hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

3989 Commits

Author SHA1 Message Date
Chris Smowton
32416f0fdc Add test for record-pattern instanceof 2023-11-30 11:24:00 +00:00
Chris Smowton
e41da3b10a Add missing test Java files 2023-11-30 11:24:00 +00:00
Chris Smowton
20b97af02f Implement dataflow for record patterns 
Strategy: there is now a regular flow step from an instance-of LHS / switch expr to the pattern, 0 or more read steps corresponding to record pattern destructors, and then finally a normal SSA def/use step connecting the binding patterns to their first uses.
 2023-11-30 11:24:00 +00:00
Chris Smowton
05addde957 Adapt control-flow graph to record patterns 2023-11-30 11:24:00 +00:00
Chris Smowton
daccd04087 Basic extraction of record patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
3cb01002dc Add test for usage of qualified enum constants in switch 2023-11-30 11:23:59 +00:00
Chris Smowton
8406ee7ed5 Add test for a pattern-switch guard acting as a data-flow guard 2023-11-30 11:23:59 +00:00
Chris Smowton
144218e2f7 Implement switch CFG when there are mixed constant and pattern cases 2023-11-30 11:23:59 +00:00
Chris Smowton
54a89d6fef Handle 'case null, default:' 2023-11-30 11:23:59 +00:00
Chris Smowton
2b16121638 CFG: Support guarded patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
ba0f3cf718 Add basic support for case guards 2023-11-30 11:23:59 +00:00
Chris Smowton
e94c5a772c Check nullness pass knows pattern case variables can't be null 2023-11-30 11:23:59 +00:00
Chris Smowton
ca43b9603a Fixup typeflow test 2023-11-30 11:23:59 +00:00
Chris Smowton
6b9aed21df Nullness library: recognise switches with null checks 2023-11-30 11:23:58 +00:00
Chris Smowton
79b77ae805 Add AST test for switch with null case 2023-11-30 11:23:58 +00:00
Chris Smowton
05caffc189 Update printast expectation 2023-11-30 11:23:58 +00:00
Chris Smowton
b21aaa75bc Type-flow: treat pattern-switch on an array index similar to instanceof 2023-11-30 11:23:58 +00:00
Chris Smowton
7dd4030f51 Pattern cases: support type-flow 2023-11-30 11:23:58 +00:00
Chris Smowton
b6622d2f5b usesType: support pattern cases 2023-11-30 11:23:58 +00:00
Chris Smowton
0f434e7f08 Add test for dataflow vs. pattern-switch 2023-11-30 11:23:58 +00:00
Chris Smowton
6c990c2cf6 Add pattern-case support and generally debug switch CFGs 
These were reasonably broken beforehand, due to not taking switch rules into account in enough places, and confusing the expression/statement switch rule distinction with the distinction between switch statements and expressions.

(For example, `switch(x) { 1 -> System.out.println("Hello world") ... }` is a statement, but has a rule expression).
 2023-11-30 11:23:58 +00:00
Chris Smowton
f4b45fa511 Support switch cases with binding patterns 2023-11-30 11:23:58 +00:00
Jami Cogswell
d5fd2db1bd Java update UrlPathHelper tests 2023-11-29 15:23:11 -05:00
Chris Smowton
e110db58f8 Add test for empty argfile 2023-11-29 12:51:22 +00:00
Ian Lynagh
f48cc1a526 Kotlin: Move tests from test/kotlin to test-kotlin1 
Matches test-kotlin2
 2023-11-21 15:28:12 +00:00
Max Schaefer
ca334021ad Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp 
Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.
 2023-11-16 14:09:55 +00:00
Max Schaefer
a5e7ef424e Revert "Add additional example." 
This reverts commit 947b094387.
 2023-11-16 11:54:16 +00:00
Max Schaefer
947b094387 Add additional example. 2023-11-16 10:06:19 +00:00
Max Schaefer
009d58034f Address suggestions from review. 2023-11-16 10:05:54 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
Anders Schack-Mulligen
0d8986cfad Java: Accept test changes. 2023-11-10 14:04:45 +01:00
Anders Schack-Mulligen
657c29f409 Java/C++: Share valueFlowStep. 2023-11-09 20:24:28 +01:00
Chris Smowton
c060827a5d Merge pull request #14699 from smowton/smowton/feature/jdk21-sequenced-collections-models 
Java: model JDK21 SequencedCollection, Set and Map
 2023-11-09 14:15:08 +00:00
Tony Torralba
5442cdb49c Merge pull request #14610 from atorralba/atorralba/java/jms-deserialization 
Java: Add JMS sink to java/unsafe-deserialization
 2023-11-08 09:10:20 +01:00
Chris Smowton
24b4b05be8 Add models for new Collections methods 2023-11-06 16:44:40 +00:00
Chris Smowton
5b72aee3ae Java: model JDK21 SequencedCollection, Set and Map 2023-11-06 16:04:13 +00:00
Ian Lynagh
ceb3d14fe0 Merge pull request #14614 from igfoo/igfoo/enum 
Kotlin: Make the enum test more precise
 2023-10-31 16:18:12 +00:00
Ian Lynagh
e1f7f3cbd4 Kotlin: Add more info to enum test 2023-10-31 12:17:44 +00:00
Ian Lynagh
3c5b9ce0cd Kotlin: Make the enum test more precise 
In Kotlin 2 mode, there are more library classes matching Enum%, so the
output was spuriously different.
 2023-10-27 11:15:12 +01:00
Dave Bartolomeo
d2afb20f3f Merge remote-tracking branch 'origin/main' into dbartol/threat-models-2 2023-10-26 14:05:40 -04:00
Tony Torralba
7af3d239ab Java: Add JMS sink to java/unsafe-deserialization 2023-10-26 16:46:19 +02:00
Anders Schack-Mulligen
35f6e6ebb4 Java: Update tests to new partial flow api 2023-10-26 14:09:03 +02:00
Michael Nebel
b3e5b86f0a Java: Cleanup threat models tests. 2023-10-25 14:02:31 +02:00
Chris Smowton
b849a66c97 Update test expectations 2023-10-24 14:02:30 +01:00
Chris Smowton
e8c9708282 Autoformat 2023-10-24 11:06:19 +01:00
Chris Smowton
ac38d4c9c6 Mass rename L/RValue -> VarWrite/Read 2023-10-24 10:58:29 +01:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Dave Bartolomeo
fb1b41b649 Fix formatting 2023-10-19 17:20:38 -04:00
Dave Bartolomeo
bd7de83aab Use extension packs for threat models 2023-10-19 17:07:26 -04:00
Tony Torralba
da44b13fd4 Merge pull request #14515 from atorralba/atorralba/java/spring-csrf-improv 
Java: Improve java/spring-disabled-csrf-protection
 2023-10-18 17:49:10 +02:00