hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

1187 Commits

Author SHA1 Message Date
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Asger F
6c664e93ef Merge pull request #14035 from asgerf/shared/variable-capture-nested 
Variable capture: synchronize with aliases in nested scopes
 2023-08-24 15:39:34 +02:00
Anders Schack-Mulligen
7af1e96943 Merge pull request #14032 from aschackmull/java/mad-nestednames 
Java: Use nested names in MaD signatures.
 2023-08-24 13:53:55 +02:00
Tony Torralba
6b58d11eeb Merge pull request #13900 from atorralba/atorralba/java/jaxws-getaremotemethod-improv 
Java: Improve `JaxWsEndpoint::getARemoteMethod`
 2023-08-24 13:37:15 +02:00
Tony Torralba
3f9701cea7 Two fixes: 
* Consider that the @WebService annotation (et al) can be in a supertype or interface

* getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
 2023-08-24 11:35:52 +02:00
Anders Schack-Mulligen
ebe3f61ef6 Java: Fix models in qltest. 2023-08-24 09:44:43 +02:00
Asger F
ee1b3fd7e9 Java: update test after VariableCapture.qll change 2023-08-23 14:57:26 +02:00
Michael Nebel
a95aad51bd Merge pull request #13546 from michaelnebel/java/withoutelement 
Java: Support for With[out]Element for MaD.
 2023-08-15 10:03:03 +02:00
Anders Schack-Mulligen
0ca3f3308b Merge pull request #13478 from aschackmull/java/varcapture 
Java: Add proper support for variable capture flow.
 2023-08-08 16:22:56 +02:00
Michael Nebel
0ed724eb13 Java: Make a flow summary for Set.clear using WithoutElement and introduce appropriate tests. 2023-08-08 11:10:08 +02:00
Anders Schack-Mulligen
cd22bb3505 Java: Add another test case. 2023-08-08 10:00:55 +02:00
Tony Torralba
43b9199734 Java: Improved JaxWsEndpoint::getARemoteMethod 2023-08-07 10:21:58 +02:00
Michael Nebel
9c4d77a925 Java: Address review comments. 2023-08-04 13:47:30 +02:00
Anders Schack-Mulligen
0ae81eace3 Java: update fixed test 2023-08-03 10:07:00 +02:00
Anders Schack-Mulligen
c5990311ca Java: Redesign and reimplement variable capture flow. 2023-08-03 10:04:06 +02:00
Anders Schack-Mulligen
70bef64e2a Java: Fix ratpack flow. 2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen
9a4de208ef Java: Fix qltests. 2023-08-03 10:04:05 +02:00
Anders Schack-Mulligen
d1a616a70a Java: Add proper support for variable capture flow. 2023-08-03 10:04:02 +02:00
Michael Nebel
4568cccd71 Java: Add some unit tests for sourceModelKindConfig. 2023-08-01 12:56:13 +02:00
Michael Nebel
fc66b6ef9c Java: Update test comments to reflect the MaD syntax. 2023-08-01 12:03:44 +02:00
Michael Nebel
0604a85bb1 Java: Add WithoutElement model for List.clear and add appropriate test. 2023-08-01 12:03:44 +02:00
Tony Torralba
41f1315da9 Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step 
Java: Add taint steps for InputStream wrappers
 2023-07-31 11:12:43 +02:00
Tony Torralba
8685242c16 Add tests 2023-07-26 14:13:43 +02:00
Tony Torralba
602eb43109 Update partial flow test expectations 2023-07-26 09:32:13 +02:00
Tony Torralba
d3b3af8ae6 Re-adds jump step 
Note that this causes FP flow in the call context test cases
 2023-07-24 08:49:37 +02:00
Tony Torralba
cc5a404149 Add more test cases 2023-07-24 08:49:36 +02:00
Tony Torralba
226103b246 Add local class test 2023-07-24 08:49:36 +02:00
Tony Torralba
0156fcc381 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2023-07-24 08:49:36 +02:00
Tony Torralba
00e0e5a61a Java: Add taint step for InputStream wrappers 2023-07-24 08:48:04 +02:00
Ian Lynagh
c21797dd3c Kotlin: Add a test for file classes 2023-07-11 13:21:56 +01:00
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Jeroen Ketema
742eb8dd12 Java: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:10 +02:00
Tony Torralba
5e3d9d8136 Java: Model the Stapler framework 2023-06-14 12:34:52 +02:00
Tony Torralba
182513a981 Merge pull request #13235 from atorralba/atorralba/java/hudson-models 
Java: Add Hudson models
 2023-06-14 12:33:18 +02:00
Anders Schack-Mulligen
1a4fca334f Merge pull request #13273 from aschackmull/dataflow/summarynode-refactor 
Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.
 2023-06-14 09:38:36 +02:00
Jeroen Ketema
c3ba206b6a Merge pull request #13346 from jketema/inline-2 
Update inline expectation tests to use parameterized module
 2023-06-13 10:10:55 +02:00
Anders Schack-Mulligen
eec012d308 Java: Fix test 2023-06-12 13:18:13 +02:00
Jeroen Ketema
49993b023e Java: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:17 +02:00
Anders Schack-Mulligen
95afd551ff Java: Fix qltest 2023-06-09 08:37:36 +02:00
Tony Torralba
4608481d7b Java: Fix more problems in the Gson models 
Found during type strengthening work by @aschackmull
 2023-06-08 14:53:09 +02:00
Anders Schack-Mulligen
cc45db7c76 Merge pull request #13394 from atorralba/atorralba/java/fix-gson-jsonarray-models 
Java: Fix Gson's JsonArray.add models
 2023-06-08 11:05:40 +02:00
Tony Torralba
c0135673fa Fix JsonArray.addAll model 
Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well
 2023-06-07 16:18:32 +02:00
Tony Torralba
35b4c438ff Fix Gson's JsonArray.add models 
When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow
 2023-06-07 14:12:20 +02:00
yoff
911835c30e Merge pull request #13392 from yoff/java/test-type-tracking-through-flow-summaries 
java: test type tracking through flow summaries
 2023-06-07 14:10:23 +02:00
Rasmus Lerchedahl Petersen
aec1e4a713 java: address ql alert 2023-06-07 11:40:50 +02:00
Rasmus Lerchedahl Petersen
76e1c6f76f java: test type tracking through flow summaries 2023-06-07 11:18:53 +02:00
Tony Torralba
ad2f558002 Add Hudson models 
Includes models-as-data rows, flow sources, and XSS sanitizers.

Tests for models-as-data rows not included.
 2023-06-02 11:06:24 +02:00
Jami
617107de35 Merge pull request #12916 from jcogs33/jcogs33/revamp-java-sink-kinds 
Java: revamp MaD sink kinds
 2023-06-01 12:48:30 -04:00
Jami
10bab71c60 Merge pull request #12249 from jcogs33/jcogs33/add-heuristic-neutral-models 
Java: add some neutral models discovered with heuristics
 2023-06-01 07:51:55 -04:00
Jami Cogswell
82f208ca7a Java: add isNeutralSink test case 2023-05-31 17:47:36 -04:00