Geoffrey White
760884051c
CPP: Add test cases using various combinations of width and precision specifiers, positional arguments, and flags.
2019-11-11 15:27:22 +00:00
Jonas Jensen
f2a9876c2a
Merge pull request #2003 from geoffw0/formatarg
...
CPP: WrongTypeFormatArguments.ql Fix
2019-11-11 16:07:37 +01:00
Jonas Jensen
d9bdb2cd4e
Merge pull request #2274 from geoffw0/oddsends
...
CPP: Clean up new queries and libraries
2019-11-11 16:05:20 +01:00
Taus
e576395c90
Merge pull request #2241 from RasmusWL/python-always-legacy-conf
...
Python: Always enable legacy taint tracking configuration
2019-11-11 16:00:04 +01:00
Jonas Jensen
eb55d964a8
C++: Fix semantic merge conflict
...
This test output must have been wrong because I produced it with an
extractor that didn't have #2153 applied.
2019-11-11 15:39:53 +01:00
Erik Krogh Kristensen
67b38ed301
correctly weed out benign calls inside attributes
2019-11-11 15:30:33 +01:00
James Fletcher
c33d28542e
Merge pull request #2294 from felicitymay/1.22-mergeback-master
...
1.22 mergeback master
2019-11-11 14:14:09 +00:00
Geoffrey White
e77fefaf9e
Merge pull request #2295 from jbj/self-comparison-templates
...
C++: Suppress PointlessSelfComparison.ql on templates
2019-11-11 14:12:55 +00:00
Felicity Chapman
37c78bf1ea
Fix poor conflict resolution in training slides
2019-11-11 13:11:28 +00:00
Jonas Jensen
97cc0ebc8c
C++: Suppress PointlessSelfComparison on templates
...
It's a bit crude to suppress all results in instantiations, but we're
already using this kind of suppression in `PointlessComparison.ql`
(without the `Self`) because there is no convenient alternative. It
means we lose some good results but also suppress a new false positive
in Boost that surfaced after we added support for non-type template
parameters.
2019-11-11 14:00:00 +01:00
Jonas Jensen
281d512178
C++: Add tests for self-comparison template FP
2019-11-11 13:52:22 +01:00
Felicity Chapman
b3c3677cbf
Merge branch 'rc/1.22' into 1.22-mergeback-master
...
Conflicts resolved in favour of master:
docs/language/learn-ql/cpp/conversions-classes.rst
docs/language/learn-ql/cpp/function-classes.rst
docs/language/learn-ql/cpp/introduce-libraries-cpp.rst
docs/language/learn-ql/csharp/ql-for-csharp.rst
docs/language/learn-ql/javascript/introduce-libraries-ts.rst
docs/language/learn-ql/python/introduce-libraries-python.rst
docs/language/ql-training/cpp/bad-overflow-guard.rst
docs/language/ql-training/cpp/control-flow-cpp.rst
docs/language/ql-training/cpp/global-data-flow-cpp.rst
docs/language/ql-training/cpp/intro-ql-cpp.rst
docs/language/ql-training/cpp/program-representation-cpp.rst
docs/language/ql-training/cpp/snprintf.rst
docs/language/ql-training/index.rst
docs/language/ql-training/java/global-data-flow-java.rst
docs/language/ql-training/java/intro-ql-java.rst
docs/language/ql-training/java/program-representation-java.rst
docs/language/ql-training/java/query-injection-java.rst
2019-11-11 10:18:43 +00:00
Rasmus Wriedt Larsen
9151a7e433
Python: Always enable legacy taint tracking configuration
...
If the legacy configuration is only enabled if there are no other
configurations, defining a configuration in an imported library can lead to
unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)`
would *stop* working, if it did not define its own configuration. (this actually
happened to us)
We performed a dist-compare to ensure there is not a performance deg ration by
doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e
Tests that were affected by this:
- RockPaperScissors + Simple: new edges because no configuration was defined for
SqlInjectionTaint or CommandInjectionTaint
- CleartextLogging + CleartextStorage: new edges because no configuration was
defined before, AND duplicate deges.
- TestNode: new edges because no configuration was defined before
- PathInjection: Duplicate edges
- TarSlip: Duplicate edges
- CommandInjection: Duplicate edges
- ReflectedXss: Duplicate edges
- SqlInjection: Duplicate edges
- CodeInjection: Duplicate edges
- StackTraceExposure: Duplicate edges
- UnsafeDeserialization: Duplicate edges
- UrlRedirect: Duplicate edges
2019-11-11 11:17:21 +01:00
Anders Schack-Mulligen
b0fecbce28
Merge pull request #2230 from yh-semmle/java-move-cwe502-lib
...
Java: move `UnsafeDeserialization.qll` to standard library location
2019-11-11 10:44:52 +01:00
Felicity Chapman
c4f958d396
Merge pull request #2263 from sauyon/master
...
Update links to OWASP cheat sheet
2019-11-11 08:51:52 +00:00
Calum Grant
bd925d2bee
C#: Fix prefixing assembly IDs to type IDs.
2019-11-10 13:05:08 +00:00
Jonas Jensen
751263db91
C++: Use ConvertToBaseInstruction in IR data flow
...
This should make virtual dispatch work also for virtual bases.
2019-11-10 11:17:35 +01:00
Jonas Jensen
7758b43e34
C++: Add ConvertToBase{Opcode,Instruction} classes
...
These should make it easy to match base-class conversions when it's not
important whether the base class is virtual.
2019-11-10 11:09:54 +01:00
Jonas Jensen
279fc16b60
C++: ConvertToBase -> ConvertToNonVirtualBase
...
This rename was done with
perl -p -i -e's/ConvertToBase/ConvertToNonVirtualBase/g' **/*.ql* **/*.expected
followed by re-running the affected tests.
2019-11-10 10:35:53 +01:00
James Fletcher
aa05908d19
Merge pull request #2287 from felicitymay/1.22/support-codeql
...
1.22: Update for support info for CodeQL term change
2019-11-09 22:07:34 +00:00
Felicity Chapman
25eb1d0cc9
Update for CodeQL term change and port nav changes
2019-11-09 14:36:35 +00:00
Jonas Jensen
f3e691b5ec
Merge pull request #2075 from zlaski-semmle/zlaski/cpp434
...
[CPP-434] Detect signed overflow checks
2019-11-09 09:57:23 +01:00
Ziemowit Laski
7a4c4b62f6
[zlaski/pointer-overflow-check] Rename PointerOverflowCheck -> PointerWrapAround.
2019-11-08 14:54:20 -08:00
Ziemowit Laski
f2105867a8
[zlaski/pointer-overflow-check] Enhance qhelp and test case.
2019-11-08 14:36:33 -08:00
Robert Marsh
64b34ad975
Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects
2019-11-08 14:06:36 -08:00
Robert Marsh
1dc0cb89d0
Merge branch 'master' of github.com:Semmle/ql into rdmarsh/cpp/ir-constructor-side-effects
2019-11-08 12:47:27 -08:00
Robert Marsh
b812a0338d
Merge pull request #2268 from dave-bartolomeo/dbartol/StringLiteralAlias
...
C++/C#: Treat string literals like read-only global variables for alias purposes
2019-11-08 12:43:57 -08:00
Robert Marsh
7e8a67a046
Merge branch 'master' into rdmarsh/cpp/hasGlobalOrStdName
2019-11-08 11:33:35 -08:00
Dave Bartolomeo
c365b2f2f0
Merge from master
...
Resolve conflicts in test output
2019-11-08 10:42:29 -07:00
Dave Bartolomeo
2b89139d5f
Merge pull request #2269 from rdmarsh2/rdmarsh/cpp/uninit-string-initializers
...
C++: uninit instr for string literal initializers
2019-11-08 10:33:57 -07:00
Calum Grant
9715d8849a
C#: Disable a CIL consistency check that seems to be invalid.
2019-11-08 16:50:51 +00:00
Calum Grant
4e2e64e949
C#: Fix up CallableReturns tests.
2019-11-08 16:42:22 +00:00
Asger F
a2ff4e9494
JS: member -> property
2019-11-08 16:23:59 +00:00
Calum Grant
e12a33d4e0
C#: Disposal tests do not depend on external DLLs.
2019-11-08 16:22:47 +00:00
Asger F
2a473fb9e7
Update javascript/ql/src/semmle/javascript/dataflow/Nodes.qll
...
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2019-11-08 16:15:08 +00:00
Asger F
4ad03a9061
Update javascript/ql/src/semmle/javascript/dataflow/DataFlow.qll
...
Co-Authored-By: Max Schaefer <54907921+max-schaefer@users.noreply.github.com>
2019-11-08 16:14:53 +00:00
Geoffrey White
58b6fc6bbf
CPP: Autoformat.
2019-11-08 16:06:23 +00:00
Taus
7527f13443
Merge pull request #2283 from RasmusWL/python-fix-python2-specific-tests
...
Python: fix python2 specific tests
2019-11-08 17:03:54 +01:00
Geoffrey White
983a970c36
CPP: Autoformat.
2019-11-08 15:59:04 +00:00
Asger F
53d470da2f
JS: Add syntax examples to DataFlow classes
2019-11-08 15:51:26 +00:00
Calum Grant
d64c244257
C#: Fix test for AspLine.
2019-11-08 15:48:56 +00:00
Geoffrey White
d434f909a5
CPP: Correct change note.
2019-11-08 15:10:44 +00:00
Geoffrey White
b4fb98dc7c
CPP: Fix comments.
2019-11-08 15:10:13 +00:00
Geoffrey White
821d5061a7
CPP: Correct the tests.
2019-11-08 15:10:13 +00:00
Geoffrey White
73b55f019d
CPP: Autoformat.
2019-11-08 15:10:13 +00:00
Geoffrey White
0063fa2974
CPP: Change note.
2019-11-08 15:10:13 +00:00
Geoffrey White
cd3bccf73a
CPP: Fix FPs.
2019-11-08 15:09:46 +00:00
Geoffrey White
1cf4449314
CPP: Test for NonConstantFormat with multiple definitons.
2019-11-08 15:09:45 +00:00
Geoffrey White
144cda7dd9
CPP: Test for WrongTypeFormatArguments with multiple definitions.
2019-11-08 15:09:45 +00:00
semmle-qlci
9986de87c4
Merge pull request #2284 from shati-patel/ql-codeql-1
...
Approved by jf205
2019-11-08 14:37:26 +00:00