Skip to content

Merge master into rc/1.20 #1031

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
xiemaisi wants to merge 90 commits into from
Closed

Merge master into rc/1.20 #1031

xiemaisi wants to merge 90 commits into from

Conversation

@xiemaisi
Copy link

@xiemaisi xiemaisi commented Mar 4, 2019

Not something we usually do, but needed in this case to pull in PRs that were meant for rc/1.20 but got left behind when the RC branch was created.

taus-semmle and others added 30 commits February 4, 2019 19:05
@taus-semmle
Python: Make "Modification of parameter with default" flow-sensitive.
895b237
@taus-semmle
Improve change note.
b550da2
@asger-semmle
JS: treat +/- equally in suffix check query
d793427
@raulgarciamsft
Adding a new rule for detecting usage of static objects that implemen…
7d19769 
…t ICryptoTransform that would be thread-unsafe, and potentially result in incorrect cryptographic results.
@raulgarciamsft
Update .gitignore
fa73b84
@raulgarciamsft
Update .gitignore
143b1e5
@jbj
C++: IR query for redundant null check
9ac8d60 
This new query is not written because it's the most interesting query we
could write but because it's an IR-based query whose results are easy to
verify.
@jbj
C++: Add new query to new experimental suite
12084fc 
This suite isn't referenced from anywhere yet, but it'll be included in
a standard ODASA dist because the dist includes all files in the `c` and
`cpp` directories. We can modify the nightly test jobs to include the
experimental suite.
@jbj
C++: More tests for RedundantNullCheckSimple
9f2fdbb
JS: fixup changenote for js/unbound-event-handler-receiver
bfbf686
JS: introduce CapturedSource
0cf2eae
JS: add query js/unused-property
91dccc3
JS: avoid double reporting dead code with js/unused-variable
8af501d
JS: change notes for js/unused-property and js/unused-variable
c84d898
JS: add type inference for the return value of captured method calls
bdd8691
JS: add PropWrite tests for parameter field initializers
6766716
JS: add missing flowstep for unused parameter field initializers
6c1b29e
@raulgarciamsft
Making changes based on feedback.
9bb7816
JS: address review comments
047b69a
JS: analyze assignments in with correctly
0d94fe3
JS: add documentation to test case
1150f4c
JS: format test case (update expected output)
65fb142
JS: rename CapturedSource -> LocalObject
6636798
JS: rename CapturedSource -> LocalObject (files)
4dc147d
JS: update docstring
ab1b1c1
JS: address review comment
9511bdf
@raulgarciamsft
Improving documentation
f8ae56a
@raulgarciamsft
Merge branch 'users/raulga/ICryptoTransform' of https://github.com/ra…
fb5f220 
…ulgarciamsft/ql into users/raulga/ICryptoTransform
@markshannon
Python: Add test skeleton for falcon web framework.
742c1d0
@markshannon
Python: Basic support for falcon framework; routing and requests.
6a48420
jcreedcmu and others added 18 commits February 28, 2019 15:46
@jcreedcmu
JS: Add ZipSlip query to security suite
86bbb5f
Merge pull request #889 from jcreedcmu/jcreed/tarslip
8dcd871 
JavaScript: Add new query for ZipSlip (CWE-022).
@semmle-qlci
Merge pull request #1009 from xiemaisi/js/reformat-extractor
bc8906b 
Approved by asger-semmle
@taus-semmle
Change kind to path-problem.
91cfc9b
@taus-semmle
Merge branch 'master' into python-mutable-default-with-flow
64e6974
Merge pull request #1006 from asger-semmle/express-end
a6f3305 
JS: Treat res.end() as alias for res.send() in Express
@semmle-qlci
Merge pull request #1013 from asger-semmle/closure-string-ops
6cafe22 
Approved by esben-semmle
Merge pull request #946 from esben-semmle/js/captured-nodes-query-and…
83e0f3b 
…-type-inference-1

JS: Captured Nodes, type inference + a query
@hvitved
Merge pull request #956 from raulgarciamsft/users/raulga/ICryptoTrans…
51e5a30 
…form

Detect usage of ICryptoTransform that would be thread-unsafe
@markshannon
Merge pull request #878 from taus-semmle/python-mutable-default-with-…
8a16164 
…flow

Python: Make "Modification of parameter with default" flow-sensitive.
@markshannon
Python: Improve taint tracking to account for truthiness of the taint…
ebd9bc3 
… kind.
@markshannon
Python: Update py/modification-of-default-value to account for truthi…
94190e7 
…ness of default value.
@ian-semmle
Changenotes: Fix copy/paste-o.
af397d3
@taus-semmle
Merge pull request #1020 from markshannon/python-taint-tracking-guard
a30b456 
Python: Add taint tracking guard for truthiness.
@nickrolfe
Merge pull request #1012 from ian-semmle/constexpr
e6ddf7f 
C++: Add Variable.isConstexpr()
@geoffw0
Merge pull request #894 from jbj/ir-RedundantNullCheckSimple
6601327 
C++: IR query for redundant null check
@semmle-qlci
Merge pull request #989 from asger-semmle/class-node-get-this-access
4c3ecf0 
Approved by xiemaisi
@jbj
C++: Set cpp/command-line-injection precision=low
4f9ffb3 
This query is only appropriate for setuid programs. Since such programs
are at most 0.1% of all code we analyse, I would say this query has a
precision of at most 0.1%.
@xiemaisi xiemaisi requested review from a team as code owners March 4, 2019 12:52
@jbj
Copy link
Contributor

jbj commented Mar 4, 2019

LGTM. This pulls #1012 into 1.20, which is where it belongs because the corresponding internal PR was merged into 1.20.

@markshannon
Copy link
Contributor

markshannon commented Mar 4, 2019

LGTM as far as the Python changes are concerned.

hvitved
hvitved previously approved these changes Mar 4, 2019
View reviewed changes
Copy link
Contributor

@hvitved hvitved left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

C# changes 👍

@geoffw0
Merge pull request #1024 from jbj/command-line-injection-precision
a3f452b 
C++: Set cpp/command-line-injection precision=low
@jbj
Copy link
Contributor

jbj commented Mar 4, 2019

@xiemaisi You've opened the PR directly from master. The tests will never complete as they're restarted on every merge to master.

(I'd be totally fine with having the merge of #1024 in 1.20).

@xiemaisi xiemaisi mentioned this pull request Mar 4, 2019
Merged
@xiemaisi
Copy link
Author

xiemaisi commented Mar 4, 2019

Replaced by #1032.

@xiemaisi xiemaisi closed this Mar 4, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@hvitved hvitved hvitved left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.