Skip to content

Merge master into rc/1.20 #1032

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
xiemaisi merged 90 commits into from
Mar 4, 2019
Merged

Merge master into rc/1.20 #1032

xiemaisi merged 90 commits into from
Mar 4, 2019

Conversation

@xiemaisi
Copy link

@xiemaisi xiemaisi commented Mar 4, 2019

Replacement for #1031.

taus-semmle and others added 30 commits February 4, 2019 19:05
@taus-semmle
Python: Make "Modification of parameter with default" flow-sensitive.
895b237
@taus-semmle
Improve change note.
b550da2
@asger-semmle
JS: treat +/- equally in suffix check query
d793427
@raulgarciamsft
Adding a new rule for detecting usage of static objects that implemen…
7d19769 
…t ICryptoTransform that would be thread-unsafe, and potentially result in incorrect cryptographic results.
@raulgarciamsft
Update .gitignore
fa73b84
@raulgarciamsft
Update .gitignore
143b1e5
@jbj
C++: IR query for redundant null check
9ac8d60 
This new query is not written because it's the most interesting query we
could write but because it's an IR-based query whose results are easy to
verify.
@jbj
C++: Add new query to new experimental suite
12084fc 
This suite isn't referenced from anywhere yet, but it'll be included in
a standard ODASA dist because the dist includes all files in the `c` and
`cpp` directories. We can modify the nightly test jobs to include the
experimental suite.
@jbj
C++: More tests for RedundantNullCheckSimple
9f2fdbb
JS: fixup changenote for js/unbound-event-handler-receiver
bfbf686
JS: introduce CapturedSource
0cf2eae
JS: add query js/unused-property
91dccc3
JS: avoid double reporting dead code with js/unused-variable
8af501d
JS: change notes for js/unused-property and js/unused-variable
c84d898
JS: add type inference for the return value of captured method calls
bdd8691
JS: add PropWrite tests for parameter field initializers
6766716
JS: add missing flowstep for unused parameter field initializers
6c1b29e
@raulgarciamsft
Making changes based on feedback.
9bb7816
JS: address review comments
047b69a
JS: analyze assignments in with correctly
0d94fe3
JS: add documentation to test case
1150f4c
JS: format test case (update expected output)
65fb142
JS: rename CapturedSource -> LocalObject
6636798
JS: rename CapturedSource -> LocalObject (files)
4dc147d
JS: update docstring
ab1b1c1
JS: address review comment
9511bdf
@raulgarciamsft
Improving documentation
f8ae56a
@raulgarciamsft
Merge branch 'users/raulga/ICryptoTransform' of https://github.com/ra…
fb5f220 
…ulgarciamsft/ql into users/raulga/ICryptoTransform
@markshannon
Python: Add test skeleton for falcon web framework.
742c1d0
@markshannon
Python: Basic support for falcon framework; routing and requests.
6a48420
semmle-qlci and others added 17 commits March 1, 2019 08:20
@semmle-qlci
Merge pull request github#1009 from xiemaisi/js/reformat-extractor
bc8906b 
Approved by asger-semmle
@taus-semmle
Change kind to path-problem.
91cfc9b
@taus-semmle
Merge branch 'master' into python-mutable-default-with-flow
64e6974
Merge pull request github#1006 from asger-semmle/express-end
a6f3305 
JS: Treat res.end() as alias for res.send() in Express
@semmle-qlci
Merge pull request github#1013 from asger-semmle/closure-string-ops
6cafe22 
Approved by esben-semmle
Merge pull request github#946 from esben-semmle/js/captured-nodes-que…
83e0f3b 
…ry-and-type-inference-1

JS: Captured Nodes, type inference + a query
@hvitved
Merge pull request github#956 from raulgarciamsft/users/raulga/ICrypt…
51e5a30 
…oTransform

Detect usage of ICryptoTransform that would be thread-unsafe
@markshannon
Merge pull request github#878 from taus-semmle/python-mutable-default…
8a16164 
…-with-flow

Python: Make "Modification of parameter with default" flow-sensitive.
@markshannon
Python: Improve taint tracking to account for truthiness of the taint…
ebd9bc3 
… kind.
@markshannon
Python: Update py/modification-of-default-value to account for truthi…
94190e7 
…ness of default value.
@ian-semmle
Changenotes: Fix copy/paste-o.
af397d3
@taus-semmle
Merge pull request github#1020 from markshannon/python-taint-tracking…
a30b456 
…-guard

Python: Add taint tracking guard for truthiness.
@nickrolfe
Merge pull request github#1012 from ian-semmle/constexpr
e6ddf7f 
C++: Add Variable.isConstexpr()
@geoffw0
Merge pull request github#894 from jbj/ir-RedundantNullCheckSimple
6601327 
C++: IR query for redundant null check
@semmle-qlci
Merge pull request github#989 from asger-semmle/class-node-get-this-a…
4c3ecf0 
…ccess

Approved by xiemaisi
@jbj
C++: Set cpp/command-line-injection precision=low
4f9ffb3 
This query is only appropriate for setuid programs. Since such programs
are at most 0.1% of all code we analyse, I would say this query has a
precision of at most 0.1%.
@geoffw0
Merge pull request github#1024 from jbj/command-line-injection-precision
a3f452b 
C++: Set cpp/command-line-injection precision=low
@xiemaisi xiemaisi requested review from a team as code owners March 4, 2019 13:12
@xiemaisi xiemaisi mentioned this pull request Mar 4, 2019
Closed
@xiemaisi
Copy link
Author

xiemaisi commented Mar 4, 2019

Python, C# and C++ changes were already approved on the previous PR, JavaScript changes lgtm as well.

This was referenced Mar 4, 2019
Closed
Merged
@jbj jbj mentioned this pull request Mar 4, 2019
Merged
@xiemaisi xiemaisi merged commit 7f5e263 into github:rc/1.20 Mar 4, 2019
@xiemaisi xiemaisi mentioned this pull request Mar 5, 2019
Merged
@xiemaisi xiemaisi deleted the master-for-merge branch March 13, 2019 15:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jbj jbj jbj approved these changes

@hvitved hvitved hvitved approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.