hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Geoffrey White
45a9d5bc7d Java: QLDoc. 2023-07-20 11:53:52 +01:00
Geoffrey White
80cb386ffd Java: Change note. 2023-07-20 11:52:04 +01:00
Geoffrey White
369f88beda Java: Fix for multiple parse mode flags. 2023-07-20 11:49:54 +01:00
Geoffrey White
32c10885d4 Java: Add test case. 2023-07-20 11:43:11 +01:00
Tony Torralba
238cb26624 Add change note 2023-07-19 15:37:33 +02:00
Tony Torralba
29543f5726 Change InputStream.read from neutral to summary 2023-07-19 14:44:18 +02:00
Anders Schack-Mulligen
a9c76d4175 Merge pull request #13717 from aschackmull/dataflow/neverskipadditionalsteps 
Dataflow: Add support for not skipping configuration-specific nodes in big-step
 2023-07-19 14:06:54 +02:00
Stephan Brandauer
5575fc65aa Merge pull request #13636 from github/tausbn/add-sink-alert-metrics-query 
Java: Add metric queries for counting sinks coming from models
 2023-07-19 13:12:32 +02:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
fd83b6afdb Dataflow: Add support for not skipping configuration-specific nodes in big-step. 2023-07-19 11:41:15 +02:00
Tony Torralba
2dbbcc2413 Java: Avoid low-confidence dispatch to InputStream methods 
Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.
 2023-07-19 11:30:53 +02:00
Paul Hodgkinson
c7084b6d8e Merge branch 'main' into java/experimental/command-injection 2023-07-18 11:38:44 +01:00
Anders Schack-Mulligen
e72366194b Merge pull request #13754 from aschackmull/java/remotesource-inbarrier 
Java: Exclude source-to-source flow in 5 queries.
 2023-07-18 10:33:44 +02:00
Ian Lynagh
8a0286ec34 Java: Improve the diagnostics consistency query 
Diagnostics can be easier to read if you see them in the order in which
they were generated. By selecting the compilation and indexes, they get
sorted by the testsuite driver.

d.getCompilationInfo(c, f, i) would be a bit more natural as
d = c.getDiagnostic(f, i), but currently we don't import Diagnostic into
the default ('import java') namespace, and I don't think it's worth
changing that for this.
 2023-07-17 15:37:05 +01:00
Anders Schack-Mulligen
6770d2a49b Java: Exclude source-to-source flow in 5 queries. 2023-07-17 09:06:49 +02:00
Taus
6b425f1395 Java: Revert definition of isNeutral 
Reverts the change made in
daf2743143

With the change in the aforementioned commit, we were extracting candidates for endpoints that
had a neutral _summary_ model. These are bad candidates, as they have already been triaged.
 2023-07-14 14:45:22 +02:00
Taus
6793bc6c6b Java: Exclude qualifier argument for existing models 
Excludes candadites for `Argument[this]` where we already have a model that covers a
different argument of the containing call.
 2023-07-14 14:26:21 +02:00
Taus
895e829eb1 Java: Add QLDoc for query predicates 2023-07-14 14:22:10 +02:00
Taus
c4487673e8 Java: Swap input and ext 2023-07-14 14:21:59 +02:00
Taus
9193de6898 Merge pull request #13730 from github/tausbn/limit-number-of-candidates-in-application-mode 
Java: Limit the number of samples extracted in application mode
 2023-07-14 14:09:59 +02:00
Anders Schack-Mulligen
80a799df01 Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix 
Dataflow: Fix forceHighPrecision for length-2 prefixes.
 2023-07-14 11:42:35 +02:00
github-actions[bot]
b675a1e2fe Add changed framework coverage reports 2023-07-14 00:19:14 +00:00
Tony Torralba
cafc67e3be Merge pull request #13714 from pwntester/java/langs3_improvements 
[Java] Add missing commons lang3 model for ToStringBuilder.reflectionToString
 2023-07-13 14:45:33 +02:00
Anders Schack-Mulligen
a0e96594d8 Merge pull request #13736 from aschackmull/dataflow/remove-superfluous-module-members 
C#/Java/Ruby: Remove superfluous module members.
 2023-07-13 13:59:31 +02:00
Anders Schack-Mulligen
91de43f918 C#/Java/Ruby: Remove superfluous module members. 2023-07-13 11:38:35 +02:00
Stephan Brandauer
4391799b7e Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 
Java: Update MaD Declarations after Triage
 2023-07-13 11:15:41 +02:00
Anders Schack-Mulligen
58cd16565f Dataflow: Fix forceHighPrecision for length-2 prefixes. 2023-07-13 10:55:39 +02:00
Anders Schack-Mulligen
d46b2a32ae Dataflow: Improve debug printing. 2023-07-13 10:55:39 +02:00
Tony Torralba
7204c30025 Update 2023-07-12-apache-commons-lang3-tostringbuilder.md 2023-07-13 09:38:33 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ed Minnix
1cd8922ab5 Java: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:24 -04:00
Ed Minnix
1835b40f7b Java: Add default impl to StateConfigSig::isBarrier/2 2023-07-12 15:06:24 -04:00
Ian Lynagh
fe24cc1900 Merge pull request #13718 from igfoo/igfoo/file_classes 
Kotlin: Improve file class support
 2023-07-12 15:42:16 +01:00
Taus
49194a2af7 Java: Limit the number of samples extracted in application mode 
Uses the same trick as for the negative examples, this time with a limit of 7
candidates for each endpoint signature.

As this duplicates some of the logic used in another query, it may be worthwhile
to consider extracting this into a shared parameterized module.
 2023-07-12 15:13:10 +02:00
Ian Lynagh
af5cd7cf4f Merge pull request #13723 from igfoo/igfoo/kotlin-1.9.0 
Kotlin: Run CI with 1.9.0
 2023-07-12 12:24:04 +01:00
Ian Lynagh
75c835c9d2 Add missing "a" to a qldoc comment 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2023-07-12 11:24:42 +01:00
Alvaro Muñoz
0247278bad add change note 2023-07-12 11:03:24 +02:00
Alvaro Muñoz
07e25e36b3 Merge branch 'java/langs3_improvements' of https://github.com/pwntester/codeql into java/langs3_improvements 2023-07-12 11:00:04 +02:00
Alvaro Muñoz
46e326e106 add change note 2023-07-12 10:59:56 +02:00
Tony Torralba
c54e93f005 Merge pull request #13705 from atorralba/atorralba/java/android-unsafe-fetch-apply 
Java: Add support for Kotlin's `apply` to java/android/unsafe-android-wevbiew-fetch
 2023-07-12 09:45:54 +02:00
Alvaro Muñoz
51f7031416 Update java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-07-12 09:06:05 +02:00
Ian Lynagh
b83f0275e3 Kotlin: Accept test changes for Kotlin 1.9.0 2023-07-11 17:37:24 +01:00
Ian Lynagh
470e033090 Kotlin: Restrict a test's results to those in the test directory 2023-07-11 17:37:23 +01:00
Ian Lynagh
6dedd9286c Kotlin: Record "file class" info from the compiler 
We were making file classes when the parent was a file, but not when it
was a class marked as one.
 2023-07-11 15:58:42 +01:00
Ian Lynagh
cfd29de677 Kotlin: Add Class.isFileClass() 2023-07-11 15:58:41 +01:00
Ian Lynagh
2162530729 Kotlin: Add an integration test for file classes 2023-07-11 15:58:41 +01:00
Ian Lynagh
a603f21ce1 Kotlin: Use 1.9.0 for CI 2023-07-11 14:10:48 +01:00
Ian Lynagh
c21797dd3c Kotlin: Add a test for file classes 2023-07-11 13:21:56 +01:00