Граф коммитов

10679 Коммитов

Автор SHA1 Сообщение Дата
Esben Sparre Andreasen 19e5db75a3 JS: make AnalyzedFunction public and move getAReturnValue there 2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen ac947f10e7 JS: address some review comments 2018-08-21 22:08:08 +02:00
Esben Sparre Andreasen 21c895368d JS: change notes for improved inter-procedural type inference 2018-08-21 22:07:40 +02:00
Esben Sparre Andreasen 6f5fb2a9fe JS: update queries and tests for improved type inference 2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen 3692667af2 JS: improve inter-procedural type inference for "local functions" 2018-08-21 22:07:11 +02:00
Esben Sparre Andreasen 4e45ad2d5a JS: generalize inter procedural IIFE type inference 2018-08-21 21:59:30 +02:00
Dave Bartolomeo b9a8293610 C++: IR translation for `NewExpr` and `NewArrayExpr`
These expressions are a little trickier than most because they include an implicit call to an allocator function. The database tells us which function to call, but we have to synthesize the allocation size and alignment arguments ourselves. The alignment argument, if it exists, is always a constant, but the size argument requires multiplication by the element count for most `NewArrayExpr`s. I introduced the new `TranslatedAllocationSize` class to handle this.
2018-08-21 11:10:29 -07:00
Dave Bartolomeo 07c08f83a6 Create common base class for `NewExpr` and `NewArrayExpr` 2018-08-21 11:10:28 -07:00
Nick Rolfe 44ae7b68f0
Merge pull request #63 from ian-semmle/unused_db_types
C++: Remove some unused DB types
2018-08-21 18:27:35 +01:00
Jonas Jensen 3bc9323844
Merge pull request #84 from rdmarsh2/rdmarsh/cpp/macro-get-expr-conversions
C++: exclude conversion in MacroInvocation.getExpr
2018-08-21 19:15:42 +02:00
Jonas Jensen 2481bc7ba2
Merge pull request #72 from dave-bartolomeo/dave/InitMemory
C++: Make `InitializeParameter` and `Uninitialized` return memory results
2018-08-21 19:04:20 +02:00
Esben Sparre Andreasen eb356d8d0b
Merge branch 'master' into js/format-string-taint-step 2018-08-21 15:47:31 +02:00
Luke Cartey 70abf2d58f C#: CCyclomaticComplexity - Fix `@kind` property.
CCyclomaticComplexity is a metric query, so needs a @kind treemap
instead of @kind table.
2018-08-21 14:42:05 +01:00
Luke Cartey 014c4e8579 C#: Update qlpath to fix metric queries.
The Metrics folder has a queries.xml file which is required when
building a full distribution, as the Metrics folder gets copied into
odasa-csharp-metrics directory. However, in QL for Eclipse this doesn't
compile because it prevents import lookup at the top level. Modifying
the qlpath file to include the top-level directory on the library path
fixes the problem.
2018-08-21 14:36:33 +01:00
semmle-qlci 6969466202
Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer
Approved by xiemaisi
2018-08-21 14:17:20 +01:00
Luke Cartey 4f57456df1 C#: ZipSlip - Add spaces into bad example. 2018-08-21 13:06:29 +01:00
Luke Cartey 6453153393 C#: ZipSlip - Address review comments in module. 2018-08-21 12:18:27 +01:00
Luke Cartey 6959d80a28 C#: ZipSlip - Update help, compile and test samples. 2018-08-21 12:17:48 +01:00
Ian Lynagh 8a4040e4e0 C++: Update stats 2018-08-21 11:22:19 +01:00
Ian Lynagh 176b7cb8bc C++: Remove some unused DB types 2018-08-21 11:22:19 +01:00
Ian Lynagh 68959cae3a C++: Fix a copy/paste error in a comment 2018-08-21 11:20:06 +01:00
Jonas Jensen ea9bff00c0
Merge pull request #7 from ian-semmle/alg6un_squashed
C++: resolveElement
2018-08-21 11:35:45 +02:00
Jonas Jensen cb51a4259f
Merge pull request #3 from ian-semmle/getURL
C++: Make Folder.getURL() consistent with Folder.getLocation()
2018-08-21 11:07:52 +02:00
semmle-qlci a01a453045
Merge pull request #78 from xiemaisi/js/remove-old-test
Approved by esben-semmle
2018-08-21 09:04:52 +01:00
Esben Sparre Andreasen 2d63524f83 JS: explain sanitizer equivalence 2018-08-21 09:54:32 +02:00
Tom Hvitved bae32659e4 C#: Add change note 2018-08-21 09:11:31 +02:00
Esben Sparre Andreasen f522376217 JS: mention string formatting taint step in change notes 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen bbdf6b0f1d JS: mark PrintfStyleCall as a taint step 2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen c058b91587 JS: extract PrintfStyleCall out of TaintedFormatString 2018-08-21 09:02:35 +02:00
Tom Hvitved 4560468cb8 C#: Update expected test output 2018-08-21 08:57:03 +02:00
Robert Marsh 51bfb8db88 C++: exclude conversion in MacroInvocation.getExpr 2018-08-20 15:10:28 -07:00
Denis Levin be3d2931e3 Changed query message text as requested 2018-08-20 14:02:33 -07:00
Esben Sparre Andreasen be8a32bb18 JS: add sanitizer support for `~whitelist.indexOf(x)` 2018-08-20 20:32:57 +02:00
Ian Lynagh 0f350780bb C++: Make Folder.getURL() consistent with Folder.getLocation() 2018-08-20 19:01:31 +01:00
Dave Bartolomeo f2053c488e C++: Make `InitializeParameter` and `Uninitialized` return memory results
The IR avoids having non-trivially-copyable and non-trivially-assignable types in register results, because objects of those types need to exist at a particular memory location. The `InitializeParameter` and `Uninitialized` instructions were violating this restriction because they returned register results, which were then stored into the destination location via a `Store`.

This change makes those two instructions take the destination address as an operand, and return a memory result representing the (un-)initialized memory, removing the need for a separate `Store` instruction.
2018-08-20 09:13:45 -07:00
Luke Cartey d6c58d6bd9 C#: ZipSlip - Add precision tag. 2018-08-20 16:59:57 +01:00
Luke Cartey 0477bd781a C#: ZipSlip - Add change note. 2018-08-20 16:59:57 +01:00
Luke Cartey fa78d04f18 C#: ZipSlip - Add qhelp file.
This adds a help file which describes the problem, provides
recommendations on how to fix it and an example.
2018-08-20 16:59:56 +01:00
Luke Cartey 99d1cf70be C#: ZipSlip - Update name, description and message.
This commit updates the name, description and message to better match
the house style for the security queries.
2018-08-20 16:59:56 +01:00
Luke Cartey 112d104005 C#: ZipSlip - remove ZipSlip prefix from TaintTracking class name. 2018-08-20 16:18:13 +01:00
Luke Cartey b6c9f844e8 C#: ZipSlip - refactor to use Source, Sink, Sanitizer
This commit refactors the existing predicates to be classes extending
Source, Sink or Sanitizer, as appropriate.
2018-08-20 16:17:03 +01:00
Ian Lynagh 99dbbdf863 C++: Add some comments 2018-08-20 16:12:26 +01:00
Ian Lynagh 9c4d4f8732 C++: No need to cache so many predicates 2018-08-20 16:12:26 +01:00
Ian Lynagh c241b081cb C++: Don't unresolve 'this'
For example, if you have 3 types called T, where t1 and t2 are defined
but t3 isn't, then you will have

    unspecifiedtype(t1, t1)
    unspecifiedtype(t2, t2)
    unspecifiedtype(t3, t3)

    t1 = resolve(t1)
    t1 = resolve(t3)
    t2 = resolve(t2)
    t2 = resolve(t3)

so given

    Type getUnspecifiedType() {
        unspecifiedtype(unresolve(this), unresolve(result))
    }

you get t1.getUnspecifiedType() = t2.

I think that in general the best thing to do is to not unresolve 'this',
but to just take the underlying value.
2018-08-20 16:12:26 +01:00
Ian Lynagh a1e44041ec C++: Use mkElement/unresolveElement consistently 2018-08-20 16:12:26 +01:00
Ian Lynagh 34c9892f77 C++: isfromtemplateinstantiation test output change 2018-08-20 16:12:26 +01:00
Max Schaefer 46ef208e09 JavaScript: Remove spurious test file. 2018-08-20 15:02:51 +01:00
semmle-qlci e1f3637b66
Merge pull request #75 from asger-semmle/server-side-url-redirect-performance
Approved by xiemaisi
2018-08-20 14:53:16 +01:00
Jonas Jensen b931e88686
Merge pull request #67 from dave-bartolomeo/dave/CastToVoid
C++: Handle casts to `void` in IR
2018-08-20 15:45:11 +02:00
Jonas Jensen 5e6f34fa3c
Merge pull request #64 from calumgrant/ql-style-guide
QL Style Guide
2018-08-20 15:31:51 +02:00