hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4250 Commits

Author SHA1 Message Date
Ed Minnix
f4dbd41036 Test files for Activity Alias 2022-12-06 23:11:48 -05:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
Chris Smowton
d37a10e4f1 Accept test changes: methods no longer appearing to be final 
This is actually a bug, which we should follow up on subsequently.
 2022-12-06 18:38:31 +00:00
Chris Smowton
59eb81b50a Accept test changes: a raw class getting extracted solely for use in a signature 
We could revert this by allowing useType to avoid triggering class-instance extraction when used just for its signature result
 2022-12-06 18:35:04 +00:00
Chris Smowton
f5579d59f8 Accept test changes: classes no longer getting multiple locations 2022-12-06 18:35:04 +00:00
Chris Smowton
9f722a7e12 Disable java_and_kotlin inconsistency test; accept changes 
This was testing that a signature inconsistency occurs, but this now manifests as a db inconsistency which can't be used as a test expectation because specific tuple numbers are liable to change with the environment.
 2022-12-06 18:35:04 +00:00
Chris Smowton
f2fded6486 Accept jvmstatic-annotation changes 
These occur because the Companion field is odd, being extracted from source but not having an associated FieldDeclaration, leading to PrintAst enumerating the node differently depending on whether it has a source-file location or not but in either case choosing not to show it.
 2022-12-06 18:35:04 +00:00
Chris Smowton
5e023bf619 Remove no-longer-applicable diagnostic matches 
These resulted from the Java compiler exploring NotNull and other Kotlin-emitted annotations, which it no longer does because it finds a .class trap file already present and truncates its class-graph walk
 2022-12-06 18:35:04 +00:00
Michael Nebel
8e4190d84a Merge pull request #11516 from michaelnebel/java/externalflowcleanup 
Java: Cleanup imports of `ExternalFlow`
 2022-12-06 14:26:39 +01:00
retanoj
de652e1e27 expected 2022-12-06 18:09:48 +08:00
retanoj
fb8559f03a tiny fix function name 2022-12-06 18:03:00 +08:00
retanoj
d2140eb4b1 MyBatisAnnotationSqlInjection no @Param case 2022-12-06 17:07:49 +08:00
Tony Torralba
47d61e0b4d Add test for File.startsWith 2022-12-05 11:52:50 +01:00
Tony Torralba
71a6b09bad Minor syntax change in tests 2022-12-05 11:52:02 +01:00
Tony Torralba
21b51b48eb Adapt PathSanitizer to Kotlin 2022-12-05 11:00:57 +01:00
Michael Nebel
4c7cdc6245 Java: Remove unneeded imports of ExternalFlow.qll. 2022-12-05 09:49:38 +01:00
Chris Smowton
ff4baf096f Don't add name mangling to top-level internal functions 
Turns out kotlinc only adds this sort of name mangling to class member functions
 2022-12-02 20:16:19 +00:00
Jami
edfcc0cd6d Merge pull request #11487 from jcogs33/jcogs33/supportedexternalapis-telemetry-query 
Java/C#: add SupportedExternalApis telemetry query
 2022-12-02 13:27:51 -05:00
Mauro Baluda
04f1fe523a Update Test.java 2022-12-02 18:01:10 +01:00
Michael Nebel
b80829a3a0 Java/Kotlin: Cleanup files needed for inline models. 2022-12-02 12:20:22 +01:00
Jami Cogswell
0e3e849ead add negative summary test for java 2022-12-01 15:49:12 -05:00
Jami Cogswell
94c5d53192 add a couple more tests 2022-11-30 18:51:05 -05:00
Jami Cogswell
7f45e320d8 add tests 2022-11-30 18:07:45 -05:00
Ian Lynagh
7eaef0cd3d Merge pull request #11436 from igfoo/igfoo/NamingConventionsRefTypes 
Kotlin: Enable java/misnamed-type query
 2022-11-29 18:39:18 +00:00
Ian Lynagh
7863bc2c99 Kotlin: Accept test output 2022-11-28 12:14:36 +00:00
Michael Nebel
43a63d6373 Java: Convert all models to data extensions in testcases. 2022-11-28 12:30:36 +01:00
Michael Nebel
805430983c Java: Convert commons-io to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
7b6f202f23 Java: Renaming. 2022-11-28 12:30:34 +01:00
Michael Nebel
abe4d99e12 Java: Make some rudimentary tooling for testing the flow test case generator script. 2022-11-28 09:07:40 +01:00
Ian Lynagh
a423f5f695 Kotlin: Enable java/misnamed-type query 
We used to get alerts for the class around a local function, a lambda,
or a function reference, which we give name "". Now those are marked as
compiler-generated, and the query ignores compiler-generated types.
 2022-11-25 17:11:40 +00:00
Chris Smowton
32847c125a Accept more test changes due to variable locations changing 
There is also one non-location change: kotlin.Byte (and likely other primitives) now have real equals and toString overrides, which matches their native source and documentation; before they appeared to have fake overrides.
 2022-11-25 10:47:48 +00:00
Chris Smowton
8ec681e61c Kotlin: bump default CI version to 1.7.20 
A bunch of test expectations change because 7f531d8426 means that we now see (a) local variable declarations with source locations covering only their identifier, not the whole statement, and (b) more SYNTHETIC_OFFSET values for the parts of a destructuring assignment
or initialiser, which show up as file.kt:0:0:0:0 in DbLocation form.
 2022-11-25 10:19:26 +00:00
Tony Torralba
adf905d838 Merge pull request #11368 from ka1n4t/main 
Java: Add binding between annotation and sink-param in MyBatis SQL Injection query
 2022-11-24 14:34:57 +01:00
Tony Torralba
4bbc1dc734 Update test expectations 2022-11-24 12:34:48 +01:00
Tony Torralba
443d0f50c1 Apply suggestions from code review 2022-11-24 11:10:07 +01:00
ka1n4t
d113fb23c8 Add test case for PR-11368 2022-11-23 11:05:58 +08:00
Tony Torralba
43f4dd8bc4 Consider taint through bitwise operations on PendingIntent flags 2022-11-22 11:39:30 +01:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
Tony Torralba
e28f1ffe18 Merge pull request #11346 from atorralba/atorralba/java/fix-path-models 
Java: Fix a couple of taint models for `java.nio.file.Path(s)`
 2022-11-21 16:57:00 +01:00
Tony Torralba
57656d0a7e Fix a couple of java.nio.file.Path(s) MaD rows 2022-11-21 15:14:02 +01:00
Tony Torralba
2809c3a77c Handle disabled Maven repositories 2022-11-21 10:11:57 +01:00
Chris Smowton
cf34dbd276 Kotlin: format string literals like the Java annotaton extractor 
Java's regular strings are formatted as they appear in source, but we don't easily have this information available in Kotlin. During annotation extraction however it guesses a source rendering because the source is not necessarily available. By formatting to match the annotation extractor, we prepare to ensure consistency with a Java database
when extracting annotations as seen by Kotlin.
 2022-11-17 17:28:17 +00:00
Chris Smowton
254a5b0928 Merge pull request #11293 from smowton/smowton/admin/exclude-kotlin-metadata-annotation 
Java: Remove no-longer-needed expected diagnostics
 2022-11-17 11:50:21 +00:00
Tamás Vajk
d8b5a04f97 Merge pull request #11291 from tamasvajk/kotlin-confusing-overload 
Kotlin: Add test case for confusing overloading query
 2022-11-17 11:11:33 +01:00
Tamás Vajk
c92989ca04 Merge pull request #11289 from tamasvajk/kotlin-empty-block 
Kotlin: Exclude .kt files from empty block query
 2022-11-17 11:11:25 +01:00
Chris Smowton
659f86cecf Merge pull request #11310 from tamasvajk/kotlin-dead-code 
Kotlin: Exclude .kt files from dead code queries
 2022-11-17 10:10:51 +00:00
Chris Smowton
95fdea8b77 Merge pull request #11308 from tamasvajk/kotlin-non-serializable-field 
Kotlin: Exclude .kt files from non serializable field query
 2022-11-17 10:10:05 +00:00
Chris Smowton
11188304a7 Merge pull request #11306 from tamasvajk/kotlin-equals-missing 
Kotlin: Exclude .kt files from missing `instanceof` in `equals` query
 2022-11-17 10:09:35 +00:00
Tamás Vajk
b70a9d172b Merge pull request #11304 from tamasvajk/kotlin-mut-dep 
Kotlin: Exclude .kt files from mutual dependency query
 2022-11-16 17:02:46 +01:00
Tamás Vajk
ae38d5d8b7 Merge pull request #11303 from tamasvajk/kotlin-one-stmt-line 
Kotlin: Exclude .kt files from one stmt in line query
 2022-11-16 17:02:35 +01:00