hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Kasper Svendsen
7fcdefbe70 Java: Enable implicit this warnings for remaining packs 2023-06-27 11:54:20 +02:00
Tony Torralba
3c3b53001f Merge pull request #13550 from jorgectf/jorgectf/lang2-models 
Java: Add models for `org.apache.commons.lang`
 2023-06-27 11:20:59 +02:00
Tony Torralba
a17c812118 Merge pull request #13358 from jorgectf/jorgectf/deserialization-lookahead 
Java: Model `SerialKiller`
 2023-06-27 09:20:50 +02:00
Ian Lynagh
8a43fc81ee Java: Tweak some android tests 
They were all failing for me like:

[autobuild] /home/ian/code/dev/target/codeql-java-integration-tests/ql/java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/project/src/main/AndroidManifest.xml:5: Error: Main must extend android.app.Activity [Instantiatable]
[autobuild]         <activity android:name="Main" android:exported="true">
[autobuild]                                 ~~~~
[autobuild]    Explanation for issues of type "Instantiatable":
[autobuild]    Activities, services, broadcast receivers etc. registered in the manifest
[autobuild]    file (or for custom views, in a layout file) must be "instantiatable" by
[autobuild]    the system, which means that the class must be public, it must have an
[autobuild]    empty public constructor, and if it's an inner class, it must be a static
[autobuild]    inner class.

I'm not sure why it works on CI but not locally, but either way this
works around the issue.
 2023-06-26 15:52:52 +01:00
amammad
45499b03d2 change qury file name same as qhelp name 2023-06-26 21:23:22 +10:00
Ian Lynagh
65dee80b36 Merge pull request #13547 from igfoo/igfoo/dead-code 
Kotlin: Build: Remove some dead code
 2023-06-26 11:50:50 +01:00
Tony Torralba
55280e523a Update java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll 2023-06-26 11:14:31 +02:00
amammad
21b5571bff V1.1 add additional steps for read methods which I can summarize every single declared sanitizer on the sink whitin isSink predicate 2023-06-25 00:35:37 +10:00
amammad
7354db873a V1 Bombs 2023-06-24 08:57:57 +10:00
jorgectf
2dc4f23dbb Add models for org.apache.commons.lang 2023-06-23 19:34:21 +02:00
Jorge
7d0b880bf7 Merge branch 'main' into jorgectf/deserialization-lookahead 2023-06-23 18:24:39 +02:00
jorgectf
b6e4ba6f9d Add SerialKiller model 2023-06-23 18:19:43 +02:00
Ian Lynagh
5da377b46a Kotlin: Build: Remove some dead code 2023-06-23 13:51:35 +01:00
Ian Lynagh
0d05f50aaa Kotlin: Remove an expected-no-getter exception 
We're not sure why it was necessary.
 2023-06-22 18:12:13 +01:00
Tony Torralba
d07e2862f9 Java: Add URL.toString summary 
This adds coverage for CVE-2023-35149.
 2023-06-22 17:39:30 +02:00
Ian Lynagh
7efbd8828b Merge pull request #13526 from igfoo/igfoo/diagwriter 
Kotlin: Define DiagnosticTrapWriter, for type safety
 2023-06-22 12:39:48 +01:00
Ian Lynagh
bfd0a19d85 Kotlin: Define DiagnosticTrapWriter, for type safety 
In some cases, we were writing diagnostics to TRAP files where they
shouldn't be written. Such TRAP files don't define #compilation, so TRAP
import gave errors.

Now we use DiagnosticTrapWriter to get the type system to check that we
are writing diagnostics to the right place.
 2023-06-21 18:38:27 +01:00
Henry Mercer
5afdaf8fe1 Merge pull request #13525 from github/rc/3.10 
Merge `rc/3.10` back to `main`
 2023-06-21 17:13:36 +01:00
Ian Lynagh
18a5c48c79 Merge pull request #13508 from igfoo/igfoo/rc_kot 
Kotlin: Backport some Kotlin 1.9 fixes to the rc/3.10 branch
 2023-06-21 15:26:41 +01:00
Jami
622cd05b77 Merge branch 'main' into java/update-mad-decls-after-triage-2023-06-08T08-51-47 2023-06-20 21:58:15 -04:00
Jami
5259a6ecfc Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation 
Shared: share MaD kind validation across languages
 2023-06-20 11:56:12 -04:00
Owen Mansel-Chan
d7c97f8759 Merge pull request #13455 from owen-mc/dataflow/add-flowCheckNodeSpecific 
Dataflow: add language-specific hook for breaking up big step relation
 2023-06-20 13:24:26 +01:00
github-actions[bot]
18b678e69e Post-release preparation for codeql-cli-2.13.4 2023-06-20 10:20:05 +00:00
Ian Lynagh
293f90333d Kotlin: Avoid another cause of ConcurrentModificationException with 1.9 2023-06-20 10:59:24 +01:00
Ian Lynagh
0076d8aac1 Java: Add up/downgrade scripts 2023-06-20 10:59:13 +01:00
Ian Lynagh
81142f51fb Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES 
Generated by Kotlin 1.9 for some of our tests.
 2023-06-20 10:59:04 +01:00
github-actions[bot]
6da5ec8196 Add changed framework coverage reports 2023-06-20 00:15:43 +00:00
aegilops
23bf8470ce Removed .md and made class change 2023-06-19 17:29:17 +01:00
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Jean Helie
423336310c Merge pull request #13480 from github/jhelie/clean-up-mad-kinds-use 
Java: clean up mad kinds use
 2023-06-19 16:21:20 +02:00
Tony Torralba
c62689022e Merge pull request #13256 from atorralba/atorralba/java/stapler-models 
Java: Model the Stapler framework
 2023-06-19 15:27:19 +02:00
Tony Torralba
00fe8adc09 Fix name clash 2023-06-19 15:04:33 +02:00
Tony Torralba
5cb451b040 Merge pull request #13475 from atorralba/atorralba/many/zipslip-docs-update 
C#/Go/Java/JS/Python/Ruby: Update the description and qhelp of the Zipslip query
 2023-06-19 14:33:44 +02:00
Ian Lynagh
64e591a823 Merge pull request #13482 from igfoo/igfoo/conc 
Kotlin: Avoid another cause of ConcurrentModificationException with 1.9
 2023-06-19 12:57:25 +01:00
Ian Lynagh
ec73f28d09 Merge pull request #13479 from igfoo/igfoo/ENUM_ENTRIES 
Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES
 2023-06-19 12:57:10 +01:00
aegilops
8c9ccab9c9 Autoformat 2023-06-19 11:53:53 +01:00
Paul Hodgkinson
72d9d4736e Merge branch 'main' into java/experimental/command-injection 2023-06-19 11:51:45 +01:00
aegilops
2112d73a6a Autoformat 2023-06-19 11:50:54 +01:00
aegilops
1a108fb1c9 Changed to for constant string 2023-06-19 11:46:08 +01:00
aegilops
7c235e3786 Fixed linting issues. Will not fix instanceof, that is necessary 2023-06-19 11:41:23 +01:00
Ian Lynagh
ca5bc6f224 Java: Add up/downgrade scripts 2023-06-19 10:36:29 +01:00
Ian Lynagh
1f538cced3 Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES 
Generated by Kotlin 1.9 for some of our tests.
 2023-06-19 10:36:29 +01:00
Jeroen Ketema
bc42308bd3 Java: fix formatting 2023-06-19 10:31:49 +02:00
Jeroen Ketema
6a84e6cbfd Add the merged PathGraph to all copies of the InlineFlowTest library 2023-06-19 10:28:10 +02:00
Tony Torralba
8f6d2ed2f9 Adjust ZipSlip query description according to review suggestions. 2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1 Apply code review suggestions. 
Co-authored-by: Asger F <asgerf@github.com>
 2023-06-19 10:20:19 +02:00
Tony Torralba
433fc680ec Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2023-06-19 10:17:40 +02:00
aegilops
8c73fbeabe Formatted 2023-06-16 17:33:21 +01:00
aegilops
55eeb00309 Added experimental tag 2023-06-16 17:27:01 +01:00
aegilops
b6c35dd88c Added experimental version of Java Command Injection query, to be more sensitive to unusual code constructs 2023-06-16 17:12:53 +01:00