hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

3989 Commits

Author SHA1 Message Date
retanoj
d2140eb4b1 MyBatisAnnotationSqlInjection no @Param case 2022-12-06 17:07:49 +08:00
Tony Torralba
47d61e0b4d Add test for File.startsWith 2022-12-05 11:52:50 +01:00
Tony Torralba
71a6b09bad Minor syntax change in tests 2022-12-05 11:52:02 +01:00
Tony Torralba
21b51b48eb Adapt PathSanitizer to Kotlin 2022-12-05 11:00:57 +01:00
Michael Nebel
4c7cdc6245 Java: Remove unneeded imports of ExternalFlow.qll. 2022-12-05 09:49:38 +01:00
Chris Smowton
ff4baf096f Don't add name mangling to top-level internal functions 
Turns out kotlinc only adds this sort of name mangling to class member functions
 2022-12-02 20:16:19 +00:00
Jami
edfcc0cd6d Merge pull request #11487 from jcogs33/jcogs33/supportedexternalapis-telemetry-query 
Java/C#: add SupportedExternalApis telemetry query
 2022-12-02 13:27:51 -05:00
Mauro Baluda
04f1fe523a Update Test.java 2022-12-02 18:01:10 +01:00
Michael Nebel
b80829a3a0 Java/Kotlin: Cleanup files needed for inline models. 2022-12-02 12:20:22 +01:00
Jami Cogswell
0e3e849ead add negative summary test for java 2022-12-01 15:49:12 -05:00
Jami Cogswell
94c5d53192 add a couple more tests 2022-11-30 18:51:05 -05:00
Jami Cogswell
7f45e320d8 add tests 2022-11-30 18:07:45 -05:00
Ian Lynagh
7eaef0cd3d Merge pull request #11436 from igfoo/igfoo/NamingConventionsRefTypes 
Kotlin: Enable java/misnamed-type query
 2022-11-29 18:39:18 +00:00
Ian Lynagh
7863bc2c99 Kotlin: Accept test output 2022-11-28 12:14:36 +00:00
Michael Nebel
43a63d6373 Java: Convert all models to data extensions in testcases. 2022-11-28 12:30:36 +01:00
Michael Nebel
805430983c Java: Convert commons-io to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel
7b6f202f23 Java: Renaming. 2022-11-28 12:30:34 +01:00
Michael Nebel
abe4d99e12 Java: Make some rudimentary tooling for testing the flow test case generator script. 2022-11-28 09:07:40 +01:00
Ian Lynagh
a423f5f695 Kotlin: Enable java/misnamed-type query 
We used to get alerts for the class around a local function, a lambda,
or a function reference, which we give name "". Now those are marked as
compiler-generated, and the query ignores compiler-generated types.
 2022-11-25 17:11:40 +00:00
Chris Smowton
32847c125a Accept more test changes due to variable locations changing 
There is also one non-location change: kotlin.Byte (and likely other primitives) now have real equals and toString overrides, which matches their native source and documentation; before they appeared to have fake overrides.
 2022-11-25 10:47:48 +00:00
Chris Smowton
8ec681e61c Kotlin: bump default CI version to 1.7.20 
A bunch of test expectations change because 7f531d8426 means that we now see (a) local variable declarations with source locations covering only their identifier, not the whole statement, and (b) more SYNTHETIC_OFFSET values for the parts of a destructuring assignment
or initialiser, which show up as file.kt:0:0:0:0 in DbLocation form.
 2022-11-25 10:19:26 +00:00
Tony Torralba
adf905d838 Merge pull request #11368 from ka1n4t/main 
Java: Add binding between annotation and sink-param in MyBatis SQL Injection query
 2022-11-24 14:34:57 +01:00
Tony Torralba
4bbc1dc734 Update test expectations 2022-11-24 12:34:48 +01:00
Tony Torralba
443d0f50c1 Apply suggestions from code review 2022-11-24 11:10:07 +01:00
ka1n4t
d113fb23c8 Add test case for PR-11368 2022-11-23 11:05:58 +08:00
Tony Torralba
43f4dd8bc4 Consider taint through bitwise operations on PendingIntent flags 2022-11-22 11:39:30 +01:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
Tony Torralba
e28f1ffe18 Merge pull request #11346 from atorralba/atorralba/java/fix-path-models 
Java: Fix a couple of taint models for `java.nio.file.Path(s)`
 2022-11-21 16:57:00 +01:00
Tony Torralba
57656d0a7e Fix a couple of java.nio.file.Path(s) MaD rows 2022-11-21 15:14:02 +01:00
Tony Torralba
2809c3a77c Handle disabled Maven repositories 2022-11-21 10:11:57 +01:00
Chris Smowton
cf34dbd276 Kotlin: format string literals like the Java annotaton extractor 
Java's regular strings are formatted as they appear in source, but we don't easily have this information available in Kotlin. During annotation extraction however it guesses a source rendering because the source is not necessarily available. By formatting to match the annotation extractor, we prepare to ensure consistency with a Java database
when extracting annotations as seen by Kotlin.
 2022-11-17 17:28:17 +00:00
Chris Smowton
254a5b0928 Merge pull request #11293 from smowton/smowton/admin/exclude-kotlin-metadata-annotation 
Java: Remove no-longer-needed expected diagnostics
 2022-11-17 11:50:21 +00:00
Tamás Vajk
d8b5a04f97 Merge pull request #11291 from tamasvajk/kotlin-confusing-overload 
Kotlin: Add test case for confusing overloading query
 2022-11-17 11:11:33 +01:00
Tamás Vajk
c92989ca04 Merge pull request #11289 from tamasvajk/kotlin-empty-block 
Kotlin: Exclude .kt files from empty block query
 2022-11-17 11:11:25 +01:00
Chris Smowton
659f86cecf Merge pull request #11310 from tamasvajk/kotlin-dead-code 
Kotlin: Exclude .kt files from dead code queries
 2022-11-17 10:10:51 +00:00
Chris Smowton
95fdea8b77 Merge pull request #11308 from tamasvajk/kotlin-non-serializable-field 
Kotlin: Exclude .kt files from non serializable field query
 2022-11-17 10:10:05 +00:00
Chris Smowton
11188304a7 Merge pull request #11306 from tamasvajk/kotlin-equals-missing 
Kotlin: Exclude .kt files from missing `instanceof` in `equals` query
 2022-11-17 10:09:35 +00:00
Tamás Vajk
b70a9d172b Merge pull request #11304 from tamasvajk/kotlin-mut-dep 
Kotlin: Exclude .kt files from mutual dependency query
 2022-11-16 17:02:46 +01:00
Tamás Vajk
ae38d5d8b7 Merge pull request #11303 from tamasvajk/kotlin-one-stmt-line 
Kotlin: Exclude .kt files from one stmt in line query
 2022-11-16 17:02:35 +01:00
Joe Farebrother
d6c5132f39 Merge pull request #10684 from joefarebrother/android-keyboard-cache 
Java: Add query for Sensitive Keyboard Cache
 2022-11-16 15:27:44 +00:00
Tamás Vajk
dfc72edba2 Merge pull request #11302 from tamasvajk/kotlin-ignored-return 
Kotlin: Exclude .kt files from ignored return value query
 2022-11-16 16:23:58 +01:00
Tamás Vajk
ad7c0f9ebc Merge pull request #11301 from tamasvajk/kotlin-naming-ref-type 
Kotlin: Exclude .kt files from misnamed reftype query
 2022-11-16 16:22:40 +01:00
Tamás Vajk
a3ff83595a Merge pull request #11300 from tamasvajk/kotlin-useless-param-2 
Kotlin: Exclude .kt files from useless parameter query
 2022-11-16 16:22:27 +01:00
Tamás Vajk
b4b8649fd6 Merge pull request #11299 from tamasvajk/kotlin-nested-serializable 
Kotlin: Exclude .kt files from serializable inner class query
 2022-11-16 16:22:13 +01:00
Tamas Vajk
8b6bf910ba Kotlin: Exclude .kt files from dead code queries 2022-11-16 16:20:09 +01:00
Tamas Vajk
983851fc60 Kotlin: Add FP test case for dead code queries 2022-11-16 16:18:37 +01:00
Tamas Vajk
7d9ce53080 Kotlin: Exclude .kt files from non serializable field query 2022-11-16 15:30:25 +01:00
Tamas Vajk
a9023d06d0 Kotlin: Add FP test case for non serializable field query 2022-11-16 15:29:24 +01:00
Tamas Vajk
fc614ad4d0 Kotlin: Exclude .kt files from missing instanceof in equals query 2022-11-16 15:24:47 +01:00
Tamas Vajk
b6978128b1 Exclude .kt files from mutual dependency query 2022-11-16 15:16:51 +01:00