hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

1159 Commits

Author SHA1 Message Date
Chris Smowton
668f445fb4 Fix switchCaseControls and hasBranchEdge to account for mixed patterns and constant cases 2023-11-30 11:24:04 +00:00
Chris Smowton
6583c72c5d Restrict pattern type guards to account for nested record matching failures 2023-11-30 11:24:03 +00:00
Chris Smowton
0bb051e08c First stab at implementing negative type-test logic for pattern-case 2023-11-30 11:24:03 +00:00
Chris Smowton
d7a517a989 Remove needless test options 2023-11-30 11:24:03 +00:00
Chris Smowton
480781b049 autoformat 2023-11-30 11:24:02 +00:00
Chris Smowton
011eb2201e Add test for ObjFlow over binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
4cf511e26a Add test for virtual-dispatch flow through binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
43c935024a Add test for typeflow propagation through instanceof and pattern-case 2023-11-30 11:24:02 +00:00
Chris Smowton
e5fdf4dd50 Update test expectation 2023-11-30 11:24:01 +00:00
Chris Smowton
330a5b8c6c autoformat ql 2023-11-30 11:24:00 +00:00
Chris Smowton
32416f0fdc Add test for record-pattern instanceof 2023-11-30 11:24:00 +00:00
Chris Smowton
e41da3b10a Add missing test Java files 2023-11-30 11:24:00 +00:00
Chris Smowton
20b97af02f Implement dataflow for record patterns 
Strategy: there is now a regular flow step from an instance-of LHS / switch expr to the pattern, 0 or more read steps corresponding to record pattern destructors, and then finally a normal SSA def/use step connecting the binding patterns to their first uses.
 2023-11-30 11:24:00 +00:00
Chris Smowton
05addde957 Adapt control-flow graph to record patterns 2023-11-30 11:24:00 +00:00
Chris Smowton
daccd04087 Basic extraction of record patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
3cb01002dc Add test for usage of qualified enum constants in switch 2023-11-30 11:23:59 +00:00
Chris Smowton
8406ee7ed5 Add test for a pattern-switch guard acting as a data-flow guard 2023-11-30 11:23:59 +00:00
Chris Smowton
144218e2f7 Implement switch CFG when there are mixed constant and pattern cases 2023-11-30 11:23:59 +00:00
Chris Smowton
54a89d6fef Handle 'case null, default:' 2023-11-30 11:23:59 +00:00
Chris Smowton
2b16121638 CFG: Support guarded patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
ba0f3cf718 Add basic support for case guards 2023-11-30 11:23:59 +00:00
Chris Smowton
ca43b9603a Fixup typeflow test 2023-11-30 11:23:59 +00:00
Chris Smowton
79b77ae805 Add AST test for switch with null case 2023-11-30 11:23:58 +00:00
Chris Smowton
05caffc189 Update printast expectation 2023-11-30 11:23:58 +00:00
Chris Smowton
b21aaa75bc Type-flow: treat pattern-switch on an array index similar to instanceof 2023-11-30 11:23:58 +00:00
Chris Smowton
7dd4030f51 Pattern cases: support type-flow 2023-11-30 11:23:58 +00:00
Chris Smowton
b6622d2f5b usesType: support pattern cases 2023-11-30 11:23:58 +00:00
Chris Smowton
0f434e7f08 Add test for dataflow vs. pattern-switch 2023-11-30 11:23:58 +00:00
Chris Smowton
6c990c2cf6 Add pattern-case support and generally debug switch CFGs 
These were reasonably broken beforehand, due to not taking switch rules into account in enough places, and confusing the expression/statement switch rule distinction with the distinction between switch statements and expressions.

(For example, `switch(x) { 1 -> System.out.println("Hello world") ... }` is a statement, but has a rule expression).
 2023-11-30 11:23:58 +00:00
Chris Smowton
f4b45fa511 Support switch cases with binding patterns 2023-11-30 11:23:58 +00:00
Jami Cogswell
d5fd2db1bd Java update UrlPathHelper tests 2023-11-29 15:23:11 -05:00
Chris Smowton
e110db58f8 Add test for empty argfile 2023-11-29 12:51:22 +00:00
Anders Schack-Mulligen
0d8986cfad Java: Accept test changes. 2023-11-10 14:04:45 +01:00
Anders Schack-Mulligen
657c29f409 Java/C++: Share valueFlowStep. 2023-11-09 20:24:28 +01:00
Chris Smowton
24b4b05be8 Add models for new Collections methods 2023-11-06 16:44:40 +00:00
Chris Smowton
5b72aee3ae Java: model JDK21 SequencedCollection, Set and Map 2023-11-06 16:04:13 +00:00
Dave Bartolomeo
d2afb20f3f Merge remote-tracking branch 'origin/main' into dbartol/threat-models-2 2023-10-26 14:05:40 -04:00
Anders Schack-Mulligen
35f6e6ebb4 Java: Update tests to new partial flow api 2023-10-26 14:09:03 +02:00
Michael Nebel
b3e5b86f0a Java: Cleanup threat models tests. 2023-10-25 14:02:31 +02:00
Chris Smowton
b849a66c97 Update test expectations 2023-10-24 14:02:30 +01:00
Chris Smowton
e8c9708282 Autoformat 2023-10-24 11:06:19 +01:00
Chris Smowton
ac38d4c9c6 Mass rename L/RValue -> VarWrite/Read 2023-10-24 10:58:29 +01:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Dave Bartolomeo
fb1b41b649 Fix formatting 2023-10-19 17:20:38 -04:00
Dave Bartolomeo
bd7de83aab Use extension packs for threat models 2023-10-19 17:07:26 -04:00
Chris Smowton
bd77f572f1 Compile collections test for Java 11 2023-10-16 21:54:09 +01:00
Chris Smowton
8f985e0045 Java: restrict test to source classes 2023-10-13 20:30:28 +01:00
Chris Smowton
0510b0c825 Java: restrict test to source methods 
Otherwise it finds standard library methods that depend on stdlib internals as to what happens to get extracted. In particular the extractor bump to JDK21 led to MethodHandles being in scope and a new method being found; seems better to avoid considering the standard library at all.
 2023-10-13 20:30:28 +01:00
Michael Nebel
5c44f8bbad Merge pull request #14370 from michaelnebel/java/enablethreatmodels 
Java: Enable threat models for most Java queries.
 2023-10-10 09:25:47 +02:00
Marcono1234
f3e5045259 Java: Add predicate MemberRefExpr::getReceiverExpr 2023-10-07 14:53:07 +02:00