codeql

mirror of https://github.com/github/codeql.git synced 2025-12-26 05:36:32 +01:00

Author	SHA1	Message	Date
Ian Lynagh	8a5bc3b635	Kotlin: Don't use hasQuestionMark 1.7.0 warns: 'hasQuestionMark: Boolean' is deprecated. hasQuestionMark has ambiguous meaning. Use isNullable() or isMarkedNullable() instead	2022-09-14 17:56:27 +01:00
Ian Lynagh	fce111bebe	Kotlin: Compile with -Werror, and fix warnings	2022-09-14 16:42:57 +01:00
Ian Lynagh	8f2a718787	Kotlin: Remove an unused method	2022-09-14 16:31:11 +01:00
Tamás Vajk	e4a712c9d6	Merge pull request #10402 from tamasvajk/kotlin-comp-args Kotlin: Add integration test for compiler argument extraction	2022-09-14 15:27:18 +02:00
Tamas Vajk	16836de02b	Code quality improvment to simplify test QL	2022-09-14 15:15:06 +02:00
Ian Lynagh	b3b1efb1a1	Merge pull request #10414 from igfoo/igfoo/getQualifiedName Java: Tweak Member.getQualifiedName()	2022-09-14 13:30:22 +01:00
Anders Schack-Mulligen	ba3ebeec2c	Java: Remove low confidence dispatch for which we have a manual summary.	2022-09-14 13:39:31 +02:00
Anders Schack-Mulligen	d713910714	Merge pull request #10334 from aschackmull/java/uniontypeflow Java: Implement union type flow and replace ad-hoc variable tracking in dispatch	2022-09-14 13:34:28 +02:00
Tamas Vajk	a68b61f50a	Kotlin: adjust expected test results after fixing compiler argument interception	2022-09-14 13:15:29 +02:00
Tamas Vajk	6eccb5e99c	Kotlin: Add integration test to show missing compiler arguments	2022-09-14 13:15:29 +02:00
Ian Lynagh	4ac0ecbc61	Java: Mark the getQualifiedName change as breaking	2022-09-14 12:10:50 +01:00
Ian Lynagh	d735b9e6f2	Java: Format QL	2022-09-14 11:56:13 +01:00
Ian Lynagh	fec6c35f21	Java: Accept test output for getQualifiedName change	2022-09-14 10:52:43 +01:00
Michael Nebel	c5949fad75	C#/Java: Rename to Typed based summary model generation.	2022-09-14 11:06:23 +02:00
Michael Nebel	2d57b7d56a	Java: Sync files.	2022-09-14 11:06:23 +02:00
Michael Nebel	13a802e260	Java: Sync files and make adjusting changes.	2022-09-14 11:06:23 +02:00
Anders Schack-Mulligen	64e2f4164d	Java: Add test for disjunctive type in call context.	2022-09-14 10:38:10 +02:00
Anders Schack-Mulligen	9f200633ca	Java: convert test to inline expectation	2022-09-14 10:17:31 +02:00
Anders Schack-Mulligen	83e7bf71d7	Java: Adjust qldoc.	2022-09-14 10:16:09 +02:00
erik-krogh	252394666c	sync files	2022-09-13 20:44:05 +02:00
Ian Lynagh	f807b801ce	Merge pull request #10401 from igfoo/igfoo/throw Kotlin: Remove a throw statement	2022-09-13 17:41:31 +01:00
Tony Torralba	4708052741	Merge pull request #10408 from giper45/patch-1 Updated vulnerable XSS.java version	2022-09-13 17:50:47 +02:00
Ian Lynagh	6a63b86f8a	Java: Member.getQualifiedName() tweaked It now includes the qualified name of the declaring type.	2022-09-13 16:05:51 +01:00
Ian Lynagh	fc445736b2	Java: Use hasQualifiedName rather than getQualifiedName in ExternalAPIs It's more efficient, as it doesn't require building intermediate strings.	2022-09-13 15:58:00 +01:00
Tony Torralba	ac46a38b9d	Update java/ql/src/Security/CWE/CWE-079/XSS.java	2022-09-13 16:49:20 +02:00
Tony Torralba	2b027709e4	Update XSS qhelp	2022-09-13 16:39:48 +02:00
gx1	1c4488e7c8	Updated vulnerable XSS.java version	2022-09-13 15:58:25 +02:00
Tamas Vajk	2c757c714d	Kotlin: Code quality improvements: refactor a cast	2022-09-13 15:44:54 +02:00
Ian Lynagh	2f8151d8d2	Kotlin: Remove a throw statement We have a way to carry on here, so we may as well do so	2022-09-13 13:51:00 +01:00
Anders Schack-Mulligen	b8a1818422	Java: Fix test expectation.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	0e376b32d2	Java: extend typeflow tests to cover union types.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	d0f7052de2	Java: Support instanceof disjunction in union type flow.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	686e03e1cc	Java: Fix perf issue.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	c8b93e0910	Java: Replace uses of deprecated variableTrack.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	a8eedce8ab	Java: Replace ad-hoc variable tracking with union type flow in dispatch.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	6f06267892	Java: Implement union type flow.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	7692a9e2e7	Java: Minor TypeFlow tweaks.	2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen	85d4742a01	Java: Add dispatch test showing lack of union types.	2022-09-13 13:30:40 +02:00
Sebastian Bauersfeld	f95663cdfb	Java: Added change note.	2022-09-13 11:38:15 +07:00
Sebastian Bauersfeld	0468b3a361	Java: Track taint through constructor arguments of java.net.URI.	2022-09-13 11:35:04 +07:00
Tony Torralba	f412f433bf	Add thymeleaf steps	2022-09-12 17:52:38 +02:00
Edward Minnix III	eadb8a3988	Merge pull request #10106 from egregius313/egregius313/android-backup-allowed Java: Query to detect Android backup allowed	2022-09-12 11:14:03 -04:00
Tamás Vajk	4569b9585f	Merge pull request #10313 from tamasvajk/kotlin-fix-vararg Kotlin: Fix `vararg` extraction outside of method call	2022-09-12 15:54:50 +02:00
Tamás Vajk	ed772e54d1	Merge pull request #10328 from tamasvajk/kotlin-kfunction-fix Kotlin: fix `KFunctionX.invoke` extraction	2022-09-12 15:54:33 +02:00
Erik Krogh Kristensen	818601b612	Merge pull request #10285 from erik-krogh/paramClass ReDoS: convert RelevantState to a class in the PrefixConstruction module	2022-09-12 15:23:19 +02:00
Tony Torralba	79a32f1a3e	Tainting the freemarker dataModel isn't exploitable	2022-09-12 14:22:06 +02:00
Tony Torralba	dd6257c757	Add security-severity	2022-09-12 11:59:01 +02:00
Tony Torralba	409a123490	Tainting the velocity context isn't exploitable	2022-09-12 11:38:29 +02:00
Ed Minnix	817f12cae6	Updated expectations file with new message The warning message for the `android:allowBackup` query was updated. This updates the message in the expectations file.	2022-09-09 11:35:48 -04:00
Ian Lynagh	c7e3051edd	Merge pull request #10239 from tamasvajk/kotlin-fix-declaration-stack Kotlin: Fix declaration stack	2022-09-09 16:03:31 +01:00

... 122 123 124 125 126 ...

13301 Commits