hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into redsun82/cargo-upgrade-2

Browse Source
This commit is contained in:
Paolo Tranquilli
2025-07-15 17:25:40 +02:00
parent e79938b597 9c3e275e66
commit fd8ab05724
2 changed files with 42 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
java/ql/lib/semmle/code/java/Overlay.qll
View File

@@ -72,3 +72,41 @@ private predicate discardReferableLocatable(@locatable el) {
not drl.existsInOverlay()
)
}
overlay[local]
private predicate baseConfigLocatable(@configLocatable l) { not isOverlay() and exists(l) }
overlay[local]
private predicate overlayHasConfigLocatables() {
isOverlay() and
exists(@configLocatable el)
}
overlay[discard_entity]
private predicate discardBaseConfigLocatable(@configLocatable el) {
// The properties extractor is currently not incremental, so if
// the overlay contains any config locatables, the overlay should
// contain a full extraction and all config locatables from base
// should be discarded.
baseConfigLocatable(el) and overlayHasConfigLocatables()
}
overlay[local]
private predicate baseXmlLocatable(@xmllocatable l) {
not isOverlay() and not files(l, _) and not xmlNs(l, _, _, _)
}
overlay[local]
private predicate overlayHasXmlLocatable() {
isOverlay() and
exists(@xmllocatable l | not files(l, _) and not xmlNs(l, _, _, _))
}
overlay[discard_entity]
private predicate discardBaseXmlLocatable(@xmllocatable el) {
// The XML extractor is currently not incremental, so if
// the overlay contains any XML locatables, the overlay should
// contain a full extraction and all XML locatables from base
// should be discarded.
baseXmlLocatable(el) and overlayHasXmlLocatable()
}

4
java/ql/src/Violations of Best Practice/SpecialCharactersInLiterals/NonExplicitControlAndWhitespaceCharsInLiterals.ql
View File

@@ -23,6 +23,7 @@ class ReservedUnicodeInLiteral extends Literal {
ReservedUnicodeInLiteral() {
not this instanceof CharacterLiteral and
this.getCompilationUnit().fromSource() and
exists(int codePoint |
this.getLiteral().codePointAt(indexStart) = codePoint and
(
@@ -45,6 +46,9 @@ where
literal.getIndexStart() = charIndex and
literal.getLiteral().codePointAt(charIndex) = codePoint and
not literal.getEnclosingCallable() instanceof LikelyTestMethod and
// Kotlin extraction doesn't preserve the literal value so we can't distinguish
// between control characters and their escaped versions, so we exclude Kotlin
// to avoid false positives.
not literal.getFile().isKotlinSourceFile()
select literal,
"Literal value contains control or non-printable whitespace character(s) starting with Unicode code point "