hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

5479 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Mathias Vorreiter Pedersen
1280d43e36 Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Anders Schack-Mulligen
4f5ccfd76c Merge pull request #9181 from Marcono1234/marcono1234/FloatingPointLiteral-rename 
Java: Rename `FloatingPointLiteral` to `FloatLiteral`
 2022-05-17 10:08:49 +02:00
Tamás Vajk
fcb3d78eae Merge pull request #9146 from tamasvajk/kotlin-inner-class-static 
Kotlin: exclude Kotlin source from 'inner class could be static' check
 2022-05-17 08:43:39 +02:00
Tamás Vajk
26553cefc5 Merge pull request #9149 from tamasvajk/kotlin-maybe-null 
Kotlin: Exclude operands of `NotNullExpr` from NullMaybe query
 2022-05-17 08:43:24 +02:00
Tamás Vajk
d8c22901c9 Merge pull request #9150 from tamasvajk/kotlin-MissingInstanceofInEquals 
Kotlin: Add more type check casts to MissingInstanceofInEquals query
 2022-05-17 08:43:06 +02:00
Marcono1234
4e1a73f4d9 Java: Rename FloatingPointLiteral to FloatLiteral 
"Floating point" refers to both `double` and `float`, and is also used by
the JLS in this way. Therefore the old CodeQL class name for `float` literals
was misleading.
 2022-05-16 22:06:04 +02:00
Nick Rolfe
c518150b49 Merge pull request #9132 from github/nickrolfe/misspelling 
QL for QL: generalise non-US spelling query
 2022-05-16 16:03:36 +01:00
Tamas Vajk
47ec38c35a Kotlin: Exclude Kotlin files altogether from NullMaybe query 2022-05-16 10:52:20 +02:00
Tony Torralba
168a184602 Merge pull request #9127 from atorralba/atorralba/sensitive-info-log-improvs 
Java: Sensitive Info Log query improvements
 2022-05-13 16:57:32 +02:00
Tamas Vajk
7d5844a9a4 Kotlin: Add more type check casts to MissingInstanceofInEquals query 2022-05-13 13:52:52 +02:00
Tamas Vajk
c2a8965c90 Kotlin: Exclude operands of NotNullExpr from NullMaybe query 2022-05-13 13:42:10 +02:00
Tamas Vajk
631ba8adcf Kotlin: exclude Kotlin source from 'inner class could be static' check 2022-05-13 11:20:28 +02:00
github-actions[bot]
b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
128fac4414 Java: fix typos in comments 2022-05-12 14:28:49 +01:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Mathias Vorreiter Pedersen
eb3a35eaea Update java/ql/src/change-notes/released/0.1.2.md 2022-05-12 11:43:27 +01:00
Mathias Vorreiter Pedersen
11707f8522 Update java/ql/src/CHANGELOG.md 2022-05-12 11:43:19 +01:00
Mathias Vorreiter Pedersen
2ef976a152 Update java/ql/src/CHANGELOG.md 2022-05-12 11:43:08 +01:00
github-actions[bot]
ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
Tony Torralba
f0a0ac100b Add live literals as sanitizers for sensitive logging 2022-05-12 11:57:44 +02:00
Tony Torralba
5db8306fef Stop considering usernames sensitive info 
Require variables to be static to be considered constants
 2022-05-12 11:46:52 +02:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
Henry Mercer
b6f1ddcdab Java: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:29:25 +01:00
Anders Schack-Mulligen
9a4d86e9b4 Merge pull request #8571 from Marcono1234/marcono1234/statement-expression 
Java: Add `ValueDiscardingExpr`
 2022-05-11 13:37:24 +02:00
Chris Smowton
0044326884 Add change note 2022-05-11 12:06:27 +01:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00
luchua-bc
f85c01c975 Correct string source 2022-05-11 10:37:22 +00:00
Tony Torralba
43b425d0e4 Merge pull request #9002 from atorralba/atorralba/https-urls-improvs 
Java: Add OkHttp and Retrofit models
 2022-05-11 10:48:08 +02:00
Ian Lynagh
b5572422df Kotlin: Autoformat 2022-05-10 19:51:31 +01:00
Tony Torralba
a5a31db835 Rename AnyEqualsExpr and AnyNotEqualsExpr 2022-05-10 19:51:31 +01:00
Ian Lynagh
2e3d2b8e11 Java: Use the Diagnostics class in DiagnosticsReporting.qll 
We shouldn't use database types/tables directly in src/
 2022-05-10 19:51:31 +01:00
Ian Lynagh
2647a45239 Kotlin: Fix TypeVariableHidesType performance regression 2022-05-10 19:51:30 +01:00
Tamas Vajk
47799ae040 Code quality improvements + add dedicated DeadRefTypes test 2022-05-10 19:51:28 +01:00
Tamas Vajk
cdc7ed0e14 Extract container of adapter function as compiler generated 2022-05-10 19:51:28 +01:00
Tamas Vajk
505ccbbcf6 Extract override modifier 2022-05-10 19:51:28 +01:00
Chris Smowton
7dec3f4835 Use EqualityTest for either value or ref comparions, and ReferenceEqualityTest for strictly ref comparison. 2022-05-10 19:51:17 +01:00
Chris Smowton
f95effcf82 Always extract ValueEQ/NEExpr for Kotlin ==/!= 
I introduce AnyEqualsExpr for either reference or value equality and AnyEqualityTest for the same concept including not-equals operators, and use them wherever the written QL clearly doesn't care about the difference between reference and value comparison, typically because it is concerned with testing against null or against a primitive constant.
 2022-05-10 19:51:17 +01:00
Ian Lynagh
6566f7b69f Kotlin: Add types for the different kinds of casts that Kotlin has 
We might want to unify some of these in future, but doing that
correctly is easier than splitting them up correctly, so I've given each
one its own QL class for now.

I am not familiar with many of the libraries/queries that use CastExpr.
I've briefly looked at them and updated them in a way that looks
superficially reasonable, but some of the uses will probably want to be
refined later.
 2022-05-10 19:51:13 +01:00
Ian Lynagh
8853489f04 Kotlin: Add a "generted by" field to the diagnostics table 2022-05-10 19:51:01 +01:00
luchua-bc
75e7148912 Standardize the query and update qldoc 2022-05-09 16:10:11 +00:00
Michael Nebel
1401e7ddb3 Merge pull request #8855 from michaelnebel/csharp/singlereadstore 
C#: Only allow two read and two store steps in model capturing.
 2022-05-09 10:05:53 +02:00
Michael Nebel
83aa65ff53 C#/Java: Remove redudandant QL comment in CaptureModel. 2022-05-09 07:36:41 +02:00