hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,612 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.7
Commit Graph

4033 Commits

Author SHA1 Message Date
Tony Torralba
7f5fe85e2e Merge pull request #9975 from atorralba/atorralba/asynctask-improvs 
Java: Improve AsyncTask data flow support
 2022-08-09 17:10:09 +02:00
Erik Krogh Kristensen
49276b1f38 Merge branch 'main' into refacReDoS 2022-08-09 16:18:46 +02:00
Chris Smowton
1c6642f3fb Format QL 2022-08-09 11:50:54 +01:00
Chris Smowton
80f5b977d6 Use sealed classes released version 2022-08-09 11:50:54 +01:00
yo-h
c46b54b9c2 Java 17: exclude non-source locations in some tests 2022-08-09 11:50:54 +01:00
yo-h
0bf7e075e5 Java 17: adjust expected test output 2022-08-09 11:50:54 +01:00
yo-h
27b699df33 Java: adjust test options for JDK 17 upgrade 2022-08-09 11:50:54 +01:00
Tony Torralba
98b930cd67 Accept test changes in experimental query after AsyncTask improvements 2022-08-08 09:23:12 +02:00
Tony Torralba
03b854a1ed Add test for initializer method 2022-08-05 15:29:17 +02:00
Joe Farebrother
a2245bb858 Fix test 2022-08-05 12:56:19 +01:00
Joe Farebrother
498ad230c2 Update stubs 2022-08-05 12:56:19 +01:00
Joe Farebrother
c4de158e0d Add tests 2022-08-05 12:56:18 +01:00
Tony Torralba
9ee90f8022 Remove unnecessary import from test 2022-08-05 11:11:13 +02:00
Tony Torralba
5ebce6ee4f Improve AsyncTask data flow support 
Model the life-cycle described here: https://developer.android.com/reference/android/os/AsyncTask\#the-4-steps
 2022-08-05 10:29:49 +02:00
intrigus
88ded4679a Accept test changes 2022-08-04 16:21:53 +02:00
intrigus
c867a1a146 Test setProperty/put with taint stored earlier 2022-08-04 16:21:51 +02:00
intrigus
0b7f0fbe54 Accept test changes 2022-08-04 16:21:50 +02:00
intrigus
55618adf6a Model java.util.Properties.setProperty 2022-08-04 16:21:48 +02:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Tony Torralba
593ce01362 Merge pull request #9908 from atorralba/atorralba/xml-inline-exp-test 
Java: Add support for XML InlineExpectationsTest
 2022-07-29 14:49:19 +02:00
Tony Torralba
ec03ebbbfc Add spurious and missing test cases 2022-07-29 13:44:25 +02:00
Tony Torralba
6091f0dbce Use camelCase for XML acronym 2022-07-29 13:44:11 +02:00
luchua-bc
b69eba9238 Add check for Spring redirect 2022-07-29 01:59:47 +00:00
Chris Smowton
1737ed50ba Add test cases for wildcard lowering of array types 2022-07-28 15:52:00 +01:00
Chris Smowton
8cd2aeb65d Accept test changes 2022-07-28 15:52:00 +01:00
Chris Smowton
e7f275382e Add test for Java wildcard substitution 2022-07-28 15:51:59 +01:00
Tony Torralba
7ca955a0e6 Add support for XML InlineExpectationsTest 2022-07-27 17:23:10 +02:00
Chris Smowton
9e7fc1731f Merge pull request #9898 from smowton/smowton/fix/kotlin-super-calls 
Kotlin: implement super-method calls
 2022-07-27 11:31:36 +01:00
Tony Torralba
e179126abb Merge pull request #9129 from atorralba/atorralba/get-underlying-expr 
Java: Add Expr::getUnderlyingExpr predicate
 2022-07-27 11:42:28 +02:00
luchua-bc
1ce31ec32c Add sinks of servlet dispatcher and filter 2022-07-26 23:05:25 +00:00
Chris Smowton
5086841b46 Kotlin: implement super-method calls 
If we only look at the dispatch receiver, these show up like `this` references rather than `super` references, preventing flow through super-calls. The super-interface case requires properly noting that interface methods with a body get a `default` modifier in order to avoid QL discarding the method as a possible callee.
 2022-07-26 17:03:46 +01:00
Tony Torralba
33f5620782 Add more models 2022-07-26 11:06:11 +02:00
Tony Torralba
95db81658b Add CSV models for java.util.Scanner 2022-07-26 10:42:24 +02:00
Chris Smowton
3f6925e7be Merge pull request #9875 from smowton/smowton/fix/charat-naming 
Kotlin: Special-case String.charAt naming
 2022-07-25 16:10:13 +01:00
Chris Smowton
715b0b3fb8 Accept test changes 2022-07-25 15:17:14 +01:00
luchua-bc
962069ccff Add path check in a security context (redirect) 2022-07-22 23:10:52 +00:00
Chris Smowton
9593ceeda5 Kotlin: Special-case String.charAt naming 
In the Kotlin universe this is called `get` so that Kotlin programmers can use the `[]` operator on `String`s.
 2022-07-21 09:17:08 +01:00
Chris Smowton
1cbe26a54f Kotlin: fix for-loop iterators over primitive or wildcard types 
Array<*> can't be queried for an argument type, and IntArray doesn't have an argument at all; both were previously causing the extractor to fail to extract the whole file due to throwing an exception.
 2022-07-21 09:13:55 +01:00
luchua-bc
48f143e7d4 Query to detect regex dot bypass 2022-07-20 22:39:24 +00:00
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
Chris Smowton
d4b0163c4c Kotlin: Don't extract a name for a '_' parameter 
I can't reproduce the exact circumstances, but these sometimes get "<anonymous parameter X>" names and sometimes get "$noName_X" names. Whichever way, avoiding extracting a synthetic name seems safest; anyone finding the .class file and not reading the metadata indicating it came from a `_` will extract the binary name selected, or else QL will
invent a name.
 2022-07-14 16:36:26 +01:00
Chris Smowton
b1dd3c2d84 Model java.util.Properties.getProperty 2022-07-13 13:59:28 +01:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Ian Lynagh
a0636ff843 Merge pull request #9545 from igfoo/igfoo/type_cycles 
Java: Fix RefType.getAStrictAncestor() in the presence of type hierarchy cycles
 2022-07-12 14:28:54 +01:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Chris Smowton
4c6a9772af Merge pull request #9768 from smowton/smowton/fix/internal-method-name-mangling 
Kotlin: Mangle names of internal functions to match JVM symbols
 2022-07-01 14:33:32 +01:00
Chris Smowton
14aef792e0 Accept test changes 2022-07-01 10:35:17 +01:00
Chris Smowton
dd93062101 Kotlin: Mangle names of internal functions to match JVM symbols 2022-06-30 21:56:25 +01:00
Chris Smowton
570e418b22 Fix ordering PrintAst nodes 2022-06-30 16:07:32 +01:00
Chris Smowton
0d0d240fd4 Accept test changes re: new compiler-generated nodes 2022-06-30 15:29:20 +01:00