hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

4076 Commits

Author SHA1 Message Date
Tony Torralba
7bc907840c Fix tests 2023-12-13 11:15:27 +01:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Ed Minnix
7362158229 Fix test case 2023-12-11 11:18:40 -05:00
Ed Minnix
bbf99375c7 Alter cookie sinks to instead focus on creation of a cookie 2023-12-11 11:18:39 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00
Ed Minnix
b713efb711 Add ThreadLocalRandom.current as another source 2023-12-11 11:18:38 -05:00
Ed Minnix
1daa83bf46 Add test cases 2023-12-11 11:18:38 -05:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Jami
651653998c Merge pull request #14913 from jcogs33/jcogs33/unsafe-url-forward_path-inj-related_cve-2019-3799 
Java: add Spring models
 2023-12-04 10:18:50 -05:00
amammad
0d0dc5158c stash 2023-12-01 15:03:03 +01:00
Chris Smowton
cc68169f43 Update test expectations re: record-pattern type accesses 2023-11-30 11:24:07 +00:00
Chris Smowton
b33dc38a65 Fix hasBranchEdge for switch exprs with an internal CFG and incoming edges from a passing case guard 2023-11-30 11:24:06 +00:00
Chris Smowton
aa5f7352e2 Remove fall-through CFG edge for exhaustive switch statements 2023-11-30 11:24:06 +00:00
Chris Smowton
d99a005b42 Fix pretty-printing case null, default 2023-11-30 11:24:06 +00:00
Chris Smowton
4bff7953fc Fix record pattern and pretty-printing 2023-11-30 11:24:05 +00:00
Chris Smowton
419d530a06 Add test ensuring read steps via record patterns lead to type filtering 2023-11-30 11:24:05 +00:00
Chris Smowton
087be2cca8 Adjust test expectations 2023-11-30 11:24:05 +00:00
Chris Smowton
a11c5c7257 Fixup pretty-printer and add test 2023-11-30 11:24:05 +00:00
Chris Smowton
29fdd04eb0 Include switch and instanceof binding in Variable.getAnAssignedValue, and test via endsInQuote 2023-11-30 11:24:05 +00:00
Chris Smowton
47e3d7d8a5 Cast back to Object in advance of returning, to ensure the test doesn't mask a shortcoming of type pruning by pruning at the return site 2023-11-30 11:24:05 +00:00
Chris Smowton
f0144d6a3d Expose that case guard test controls its case body 2023-11-30 11:24:04 +00:00
Chris Smowton
da62a04653 Note that binding variables may be casting nodes 2023-11-30 11:24:04 +00:00
Chris Smowton
c11a260369 Note we can't prove certain unreachable callables when 'case null' is present 2023-11-30 11:24:04 +00:00
Chris Smowton
6b3080ae92 Allow case null, default to be the first switch case 
This is consistent with existing treatment of `case null: default:`
 2023-11-30 11:24:04 +00:00
Chris Smowton
668f445fb4 Fix switchCaseControls and hasBranchEdge to account for mixed patterns and constant cases 2023-11-30 11:24:04 +00:00
Chris Smowton
6583c72c5d Restrict pattern type guards to account for nested record matching failures 2023-11-30 11:24:03 +00:00
Chris Smowton
0bb051e08c First stab at implementing negative type-test logic for pattern-case 2023-11-30 11:24:03 +00:00
Chris Smowton
d7a517a989 Remove needless test options 2023-11-30 11:24:03 +00:00
Chris Smowton
de2b98f4a1 Fix hasNullCase 2023-11-30 11:24:02 +00:00
Chris Smowton
480781b049 autoformat 2023-11-30 11:24:02 +00:00
Chris Smowton
011eb2201e Add test for ObjFlow over binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
4cf511e26a Add test for virtual-dispatch flow through binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
43c935024a Add test for typeflow propagation through instanceof and pattern-case 2023-11-30 11:24:02 +00:00
Chris Smowton
e5fdf4dd50 Update test expectation 2023-11-30 11:24:01 +00:00
Chris Smowton
330a5b8c6c autoformat ql 2023-11-30 11:24:00 +00:00
Chris Smowton
32416f0fdc Add test for record-pattern instanceof 2023-11-30 11:24:00 +00:00
Chris Smowton
e41da3b10a Add missing test Java files 2023-11-30 11:24:00 +00:00
Chris Smowton
20b97af02f Implement dataflow for record patterns 
Strategy: there is now a regular flow step from an instance-of LHS / switch expr to the pattern, 0 or more read steps corresponding to record pattern destructors, and then finally a normal SSA def/use step connecting the binding patterns to their first uses.
 2023-11-30 11:24:00 +00:00
Chris Smowton
05addde957 Adapt control-flow graph to record patterns 2023-11-30 11:24:00 +00:00
Chris Smowton
daccd04087 Basic extraction of record patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
3cb01002dc Add test for usage of qualified enum constants in switch 2023-11-30 11:23:59 +00:00
Chris Smowton
8406ee7ed5 Add test for a pattern-switch guard acting as a data-flow guard 2023-11-30 11:23:59 +00:00
Chris Smowton
144218e2f7 Implement switch CFG when there are mixed constant and pattern cases 2023-11-30 11:23:59 +00:00
Chris Smowton
54a89d6fef Handle 'case null, default:' 2023-11-30 11:23:59 +00:00
Chris Smowton
2b16121638 CFG: Support guarded patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
ba0f3cf718 Add basic support for case guards 2023-11-30 11:23:59 +00:00
Chris Smowton
e94c5a772c Check nullness pass knows pattern case variables can't be null 2023-11-30 11:23:59 +00:00
Chris Smowton
ca43b9603a Fixup typeflow test 2023-11-30 11:23:59 +00:00