hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,579 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.2
Commit Graph

4105 Commits

Author SHA1 Message Date
yh-semmle
80fd5b2ada Merge pull request #2175 from aschackmull/java/continue-in-false-loop 
Java: Port C++ query cpp/continue-in-false-loop to Java.
 2019-10-24 20:47:59 -04:00
Anders Schack-Mulligen
fe2988ab39 Merge pull request #2152 from yh-semmle/java-alert-suppression-annotations 
Java: support LGTM alert suppression using `@SuppressWarnings` annotations
 2019-10-24 15:04:29 +02:00
Anders Schack-Mulligen
3462624995 Java: Add test. 2019-10-23 16:24:26 +02:00
yh-semmle
afcde14403 Merge pull request #2085 from aschackmull/java/overflow-check-fp 
Java: Add another overflow check pattern to UselessComparisonTest.
 2019-10-18 11:01:24 -04:00
yh-semmle
ee2c97f147 Java: add extra test for java/alert-suppression-annotations 2019-10-17 22:09:04 -04:00
yh-semmle
62521dca32 Java: account for multiple strings in java/alert-suppression-annotations 2019-10-17 22:09:04 -04:00
yh-semmle
e3f828c588 Java: refine ranges in java/alert-suppression-annotations 2019-10-17 22:09:03 -04:00
yh-semmle
b2bc8382b0 Java: add alert-suppression query for @SuppressWarnings("lgtm[...]") 2019-10-17 22:09:02 -04:00
Anders Schack-Mulligen
38aba7bfc1 Java: Fix qltest. 2019-10-07 15:51:42 +02:00
Cornelius Riemenschneider
9ef61bd43c Address more parts of Anders review. 2019-10-07 15:19:20 +02:00
Cornelius Riemenschneider
0f5dd5d7c7 Add one more test with a more complicated guard. 2019-10-07 15:14:42 +02:00
Cornelius Riemenschneider
d79eaffd3a Prune unreachable paths in the Java dataflow library based on call context. 
We now detect patterns like
f(bool cond){
       if(cond)
        then A
        else B
and prune branches for calls like f(true) or f(false).
This pruning is done both in the local (bigstep) flow graph
as well as in the inter-procedural dataflow graph.
 2019-10-07 15:10:54 +02:00
Cornelius Riemenschneider
dba93b30e7 Add tests exhibiting false positives in the dataflow library, where call context is not used to prune branches. 2019-10-07 14:59:55 +02:00
Anders Schack-Mulligen
066a2f0d12 Java: Add another overflow check pattern to UselessComparisonTest. 2019-10-04 15:04:40 +02:00
Tom Hvitved
7f6e253425 Java: Update expected test output 2019-10-04 11:09:44 +02:00
yh-semmle
3313af5189 Merge pull request #2036 from aschackmull/java/eq-ssa-guard 
Java: Improve guards for equal ssa variables.
 2019-10-02 12:00:59 -04:00
Anders Schack-Mulligen
f87cb4d6ac Java/C++/C#: Address review comments and fix test. 2019-10-02 14:32:17 +02:00
Anders Schack-Mulligen
0afea80d53 Java: Improve guards for equal ssa variables. 2019-09-26 16:29:13 +02:00
Tom Hvitved
6318cc9a71 Java: Update expected test output 2019-09-18 13:36:15 +02:00
Anders Schack-Mulligen
2d620698d8 Java: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Jonas Jensen
9c9b7ac651 C#/C++/Java: Revert AccessPathNil.toString changes 
This caused too many `*.expected` files to change, also in our internal
repo.
 2019-09-02 15:59:36 +02:00
Jonas Jensen
a98992f0f9 C#/C++/Java: distinguish toString of nil from cons 2019-09-02 14:22:03 +02:00
Jonas Jensen
cdede8744f C#/C++/Java: Prettier PartialAccessPath.toString 2019-09-02 14:05:50 +02:00
Jonas Jensen
c3bc9f8575 C#/C++/Java: Unbreak partial data flow support 
Partial data flow had a semantic merge conflict with this branch. The
problem is that partial data flow doesn't (and shouldn't) cause the
initial pruning steps to run, but the length-2 access paths depend on
the `consCand` information that comes from that initial pruning. The
solution is to restore the old `AccessPath` class, now called
`PartialAccessPath` for use only by partial data flow.

With this change, partial data flow will in some cases allow more field
flow than non-partial data flow.
 2019-09-02 14:02:39 +02:00
Jonas Jensen
6c96a8d339 Java: Accept test changes 
Note: the results in `partial` have regressed and will need to be fixed
in a follow-up commit.
 2019-09-02 13:14:17 +02:00
Anders Schack-Mulligen
8a318ce4e7 Java: Extend test with graph. 2019-08-30 14:35:21 +02:00
Anders Schack-Mulligen
6582734733 Java: Add test. 2019-08-30 14:32:55 +02:00
Luke Cartey
dfa371c65b Java: Add missing SQL query APIs. 
* executeLargeUpdate
 * prepareCall
 2019-08-30 10:40:49 +01:00
Pavel Avgustinov
cc854dd937 Merge branch 'master' of github.com:Semmle/ql into attribute 2019-08-23 09:55:35 +01:00
Anders Schack-Mulligen
629c19e719 Java: Autoformat. 2019-08-21 14:38:17 +02:00
Pavel Avgustinov
cb3551b4d6 Merge commit '76982404' into attribute 2019-08-21 12:44:07 +01:00
Anders Schack-Mulligen
6ff4fe38ec Java/C++/C#: Add field flow support for stores in nested fields. 2019-08-19 14:41:06 +02:00
Pavel Avgustinov
127c33700c Add Java stubs readme 2019-08-17 18:57:50 +01:00
Pavel Avgustinov
c92eb58300 Add j2objc license 2019-08-17 16:31:18 +01:00
Pavel Avgustinov
b52ea1e21b Add Apache Shiro third-party notice 2019-08-17 16:31:18 +01:00
Anders Schack-Mulligen
a50ea54ff6 Java: Fix tests. 2019-08-08 12:03:01 +02:00
Anders Schack-Mulligen
f8804943ee Java: Change in/out barriers to be explicit in the configuration. 2019-08-05 12:05:12 +02:00
Anders Schack-Mulligen
d3c5644229 Java: Add support for in/out barriers on sources and sinks. 2019-07-26 11:52:55 +02:00
Anders Schack-Mulligen
3024b5cb9e Java: Bugfix for flow through methods with taintstep and upcast. 2019-07-22 15:39:30 +02:00
Anders Schack-Mulligen
a583f000c1 Java: Fix tests. 2019-06-27 13:20:03 +02:00
yh-semmle
0fb323b5ff Java: add QL library for modeling AndroidManifest.xml files 2019-06-10 12:59:47 -04:00
Anders Schack-Mulligen
0e12df0a15 Java: Add SwitchExpr support in Guards.qll 2019-06-04 16:03:23 +02:00
Anders Schack-Mulligen
48b19f1fea Java: Replace ValidatedVariable with guarded accesses. 2019-05-20 16:46:11 +02:00
Anders Schack-Mulligen
f367427fb8 Java: Deprecate RemoteUserInput. 2019-05-06 13:43:58 +02:00
Anders Schack-Mulligen
dec31a3dd6 Java: Use range analysis in IntMultToLong. 2019-04-05 10:42:23 +02:00
Anders Schack-Mulligen
b1e364b56a Java: Support precondition calls as guards. 2019-04-02 10:58:46 +02:00
yh-semmle
64b2d331ae Java: add test for Guice framework support 2019-02-15 20:01:08 -05:00
Anders Schack-Mulligen
52ad816074 Merge pull request #904 from rneatherway/zipslip-fix 
Java: Add a flow step for `Path::toFile` in ZipSlip
 2019-02-11 13:08:38 +01:00
Robin Neatherway
409733838b Java: Add a flow step for Path::toFile in ZipSlip 2019-02-11 10:33:44 +00:00
Henning Makholm
b8a03464bf Fix false positives in java/unused parameter 
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
 2019-02-07 21:14:36 +01:00