hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

3173 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
9133adac30 Java: Adjust csv validation. 2021-10-05 13:13:28 +02:00
Anders Schack-Mulligen
04892df45a Java: Include stream method overrides. 2021-10-05 13:13:28 +02:00
Anders Schack-Mulligen
af7d633f2f Java: Add Stream::mapMulti* and Stream::toList. 2021-10-05 13:13:28 +02:00
Anders Schack-Mulligen
ef80263106 Java: Add models for java.util.stream. 2021-10-05 13:13:27 +02:00
Anders Schack-Mulligen
5d63a76e25 Merge pull request #6797 from Marcono1234/marcono1234/remove-overwritten-NestedType-isStatic-qldoc 
Java: Remove overwritten `NestedType.isStatic()` QLDoc
 2021-10-05 13:05:53 +02:00
Tony Torralba
a86cbd884e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-10-05 09:40:22 +02:00
Marcono1234
0bce8234d8 Java: Remove overwritten NestedType.isStatic() QLDoc 
Did not mention nested non-member interfaces and record classes.
The documentation of the overridden `isStatic()` predicate already mentions
that this predicate holds for explicitly and implicitly static elements, so
overwriting it is not necessary and only adds more maintenance work.
 2021-10-04 16:30:57 +02:00
Anders Schack-Mulligen
745ece6e6d Merge pull request #6613 from Marcono1234/marcono1234/literals-test-split 
Java: Split literals tests
 2021-10-04 16:20:08 +02:00
Anders Schack-Mulligen
65a4f36cf8 Merge pull request #6767 from aschackmull/dataflow/callback-postupdate 
Dataflow: Support side-effects for callbacks in summaries.
 2021-10-04 11:13:18 +02:00
Marcono1234
e3fed55945 Java: Add tests for text blocks 2021-10-01 18:16:11 +02:00
Joe Farebrother
5e4498a53a Add more models; fix tests 2021-10-01 16:53:53 +01:00
Marcono1234
924b7320bc Java: Add test for NullLiteral 2021-10-01 17:27:54 +02:00
Anders Schack-Mulligen
6359c44622 Java: Autoformat. 2021-10-01 14:05:47 +02:00
Anders Schack-Mulligen
98f68cb053 Dataflow: Sync. 2021-10-01 13:11:43 +02:00
Anders Schack-Mulligen
d4f1a9602f Dataflow: Force high precision of certain Contents. 2021-10-01 13:03:50 +02:00
Anders Schack-Mulligen
eb26b4a04b Merge pull request #6755 from alexet/alexet/cache-params-string 
Java: Fix more performance issues with future versions of codeql.
 2021-10-01 12:54:53 +02:00
f1v3
168fc4170d Apply suggestions from code review 2021-09-30 14:26:14 +01:00
alexet
447eb23356 Java: Fix for tc magic issue with subtyping. 2021-09-29 16:01:08 +01:00
Joe Farebrother
3ae5f13c3d Generate tests and stubs 2021-09-29 15:44:21 +01:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Chris Smowton
413ac4e8f4 Merge pull request #6684 from owen-mc/java/model/apache-collections-subpackages 
Java: model remaining subpackages of Apache Commons Collections
 2021-09-28 12:28:48 +01:00
Anders Schack-Mulligen
e95dc82087 Autoformat. 2021-09-28 13:00:50 +02:00
Tony Torralba
cec6cd0830 Merge pull request #6724 from atorralba/atorralba/android-contentprovider-sources 
Java: Add sources for content providers in Android
 2021-09-28 12:13:54 +02:00
Anders Schack-Mulligen
9a9bbe3123 Dataflow: Support side-effects for callbacks in summaries. 2021-09-28 11:42:38 +02:00
Tony Torralba
46eb27cd01 Don't restrict inputs to be ParameterNodes 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-28 11:21:56 +02:00
Anders Schack-Mulligen
fc8b439263 Merge pull request #6740 from aschackmull/java/callback-dispatch 
Java: Add callback dispatch to more anonymous classes.
 2021-09-28 10:49:27 +02:00
Owen Mansel-Chan
342c14887b Fix existing models for MapUtils 2021-09-27 16:24:37 +01:00
Owen Mansel-Chan
f69787afd0 Miscellaneous model fixes 2021-09-27 16:24:30 +01:00
Owen Mansel-Chan
9b12980688 Do not model some protected methods 2021-09-27 16:24:29 +01:00
Owen Mansel-Chan
cb0f82c36e Do not modelled protected static inner classes 2021-09-27 16:24:29 +01:00
Owen Mansel-Chan
3b678bfbc5 Address review comments 2021-09-27 16:24:28 +01:00
Owen Mansel-Chan
e1750adc38 Address problems highlighted by generating tests 2021-09-27 16:24:27 +01:00
Owen Mansel-Chan
fd0fb9483e Model the remaining subpackages in Apache Commons Collections 2021-09-27 16:24:26 +01:00
Owen Mansel-Chan
3d1d491e6b Model java.lang.Object.clone() better for access paths. 
Model value flow for Element, MapKey and MapValue. This assumes
that clone() is a shallow copy.
 2021-09-27 16:24:25 +01:00
Anders Schack-Mulligen
cfa0d46b73 Merge pull request #6097 from atorralba/atorralba/promote-xslt-injection 
Java: Promote XSLT Injection from experimental
 2021-09-27 13:14:57 +02:00
Tony Torralba
d5f675c2dc Fix unbound field 
Add tests for non-exported providers
 2021-09-27 12:58:28 +02:00
Tony Torralba
78c12dc505 Move to lib 2021-09-27 12:04:14 +02:00
Tony Torralba
6967b06dee Decouple XsltInjection.qll to reuse the taint tracking configuration 2021-09-27 11:59:51 +02:00
Tony Torralba
6d9a88d1c8 Move to lib 2021-09-27 11:43:46 +02:00
alexet
49f8f46354 Java: Cache params string computation. 2021-09-24 14:12:26 +01:00
Anders Schack-Mulligen
854f2a046a Java: Add StringLiteral.isTextBlock(). 2021-09-24 13:11:18 +02:00
Tony Torralba
b52a2cd292 Apply code review comments 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-09-23 15:48:15 +02:00
Anders Schack-Mulligen
4841c3037d Java: Add callback dispatch to more anonymous classes. 2021-09-23 14:34:56 +02:00
Joe Farebrother
0919042692 Model Bundle and Intent extra methods 2021-09-23 12:03:45 +01:00
Tony Torralba
d0b9920cac Fix encryption sanitizer 
It now discards sensitive exprs (sources) instead of sinks for better precision
 2021-09-23 10:42:30 +02:00
Tony Torralba
51d2b5225e Remove cached property from SensitiveSource::flowsTo 2021-09-23 10:42:30 +02:00
Tony Torralba
a30554e97c Refactored cleartext storage libraries 2021-09-23 10:42:30 +02:00
Chris Smowton
93daaf5b5b Merge pull request #6174 from joefarebrother/guava-collections 
Java: Model Guava collections package
 2021-09-23 09:13:24 +01:00
Joe Farebrother
522c6e01d2 Sort models by class and name 2021-09-22 15:23:01 +01:00
Joe Farebrother
6e9bee1be7 Add missing models 2021-09-21 16:32:49 +01:00