Skip to content

Merge rc/1.19 into master #662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
asger-semmle wants to merge 192 commits into from
Closed

Merge rc/1.19 into master #662

asger-semmle wants to merge 192 commits into from

Conversation

@asger-semmle
Copy link
Contributor

@asger-semmle asger-semmle commented Dec 11, 2018

Merges the right child of #503 and #561 into master.

jbj and others added 30 commits September 4, 2018 16:10
@jbj
Revert "Revert "C++: update expected sizes of error and unknown types…
9535f83 
… to be 1 byte""

This commit was reverted on `master` but should remain on `next`, so I'm
reverting the revert before merging `master` into `next`.

This reverts commit adda4c9.
@semmle-qlci
Merge pull request github#154 from jbj/mergeback-master-20180904
a46df8e 
Approved by adityasharad
@adityasharad
Merge rc/1.18 into next.
cbdbda3
Merge pull request github#160 from adityasharad/merge/1.18-next-050918
8fbc191 
Merge rc/1.18 into next.
@jbj
Revert "Revert "Version: Bump to 1.19.0 dev.""
d5e0357 
This reverts commit ab2bec7.
@jbj
Merge branch 'master-to-next-20180905-master' into master-to-next-201…
69e9156 
…80905
@adityasharad
Merge pull request github#164 from jbj/master-to-next-20180905
272bed7 
Merge master to next
@nickrolfe
C++: add dbscheme expr kinds for __builtin_addressof and vector fill
8e3f639
@nickrolfe
C++: add class and test for a GNU vector fill operation
93103e1
@nickrolfe
C++: class and test for clang's __builtin_addressof
2abf91b
@nickrolfe
C++: update stats for builtin_addressof and vec_fill
ab05be7
@ian-semmle
Merge pull request github#174 from nickrolfe/vec_fill
953537e 
C++: support for clang `__builtin_addressof` and GNU vector fill operations
@adityasharad
Merge rc/1.18 into next.
767045b
@hvitved
Merge pull request github#185 from adityasharad/merge/1.18-next-120918
7db2589 
Merge rc/1.18 into next.
@nickrolfe
C++: support clang's __builtin_convertvector
0957ee7
@nickrolfe
C++: stats for builtinconvertvector
3d2637a
@ian-semmle
Merge pull request github#188 from nickrolfe/convvec
bc0d4f1 
 C++: support clang's __builtin_convertvector
@jbj
Merge remote-tracking branch 'upstream/master' into merge-master-next…
9886e4a 
…-20180913
@nickrolfe
Merge pull request github#191 from jbj/merge-master-next-20180913
440d64d 
Merge master to next
@nickrolfe
C++: add Class::isStandardLayout()
e5b9dca
@nickrolfe
C++: test for Class::isStandardLayout()
f1358b7
@nickrolfe
C++: stats for is_standard_layout_class
017e3a3
@ian-semmle
Merge pull request github#204 from nickrolfe/std_layout
ebc924a 
C++: add Class::isStandardLayout()
JavaScript: Fix expected output due to qltest change.
b94df82
Merge pull request github#208 from aeyerstaylor/fix-qltest-change
8a950a5 
JavaScript: Fix expected output due to qltest change.
@adityasharad
Merge rc/1.18 into next.
accacdc
@nickrolfe
Merge pull request github#228 from adityasharad/merge/1.18-next-250918
314e1a1 
Merge rc/1.18 into next.
@adityasharad
Merge branch 'next' into qlucie/master
75680db
@adityasharad
C++: Update HashCons test output.
4ff79b0
@adityasharad
Merge pull request github#233 from Semmle/qlucie/master
41775c9 
Master-to-next merge
jbj and others added 22 commits November 27, 2018 11:03
@jbj
C++: Update security tag in change note
c8e34bf 
These two queries have the `security` tag in the `.ql` file, but it was
missing in the change note.
@geoffw0
Merge pull request github#548 from jbj/security-tags-1.19
a85dfb1 
C++: Update security tag in change note
@markshannon
Python: Correct case of query name and improve help.
698957e
JavaScript: Move an auxiliary predicate into shared library.
cf1e7cf
@taus-semmle
Python: Implement check for flask debug mode.
a4da245
@taus-semmle
Add change note.
b393d9a
@asger-semmle
TS: declassify files with unrecognized shebang line
623a80f
@taus-semmle
Fix stub file.
8d341ab
@taus-semmle
Update test results after stub change.
6ebf504
@taus-semmle
Merge pull request github#530 from markshannon/python-no-cert-validation
2b340b4 
New query to check for making a request without cert verification.
@taus-semmle
Change precision to high.
7f94c25
@markshannon
Merge pull request github#528 from taus-semmle/python-flask-debug
31ac33e 
Python: Implement check for flask debug mode.
JavaScript: Add new query UnvalidatedDynamicMethodCall.
2889e07
JavaScript: Restrict RemotePropertyInjection query to avoid double-…
f1c538a 
…reporting.

This query now only flags user-controlled property and header writes, method calls are handled by the new unsafe/unvalidated method call queries.
JavaScript: Add change notes.
f9de1d4
JavaScript: Sort change notes alphabetically.
31d23b6
@semmle-qlci
Merge pull request github#551 from asger-semmle/js-extractor-shebang
e66691a 
Approved by xiemaisi
JavaScript: Address review comments.
39f1c79
@semmle-qlci
Merge pull request github#555 from xiemaisi/js/invalid-dynamic-method…
57a976d 
…-call

Approved by esben-semmle
@asger-semmle
JS: add change note for UselessConditional.ql
8017df1
@asger-semmle
Merge commit '61ef6552' into merge-rc1.19
46a9b14
@asger-semmle
Merge commit '8017df17' into merge-rc1.19
20ffdf4
@asger-semmle asger-semmle requested review from a team as code owners December 11, 2018 14:18
adityasharad
adityasharad requested changes Dec 11, 2018
View reviewed changes
Copy link
Collaborator

@adityasharad adityasharad left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

At this point we should not be merging 1.19 into master, but into next.

@asger-semmle
Copy link
Contributor Author

asger-semmle commented Dec 11, 2018

Ah, that explains it. Thanks.

@pavgust
Copy link
Contributor

pavgust commented Dec 11, 2018

This pull request introduces 160 alerts when merging 20ffdf4 into a4b3b1e - view on LGTM.com

new alerts:

  • 25 for Syntax error
  • 13 for Unused import
  • 12 for Variable defined multiple times
  • 9 for First argument of a method is not named 'self'
  • 8 for Statement has no effect
  • 4 for Empty except
  • 4 for Unused local variable
  • 4 for Missing call to __init__ during object initialization
  • 3 for Use of the return value of a procedure
  • 3 for First argument to super() is not enclosing class
  • 2 for Multiple calls to __init__ during object initialization
  • 2 for Unused named argument in formatting call
  • 2 for Except block handles 'BaseException'
  • 2 for Illegal raise
  • 2 for Overwriting attribute in super-class or sub-class
  • 2 for Explicit returns mixed with implicit (fall through) returns
  • 2 for Implicit string concatenation in a list
  • 2 for Multiple calls to __del__ during object destruction
  • 2 for Wrong number of arguments in a call
  • 2 for Wrong number of arguments in a class instantiation
  • 2 for File is not always closed
  • 1 for __iter__ method returns a non-iterator
  • 1 for Too few arguments in formatting call
  • 1 for Membership test with a non-container
  • 1 for Inconsistent method resolution order
  • 1 for Unmatchable dollar in regular expression
  • 1 for Non-exception in 'except' clause
  • 1 for Unmatchable caret in regular expression
  • 1 for Mutation of descriptor in __get__ or __set__ method.
  • 1 for Wrong name for an argument in a call
  • 1 for Formatted object is not a mapping
  • 1 for Mismatch in multiple assignment
  • 1 for Commented out code
  • 1 for Unsupported format character
  • 1 for Unreachable 'except' block
  • 1 for Duplication in regular expression character class
  • 1 for Comparison using is when operands support __eq__
  • 1 for Missing named arguments in formatting call
  • 1 for Non-callable called
  • 1 for Special method has incorrect signature
  • 1 for Maybe missing 'self' in comparison
  • 1 for Missing call to __del__ during object destruction
  • 1 for Iterable can be either a string or a sequence
  • 1 for Formatting string mixes implicitly and explicitly numbered fields
  • 1 for Superclass attribute shadows subclass method
  • 1 for Unnecessary 'else' clause in loop
  • 1 for First parameter of a class method is not named 'cls'
  • 1 for __init__ method is a generator
  • 1 for Missing part of special group in regular expression
  • 1 for Unused argument in a formatting call
  • 1 for Comparison of identical values
  • 1 for Unreachable code
  • 1 for Incomplete ordering
  • 1 for Explicit export is not defined
  • 1 for Wrong number of arguments for format
  • 1 for Backspace escape in regular expression
  • 1 for __del__ is called explicitly
  • 1 for NotImplemented is not an Exception
  • 1 for Module is imported with 'import' and 'import from'
  • 1 for Redundant assignment
  • 1 for Importing value of mutable attribute
  • 1 for __init__ method returns a value
  • 1 for Nested loops with same variable
  • 1 for Information exposure through an exception
  • 1 for Hard-coded credentials
  • 1 for Wrong name for an argument in a class instantiation
  • 1 for Nested loops with same variable reused after inner loop body
  • 1 for Returning tuples with varying lengths
  • 1 for Unnecessary delete statement in function
  • 1 for URL redirection from remote source
  • 1 for Unused exception object
  • 1 for Unguarded next in generator
  • 1 for Modification of dictionary returned by locals()
  • 1 for __init__ method calls overridden method

Comment posted by LGTM.com

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@adityasharad adityasharad adityasharad requested changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.