflow qltest. 2020-03-11 13:13:19 +01:00