hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

3994 Commits

Author SHA1 Message Date
Chris Smowton
6ea7b195db Add test for a module declaration made in a file named other than module-info.java 
This triggers a weird corner case in our extractor, which used to throw a null pointer exception.
 2023-09-14 17:42:00 +01:00
Chris Smowton
c47ba000d6 Add test exercising the case of a missing type used as an interface 
This induces the TypeEnter phase to create an ErrorType with a parameter, which in turn used to cause a stack overflow in comparing the TypeWrapper objects involved.

Note the output remains somewhat broken, exposing an <any> type, but at least the overflow is resolved.
 2023-09-14 17:42:00 +01:00
Chris Smowton
4b5651bde9 Add test for Java extracting ErrorType 2023-09-14 17:42:00 +01:00
Chris Smowton
c0f8973749 Add test for extracting a Java AST with an error expression 
Also note that ErrorExpr can occur outside upgrade/downgrade scripts
 2023-09-14 17:42:00 +01:00
Geoffrey White
af3d8c88bb Java: Fix test comment. 2023-09-13 17:58:31 +01:00
Geoffrey White
8c3e778be6 Java: Port regex mode flag character fix from Python. 2023-09-13 17:50:52 +01:00
Anders Schack-Mulligen
e677c1ffe6 Java: Add qltest 2023-09-13 15:43:46 +02:00
Koen Vlaswinkel
7db082f3fd Java: Add VS Code model editor queries 2023-09-13 13:04:26 +02:00
Ian Lynagh
d8a99e6b7d Kotlin: Regenerate expected test output 
It's now in the order generated by the new CLI. This means that
changes in test output are easier to understand.
 2023-09-12 11:13:58 +01:00
Kasper Svendsen
4bc6ca3d84 Java: Delete java test query which fails to compile 2023-09-01 11:21:06 +02:00
Anders Starcke Henriksen
361ae1747e Merge branch 'main' into starcke/automodel-pack 2023-08-30 09:25:28 +02:00
Jean Helie
41726f52a2 Merge pull request #13954 from github/kaeluka/add-provenance-to-metadata 
Java: Automodel: Add Candidates for Regression Testing
 2023-08-29 14:33:02 +01:00
Jean Helie
de76c0749a Java: Automodel Framework Mode: Add Candidates for Regression Testing 2023-08-29 09:53:55 +01:00
Tony Torralba
2448bc8ce2 Java: Add new Apache CXF models 2023-08-25 11:17:51 +02:00
Jeroen Ketema
b550c067a1 Java: Remove redundant inline expectation test imports 2023-08-25 00:18:55 +02:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Asger F
6c664e93ef Merge pull request #14035 from asgerf/shared/variable-capture-nested 
Variable capture: synchronize with aliases in nested scopes
 2023-08-24 15:39:34 +02:00
Anders Schack-Mulligen
7af1e96943 Merge pull request #14032 from aschackmull/java/mad-nestednames 
Java: Use nested names in MaD signatures.
 2023-08-24 13:53:55 +02:00
Tony Torralba
6b58d11eeb Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv 
Java: Improve `JaxWsEndpoint::getARemoteMethod`
 2023-08-24 13:37:15 +02:00
Tony Torralba
8c32919381 Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models 
Java: New models for JAX-RS
 2023-08-24 11:43:13 +02:00
Tony Torralba
3f9701cea7 Two fixes: 
* Consider that the @WebService annotation (et al) can be in a supertype or interface

* getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
 2023-08-24 11:35:52 +02:00
Anders Schack-Mulligen
ebe3f61ef6 Java: Fix models in qltest. 2023-08-24 09:44:43 +02:00
Asger F
ee1b3fd7e9 Java: update test after VariableCapture.qll change 2023-08-23 14:57:26 +02:00
Tony Torralba
0f3918af16 Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink 
Java: Add XXE sinks for MDHT
 2023-08-23 13:49:49 +02:00
Michael Nebel
699ed107f3 Java: Update SupportedExternalApis expected test output. 2023-08-21 09:59:00 +02:00
Michael Nebel
5623ccf4a0 Java: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable. 2023-08-21 09:59:00 +02:00
Michael Nebel
6deeb36a97 Java: Update the comments in SupportedExternalApis to include the neutral kind and add a sink neutral example. 2023-08-21 09:58:59 +02:00
Edward Minnix III
929090a847 Typos and style fixes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-08-17 13:05:37 -04:00
Ed Minnix
55fae2daaa Added ESAPI sanitizer 2023-08-17 13:05:37 -04:00
Ed Minnix
97d6e82869 Stubs for org.owasp.esapi 2023-08-17 13:05:37 -04:00
Ed Minnix
f58590c6a9 Trust Boundary Work 2023-08-17 13:05:37 -04:00
Ed Minnix
2aba425464 TrustBoundary test ql file 2023-08-17 13:05:36 -04:00
Anders Starcke Henriksen
56871c77f5 Merge branch 'main' into starcke/automodel-pack 2023-08-17 10:04:44 +02:00
Stephan Brandauer
44a9cf93e0 Merge branch 'main' into kaeluka/add-provenance-to-metadata 2023-08-16 09:31:03 +02:00
Stephan Brandauer
808dc3e8d3 Java: Automodel framework mode: track exact ai- provenance in alreadyAiModeled meta data property 2023-08-16 09:25:03 +02:00
Stephan Brandauer
20254c3d0a Merge pull request #13886 from github/kaeluka/java-automodel-variadic-args 
Java: automodel application mode: use endpoint class like in framework mode
 2023-08-16 08:49:01 +02:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Geoffrey White
657642a122 Java: Expose parts of the vquery message in the test. 2023-08-14 14:12:07 +01:00
Stephan Brandauer
551b34e3be Java: Automodel application mode: include candidates that are useful for regression testing 2023-08-14 11:46:40 +02:00
Stephan Brandauer
1a95a34441 Java: automodel: use the call for call context, rather than the argument 2023-08-14 09:54:44 +02:00
Stephan Brandauer
4107758c8a Java: automodel extraction: add strings to query selection 2023-08-14 09:49:50 +02:00
Stephan Brandauer
e927470961 Merge branch 'main' into kaeluka/java-automodel-variadic-args 2023-08-09 09:02:32 +02:00
Anders Schack-Mulligen
0ca3f3308b Merge pull request #13478 from aschackmull/java/varcapture 
Java: Add proper support for variable capture flow.
 2023-08-08 16:22:56 +02:00
Anders Starcke Henriksen
8d34ab6d18 Merge branch 'main' into starcke/automodel-pack 2023-08-08 15:02:33 +02:00
Michael Nebel
0ed724eb13 Java: Make a flow summary for Set.clear using WithoutElement and introduce appropriate tests. 2023-08-08 11:10:08 +02:00
Anders Schack-Mulligen
cd22bb3505 Java: Add another test case. 2023-08-08 10:00:55 +02:00
Stephan Brandauer
3433437034 Java: automodel application mode: only extract the first argument corresponding to a varargs array 2023-08-07 14:15:17 +02:00
Michael Nebel
e62ec888c0 Merge pull request #13506 from michaelnebel/java/threatmodels 
Java: Threat Models
 2023-08-07 12:50:01 +02:00
Stephan Brandauer
e1a5eba61b Java: automodel application mode: refactor varargs endpoint class to rely on normal argument node for nicer extracted examples 2023-08-07 12:18:52 +02:00
Stephan Brandauer
0781cb78e8 Java: automodel application mode: add isVarargsArray metadata value 2023-08-07 12:18:51 +02:00