hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4531 Commits

Author SHA1 Message Date
Tom Hvitved
587e6739d9 Merge pull request #11060 from hvitved/dataflow/path-node-reach-charpred 
Data flow: Restrict public `PathNode`s to those that may reach a sink
 2022-11-04 10:17:09 +01:00
Anders Schack-Mulligen
331b8c0144 Merge pull request #10904 from aschackmull/java/joinorders 
Java: Fix some join-orders.
 2022-11-04 09:24:31 +01:00
Michael Nebel
3c8fb0520e C#: Sync files. 2022-11-04 08:20:53 +01:00
Tom Hvitved
d3488da0c2 Data flow: Sync files 2022-11-03 15:52:30 +01:00
erik-krogh
c15f63ce62 sync files 2022-11-01 21:35:27 +01:00
Jami Cogswell
f40eefce57 use CompileTimeConstantExpr instead of StringLiteral 2022-10-27 17:11:07 -04:00
Jami Cogswell
65f7474110 simplify algorithm.matches 2022-10-27 16:44:03 -04:00
Jeroen Ketema
1d7efd8e82 Merge pull request #10905 from jsoref/spelling-code-scanning-product 
Spelling code scanning product
 2022-10-27 12:55:37 +02:00
Jami Cogswell
1bfdfc954b shorten class/predicate names 2022-10-26 16:30:14 -04:00
Tamas Vajk
9cc7a30a75 Kotlin: do not report on unused object extension parameters 2022-10-26 15:06:51 +02:00
Jami Cogswell
1e80fa118c add modules 2022-10-25 18:26:00 -04:00
Tamas Vajk
eaa04b72f1 Apply code review findings 2022-10-25 13:49:54 +02:00
Tamas Vajk
78c23c2657 Kotlin: Exclude constructs in serialization constructors from java/evaluation-to-constant 2022-10-25 13:49:54 +02:00
Chris Smowton
b9f4856d47 Merge pull request #10876 from smowton/smowton/feature/kotlin-default-method-auto-mad 
Java models-as-data: infer Kotlin $default models from that of its parent function
 2022-10-25 11:58:54 +01:00
Jami Cogswell
1a1245343d remove getNodeIntValue 2022-10-24 17:09:24 -04:00
Jami Cogswell
c742a09def remove AlgoSpec class 2022-10-24 16:15:18 -04:00
Jami Cogswell
d569f93e78 update getAlgoSpec 2022-10-24 16:05:57 -04:00
Jami Cogswell
09829d7f7a simplify instanceof usage 2022-10-24 15:49:41 -04:00
Jami Cogswell
8bc0a64863 remove KeyGenInitMethodAccess class 2022-10-24 15:42:36 -04:00
Jami Cogswell
eb69b98dff remove separators 2022-10-24 15:28:31 -04:00
Jami Cogswell
2ee23f004e update qldoc for AlgorithmParameterSpec 2022-10-24 15:22:33 -04:00
Jami Cogswell
4c8e0a7648 update qldoc of JavaSecurityKeyPairGenerator and JavaSecurityAlgoParamGenerator 2022-10-24 15:05:05 -04:00
Chris Smowton
7a0bded2ac Kotlin: support argument-range specifications for $default methods 2022-10-24 19:31:03 +01:00
Chris Smowton
5e28e5a170 Merge pull request #10909 from smowton/smowton/fix/kotlin-varargs-dataflow 
Kotlin: Fix varargs dataflow, and varargs default handling
 2022-10-21 13:32:34 +01:00
Chris Smowton
1fe9e8457f Kotlin: Fix varargs dataflow, and varargs default handling 
Dataflow requires accounting for the fact that the varargs parameter isn't necessarily last in the parameter list in a couple more places. Default handling just requires that if the only null parameter is the varargs argument, and it has no default value, then no $default method is required-- the caller is expected to simply pass nothing (at QL
/ source level) or an empty array (at JVM level).
 2022-10-21 11:14:41 +01:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
Anders Schack-Mulligen
9ebcaf80e7 Java: Fix some join-orders. 2022-10-20 14:23:36 +02:00
Josh Soref
f0d27c0257 spelling: properties 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:21:02 -04:00
Josh Soref
485543c2b5 spelling: precondition 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:21:01 -04:00
Josh Soref
1600825679 spelling: implicit 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-20 08:18:23 -04:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Chris Smowton
e868cdf91b Merge pull request #9876 from smowton/smowton/feature/interface-forwarding 
Kotlin: implement default interface forwarding
 2022-10-20 10:17:47 +01:00
Chris Smowton
c6b62c934b Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes 
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
 2022-10-19 16:48:28 +01:00
Jami Cogswell
e5982f19fa minor updates 2022-10-19 11:05:40 -04:00
Tony Torralba
0678b06a9b Apply review suggestions 2022-10-19 16:58:43 +02:00
Tony Torralba
25241276b0 Add change note 2022-10-19 16:29:36 +02:00
Tony Torralba
429bd5fbd8 Add flow summaries for startActivities 
Uses SyntheticCallables and SyntheticGlobals to pair each startActivities call to getIntent calls in the components targeted by the intent(s).
 2022-10-19 16:25:04 +02:00
Jami Cogswell
961e5c72a3 minor updates 2022-10-19 08:44:35 -04:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Jami Cogswell
4df0fbcce1 update tests 2022-10-19 01:17:57 -04:00
Jami Cogswell
dc8b62baa0 add support for AlgorithmParameterGenerator 2022-10-19 00:11:59 -04:00
Jami Cogswell
ff557a287f add min key size predicates 2022-10-18 23:08:54 -04:00
Chris Smowton
b148e3168f Java models-as-data: infer Kotlin $default models from that of its parent function 2022-10-18 18:17:08 +01:00
Tamás Vajk
543e2f5aab Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers 
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
 2022-10-18 09:10:57 +02:00
Jami Cogswell
5f39888a2d minor code restructure 2022-10-17 16:28:06 -04:00
Chris Smowton
b4c4a26e22 Element.hasChildElement: associate local classes specialisations with their unspecialised containing function 2022-10-17 18:43:12 +01:00
Chris Smowton
b763c406b6 hasChildElement: include method -> local class edges 2022-10-17 18:38:13 +01:00
Chris Smowton
e8a35983ee Implement Kotlin default interface method forwarding 
Kotlin's implementation of defaults depends on the -Xjvm-default setting (or the @JvmDefault deprecated annotation, not implemented here): by default, actual interface class files don't use default method, and any class that would inherit one instead implements the interface calling a static method defined on TheInterface$DefaultImpls. With
-Xjvm-default=all or =all-compatibility, real interface default methods are emitted, with the latter retaining the DefaultImpls methods so that other Kotlin can use it.

Here I adopt a hybrid solution: create a real default method implementation, but also emit a forwarding method like `@override int f(int x) { return super.TheInterface.f(x); }`, because the Java extractor will see `MyClass.f` in the emitted class file and try to dispatch directly to it. The only downside is that we emit a default interface
method body for a prototype that will appear to be `abstract` to the Java extractor and which it will extract as such. I work around this by tolerating the combination `default abstract` in QL. The alternative would be to fully mimic the DefaultImpls approach, giving 100% fidelity to kotlinc's strategy and therefore no clash with the Java
extractor's view of the world.
 2022-10-17 18:38:13 +01:00
Chris Smowton
8553266aae Allow specialised instances of anonymous classes 2022-10-17 11:27:05 +01:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00