Skip to content

Commit 41775c9

Browse files
authored
Merge pull request #233 from Semmle/qlucie/master
Master-to-next merge
2 parents 314e1a1 + 4ff79b0 commit 41775c9

402 files changed

Lines changed: 13308 additions & 8078 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.editorconfig

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,2 @@
1-
[*.{ql,qll,qlref,dbscheme,qhelp}]
2-
end_of_line = lf
1+
[*]
2+
end_of_line = lf

.gitattributes

Lines changed: 44 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,17 +1,48 @@
1-
# The following file types will be normalized to LF line endings in the Git
2-
# database, and will keep those LF line endings in the working tree even on
3-
# Windows. Any other files will have whatever line endings they had when they
4-
# were committed. If you add new entries below, you should renormalize the
5-
# affected files by running the following from the root of this repo (requires
6-
# Git 2.16 or greater):
1+
# Text files will be normalized to LF line endings in the Git database, and will keep those LF line
2+
# endings in the working tree even on Windows. If you make changes below, you should renormalize the
3+
# affected files by running the following from the root of this repo (requires Git 2.16 or greater):
74
#
85
# git add --renormalize .
96
# git status [just to show what files were renormalized]
107
# git commit -m "Normalize line endings"
11-
#
12-
# Also, please update .editorconfig to handle any new entries as well.
13-
*.ql eol=lf
14-
*.qll eol=lf
15-
*.qlref eol=lf
16-
*.dbscheme eol=lf
17-
*.qhelp eol=lf
8+
9+
# Anything Git auto-detects as text gets normalized and checked out as LF
10+
* text=auto eol=lf
11+
12+
# Explicitly set a bunch of known extensions to text, in case auto detection gets confused.
13+
*.ql text
14+
*.qll text
15+
*.qlref text
16+
*.dbscheme text
17+
*.qhelp text
18+
*.html text
19+
*.htm text
20+
*.xhtml text
21+
*.xhtm text
22+
*.js text
23+
*.mjs text
24+
*.ts text
25+
*.json text
26+
*.yml text
27+
*.yaml text
28+
*.c text
29+
*.cpp text
30+
*.h text
31+
*.hpp text
32+
*.md text
33+
*.stats text
34+
*.xml text
35+
*.sh text
36+
*.pl text
37+
*.java text
38+
*.cs text
39+
*.py text
40+
*.lua text
41+
*.expected text
42+
43+
# Explicitly set a bunch of known extensions to binary, because Git < 2.10 will treat
44+
# `* text=auto eol=lf` as `* text eol=lf`
45+
*.png -text
46+
*.jpg -text
47+
*.jpeg -text
48+
*.gif -text

.gitignore

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -8,3 +8,8 @@
88
# qltest projects and artifacts
99
*/ql/test/**/*.testproj
1010
*/ql/test/**/*.actual
11+
/.vs/slnx.sqlite
12+
/.vs/ql/v15/Browse.VC.opendb
13+
/.vs/ql/v15/Browse.VC.db
14+
/.vs/ProjectSettings.json
15+

CODEOWNERS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,2 +1,3 @@
11
/csharp/ @Semmle/cs
2+
/java/ @Semmle/java
23
/javascript/ @Semmle/js

change-notes/1.19/analysis-cpp.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
# Improvements to C/C++ analysis
2+
3+
## General improvements
4+
5+
## New queries
6+
7+
| **Query** | **Tags** | **Purpose** |
8+
|-----------------------------|-----------|--------------------------------------------------------------------|
9+
| *@name of query (Query ID)* | *Tags* |*Aim of the new query and whether it is enabled by default or not* |
10+
11+
## Changes to existing queries
12+
13+
| **Query** | **Expected impact** | **Change** |
14+
|----------------------------|------------------------|------------------------------------------------------------------|
15+
| Resource not released in destructor | Fewer false positive results | Placement new is now excluded from the query. |
16+
17+
18+
## Changes to QL libraries
19+
20+
* Added a hash consing library for structural comparison of expressions.

change-notes/1.19/analysis-javascript.md

Lines changed: 14 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,17 +2,27 @@
22

33
## General improvements
44

5+
* Modelling of taint flow through array operations has been improved. This may give additional results for the security queries.
6+
7+
* Support for popular libraries has been improved. Consequently, queries may produce more results on code bases that use the following features:
8+
- file system access, for example through [fs-extra](https://github.com/jprichardson/node-fs-extra) or [globby](https://www.npmjs.com/package/globby)
9+
10+
511
## New queries
612

7-
| **Query** | **Tags** | **Purpose** |
8-
|-----------------------------|-----------|--------------------------------------------------------------------|
9-
| *@name of query (Query ID)* | *Tags* |*Aim of the new query and whether it is enabled by default or not* |
13+
| **Query** | **Tags** | **Purpose** |
14+
|-----------------------------------------------|------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
15+
| Enabling Node.js integration for Electron web content renderers (`js/enabling-electron-renderer-node-integration`) | security, frameworks/electron, external/cwe/cwe-094 | Highlights Electron web content renderer preferences with Node.js integration enabled, indicating a violation of [CWE-94](https://cwe.mitre.org/data/definitions/94.html). Results are not shown on LGTM by default. |
16+
| Stored cross-site scripting (`js/stored-xss`) | security, external/cwe/cwe-079, external/cwe/cwe-116 | Highlights uncontrolled stored values flowing into HTML content, indicating a violation of [CWE-079](https://cwe.mitre.org/data/definitions/79.html). Results shown on LGTM by default. |
17+
| Replacement of a substring with itself (`js/identity-replacement`) | correctness, security, external/cwe/cwe-116 | Highlights string replacements that replace a string with itself, which usually indicates a mistake. Results shown on LGTM by default. |
1018

1119
## Changes to existing queries
1220

1321
| **Query** | **Expected impact** | **Change** |
1422
|--------------------------------|----------------------------|----------------------------------------------|
1523
| Regular expression injection | Fewer false-positive results | This rule now identifies calls to `String.prototype.search` with more precision. |
16-
24+
| Unbound event handler receiver | Fewer false-positive results | This rule now recognizes additional ways class methods can be bound. |
25+
| Remote property injection | Fewer results | The precision of this rule has been revised to "medium". Results are no longer shown on LGTM by default. |
26+
| Missing CSRF middleware | Fewer false-positive results | This rule now recognizes additional CSRF protection middlewares. |
1727

1828
## Changes to QL libraries

config/identical-files.json

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -54,5 +54,10 @@
5454
"C++ SSA SSAConstruction": [
5555
"cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/internal/SSAConstruction.qll",
5656
"cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/internal/SSAConstruction.qll"
57+
],
58+
"C++ IR ValueNumber": [
59+
"cpp/ql/src/semmle/code/cpp/ir/implementation/raw/gvn/ValueNumbering.qll",
60+
"cpp/ql/src/semmle/code/cpp/ir/implementation/unaliased_ssa/gvn/ValueNumbering.qll",
61+
"cpp/ql/src/semmle/code/cpp/ir/implementation/aliased_ssa/gvn/ValueNumbering.qll"
5762
]
5863
}

cpp/config/suites/security/cwe-120

Lines changed: 13 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,13 @@
1-
# CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
2-
+ semmlecode-cpp-queries/Security/CWE/CWE-120/UnboundedWrite.ql: /CWE/CWE-120
3-
@name Unbounded write (CWE-120)
4-
+ semmlecode-cpp-queries/Security/CWE/CWE-120/BadlyBoundedWrite.ql: /CWE/CWE-120
5-
@name Badly bounded write (CWE-120)
6-
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120
7-
@name Potentially overrunning write (CWE-120)
8-
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120
9-
@name Potentially overrunning write with float to string conversion (CWE-120)
10-
+ semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120
11-
@name Array offset used before range check (CWE-120)
12-
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120
13-
@name Potentially unsafe use of strcat (CWE-120)
1+
# CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
2+
+ semmlecode-cpp-queries/Security/CWE/CWE-120/UnboundedWrite.ql: /CWE/CWE-120
3+
@name Unbounded write (CWE-120)
4+
+ semmlecode-cpp-queries/Security/CWE/CWE-120/BadlyBoundedWrite.ql: /CWE/CWE-120
5+
@name Badly bounded write (CWE-120)
6+
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWrite.ql: /CWE/CWE-120
7+
@name Potentially overrunning write (CWE-120)
8+
+ semmlecode-cpp-queries/Security/CWE/CWE-120/OverrunWriteFloat.ql: /CWE/CWE-120
9+
@name Potentially overrunning write with float to string conversion (CWE-120)
10+
+ semmlecode-cpp-queries/Best Practices/Likely Errors/OffsetUseBeforeRangeCheck.ql: /CWE/CWE-120
11+
@name Array offset used before range check (CWE-120)
12+
+ semmlecode-cpp-queries/Likely Bugs/Memory Management/UnsafeUseOfStrcat.ql: /CWE/CWE-120
13+
@name Potentially unsafe use of strcat (CWE-120)

cpp/config/suites/security/cwe-121

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,3 @@
1-
# CWE-121: Stack-based Buffer Overflow
2-
+ semmlecode-cpp-queries/Security/CWE/CWE-121/UnterminatedVarargsCall.ql: /CWE/CWE-121
3-
@name Unterminated variadic call (CWE-121)
1+
# CWE-121: Stack-based Buffer Overflow
2+
+ semmlecode-cpp-queries/Security/CWE/CWE-121/UnterminatedVarargsCall.ql: /CWE/CWE-121
3+
@name Unterminated variadic call (CWE-121)

cpp/config/suites/security/cwe-131

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
1-
# CWE-131: Incorrect Calculation of Buffer Size
2-
+ semmlecode-cpp-queries/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql: /CWE/CWE-131
3-
@name No space for zero terminator (CWE-131)
4-
+ semmlecode-cpp-queries/Critical/SizeCheck.ql: /CWE/CWE-131
5-
@name Not enough memory allocated for pointer type (CWE-131)
6-
+ semmlecode-cpp-queries/Critical/SizeCheck2.ql: /CWE/CWE-131
7-
@name Not enough memory allocated for array of pointer type (CWE-131)
1+
# CWE-131: Incorrect Calculation of Buffer Size
2+
+ semmlecode-cpp-queries/Security/CWE/CWE-131/NoSpaceForZeroTerminator.ql: /CWE/CWE-131
3+
@name No space for zero terminator (CWE-131)
4+
+ semmlecode-cpp-queries/Critical/SizeCheck.ql: /CWE/CWE-131
5+
@name Not enough memory allocated for pointer type (CWE-131)
6+
+ semmlecode-cpp-queries/Critical/SizeCheck2.ql: /CWE/CWE-131
7+
@name Not enough memory allocated for array of pointer type (CWE-131)

0 commit comments

Comments
 (0)