hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

4076 Commits

Author SHA1 Message Date
Tamás Vajk
f7d2b2767c Merge pull request #9151 from tamasvajk/kotlin-comments-variables-1 
Kotlin: Handle variables as comment owners
 2022-05-16 09:32:19 +02:00
Tony Torralba
616b12d011 Merge pull request #8956 from atorralba/atorralba/intent-redirection-sanitizer-fix 
Java: Fix Intent Redirection sanitizer
 2022-05-16 09:21:04 +02:00
Chris Smowton
305ddb2169 Accept test changes 2022-05-13 17:44:26 +01:00
Chris Smowton
fbdd5a13c5 Autoformat 2022-05-13 17:40:58 +01:00
Chris Smowton
c76a774e35 Accept test changes 2022-05-13 17:40:58 +01:00
Chris Smowton
498d3700bd Update java/ql/test/kotlin/library-tests/field-initializer-flow/test.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-05-13 17:40:58 +01:00
Chris Smowton
81baca2c17 Fix initializer field flow by extracting field finality 2022-05-13 17:40:58 +01:00
Tony Torralba
168a184602 Merge pull request #9127 from atorralba/atorralba/sensitive-info-log-improvs 
Java: Sensitive Info Log query improvements
 2022-05-13 16:57:32 +02:00
Ian Lynagh
153fd3a221 Kotlin: Fix diagnostics test 2022-05-13 15:36:30 +01:00
Ian Lynagh
98b0463e09 Kotlin: Accept test output 2022-05-13 15:36:30 +01:00
Tamas Vajk
7376ec5d42 Handle variables as comment owners 2022-05-13 13:58:06 +02:00
Tamas Vajk
7d5844a9a4 Kotlin: Add more type check casts to MissingInstanceofInEquals query 2022-05-13 13:52:52 +02:00
Tamas Vajk
e2efef7bd7 Kotlin: Add more type check tests for MissingInstanceofInEquals query 2022-05-13 13:50:59 +02:00
Tamas Vajk
c2a8965c90 Kotlin: Exclude operands of NotNullExpr from NullMaybe query 2022-05-13 13:42:10 +02:00
Tamas Vajk
e5d78687aa Kotlin: Add test for NullMaybe query 2022-05-13 13:41:25 +02:00
Tamas Vajk
631ba8adcf Kotlin: exclude Kotlin source from 'inner class could be static' check 2022-05-13 11:20:28 +02:00
Tamas Vajk
cd17e2eb28 Kotlin: add potentially static inner class test 2022-05-13 11:19:29 +02:00
Tamas Vajk
5ce2573cc1 Kotlin: Respect override modifier in useless parameter query 2022-05-13 11:08:35 +02:00
Tamas Vajk
6af4b74528 Kotlin: add useless parameter test for generic override 2022-05-13 11:07:22 +02:00
Chris Smowton
63dadd88aa Revert "Identify data classes during extraction" 
This reverts commit a61ba65c9f2182a578a7f4dbdb1c1657197f16cd, pending
adding a proper upgrade script for the DB change.
 2022-05-12 22:37:30 +01:00
Tamas Vajk
cc92c6517b Fix labels of extension function parameters 2022-05-12 22:37:06 +01:00
Tamas Vajk
a0f4960e31 Add test case for extension function called from java 2022-05-12 22:37:06 +01:00
Tamas Vajk
ccaafd74f3 Fix declaring type of companion field 2022-05-12 22:37:06 +01:00
Tamas Vajk
a8cf0383cf Add test for companion field declaring type 2022-05-12 22:37:06 +01:00
Tamas Vajk
8b1a7c845c Fix return type of <clinit> methods 2022-05-12 22:37:06 +01:00
Tamas Vajk
de003fd122 Add test for return type of <clinit> methods 2022-05-12 22:37:06 +01:00
Tamas Vajk
b0ee557a51 Fix expected test files 2022-05-12 22:37:06 +01:00
Tamas Vajk
59581439dd Fix colliding property accessor and function names 2022-05-12 22:37:06 +01:00
Tamas Vajk
a51c2c496f Add test with colliding property accessor and function names 2022-05-12 22:37:06 +01:00
Tamas Vajk
857a74cf14 Adjust class label generation to handle classes in field initializers 2022-05-12 22:37:06 +01:00
Tamas Vajk
394ec56d9d Add test case for local class declaration in field initializer 2022-05-12 22:37:06 +01:00
Chris Smowton
4ceb2f13c4 Add test 2022-05-12 22:37:06 +01:00
Chris Smowton
2600dcd182 Fix extracting type accesses relating to proprerty getters/setters and SAM-converted methods 
These should be handled the same as regular methods: extract type accesses for parameters and methods only if we're extracting "from source", i.e. at some point we're descended from extractFileContents.
 2022-05-12 22:37:06 +01:00
Tamas Vajk
538e05995a Fix dataflow for kotlin.Array.iterator() 2022-05-12 22:37:03 +01:00
Tamas Vajk
776322bac2 Add foreach dataflow tests 2022-05-12 22:36:28 +01:00
Chris Smowton
22e48ca39a Accept test changes 2022-05-12 22:36:28 +01:00
Chris Smowton
77056c9bff Add test expectations 2022-05-12 22:36:28 +01:00
Chris Smowton
ce87a89009 Replace Map and similar functions with their Java cousins 
This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V).

These have different erasures which was leading to callable-binding inconsistencies.
 2022-05-12 22:36:28 +01:00
Tamas Vajk
fa0bd0366c Fix extension property labels 2022-05-12 22:36:28 +01:00
Tamas Vajk
25fce5f6bb Identify data classes during extraction 2022-05-12 22:36:28 +01:00
Chris Smowton
1e78f2893c Add test for special method getters 2022-05-12 22:36:28 +01:00
Chris Smowton
134f88fe8e Accept test results 2022-05-12 22:36:27 +01:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
128fac4414 Java: fix typos in comments 2022-05-12 14:28:49 +01:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Tony Torralba
5db8306fef Stop considering usernames sensitive info 
Require variables to be static to be considered constants
 2022-05-12 11:46:52 +02:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00