hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

1184 Commits

Author SHA1 Message Date
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Tony Torralba
e2bf9ea2eb Consider File.exists() et al a path-injection sink 2024-01-30 14:51:36 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Asger F
ee8e9a4e66 Shared: update test output 2024-01-26 11:14:23 +01:00
Asger F
ddbacc3d4a Shared: add test case for stateful outBarrier bug 2024-01-26 11:14:11 +01:00
Joe Farebrother
0acb647e7d Fix tests and add notification sink kind to model verification 2024-01-23 09:51:41 +00:00
Tony Torralba
2246c969a3 Merge pull request #15244 from Marcono1234/marcono1234/regex-flags 
Java: Improve Regex flag parsing
 2024-01-16 08:25:49 +01:00
Owen Mansel-Chan
3767348dec Update test expectations 2024-01-10 22:25:08 +00:00
Owen Mansel-Chan
370a32da8b Test summary models and neutral models, manual and generated 2024-01-10 22:25:02 +00:00
Marcono1234
3edfdc5ceb Java: Improve Regex flag parsing 
Fixes:
- Flag `d` not being recognized
- Syntax for disabling flags (`-`) not being recognized
- Non-capturing group with flags erroneously containing `:` as literal
 2024-01-06 04:15:09 +01:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Jami
651653998c Merge pull request #14913 from jcogs33/jcogs33/unsafe-url-forward_path-inj-related_cve-2019-3799 
Java: add Spring models
 2023-12-04 10:18:50 -05:00
Chris Smowton
cc68169f43 Update test expectations re: record-pattern type accesses 2023-11-30 11:24:07 +00:00
Chris Smowton
b33dc38a65 Fix hasBranchEdge for switch exprs with an internal CFG and incoming edges from a passing case guard 2023-11-30 11:24:06 +00:00
Chris Smowton
aa5f7352e2 Remove fall-through CFG edge for exhaustive switch statements 2023-11-30 11:24:06 +00:00
Chris Smowton
d99a005b42 Fix pretty-printing case null, default 2023-11-30 11:24:06 +00:00
Chris Smowton
4bff7953fc Fix record pattern and pretty-printing 2023-11-30 11:24:05 +00:00
Chris Smowton
419d530a06 Add test ensuring read steps via record patterns lead to type filtering 2023-11-30 11:24:05 +00:00
Chris Smowton
087be2cca8 Adjust test expectations 2023-11-30 11:24:05 +00:00
Chris Smowton
a11c5c7257 Fixup pretty-printer and add test 2023-11-30 11:24:05 +00:00
Chris Smowton
47e3d7d8a5 Cast back to Object in advance of returning, to ensure the test doesn't mask a shortcoming of type pruning by pruning at the return site 2023-11-30 11:24:05 +00:00
Chris Smowton
f0144d6a3d Expose that case guard test controls its case body 2023-11-30 11:24:04 +00:00
Chris Smowton
da62a04653 Note that binding variables may be casting nodes 2023-11-30 11:24:04 +00:00
Chris Smowton
c11a260369 Note we can't prove certain unreachable callables when 'case null' is present 2023-11-30 11:24:04 +00:00
Chris Smowton
6b3080ae92 Allow case null, default to be the first switch case 
This is consistent with existing treatment of `case null: default:`
 2023-11-30 11:24:04 +00:00
Chris Smowton
668f445fb4 Fix switchCaseControls and hasBranchEdge to account for mixed patterns and constant cases 2023-11-30 11:24:04 +00:00
Chris Smowton
6583c72c5d Restrict pattern type guards to account for nested record matching failures 2023-11-30 11:24:03 +00:00
Chris Smowton
0bb051e08c First stab at implementing negative type-test logic for pattern-case 2023-11-30 11:24:03 +00:00
Chris Smowton
d7a517a989 Remove needless test options 2023-11-30 11:24:03 +00:00
Chris Smowton
480781b049 autoformat 2023-11-30 11:24:02 +00:00
Chris Smowton
011eb2201e Add test for ObjFlow over binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
4cf511e26a Add test for virtual-dispatch flow through binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
43c935024a Add test for typeflow propagation through instanceof and pattern-case 2023-11-30 11:24:02 +00:00
Chris Smowton
e5fdf4dd50 Update test expectation 2023-11-30 11:24:01 +00:00
Chris Smowton
330a5b8c6c autoformat ql 2023-11-30 11:24:00 +00:00
Chris Smowton
32416f0fdc Add test for record-pattern instanceof 2023-11-30 11:24:00 +00:00
Chris Smowton
e41da3b10a Add missing test Java files 2023-11-30 11:24:00 +00:00
Chris Smowton
20b97af02f Implement dataflow for record patterns 
Strategy: there is now a regular flow step from an instance-of LHS / switch expr to the pattern, 0 or more read steps corresponding to record pattern destructors, and then finally a normal SSA def/use step connecting the binding patterns to their first uses.
 2023-11-30 11:24:00 +00:00
Chris Smowton
05addde957 Adapt control-flow graph to record patterns 2023-11-30 11:24:00 +00:00
Chris Smowton
daccd04087 Basic extraction of record patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
3cb01002dc Add test for usage of qualified enum constants in switch 2023-11-30 11:23:59 +00:00
Chris Smowton
8406ee7ed5 Add test for a pattern-switch guard acting as a data-flow guard 2023-11-30 11:23:59 +00:00
Chris Smowton
144218e2f7 Implement switch CFG when there are mixed constant and pattern cases 2023-11-30 11:23:59 +00:00
Chris Smowton
54a89d6fef Handle 'case null, default:' 2023-11-30 11:23:59 +00:00
Chris Smowton
2b16121638 CFG: Support guarded patterns 2023-11-30 11:23:59 +00:00
Chris Smowton
ba0f3cf718 Add basic support for case guards 2023-11-30 11:23:59 +00:00
Chris Smowton
ca43b9603a Fixup typeflow test 2023-11-30 11:23:59 +00:00
Chris Smowton
79b77ae805 Add AST test for switch with null case 2023-11-30 11:23:58 +00:00
Chris Smowton
05caffc189 Update printast expectation 2023-11-30 11:23:58 +00:00
Chris Smowton
b21aaa75bc Type-flow: treat pattern-switch on an array index similar to instanceof 2023-11-30 11:23:58 +00:00