hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,593 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.6
Commit Graph

4193 Commits

Author SHA1 Message Date
Tony Torralba
d3b3af8ae6 Re-adds jump step 
Note that this causes FP flow in the call context test cases
 2023-07-24 08:49:37 +02:00
Tony Torralba
36ff54b48b Convert jump step into local step 
Note that this has FNs in the test cases where the source is used locally in the nested classes' methods
 2023-07-24 08:49:37 +02:00
Tony Torralba
f054f73836 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-07-24 08:49:36 +02:00
Tony Torralba
1de68457ae Move steps to InputStream.qll 2023-07-24 08:49:36 +02:00
Tony Torralba
0156fcc381 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-07-24 08:49:36 +02:00
Tony Torralba
3a6665b0ed Add change note 2023-07-24 08:49:36 +02:00
Tony Torralba
5330ce12cc Use new TypeInputStream 2023-07-24 08:49:34 +02:00
Tony Torralba
00e0e5a61a Java: Add taint step for InputStream wrappers 2023-07-24 08:48:04 +02:00
github-actions[bot]
f91b7a9342 Post-release preparation for codeql-cli-2.14.1 2023-07-21 16:16:25 +00:00
Tony Torralba
3d515b18df Merge pull request #13769 from atorralba/atorralba/java/avoid-inputstream-low-confidence-dispatch 
Java: Avoid low-confidence dispatch to InputStream methods
 2023-07-21 10:42:34 +02:00
github-actions[bot]
c936a920b0 Release preparation for version 2.14.1 2023-07-20 16:32:27 +00:00
Geoffrey White
45a9d5bc7d Java: QLDoc. 2023-07-20 11:53:52 +01:00
Geoffrey White
80cb386ffd Java: Change note. 2023-07-20 11:52:04 +01:00
Geoffrey White
369f88beda Java: Fix for multiple parse mode flags. 2023-07-20 11:49:54 +01:00
Tony Torralba
238cb26624 Add change note 2023-07-19 15:37:33 +02:00
Tony Torralba
29543f5726 Change InputStream.read from neutral to summary 2023-07-19 14:44:18 +02:00
Anders Schack-Mulligen
e72a0b2f8c Dataflow: Add change notes. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
95d17045c9 Dataflow: Sync. 2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen
fd83b6afdb Dataflow: Add support for not skipping configuration-specific nodes in big-step. 2023-07-19 11:41:15 +02:00
Tony Torralba
2dbbcc2413 Java: Avoid low-confidence dispatch to InputStream methods 
Also adds a neutral model for `InputStream.read`, which offers a high-confidence alternative for this method.
 2023-07-19 11:30:53 +02:00
Ian Lynagh
8a0286ec34 Java: Improve the diagnostics consistency query 
Diagnostics can be easier to read if you see them in the order in which
they were generated. By selecting the compilation and indexes, they get
sorted by the testsuite driver.

d.getCompilationInfo(c, f, i) would be a bit more natural as
d = c.getDiagnostic(f, i), but currently we don't import Diagnostic into
the default ('import java') namespace, and I don't think it's worth
changing that for this.
 2023-07-17 15:37:05 +01:00
Anders Schack-Mulligen
6770d2a49b Java: Exclude source-to-source flow in 5 queries. 2023-07-17 09:06:49 +02:00
Anders Schack-Mulligen
80a799df01 Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix 
Dataflow: Fix forceHighPrecision for length-2 prefixes.
 2023-07-14 11:42:35 +02:00
Tony Torralba
cafc67e3be Merge pull request #13714 from pwntester/java/langs3_improvements 
[Java] Add missing commons lang3 model for ToStringBuilder.reflectionToString
 2023-07-13 14:45:33 +02:00
Anders Schack-Mulligen
a0e96594d8 Merge pull request #13736 from aschackmull/dataflow/remove-superfluous-module-members 
C#/Java/Ruby: Remove superfluous module members.
 2023-07-13 13:59:31 +02:00
Anders Schack-Mulligen
91de43f918 C#/Java/Ruby: Remove superfluous module members. 2023-07-13 11:38:35 +02:00
Stephan Brandauer
4391799b7e Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 
Java: Update MaD Declarations after Triage
 2023-07-13 11:15:41 +02:00
Anders Schack-Mulligen
58cd16565f Dataflow: Fix forceHighPrecision for length-2 prefixes. 2023-07-13 10:55:39 +02:00
Anders Schack-Mulligen
d46b2a32ae Dataflow: Improve debug printing. 2023-07-13 10:55:39 +02:00
Tony Torralba
7204c30025 Update 2023-07-12-apache-commons-lang3-tostringbuilder.md 2023-07-13 09:38:33 +02:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ed Minnix
1cd8922ab5 Java: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:24 -04:00
Ed Minnix
1835b40f7b Java: Add default impl to StateConfigSig::isBarrier/2 2023-07-12 15:06:24 -04:00
Ian Lynagh
fe24cc1900 Merge pull request #13718 from igfoo/igfoo/file_classes 
Kotlin: Improve file class support
 2023-07-12 15:42:16 +01:00
Ian Lynagh
75c835c9d2 Add missing "a" to a qldoc comment 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2023-07-12 11:24:42 +01:00
Alvaro Muñoz
0247278bad add change note 2023-07-12 11:03:24 +02:00
Alvaro Muñoz
07e25e36b3 Merge branch 'java/langs3_improvements' of https://github.com/pwntester/codeql into java/langs3_improvements 2023-07-12 11:00:04 +02:00
Alvaro Muñoz
46e326e106 add change note 2023-07-12 10:59:56 +02:00
Tony Torralba
c54e93f005 Merge pull request #13705 from atorralba/atorralba/java/android-unsafe-fetch-apply 
Java: Add support for Kotlin's `apply` to java/android/unsafe-android-wevbiew-fetch
 2023-07-12 09:45:54 +02:00
Alvaro Muñoz
51f7031416 Update java/ql/lib/ext/org.apache.commons.lang3.builder.model.yml 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-07-12 09:06:05 +02:00
Ian Lynagh
cfd29de677 Kotlin: Add Class.isFileClass() 2023-07-11 15:58:41 +01:00
Alvaro Muñoz
e8563e5dfd fix row 2023-07-11 10:47:23 +02:00
Mathias Vorreiter Pedersen
a4c0063ab1 Merge pull request #13679 from MathiasVP/speedup-big-step 
DataFlow: Speed up the big step relation
 2023-07-11 09:44:17 +01:00
Alvaro Muñoz
c2f1fbbf98 Add missing commons lang3 model for ToStringBuilder.reflectionToString 2023-07-11 10:34:17 +02:00
Alvaro Muñoz
047d486509 add new struts2 models 2023-07-11 10:23:26 +02:00
Tony Torralba
ce600367df Java: Add support for Kotlin's apply to java/android/unsafe-android-webview-fetch 2023-07-10 17:40:16 +02:00
Tony Torralba
b70e21df4f Merge pull request #13702 from atorralba/atorralba/kotlin/apply 
Kotlin: Support apply
 2023-07-10 17:39:57 +02:00
Tony Torralba
0f18c0227b Kotlin: Support apply 2023-07-10 16:15:27 +02:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00