hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

12771 Commits

Author SHA1 Message Date
Ian Lynagh
00ab1a3129 Kotlin 2: exprs test: Accept loc change for MyClass 2024-03-04 19:00:38 +00:00
github-actions[bot]
a67218a027 Release preparation for version 2.16.4 2024-03-04 17:42:08 +00:00
Ian Lynagh
ab288d0d4c Merge pull request #15712 from igfoo/igfoo/k2ref 
Kotlin 2: Accept changes in library-tests/reflection
 2024-03-04 13:19:56 +00:00
Ian Lynagh
73fe20f33b Merge pull request #15713 from igfoo/igfoo/past 
Kotlin 2: Accept some PrintAst changes in library-tests/exprs
 2024-03-04 13:12:49 +00:00
Max Schaefer
1f3a3492ae Merge pull request #15792 from github/max-schaefer-patch-1 
Java: Fix sink type in hudson.model.yml
 2024-03-04 13:08:47 +00:00
Ian Lynagh
9bad1e60db Merge pull request #15765 from igfoo/igfoo/deleg 
Kotlin 2: Accept loc changes in library-tests/exprs/delegatedProperties
 2024-03-04 13:02:34 +00:00
Owen Mansel-Chan
279605b486 Merge pull request #15786 from owen-mc/java/sensitive-logging-query-exclude-null-in-variable-name 
Java: sensitive logging query exclude null in variable name
 2024-03-04 12:14:42 +00:00
Max Schaefer
52a36ce41c Java: Fix sink type in hudson.model.yml 2024-03-04 11:53:37 +00:00
Chris Smowton
83cef78200 Merge pull request #15783 from github/smowton/fix/extractor-information-fractional-percentage 
Java: extractor information: tolerate fractional percentages
 2024-03-04 11:09:42 +00:00
Owen Mansel-Chan
038afc4008 Merge pull request #15772 from owen-mc/java/model-generator-exclude-tostring 
Java: do not generate models for `toString` and lambda flow methods
 2024-03-04 07:57:48 +00:00
Owen Mansel-Chan
037c76d840 Update change note 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-04 07:49:18 +00:00
Owen Mansel-Chan
7a96b11a0a Add change note 2024-03-03 21:41:05 +00:00
Owen Mansel-Chan
19ac9e089a Add test 2024-03-03 21:03:41 +00:00
Owen Mansel-Chan
c7efde3b7a Remove variables with "null" in their name as sources 2024-03-03 20:55:04 +00:00
Owen Mansel-Chan
114c17ad57 Add more methods of java.util.Comparator 2024-03-02 20:55:30 +00:00
Chris Smowton
040395485e Update ExtractorInformation.expected 2024-03-02 10:20:45 +00:00
Owen Mansel-Chan
bf22c6dae0 Merge pull request #15766 from owen-mc/java/add-neutral-models 
Java: add neutral models
 2024-03-02 06:00:33 +00:00
Chris Smowton
0bb6a64e81 Java: extractor information: tolerate fractional percentages 2024-03-01 16:49:29 +00:00
Owen Mansel-Chan
0a8dfbafe4 Accept suggestion to put models under the right heading 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-01 16:05:28 +00:00
Owen Mansel-Chan
5399d88d15 Accept test change: slight change in gen vs man modelgen stats 2024-03-01 14:22:00 +00:00
Owen Mansel-Chan
6e63df9e32 Accept test change: toString method no longer generated 2024-03-01 14:16:14 +00:00
Owen Mansel-Chan
0e1c45e84b Accept test change: some more APIs have manual models now 2024-03-01 14:08:42 +00:00
Owen Mansel-Chan
df64e0bc5f Add neutral summary models for java.security.MessageDigest#digest 2024-03-01 14:08:31 +00:00
Owen Mansel-Chan
f89fedcbaf Add some neutral models for java.util 2024-03-01 14:07:45 +00:00
Owen Mansel-Chan
10f6329b3e Add manual neutral models for java.util.stream 
See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll

   * Note: the following top JDK APIs are not modeled with MaD:
   * `java.util.stream.Collectors#joining(CharSequence)`: cannot be modeled completely without a model for `java.util.stream.Stream#collect(Collector)` as well
   * `java.util.stream.Collectors#toMap(Function,Function)`: specialized collectors flow
   * `java.util.stream.Stream#collect(Collector)`: handled separately on a case-by-case basis as it is too complex for MaD
 2024-03-01 12:32:04 +00:00
Owen Mansel-Chan
f907fd21ad Add manual neutral models for java.text.Format and java.text.MessageFormat 
See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll

   * Note: the following top JDK APIs are not modeled with MaD:
   * `java.text.Format#format(Object)`: similar issue as `Object.toString`; depends on the object being passed as the argument
   * `java.text.MessageFormat#format(String,Object[])`: similar issue as `Object.toString`; depends on the object being passed as the argument
 2024-03-01 12:31:59 +00:00
Owen Mansel-Chan
0e95f41900 Add manual neutral models for java.lang 
See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll

   * Note: the following top JDK APIs are not modeled with MaD:
   * `java.lang.System#getProperty(String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
   * `java.lang.System#setProperty(String,String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
 2024-03-01 12:31:49 +00:00
Owen Mansel-Chan
bb97df1d71 do not generate models for lambda flow methods 2024-03-01 12:11:40 +00:00
Florin Coada
1719fd8acb Merge pull request #15769 from github/coadaflorin/changelog-2.16.3-updates 
Match changelog updates with public unified changelog
 2024-03-01 10:57:02 +00:00
Owen Mansel-Chan
bbf3fa7506 do not generate models for toString 2024-03-01 09:59:27 +00:00
Tony Torralba
e0515269c5 Merge pull request #15774 from atorralba/atorralba/java/mapentry-copyof-provenance 
Java: Fix provenance of Map.Entry.copyOf models
 2024-03-01 10:26:22 +01:00
Florin Coada
a8816a6d1c Update java/ql/src/change-notes/released/0.8.9.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-01 09:18:22 +00:00
Florin Coada
d54e3d73ab Update java/ql/src/CHANGELOG.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-03-01 09:18:14 +00:00
Tony Torralba
dd1dbdf4ec Java: Fix provenance of Map.Entry.copyOf models 2024-03-01 09:00:13 +01:00
github-actions[bot]
148bc26b09 Add changed framework coverage reports 2024-03-01 00:17:57 +00:00
Owen Mansel-Chan
54031a8187 Merge pull request #15767 from owen-mc/java/add-summary-models 
Java: add a few summary models
 2024-02-29 21:21:23 +00:00
Chris Smowton
051d63a5a9 Merge pull request #15740 from smowton/smowton/feature/call-and-type-telemetry 
Java: add extraction quality telemetry; improve stringification of some erroneous expressions
 2024-02-29 16:51:51 +00:00
Tony Torralba
47bf556223 Merge pull request #15709 from atorralba/atorralba/java/enable-widget-taint-steps 
Java: Re-enable Widget.qll flow steps
 2024-02-29 17:33:05 +01:00
Owen Mansel-Chan
7b5f51b1e2 Change summary models to neutral models for javax.crypto.Cipher 2024-02-29 16:22:27 +00:00
Chris Smowton
ef9544cbef Adjust test expectations now signature type-accesses are named 2024-02-29 15:33:29 +00:00
Chris Smowton
903e4f59f0 Exclude error types from contradictory-type-check query 2024-02-29 14:59:46 +00:00
Chris Smowton
140c3189e3 Adjust test expectations 2024-02-29 14:59:46 +00:00
Chris Smowton
3bd0c3b2c2 Switch test to using a qlref to the real telemetry query 2024-02-29 14:59:46 +00:00
Chris Smowton
ef82ea7541 Add change note 2024-02-29 14:59:46 +00:00
Chris Smowton
551006c15e Make predicate private 2024-02-29 14:59:46 +00:00
Chris Smowton
ffa998eb4a Autoformat 2024-02-29 14:59:45 +00:00
Chris Smowton
b6507e795a Add test for a buildless project that doesn't compile cleanly 2024-02-29 14:59:45 +00:00
Chris Smowton
5d55265910 Add telemetry for untyped expressions and missing call targets 2024-02-29 14:59:45 +00:00
Chris Smowton
1fd459e8fc Improve stringification of some erroneous expressions 2024-02-29 14:59:45 +00:00
Florin Coada
8d1965db59 match changelog to unified changelog 2024-02-29 14:33:14 +00:00