hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

3173 Commits

Author SHA1 Message Date
Jami Cogswell
09829d7f7a simplify instanceof usage 2022-10-24 15:49:41 -04:00
Jami Cogswell
8bc0a64863 remove KeyGenInitMethodAccess class 2022-10-24 15:42:36 -04:00
Jami Cogswell
eb69b98dff remove separators 2022-10-24 15:28:31 -04:00
Jami Cogswell
2ee23f004e update qldoc for AlgorithmParameterSpec 2022-10-24 15:22:33 -04:00
Jami Cogswell
4c8e0a7648 update qldoc of JavaSecurityKeyPairGenerator and JavaSecurityAlgoParamGenerator 2022-10-24 15:05:05 -04:00
Chris Smowton
7a0bded2ac Kotlin: support argument-range specifications for $default methods 2022-10-24 19:31:03 +01:00
Chris Smowton
1fe9e8457f Kotlin: Fix varargs dataflow, and varargs default handling 
Dataflow requires accounting for the fact that the varargs parameter isn't necessarily last in the parameter list in a couple more places. Default handling just requires that if the only null parameter is the varargs argument, and it has no default value, then no $default method is required-- the caller is expected to simply pass nothing (at QL
/ source level) or an empty array (at JVM level).
 2022-10-21 11:14:41 +01:00
Anders Schack-Mulligen
9ebcaf80e7 Java: Fix some join-orders. 2022-10-20 14:23:36 +02:00
Chris Smowton
e868cdf91b Merge pull request #9876 from smowton/smowton/feature/interface-forwarding 
Kotlin: implement default interface forwarding
 2022-10-20 10:17:47 +01:00
Chris Smowton
c6b62c934b Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes 
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
 2022-10-19 16:48:28 +01:00
Jami Cogswell
e5982f19fa minor updates 2022-10-19 11:05:40 -04:00
Tony Torralba
0678b06a9b Apply review suggestions 2022-10-19 16:58:43 +02:00
Tony Torralba
429bd5fbd8 Add flow summaries for startActivities 
Uses SyntheticCallables and SyntheticGlobals to pair each startActivities call to getIntent calls in the components targeted by the intent(s).
 2022-10-19 16:25:04 +02:00
Jami Cogswell
961e5c72a3 minor updates 2022-10-19 08:44:35 -04:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Jami Cogswell
4df0fbcce1 update tests 2022-10-19 01:17:57 -04:00
Jami Cogswell
dc8b62baa0 add support for AlgorithmParameterGenerator 2022-10-19 00:11:59 -04:00
Jami Cogswell
ff557a287f add min key size predicates 2022-10-18 23:08:54 -04:00
Chris Smowton
b148e3168f Java models-as-data: infer Kotlin $default models from that of its parent function 2022-10-18 18:17:08 +01:00
Tamás Vajk
543e2f5aab Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers 
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
 2022-10-18 09:10:57 +02:00
Jami Cogswell
5f39888a2d minor code restructure 2022-10-17 16:28:06 -04:00
Chris Smowton
b4c4a26e22 Element.hasChildElement: associate local classes specialisations with their unspecialised containing function 2022-10-17 18:43:12 +01:00
Chris Smowton
b763c406b6 hasChildElement: include method -> local class edges 2022-10-17 18:38:13 +01:00
Chris Smowton
e8a35983ee Implement Kotlin default interface method forwarding 
Kotlin's implementation of defaults depends on the -Xjvm-default setting (or the @JvmDefault deprecated annotation, not implemented here): by default, actual interface class files don't use default method, and any class that would inherit one instead implements the interface calling a static method defined on TheInterface$DefaultImpls. With
-Xjvm-default=all or =all-compatibility, real interface default methods are emitted, with the latter retaining the DefaultImpls methods so that other Kotlin can use it.

Here I adopt a hybrid solution: create a real default method implementation, but also emit a forwarding method like `@override int f(int x) { return super.TheInterface.f(x); }`, because the Java extractor will see `MyClass.f` in the emitted class file and try to dispatch directly to it. The only downside is that we emit a default interface
method body for a prototype that will appear to be `abstract` to the Java extractor and which it will extract as such. I work around this by tolerating the combination `default abstract` in QL. The alternative would be to fully mimic the DefaultImpls approach, giving 100% fidelity to kotlinc's strategy and therefore no clash with the Java
extractor's view of the world.
 2022-10-17 18:38:13 +01:00
Chris Smowton
8553266aae Allow specialised instances of anonymous classes 2022-10-17 11:27:05 +01:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00
Jami Cogswell
da218fdbf1 clean up code 2022-10-14 13:03:34 -04:00
Jami Cogswell
0334470f33 remove commented out predicates that relied on typeFlag 2022-10-14 10:55:30 -04:00
Jami Cogswell
47030df8ac remove commented-out 3 configs 2022-10-14 09:26:44 -04:00
Anders Schack-Mulligen
5ce4483a8e Merge pull request #10795 from aschackmull/java/synth-callable 
Java: Add support for synthetic callables with flow summaries and model Stream.collect
 2022-10-14 10:58:14 +02:00
Jami Cogswell
6eb58d832c remove dependence on typeFlag 2022-10-14 00:47:57 -04:00
Jami Cogswell
c61f23baae experiment with more code condensing 2022-10-13 23:24:06 -04:00
Jami Cogswell
2daa3457d7 combine three configs into one 2022-10-13 17:57:56 -04:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Anders Schack-Mulligen
ad8f0fc1dd Java: Address review comments. 2022-10-13 14:55:55 +02:00
Anders Schack-Mulligen
2848909450 Dataflow: Add support for synthetic global fields in MaD. 2022-10-13 14:18:13 +02:00
Anders Schack-Mulligen
51dfb319f5 Java: autoformat 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
ac3379657d Java: qldoc fix and changenote. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
8c7b6d6f20 Java: Add support for synthetic callables with flow summaries and model Stream.collect. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
036724ce8d Dataflow: Sync. 2022-10-13 11:03:30 +02:00
Anders Schack-Mulligen
c4915b27e7 Dataflow: Add additional annotation. 2022-10-13 11:03:08 +02:00
Tamás Vajk
6c781b5b1a Merge pull request #10789 from tamasvajk/kotlin-useless-params 
Kotlin: reduce FPs in useless parameter check for Kotlin code
 2022-10-13 09:40:54 +02:00
Jami Cogswell
e0f0d554cb condense code 2022-10-12 22:18:07 -04:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Jami Cogswell
bcb506b637 add placeholder qldocs 2022-10-12 17:04:51 -04:00
Jami Cogswell
bfbb6db436 clean up code 2022-10-12 16:58:34 -04:00
Jami Cogswell
37d85587e0 refactor code into InsufficientKeySize.qll 2022-10-12 15:39:57 -04:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00