hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,569 Commits 1,672 Branches 157 Tags
aeisenberg/codeql-workspace
Commit Graph

1326 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
4a67ac5e0b Merge pull request #4991 from JLLeitschuh/feat/JLL/early_ratpack_support 
Java: Simple support for Ratpack HTTP Framework
 2021-10-27 09:25:52 +02:00
Joe Farebrother
02b440b0ed Merge pull request #6599 from joefarebrother/android-sensitive-communication 
Java: Promote android sensitive broadcast query
 2021-10-26 13:48:58 +01:00
Jonathan Leitschuh
21aeee6378 Actually remove the last non-ascii quote from Promise 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-26 08:28:44 -04:00
Ian Lynagh
f73f418a97 Java: Make a test output a bit more readable 
Now the nodes are in index order, and the indices are aligned.
 2021-10-25 18:48:19 +01:00
Jonathan Leitschuh
ebe2c26f4d Remove the last non-ascii quote from Promise 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-25 11:30:12 -04:00
Jonathan Leitschuh
5eb28398f0 Remove non-ASCII characters from Promise.java 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-22 10:52:46 -04:00
Tony Torralba
1333f67a69 Merge pull request #6917 from JLLeitschuh/feat/JLL/jdk_lambda_collections_model_tracking 
[Java] JDK Collection lambda models
 2021-10-22 10:26:50 +02:00
Joe Farebrother
a9dde419d2 Fix up test 2021-10-21 16:46:07 +01:00
Joe Farebrother
447e06d92a Rename from SensitiveBroadcast to SensitiveCommmunication 2021-10-20 17:09:59 +01:00
Joe Farebrother
daf6ac2584 Update tests to InlineFlowTest 2021-10-20 17:09:58 +01:00
Joe Farebrother
d7c7776495 Add additional models; fix up tests 2021-10-20 17:09:57 +01:00
Joe Farebrother
ae461bcfe4 Switch to inline expectations tests 2021-10-20 17:09:57 +01:00
Joe Farebrother
c68a7077d7 Move query and tests out of experimental 2021-10-20 17:09:56 +01:00
Jonathan Leitschuh
cce3aad62e Remove non-ASCII characters from Handler.java 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-20 11:34:59 -04:00
Tom Hvitved
29cdc8a49a Java: Update expected test output after rebase 2021-10-20 12:11:59 +02:00
Jonathan Leitschuh
d4b18fe6a3 [Java] JDK Collection lambda models 
Adds support for data flow tracking through simple JDK collection
functional APIs.
 - `Iterable::forEach`
 - `Iterator::forEachRemaining`
 - `Map::forEach`

Replaces #5871

Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-19 15:57:58 -04:00
Jonathan Leitschuh
584c27a2f8 Move CollectionPassingTest to correct directory 2021-10-19 11:44:12 -04:00
haby0
679652e63a Modify Sanitizer 2021-10-19 12:49:08 +01:00
haby0
d0eec1e381 Add CWE-552-UnsafeUrlForward 2021-10-19 12:49:07 +01:00
Anders Schack-Mulligen
6508afe824 Merge pull request #6900 from Marcono1234/marcono1234/MemberRefExpr-receiver-type 
Java: Add `MemberRefExpr.getReceiverType()`
 2021-10-19 10:49:15 +02:00
Jonathan Leitschuh
db2892b9ea Resove taint tracking issues from asMultimap 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 14:30:46 -04:00
Jonathan Leitschuh
5a2bdc9a0f Jackson taint tracking of elements 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
8fecc158ff Add support for Map.forEach 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
23e60e2c52 Add full integration test for Ratpack example 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
ebbbda70c0 Ratpack tests all passing 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:11 -04:00
Jonathan Leitschuh
fe374f5e9c Ratpack: Add support for Promise::apply 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
6562ac3680 Ratpack conversion to new lambda model 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
4f90f0a748 Begin refactoring Ratpack to use functional taint tracking 
Signed-off-by: Jonathan Leitschuh <Jonathan.Leitschuh@gmail.com>
 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
6497a61c1d Ratpack: Drop support for flatMap like methods 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
901631ceb8 Ratpack Promise add support for apply method 2021-10-18 12:21:10 -04:00
Jonathan Leitschuh
b9dc3d0cfe Ratpack: Better support for Promise API 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
cdfdcc66bd Ratpack fix formatting and non-ascii characters 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
a3b1736a73 Ratpack improve support for parsing types 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
563e5690df Refactor Ratpack to use CSV format 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
4f658df0ac Apply suggestions from code review 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-10-18 12:21:09 -04:00
Jonathan Leitschuh
b2e3df29b3 Add support for Promise.value and Promise::flatMap 2021-10-18 12:21:08 -04:00
Jonathan Leitschuh
170657b9a4 Add additional Ratpack test and improve Promise based dataflow tracking 2021-10-18 12:21:08 -04:00
Jonathan Leitschuh
dabf00e8b4 Add Tests to Ratpack Framework Support 2021-10-18 12:21:08 -04:00
Tony Torralba
e3b46f25a5 Merge branch 'main' into atorralba/fix-local-and-remote-flow-tests 2021-10-18 08:52:37 +02:00
Marcono1234
43b7bc52ca Java: Add MemberRefExpr.getReceiverType() 2021-10-18 00:26:19 +02:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Anders Schack-Mulligen
0e5f89a03c Merge pull request #6463 from smowton/smowton/admin/gson-unsafe-deserialization 
Java: add Gson support to unsafe-deserialization query
 2021-10-12 16:15:27 +02:00
Tom Hvitved
10739b11ee Merge pull request #6841 from hvitved/dataflow/incorrect-summary-chaining 
Data flow: Add tests for missing summary flow
 2021-10-12 15:44:21 +02:00
Tom Hvitved
296e268339 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-10-12 14:28:32 +02:00
Chris Smowton
8816aa1431 Improve Android stub fidelity to the point that all relevant tests work 
Note these still aren't entirely mechanically generated stubs matching the real Android 9.
 2021-10-12 12:35:05 +01:00
Chris Smowton
205b6fe6d7 Fix bad merge on Uri.java 2021-10-12 12:35:05 +01:00
Chris Smowton
9e0b112f05 Remove now-unnecessary models and tests 2021-10-12 12:35:05 +01:00
Chris Smowton
1dffbcd0bd Fix tests disrupted by re-modelling and stubbing Android 9: 
* Account for changed dataflow graph shape using external flow
* Account for BaseBundle only existing as of Android 5
* Properly implement Parcelable, which we previously got away with due to a partial stub
* Restore an Android 11 function that had been added to the Android 9 Context class (I won't get into enforcing the difference in this PR)
 2021-10-12 12:35:05 +01:00
Chris Smowton
fc0b18cf61 Add tests for Android flow steps 2021-10-12 12:35:05 +01:00
Chris Smowton
cd2c9e9ca3 Add Gson support to unsafe deserialization query 2021-10-12 12:35:04 +01:00