semmle-qlci
7e093a8e5c
Merge pull request #3041 from erik-krogh/JQueryAjax
...
Approved by esbena
2020-03-14 22:31:59 +00:00
semmle-qlci
ff03478ae8
Merge pull request #3049 from asger-semmle/js/fix-cyclic-join
...
Approved by erik-krogh
2020-03-14 16:19:25 +00:00
Erik Krogh Kristensen
486efbab77
refactor based on review
2020-03-14 14:53:38 +01:00
semmle-qlci
20cae302fd
Merge pull request #3054 from erik-krogh/NoDeferred
...
Approved by asgerf
2020-03-14 13:36:16 +00:00
Esben Sparre Andreasen
4d6aa20990
Merge pull request #3004 from esbena/js/additional-mongodb-and-mongoose-injection-sinks
...
JS: Mongoose and MongoDB improvements
2020-03-14 12:31:43 +01:00
Robert Marsh
e9459992a1
Merge pull request #3061 from MathiasVP/fix-constant-comparison
...
C++: Fix getValue in SimpleRangeAnalysis
2020-03-13 11:13:22 -07:00
Mathias Vorreiter Pedersen
09984a4068
C++: The extractor already provides the getValue result when the variable is a local variable. Thus we can simplify the QL code.
2020-03-13 17:57:01 +01:00
Mathias Vorreiter Pedersen
e1942bbee1
C++: Fix false positives
2020-03-13 17:09:57 +01:00
Mathias Vorreiter Pedersen
cc25298f67
C++: Demonstrate false positives when a const variable is initialized in a parameter list
2020-03-13 17:00:54 +01:00
Anders Schack-Mulligen
9fc75f1f92
Merge pull request #2850 from SpaceWhite/CWE-094
...
ScriptEngine java code injection
2020-03-13 13:43:09 +01:00
Anders Schack-Mulligen
2a2484ee0f
Merge pull request #2800 from SpaceWhite/CWE-643
...
CWE-643 XPathInjection on java
2020-03-13 13:40:17 +01:00
semmle-qlci
25b9fcfafd
Merge pull request #3058 from asger-semmle/js/may-receive-argument-fix
...
Approved by max-schaefer
2020-03-13 11:49:49 +00:00
Felicity Chapman
d7f37056a6
Merge pull request #3042 from felicitymay/merge-123-master-2
...
Merge rc/1.23 into master
2020-03-13 11:18:43 +00:00
Rasmus Wriedt Larsen
b45f8ff41d
Merge pull request #3053 from tausbn/python-make-test-not-depend-on-minor-version
...
Python: Make two tests not depend on minor Python version.
2020-03-13 10:56:40 +01:00
Felicity Chapman
7779862671
Merge pull request #3052 from felicitymay/2176-cobol
...
Remove information about COBOL analysis
2020-03-13 08:50:35 +00:00
yo-h
5104fd8692
Merge pull request #3051 from aschackmull/java/queue-taint-steps
...
Java: Add taint steps for java.util.Queue methods.
2020-03-12 20:54:11 -04:00
Felicity Chapman
9d32ae7fc1
Apply suggestions from code review
...
Replace COBOL with Go
Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2020-03-12 19:32:30 +00:00
Taus Brock-Nannestad
3d0ee90880
Python: Make two tests not depend on minor Python version.
...
For syntax errors, we simply report the major version.
For unused imports, we were getting a result for `typing.py` when run under
Python 3.7.3. To prevent this import from being considered, I've set the maximum
import depth to `0`.
2020-03-12 18:19:53 +01:00
Felicity Chapman
8c931bfc66
Remove information about COBOL analysis
2020-03-12 16:37:29 +00:00
Asger Feldthaus
2bdf26a8f1
JS: Remove unneeded forwarding method
2020-03-12 15:48:47 +00:00
Asger Feldthaus
788c0f9037
JS: Refactor metadata class a bit
2020-03-12 15:45:22 +00:00
Erik Krogh Kristensen
799c3eb06c
remove model of Deferred
2020-03-12 16:38:20 +01:00
Asger Feldthaus
ddab13ab44
JS: Add a comment
2020-03-12 15:29:51 +00:00
Anders Schack-Mulligen
99c55b6edb
Java: Add taint steps for java.util.Queue methods.
2020-03-12 15:02:06 +01:00
Taus
099997088a
Merge pull request #3005 from RasmusWL/python-modernise-string-taint
...
Python: Modernise StringKind files
2020-03-12 15:01:18 +01:00
Asger Feldthaus
4391b70b5f
JS: Fix perf issue in mayReceiveArgument
2020-03-12 13:45:34 +00:00
Jonas Jensen
917b984909
Merge pull request #3050 from geoffw0/mismatching_placement_new
...
C++: Fix mismatching new/free FP in template code.
2020-03-12 12:42:29 +01:00
SpaceWhite
300aee39be
nit: add dot to qhelp
2020-03-12 20:38:03 +09:00
SpaceWhite
bb1ea94c54
Nit: Fix qhelp and ql autoformat
2020-03-12 20:35:01 +09:00
SpaceWhite
822bfcd36c
Nit: fix qhelp
2020-03-12 20:25:23 +09:00
Erik Krogh Kristensen
172c5ccaca
changes based on review
2020-03-12 11:04:33 +01:00
semmle-qlci
4355f8d2b4
Merge pull request #3023 from erik-krogh/RedundantUpdate
...
Approved by esbena
2020-03-12 09:34:53 +00:00
Pavel Avgustinov
ecded4c11c
Merge pull request #3048 from jbj/desemmlify
...
Docs: Remove some Semmle references
2020-03-12 09:27:36 +00:00
Geoffrey White
f84c94b5fb
C++: Change note.
2020-03-11 18:11:51 +00:00
Geoffrey White
b2c5ce8dbd
C++: Exclude code in templates.
2020-03-11 18:11:45 +00:00
Geoffrey White
d454c8457d
C++: Test case.
2020-03-11 18:09:09 +00:00
Rasmus Wriedt Larsen
e52fec03f8
Python: Fix code formatting
2020-03-11 18:16:55 +01:00
Asger Feldthaus
1a1b7d4ee0
JS: Switch to whitelisting allowed properties
2020-03-11 16:09:14 +00:00
Erik Krogh Kristensen
2c18144560
change note
2020-03-11 17:01:41 +01:00
Erik Krogh Kristensen
d32d14f572
model `responseText` and `responseXml` on jqXHR objects
2020-03-11 17:00:44 +01:00
Rebecca Valentine
f80e206d33
Merge pull request #3008 from RasmusWL/python-modernise-security-files
...
Python: modernise remaining security files
2020-03-11 08:56:19 -07:00
Erik Krogh Kristensen
26d8e33434
Autoformat
2020-03-11 16:42:48 +01:00
Jonas Jensen
86ad4d0357
Docs: Remove some Semmle references
...
The only Semmle references now left in the public Markdown files are in
URLs and in legal text. There are also two Semmle references left in
`docs/language/vale-styles/README.md` because I didn't understand them
well enough to change them.
2020-03-11 15:20:15 +01:00
Erik Krogh Kristensen
dd261c51f7
add change note
2020-03-11 14:42:57 +01:00
Erik Krogh Kristensen
e88dac3dea
remove FP for js/redundant-operation
2020-03-11 14:42:32 +01:00
yo-h
38581663a4
Merge pull request #3047 from aschackmull/java/typeflow-testcase
...
Java: Add test case to typeflow qltest.
2020-03-11 09:25:36 -04:00
Asger Feldthaus
6645df93ad
JS: Blacklist another cyclic property
2020-03-11 13:09:37 +00:00
semmle-qlci
1d5fba85f9
Merge pull request #3034 from esbena/js/sharpen-useless-regexp-character-escape
...
Approved by asgerf
2020-03-11 12:29:45 +00:00
Ian Lynagh
9265540704
Merge pull request #2911 from matt-gretton-dann/ql-docs/update-supported-languages
...
QL docs: update supported C/C++ language versions
2020-03-11 12:14:14 +00:00
Anders Schack-Mulligen
e1a0c2d846
Java: Add minor test case to typeflow qltest.
2020-03-11 13:13:19 +01:00