Esben Sparre Andreasen
19e5db75a3
JS: make AnalyzedFunction public and move getAReturnValue there
2018-08-21 22:08:10 +02:00
Esben Sparre Andreasen
ac947f10e7
JS: address some review comments
2018-08-21 22:08:08 +02:00
Esben Sparre Andreasen
21c895368d
JS: change notes for improved inter-procedural type inference
2018-08-21 22:07:40 +02:00
Esben Sparre Andreasen
6f5fb2a9fe
JS: update queries and tests for improved type inference
2018-08-21 22:07:38 +02:00
Esben Sparre Andreasen
3692667af2
JS: improve inter-procedural type inference for "local functions"
2018-08-21 22:07:11 +02:00
Esben Sparre Andreasen
4e45ad2d5a
JS: generalize inter procedural IIFE type inference
2018-08-21 21:59:30 +02:00
Dave Bartolomeo
b9a8293610
C++: IR translation for `NewExpr` and `NewArrayExpr`
...
These expressions are a little trickier than most because they include an implicit call to an allocator function. The database tells us which function to call, but we have to synthesize the allocation size and alignment arguments ourselves. The alignment argument, if it exists, is always a constant, but the size argument requires multiplication by the element count for most `NewArrayExpr`s. I introduced the new `TranslatedAllocationSize` class to handle this.
2018-08-21 11:10:29 -07:00
Dave Bartolomeo
07c08f83a6
Create common base class for `NewExpr` and `NewArrayExpr`
2018-08-21 11:10:28 -07:00
Nick Rolfe
44ae7b68f0
Merge pull request #63 from ian-semmle/unused_db_types
...
C++: Remove some unused DB types
2018-08-21 18:27:35 +01:00
Jonas Jensen
3bc9323844
Merge pull request #84 from rdmarsh2/rdmarsh/cpp/macro-get-expr-conversions
...
C++: exclude conversion in MacroInvocation.getExpr
2018-08-21 19:15:42 +02:00
Jonas Jensen
2481bc7ba2
Merge pull request #72 from dave-bartolomeo/dave/InitMemory
...
C++: Make `InitializeParameter` and `Uninitialized` return memory results
2018-08-21 19:04:20 +02:00
Esben Sparre Andreasen
eb356d8d0b
Merge branch 'master' into js/format-string-taint-step
2018-08-21 15:47:31 +02:00
Luke Cartey
70abf2d58f
C#: CCyclomaticComplexity - Fix `@kind` property.
...
CCyclomaticComplexity is a metric query, so needs a @kind treemap
instead of @kind table.
2018-08-21 14:42:05 +01:00
Luke Cartey
014c4e8579
C#: Update qlpath to fix metric queries.
...
The Metrics folder has a queries.xml file which is required when
building a full distribution, as the Metrics folder gets copied into
odasa-csharp-metrics directory. However, in QL for Eclipse this doesn't
compile because it prevents import lookup at the top level. Modifying
the qlpath file to include the top-level directory on the library path
fixes the problem.
2018-08-21 14:36:33 +01:00
semmle-qlci
6969466202
Merge pull request #83 from esben-semmle/js/bitwise-indexof-sanitizer
...
Approved by xiemaisi
2018-08-21 14:17:20 +01:00
Luke Cartey
4f57456df1
C#: ZipSlip - Add spaces into bad example.
2018-08-21 13:06:29 +01:00
Luke Cartey
6453153393
C#: ZipSlip - Address review comments in module.
2018-08-21 12:18:27 +01:00
Luke Cartey
6959d80a28
C#: ZipSlip - Update help, compile and test samples.
2018-08-21 12:17:48 +01:00
Ian Lynagh
8a4040e4e0
C++: Update stats
2018-08-21 11:22:19 +01:00
Ian Lynagh
176b7cb8bc
C++: Remove some unused DB types
2018-08-21 11:22:19 +01:00
Ian Lynagh
68959cae3a
C++: Fix a copy/paste error in a comment
2018-08-21 11:20:06 +01:00
Jonas Jensen
ea9bff00c0
Merge pull request #7 from ian-semmle/alg6un_squashed
...
C++: resolveElement
2018-08-21 11:35:45 +02:00
Jonas Jensen
cb51a4259f
Merge pull request #3 from ian-semmle/getURL
...
C++: Make Folder.getURL() consistent with Folder.getLocation()
2018-08-21 11:07:52 +02:00
semmle-qlci
a01a453045
Merge pull request #78 from xiemaisi/js/remove-old-test
...
Approved by esben-semmle
2018-08-21 09:04:52 +01:00
Esben Sparre Andreasen
2d63524f83
JS: explain sanitizer equivalence
2018-08-21 09:54:32 +02:00
Tom Hvitved
bae32659e4
C#: Add change note
2018-08-21 09:11:31 +02:00
Esben Sparre Andreasen
f522376217
JS: mention string formatting taint step in change notes
2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
bbdf6b0f1d
JS: mark PrintfStyleCall as a taint step
2018-08-21 09:02:35 +02:00
Esben Sparre Andreasen
c058b91587
JS: extract PrintfStyleCall out of TaintedFormatString
2018-08-21 09:02:35 +02:00
Tom Hvitved
4560468cb8
C#: Update expected test output
2018-08-21 08:57:03 +02:00
Robert Marsh
51bfb8db88
C++: exclude conversion in MacroInvocation.getExpr
2018-08-20 15:10:28 -07:00
Denis Levin
be3d2931e3
Changed query message text as requested
2018-08-20 14:02:33 -07:00
Esben Sparre Andreasen
be8a32bb18
JS: add sanitizer support for `~whitelist.indexOf(x)`
2018-08-20 20:32:57 +02:00
Ian Lynagh
0f350780bb
C++: Make Folder.getURL() consistent with Folder.getLocation()
2018-08-20 19:01:31 +01:00
Dave Bartolomeo
f2053c488e
C++: Make `InitializeParameter` and `Uninitialized` return memory results
...
The IR avoids having non-trivially-copyable and non-trivially-assignable types in register results, because objects of those types need to exist at a particular memory location. The `InitializeParameter` and `Uninitialized` instructions were violating this restriction because they returned register results, which were then stored into the destination location via a `Store`.
This change makes those two instructions take the destination address as an operand, and return a memory result representing the (un-)initialized memory, removing the need for a separate `Store` instruction.
2018-08-20 09:13:45 -07:00
Luke Cartey
d6c58d6bd9
C#: ZipSlip - Add precision tag.
2018-08-20 16:59:57 +01:00
Luke Cartey
0477bd781a
C#: ZipSlip - Add change note.
2018-08-20 16:59:57 +01:00
Luke Cartey
fa78d04f18
C#: ZipSlip - Add qhelp file.
...
This adds a help file which describes the problem, provides
recommendations on how to fix it and an example.
2018-08-20 16:59:56 +01:00
Luke Cartey
99d1cf70be
C#: ZipSlip - Update name, description and message.
...
This commit updates the name, description and message to better match
the house style for the security queries.
2018-08-20 16:59:56 +01:00
Luke Cartey
112d104005
C#: ZipSlip - remove ZipSlip prefix from TaintTracking class name.
2018-08-20 16:18:13 +01:00
Luke Cartey
b6c9f844e8
C#: ZipSlip - refactor to use Source, Sink, Sanitizer
...
This commit refactors the existing predicates to be classes extending
Source, Sink or Sanitizer, as appropriate.
2018-08-20 16:17:03 +01:00
Ian Lynagh
99dbbdf863
C++: Add some comments
2018-08-20 16:12:26 +01:00
Ian Lynagh
9c4d4f8732
C++: No need to cache so many predicates
2018-08-20 16:12:26 +01:00
Ian Lynagh
c241b081cb
C++: Don't unresolve 'this'
...
For example, if you have 3 types called T, where t1 and t2 are defined
but t3 isn't, then you will have
unspecifiedtype(t1, t1)
unspecifiedtype(t2, t2)
unspecifiedtype(t3, t3)
t1 = resolve(t1)
t1 = resolve(t3)
t2 = resolve(t2)
t2 = resolve(t3)
so given
Type getUnspecifiedType() {
unspecifiedtype(unresolve(this), unresolve(result))
}
you get t1.getUnspecifiedType() = t2.
I think that in general the best thing to do is to not unresolve 'this',
but to just take the underlying value.
2018-08-20 16:12:26 +01:00
Ian Lynagh
a1e44041ec
C++: Use mkElement/unresolveElement consistently
2018-08-20 16:12:26 +01:00
Ian Lynagh
34c9892f77
C++: isfromtemplateinstantiation test output change
2018-08-20 16:12:26 +01:00
Max Schaefer
46ef208e09
JavaScript: Remove spurious test file.
2018-08-20 15:02:51 +01:00
semmle-qlci
e1f3637b66
Merge pull request #75 from asger-semmle/server-side-url-redirect-performance
...
Approved by xiemaisi
2018-08-20 14:53:16 +01:00
Jonas Jensen
b931e88686
Merge pull request #67 from dave-bartolomeo/dave/CastToVoid
...
C++: Handle casts to `void` in IR
2018-08-20 15:45:11 +02:00
Jonas Jensen
5e6f34fa3c
Merge pull request #64 from calumgrant/ql-style-guide
...
QL Style Guide
2018-08-20 15:31:51 +02:00