hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
81,788 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.4
Commit Graph

13556 Commits

Author SHA1 Message Date
Stephan Brandauer
bc3e78f034 Java: add automodel framework mode test case for newly supported interface-method parameter extraction 2023-08-01 09:18:58 +02:00
Stephan Brandauer
058236877e Java: Drive-by: fix oversight in #13823 
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
 2023-08-01 09:18:58 +02:00
Stephan Brandauer
5ad984f22f Java: update text expectations after merging #13823 2023-08-01 09:18:58 +02:00
Stephan Brandauer
da87d82d08 Java: fix a comment 2023-08-01 09:18:58 +02:00
Stephan Brandauer
be629b27ed Java: Automodel package private test case 2023-08-01 09:18:57 +02:00
Stephan Brandauer
f5c4155d63 Java: Automodel tests: update after merging #13818 2023-08-01 09:18:57 +02:00
Stephan Brandauer
44b8ec642e Java: merge framework mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
8cc367c45e Java: merge application mode tests into one 2023-08-01 09:18:57 +02:00
Stephan Brandauer
37b6b46dbf Java: update extraction query tests after merging PR #13747 2023-08-01 09:18:57 +02:00
Stephan Brandauer
50603102d1 Java: tests for automodel application mode, test that local calls are not candidates 2023-08-01 09:18:57 +02:00
Stephan Brandauer
457604e37e Java: tests for automodel framework mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
938a7a788f Java: tests for automodel application mode negative example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
abed936556 Java: tests for automodel framework mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
1bc222ec40 Java: tests for automodel application mode positive example extraction 2023-08-01 09:18:57 +02:00
Stephan Brandauer
2e89a11949 Java: tests for automodel application mode candidate extraction 2023-08-01 09:18:56 +02:00
Stephan Brandauer
18fe587e75 Java: tests for automodel framework mode candidate extraction 2023-08-01 09:18:56 +02:00
github-actions[bot]
b547ae7c2f Add changed framework coverage reports 2023-08-01 00:18:36 +00:00
Paul Hodgkinson
3bc7cf6ac7 Merge branch 'main' into java/experimental/command-injection 2023-07-31 19:14:55 +01:00
Anders Schack-Mulligen
e87b8ba3d7 Java: Make the barrier in java/potentially-weak-cryptographic-algorithm less restrictive. 2023-07-31 14:28:53 +02:00
Tony Torralba
5488abc512 Merge pull request #13850 from atorralba/atorralba/java/unimportant-generated-models 
Java: Remove superfluous generated models
 2023-07-31 11:25:03 +02:00
Tony Torralba
2cbb7ed296 Java: Add XXE sinks for MDHT 2023-07-31 11:13:17 +02:00
Tony Torralba
41f1315da9 Merge pull request #13772 from atorralba/atorralba/java/inputstream-wrapper-read-step 
Java: Add taint steps for InputStream wrappers
 2023-07-31 11:12:43 +02:00
Tony Torralba
3bd4d34a47 Java: Remove superfluous generated models 2023-07-31 09:48:03 +02:00
Ian Lynagh
01a512b677 Kotlin: Pass on a parentId 2023-07-28 17:46:05 +01:00
Ian Lynagh
e8f4aee1cf Kotlin: Remove some redundant braces 2023-07-28 17:02:24 +01:00
Stephan Brandauer
40eab180cc Merge pull request #13823 from github/kaeluka/support-argument-this-in-frameworkmode-metadata-extraction 
Java: Support Argument[this] and parameters of bodiless interface methods in framework mode metadata extraction
 2023-07-28 17:38:39 +02:00
Tony Torralba
08cba7dc5f Merge pull request #13713 from pwntester/java/struts2_source_taint_inheriting 
[Java] Implement field taint inheritance for Struts2 unmarshalled objects
 2023-07-28 16:46:27 +02:00
Owen Mansel-Chan
a020189895 Merge pull request #13822 from owen-mc/dataflow/mergepathgraph3-signature-fix 
Dataflow: MergePathGraph3 signature fix
 2023-07-28 15:15:43 +01:00
Tony Torralba
2dff0ce5b4 Merge pull request #13712 from pwntester/java/new_struts2_models 
[Java] New models for Struts2 framework
 2023-07-28 14:31:25 +02:00
Stephan Brandauer
8bf960bd44 Java: fix QL-for-QL alert 2023-07-28 14:28:47 +02:00
Stephan Brandauer
021eedfdf1 Java: format 2023-07-28 14:26:34 +02:00
Stephan Brandauer
82fd0e45aa Java: support Argument[this] in NotAModelApiParameter 2023-07-28 14:04:53 +02:00
Stephan Brandauer
a9d2f43538 Java: use a newtype for framework mode candidates 2023-07-28 13:51:25 +02:00
Stephan Brandauer
8ed773b240 Java: Framework mode extraction now uses a custom class for endpoints, so we can support both Argument[this] and interface-method parameters 2023-07-28 12:56:39 +02:00
Stephan Brandauer
09c64e8fee Java: Support Argument[this] in framework mode metadata extraction 2023-07-28 12:55:26 +02:00
Ian Lynagh
499bd970d3 Merge pull request #13412 from igfoo/igfoo/json_escape 
Kotlin: Tweak our JSON escaping
 2023-07-28 11:13:51 +01:00
Alvaro Muñoz
c3a2ae2943 Account for public fields/setters 2023-07-28 12:12:07 +02:00
Tony Torralba
c239a4399c Changed Struts2ActionSupportClassFieldReadSource to be a FieldValueNode instead of a field read 2023-07-27 10:39:06 +02:00
Alvaro Muñoz
97a4230d5d add change note 2023-07-27 10:39:06 +02:00
Alvaro Muñoz
f3fc56294e implement field taint inheritance for Struts2 unmarshalled objects 2023-07-27 10:39:06 +02:00
Tony Torralba
9d6bc76dc0 Merge pull request #13817 from atorralba/atorralba/java/non-static-fieldvaluenode-step 
Java: Allow flow out of FieldValueNodes for non-static fields
 2023-07-27 09:14:04 +02:00
Owen Mansel-Chan
9b2b58a823 Sync files 2023-07-26 21:48:10 +01:00
Chris Smowton
c69a9ea032 Merge pull request #13793 from github/post-release-prep/codeql-cli-2.14.1 
Post-release preparation for codeql-cli-2.14.1
 2023-07-26 17:22:05 +01:00
Tony Torralba
8685242c16 Add tests 2023-07-26 14:13:43 +02:00
Stephan Brandauer
24cdc962c2 Merge pull request #13818 from github/kaeluka/fix-erroneous-endpoints-that-are-sinks-and-summary-neutrals 
Java: Automodel Fix, Prevent Some Erroneous Endpoints
 2023-07-26 12:45:29 +02:00
Tony Torralba
602eb43109 Update partial flow test expectations 2023-07-26 09:32:13 +02:00
Ian Lynagh
532552a7ac Merge pull request #13751 from igfoo/igfoo/getCompilationInfo 
Java: Improve the diagnostics consistency query
 2023-07-25 16:54:17 +01:00
Stephan Brandauer
08f5774d13 Java: Automodel extraction fix for application mode 2023-07-25 17:11:07 +02:00
Stephan Brandauer
698b8d3c5c Java: Automodel extraction fix; previously, we treated endpoints that were marked as sinks, as well as summary-neutrals as 'erroneous' 2023-07-25 16:52:27 +02:00
Tony Torralba
b8b38e4bbe Java: Allow flow out of FieldValueNodes for non-static fields 2023-07-25 15:37:41 +02:00