hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

211 Commits

Author SHA1 Message Date
Max Schaefer
ea26e21454 Extend negative characteristics for exceptions to source models. 2024-01-12 12:20:22 +00:00
Max Schaefer
06ba5ea9f8 Eliminate GetCallable modules and use getCallable instead. 2024-01-12 12:03:49 +00:00
Max Schaefer
76b84301e3 Share some code. 2024-01-12 12:03:49 +00:00
Max Schaefer
9f443d4f83 Make Unexploitable*Characteristic more precise. 2024-01-12 12:03:41 +00:00
Max Schaefer
6e9c90a6bb Properly distinguish negative source and sink characteristics. 
In particular, `IsSanitizerCharacteristic` is a negative _source_ characteristic (not a negative sink characteristic), while `NeutralModelCharacteristic` is both.

This eliminates the erroneous test results.
 2024-01-11 12:36:48 +00:00
Max Schaefer
ff4555ac5b Get rid of negative sink types. 
Instead of positively implying the negative sink type, negative sink characteristics now negatively imply all sink types (but not source types). This is simpler and sice we will never have a huge number of sink types it doesn't impact performance either.

Changes to test results:

- The call to `createDirectories` at `Test.java:87` is now correctly classified as a source candidate, having previously been erroneously excluded by a negative _sink_ characteristic.
- The call to `compareTo` at `Test.java:48` is now erroneously classified as a source candidate; it should be suppressed by `IsSanitizerCharacteristic`, which is a negative sink characteristic, but should really be a negative source characteristic.
- In framework mode, several endpoints are now erroneously classified as source candidates even though they have neutral models, because `NeutralModelCharacteristic` is currently only a negative sink characteristic and not a negative source characteristic.
 2024-01-11 12:19:53 +00:00
Max Schaefer
bcf4f4febd Drop a conjunct which is now spurious. 2024-01-11 11:56:59 +00:00
Max Schaefer
03ca244df2 Associate endpoints with their potential endpoint types and check these when determining candidates. 
This prevents us from associating a sink candidate with a source type and vice versa.

However, this does not fix the problem of negative characteristics for sink types excluding source candidates.
 2024-01-11 11:44:14 +00:00
Max Schaefer
8e429bd399 Rename isSinkCandidate (and a related predicate) to isCandidate. 
This reflects the fact that these predicates also deal with source candidates.
 2024-01-11 11:20:51 +00:00
Max Schaefer
8d56ee4a56 Release automodel extraction queries v0.0.12. 2024-01-10 11:29:36 +00:00
Max Schaefer
ac8e92eec5 Merge pull request #15264 from github/max-schaefer/automodel-exclude-generated-calls 
Automodel: Do not generate features for compiler-generated program elements.
 2024-01-10 10:22:00 +00:00
Max Schaefer
9b7cfd88cd Clarify relationship of isFromSource and Element::fromSource. 2024-01-09 16:21:36 +00:00
Max Schaefer
3e8775daaa Automodel: Do not generate features for compiler-generated program elements. 
These have dummy locations, which breaks certain invariants that break downstream processing.
 2024-01-09 13:39:46 +00:00
Ian Wright
dab28edfa9 0.0.11 release of automodel extraction queries 2024-01-04 13:10:46 +00:00
Ian Wright
45b1790fa2 add publication warning 2024-01-04 11:02:57 +00:00
github-actions[bot]
8f72b0e4f7 Post-release preparation for codeql-cli-2.15.5 2023-12-19 10:32:57 +00:00
github-actions[bot]
19af35b29a Release preparation for version 2.15.5 2023-12-18 21:22:44 +00:00
github-actions[bot]
92af5f5386 Post-release preparation for codeql-cli-2.15.4 2023-12-06 22:59:22 +00:00
github-actions[bot]
c04457e9e7 Release preparation for version 2.15.4 2023-12-06 21:11:50 +00:00
Stephan Brandauer
2e5971bb57 Java automodel: also drop boxed types and number types from endpoints 2023-11-24 15:04:13 +01:00
Stephan Brandauer
f2de449ce4 Merge branch 'main' into kaeluka/automodel-extraction-skip-primitive-types-candidates 2023-11-21 14:57:24 +01:00
Max Schaefer
b5c92408f4 Merge pull request #14845 from github/max-schaefer/minor 
Automodel: Fix a few nits.
 2023-11-20 15:24:45 +00:00
Stephan Brandauer
737aab66f5 Java automodel: drop primitive parameters from endpoints 2023-11-20 15:09:05 +01:00
Stephan Brandauer
e34a9de008 Java Automodel: drop return values of primitive return type methods from consideration for extraction in framework mode 2023-11-20 14:11:14 +01:00
Stephan Brandauer
212a515fa9 Java Automodel: drop return values void methods other than ctors from consideration for extraction in framework mode 2023-11-20 14:00:59 +01:00
Max Schaefer
1bed9f9003 Automodel: Fix a few nits. 2023-11-20 11:06:02 +00:00
Arthur Baars
db180d9872 Merge pull request #14823 from github/post-release-prep/codeql-cli-2.15.3 
Post-release preparation for codeql-cli-2.15.3
 2023-11-19 12:13:42 +01:00
github-actions[bot]
bad499e360 Post-release preparation for codeql-cli-2.15.3 2023-11-17 14:35:41 +00:00
Stephan Brandauer
74a195b4f4 Java Automodel extraction: fix extracted meta information by using Object for the type of generic parameters 2023-11-16 16:08:04 +01:00
Stephan Brandauer
69ab389d9f Merge pull request #14795 from github/kaeluka/skip-this-qualifier-ctor-candidates 
Java: Automodel Extraction: Remove Qualifier Endpoints of Constructors
 2023-11-16 14:54:19 +01:00
github-actions[bot]
6ec9b95072 Release preparation for version 2.15.3 2023-11-16 13:07:16 +00:00
Stephan Brandauer
84e58b77aa Java Automodel: remove Qualifiers of constructors from endpoints 2023-11-16 12:44:53 +01:00
Stephan Brandauer
d7c97d9d92 Java Automodel: remove constructor instance arguments from endpoints and update test expectations 2023-11-16 12:27:23 +01:00
Stephan Brandauer
30925da7d9 Java Automodel: tests that demonstrate that there is no sink candidate of an object being constructed in app mode 2023-11-16 12:24:41 +01:00
Stephan Brandauer
5385cc3aaa Merge branch 'main' into kaeluka/publish-automodel-querypack-007 2023-10-31 11:48:22 +01:00
Stephan Brandauer
968127eaa3 Java: release automodel extraction queries 0.0.7 2023-10-31 11:09:02 +01:00
github-actions[bot]
2b939fdf08 Post-release preparation for codeql-cli-2.15.2 2023-10-30 16:06:51 +00:00
github-actions[bot]
4641990021 Release preparation for version 2.15.2 2023-10-30 11:05:53 +00:00
Stephan Brandauer
5fe6a5a730 Merge pull request #14487 from github/kaeluka/extraction-query-docs 
Java: basic version of automodel extraction query docs
 2023-10-26 11:10:01 +02:00
Stephan Brandauer
cffcc7334d Java: automodel extraction docs: add two intro sentences 2023-10-25 09:45:00 +02:00
Stephan Brandauer
0f2db1bcdb Java: automodel extraction docs: use markdown footnote 2023-10-25 09:32:59 +02:00
Stephan Brandauer
3eeb6ffec4 Java: automodel extraction docs: spell out positive and negative 2023-10-25 09:05:22 +02:00
Stephan Brandauer
44c87561b3 Java: review suggestion from adityasharad 
Co-authored-by: Aditya Sharad <6874315+adityasharad@users.noreply.github.com>
 2023-10-25 09:00:28 +02:00
Stephan Brandauer
c240c1b3f5 Java: review suggestions from aeisenberg 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2023-10-25 08:59:21 +02:00
Stephan Brandauer
e97456f5fc Java: automodel extraction docs: note on packaging and backwards compatibility 2023-10-24 16:30:59 +02:00
Stephan Brandauer
eb97ce3294 Java: automodel extraction query docs, candidate examples 2023-10-24 13:49:38 +02:00
Stephan Brandauer
1d7c2f4799 Java: format 2023-10-20 16:37:46 +02:00
Stephan Brandauer
f0c0bbf4c8 remove bug: needless restriction to sink examples in framework mode +examples 2023-10-20 16:34:29 +02:00
github-actions[bot]
8dcd8b9e5b Post-release preparation for codeql-cli-2.15.1 2023-10-17 20:24:00 +00:00
github-actions[bot]
3b3c036626 Release preparation for version 2.15.1 2023-10-16 17:49:39 +00:00