Skip to content

Master-to-next merge #723

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xiemaisi merged 100 commits into from
Jan 7, 2019
Merged

Master-to-next merge #723

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
100 commits
Select commit Hold shift + click to select a range
6644537
C#: Speedup `Assertions::strictlyDominates()` and `ControlFlowElement…
hvitved Dec 5, 2018
e05bbb0
C#: Fix always-`null` bug in TRAP writer
hvitved Dec 7, 2018
6411d1c
C#: Refactor operator call logic
hvitved Dec 7, 2018
8d07286
C#: Reorder for statements to ensure variables declared in the condit…
calumgrant Dec 10, 2018
f0fb47c
C#: Update change notes.
calumgrant Dec 11, 2018
e808376
C#: Refactor LINQ logic
hvitved Dec 7, 2018
1366638
C#: Fix whitespaces
hvitved Dec 12, 2018
6918dad
C#: Refactor `localFlowStep()`
hvitved Dec 12, 2018
74167e4
C#: Cache `NamedElement::getLabel()`
hvitved Dec 12, 2018
344466a
C#: Cache `DataFlow::Node::getEnclosingCallable()`
hvitved Dec 12, 2018
b155a0f
C#: Avoid computing CIL strings and non-PDB locations in data flow li…
hvitved Dec 12, 2018
7656936
Java: Remove Metrics/queries.xml
aschackmull Dec 13, 2018
56b80ae
C#: Add `getALocation()` for namespaces and namespace declarations
hvitved Dec 14, 2018
654f2ae
C#: Address review comment
hvitved Dec 14, 2018
5ccad6f
JavaScript: Minor improvements.
Dec 14, 2018
287ce4e
C#: Add more nullness tests
hvitved Dec 11, 2018
078dc7b
C#: Fix false positives in `cs/dereferenced-value-may-be-null`
hvitved Dec 11, 2018
e2f271b
C#: Add more guard implication steps
hvitved Dec 5, 2018
91e4f7a
C#: Make `cs/dereferenced-value-may-be-null` a path query
hvitved Dec 5, 2018
3a5962a
JS: minor fixups in ClientRequests.qll
Dec 14, 2018
60fe017
JS: add ClientRequest::getHost
Dec 17, 2018
c6b4e29
JS: add "host" as a sink for `js/request-forgery`
Dec 17, 2018
3cd6223
JS: change notes for `js/request-forgery` improvements
Dec 14, 2018
ada0115
C#: Remove `getUrl()` predicates
hvitved Dec 14, 2018
50cba92
JS: remove slow test Security/heuristics/AdditionalCommandInjections
Dec 17, 2018
5f269b2
Merge branch 'master' into cs/extractor/for-is
hvitved Dec 17, 2018
4a631b4
JS: use `.lastIndexOf` in js/incomplete-url-substring-sanitization
Dec 17, 2018
5040d3e
JS: add query for loop index bug
asger-semmle Dec 14, 2018
f50d0e3
Merge pull request #642 from hvitved/csharp/extractor/nullness-refact…
calumgrant Dec 17, 2018
dbd0c7e
Merge pull request #674 from hvitved/csharp/cache-get-label
calumgrant Dec 17, 2018
6648c84
Merge pull request #680 from hvitved/csharp/data-flow-performance-tweaks
calumgrant Dec 17, 2018
e822510
C#: Fix typo
hvitved Dec 17, 2018
d3f6362
Java: Add missing override annotations.
aschackmull Dec 17, 2018
e142591
Merge pull request #658 from calumgrant/cs/extractor/for-is
hvitved Dec 17, 2018
280382e
JS: whitelist if array access at another index is seen
asger-semmle Dec 17, 2018
d9ae593
C#: Remove deprecated predicates
hvitved Dec 17, 2018
d595f20
JS: add to correctness-more suite
asger-semmle Dec 17, 2018
e1c25c8
JS: add change note
asger-semmle Dec 17, 2018
7fd1d64
Merge pull request #699 from esben-semmle/js/add-lastIndexOf
semmle-qlci Dec 18, 2018
c37d655
Merge pull request #697 from esben-semmle/js/fix-heuristics-compilati…
semmle-qlci Dec 18, 2018
edf1df1
C#: Remove tests for deprecated predicates
hvitved Dec 18, 2018
b051b75
Merge pull request #638 from hvitved/csharp/split-dominance-performance
calumgrant Dec 18, 2018
c17eca9
JS: add test case for $(location)
asger-semmle Dec 18, 2018
02978c9
JS: whitelist $(location) in simple cases
asger-semmle Dec 18, 2018
7f538e8
JS: add test case for non-whitelisted use of location
asger-semmle Dec 18, 2018
1246de4
JS: add change note
asger-semmle Dec 18, 2018
f574549
JS: move <ul> outside of <p> element
asger-semmle Dec 18, 2018
5956341
Merge pull request #706 from asger-semmle/jquery-location-sink
semmle-qlci Dec 18, 2018
f9d7f8b
JS: fix links in qhelp
asger-semmle Dec 19, 2018
f84301e
JS: add tests with res.sendFile root option
asger-semmle Dec 14, 2018
0e40717
JS: recognize res.sendfile root option
asger-semmle Dec 14, 2018
f9da1dc
JS: add change note
asger-semmle Dec 14, 2018
e5cbac5
C#: Replace a use of `boundedFastTC` with `fastTC`
hvitved Dec 19, 2018
a7cdf52
C#: Improve performance by mapping directly from entities to labels.
calumgrant Dec 4, 2018
88734f1
C#: Fix label conflicts.
calumgrant Dec 18, 2018
93ce34a
C#: Add a new object->entity cache.
calumgrant Dec 19, 2018
6a54a6d
C#: Fix changed unit tests.
calumgrant Dec 19, 2018
78334af
JS: remove cookie source; rely on persistent flow steps instead
asger-semmle Dec 13, 2018
60ae3e5
JS: update change note
asger-semmle Dec 19, 2018
ce18aca
JS: update expected output
asger-semmle Dec 19, 2018
e15481a
Merge pull request #702 from hvitved/csharp/remove-deprecated
calumgrant Dec 19, 2018
1062773
C#: Introduce `Ssa::Definition::getElement()` and `AssignableDefiniti…
hvitved Dec 19, 2018
b11b714
Merge pull request #696 from esben-semmle/js/host-request-forgery
semmle-qlci Dec 19, 2018
495a1fc
Merge pull request #698 from asger-semmle/remove-cookie-as-source
semmle-qlci Dec 19, 2018
c57f8a6
Merge pull request #691 from asger-semmle/sendfile-root
Dec 19, 2018
83ccddf
Merge pull request #707 from hvitved/csharp/bounded-fast-tc
semmle-qlci Dec 19, 2018
b2500a0
Merge branch 'master' into csharp/maybe-null-path-query
hvitved Dec 19, 2018
546d750
C#: Reintroduce `getURL()`
hvitved Dec 19, 2018
2314651
C#: Autoformat QL tests
hvitved Dec 20, 2018
1710f8d
Merge pull request #661 from hvitved/csharp/maybe-null-path-query
calumgrant Dec 20, 2018
c66f67d
C#: Address review comment
hvitved Dec 20, 2018
ccda1c8
C#: Add nullness test using an `as` expression
hvitved Dec 14, 2018
33fcbc9
C#: Consider `as` expressions as maybe-`null` in `cs/dereferenced-val…
hvitved Dec 14, 2018
7dd263b
Merge pull request #689 from hvitved/csharp/remove-get-url
calumgrant Dec 20, 2018
a600353
Merge pull request #692 from hvitved/csharp/maybe-null-as-expression
calumgrant Dec 20, 2018
af38a2b
Merge branch 'master' into csharp/autoformat/tests
hvitved Dec 20, 2018
d73b28e
C#: Address review comments.
calumgrant Dec 20, 2018
5478155
Merge pull request #615 from calumgrant/cs/extractor-caching
hvitved Dec 21, 2018
1b11abf
Merge pull request #709 from hvitved/csharp/autoformat/tests
calumgrant Dec 21, 2018
0fe0544
C#: Fix extraction error when Event accessors are ordinary methods.
calumgrant Dec 31, 2018
f06a20f
C#: Add SSA tests with CFG splitting
hvitved Dec 18, 2018
5879e58
C#: Account for CFG splitting in `AssignableDefinition::getAFirstRead…
hvitved Dec 18, 2018
2427f0a
C#: Remove redundant cast
hvitved Jan 2, 2019
4348de3
Merge pull request #714 from calumgrant/cs/event-accessors
hvitved Jan 2, 2019
8c3b44a
JS: address comments
asger-semmle Jan 2, 2019
9f22da4
JS: rename query to "Loop iteration skipped due to shifting"
asger-semmle Jan 2, 2019
bc59e65
JS: update suite file
asger-semmle Jan 2, 2019
0a2df6c
JavaScript: Highlight id attribute (not entire element) in `Ambiguous…
Jan 2, 2019
f24313a
JS: address doc review
asger-semmle Jan 3, 2019
787feba
CPP: Improve qldoc for MacroAccess and MacroInvocation.
geoffw0 Dec 13, 2018
9b8bf96
Merge pull request #718 from xiemaisi/js/ambiguous-id-attr-alert-loc
semmle-qlci Jan 3, 2019
6c76826
Merge pull request #716 from xiemaisi/js/cosmetics
semmle-qlci Jan 3, 2019
8174fb5
Merge pull request #705 from asger-semmle/loop-index-concurrent-modif…
semmle-qlci Jan 3, 2019
c0868bc
Merge pull request #708 from hvitved/csharp/ssa-read-splitting
semmle-qlci Jan 3, 2019
2d151f7
Merge pull request #701 from aschackmull/java/override-annot
yh-semmle Jan 3, 2019
0e0ff56
Merge pull request #686 from aschackmull/java/rm-metrics-queries-xml
yh-semmle Jan 3, 2019
79e246f
Merge pull request #722 from geoffw0/doc-macroinv
jbj Jan 4, 2019
b4f400f
Merge remote-tracking branch 'upstream/next' into qlucie/master
Jan 4, 2019
651d207
C#: Fix assembly labels.
calumgrant Jan 4, 2019
42cf760
Merge branch 'cs/assembly-labels' of https://github.com/calumgrant/ql…
pavgust Jan 4, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion javascript/ql/test/library-tests/Security/heuristics/AdditionalCommandInjections.expected
View file
Open in desktop

This file was deleted.

9 changes: 0 additions & 9 deletions javascript/ql/test/library-tests/Security/heuristics/AdditionalCommandInjections.ql
View file
Open in desktop

This file was deleted.

1 change: 0 additions & 1 deletion javascript/ql/test/library-tests/Security/heuristics/HeuristicSink.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
| additionalCommandInjections.js:2:11:2:45 | "prgm - ... place() |
| sinks.js:2:14:2:17 | sink |
| sinks.js:3:5:3:17 | script + sink |
| sinks.js:4:9:4:12 | sink |
Expand Down
1 change: 0 additions & 1 deletion javascript/ql/test/library-tests/Security/heuristics/HeuristicSource.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,2 @@
| additionalCommandInjections.js:2:28:2:35 | password |
| sources.js:2:5:2:12 | password |
| sources.js:3:5:3:20 | JSON.stringify() |
3 changes: 0 additions & 3 deletions javascript/ql/test/library-tests/Security/heuristics/additionalCommandInjections.js
View file
Open in desktop

This file was deleted.