hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1214 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
69353bb014 patch upper-case acronyms to be PascalCase 2022-03-11 11:10:33 +01:00
Jonathan Leitschuh
363fff2358 Cleanup from code review feedback 2022-03-09 10:48:06 -05:00
Jonathan Leitschuh
2e8b5f743b [Java] Add CompileTimeConstantExpr.getStringified method 
Removes CharacterLiteral from CompileTimeConstantExpr.getStringValue

Resolves:
 - https://github.com/github/codeql/pull/8325#issuecomment-1060470279
 - https://github.com/github/codeql/pull/8325#issuecomment-1060587205
 2022-03-07 20:11:38 -05:00
Jonathan Leitschuh
a21992ade9 Minor refactoring to improve tests and documentation 2022-03-07 18:40:53 -05:00
Jonathan Leitschuh
5b651f29d8 Fix insufficient tests and add documentation 2022-03-07 16:39:40 -05:00
Jonathan Leitschuh
38897f2ec1 Fixup tests from code review changes 2022-03-04 09:33:51 -05:00
Jonathan Leitschuh
17b6e66814 Apply suggestions from code review 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-03-04 09:29:57 -05:00
Jonathan Leitschuh
7ab193dde2 Add System.getProperties().getProperty support 2022-03-03 20:08:38 -05:00
Jonathan Leitschuh
04cd0dbfe9 [Java] Add CharacterLiteral to CompileTimeConstantExpr.getStringValue 2022-03-03 18:08:17 -05:00
Jonathan Leitschuh
31527a67e5 Refactor OS Checks & SystemProperty logic from review feedback 2022-03-03 17:15:35 -05:00
Jonathan Leitschuh
a7adbb7291 Refactor more system property access logic 2022-03-02 19:33:05 -05:00
Jonathan Leitschuh
3c53a05e16 Add OS Checks based upon separator or path separator 2022-03-02 14:15:56 -05:00
Jonathan Leitschuh
5913c9acad Refactor OS Guard Checks 2022-03-02 12:51:14 -05:00
Jonathan Leitschuh
fd63107edf Update OS Check from Review Feedback 2022-03-02 12:51:12 -05:00
Jonathan Leitschuh
9f5022ee95 Review fixup and add test for apache SystemUtils 2022-03-02 12:50:38 -05:00
Jonathan Leitschuh
cd073a2173 Java: Add Guard Classes for checking OS 2022-03-02 12:50:35 -05:00
Chris Smowton
b1c98ae3c2 Add further test directly examining signature of method with problematic parameter types 2022-02-24 17:39:11 +00:00
Asger Feldthaus
a121b73181 Java: update CSV rows to dot-separated syntax 2022-02-21 08:16:55 +01:00
Marcono1234
a496b1d1a1 Java: Add predicates for sealed classes 2022-02-14 21:04:38 +01:00
Alvaro Muñoz Sanchez
ba90fecc98 retab Test.java 2022-01-26 11:20:10 +01:00
Alvaro Muñoz Sanchez
9ee967d6db update test file 2022-01-25 12:42:41 +01:00
Alvaro Muñoz Sanchez
c49c7903a8 add java.util.regex models and tests 2022-01-25 10:50:39 +01:00
Tony Torralba
caab1c3332 Merge pull request #6963 from atorralba/atorralba/android-onactivityresult-source 
Android: Add the Intent parameter of the `onActivityResult` method as a source
 2022-01-20 14:27:30 +01:00
Tony Torralba
62f847a82e Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-01-20 13:44:10 +01:00
Tony Torralba
8767d2db23 Don't capitalize the term content provider 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-01-20 13:23:52 +01:00
Tony Torralba
c675028537 Add Fragment and Activity edge case 2022-01-19 16:08:28 +01:00
Tony Torralba
211cb9370f Add the Intent parameter of onActivityResult as a source 2022-01-19 16:08:25 +01:00
Tony Torralba
b16b0270d2 Merge pull request #6779 from atorralba/atorralba/android-implicit-pending-intents 
Java: CWE-927 - Query to detect the use of implicit PendingIntents
 2022-01-18 12:14:47 +01:00
Chris Smowton
9819752bdd Merge pull request #7526 from smowton/smowton/fix/restore-nodes-edges-consistency 
Don't include arg -> param edges in PathGraph::edges where arg is not reachable
 2022-01-18 11:05:47 +00:00
Benjamin Muskalla
8e6a15640f Model basic channel APIs 2022-01-18 10:40:39 +01:00
Anders Schack-Mulligen
aa9912a699 Java: Fix expected output 2022-01-18 10:36:52 +01:00
Benjamin Muskalla
a4429d01a3 Add tests for writer models 2022-01-14 11:12:35 +01:00
Tony Torralba
df95317a58 Fix tests after stub change 2022-01-14 10:33:21 +01:00
Tony Torralba
bd4abf4fd0 Additional Notification models 2022-01-14 10:32:38 +01:00
Tony Torralba
a59a4024a5 Update stubs 2022-01-14 10:32:36 +01:00
Tony Torralba
a0a914466c Rewording 2022-01-14 10:32:33 +01:00
Anders Schack-Mulligen
0b24af901d Merge pull request #7349 from aschackmull/dataflow/state 
Dataflow: Add support for flow state
 2022-01-14 09:12:38 +01:00
Anders Schack-Mulligen
a34c981209 Dataflow: Address comments. 2022-01-13 13:28:24 +01:00
Anders Schack-Mulligen
69973dadb3 Merge pull request #7548 from zbazztian/spring-taint-summaries 
Java: Add Spring and Apache Common Langs taint flow steps
 2022-01-13 13:00:41 +01:00
Sebastian Bauersfeld
69f329ffec Java: Add test cases for AbstractMessageSource.getMessage() methods 2022-01-13 14:13:27 +07:00
Sebastian Bauersfeld
39b6678b7d Java: Add test case for StringEscapeUtils.escapeJson() taint step. 2022-01-13 11:18:37 +07:00
Tamás Vajk
9065a7f320 Merge pull request #7573 from tamasvajk/fix/java-field-decl-tostr 
Java: Fix toString on field declarations with single field
 2022-01-12 13:03:16 +01:00
Tony Torralba
c2105e506b Added test cases 2022-01-12 11:06:58 +01:00
Tamas Vajk
b9e0310aa2 Java: Fix toString on field declarations with single field 2022-01-12 09:22:16 +01:00
Tony Torralba
7b0d9ea525 Merge pull request #7054 from atorralba/atorralba/promote-log-injection 
Java: Promote Log Injection from experimental
 2022-01-11 17:26:18 +01:00
Chris Smowton
e352a4b994 Note that parameterizations of local classes are themselves local 
Previously `LocalClass` itself would match `.isLocal()` whereas `LocalClass<Param>` would not. Rather than require each individual user to check for `.getSourceDeclaration().isLocal()`, let's note that the specializations themselves are local.
 2022-01-10 18:19:31 +00:00
Tony Torralba
0e738622df Merge branch 'main' into atorralba/promote-log-injection 2022-01-10 17:24:25 +01:00
Anders Schack-Mulligen
f590d2566e DataFlow: Fix test. 2022-01-10 11:25:52 +01:00
Tony Torralba
a3b25f0eb5 Don't consider subtypes of fields 2021-12-15 13:00:16 +01:00
Tony Torralba
47002a3bd7 Fix test 2021-12-15 13:00:16 +01:00