3173 Commits

Author	SHA1	Message	Date
Chris Smowton	96bf754f01	Accept intrigus suggested doc clarifications ... Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2022-03-31 12:09:45 +01:00
Anders Schack-Mulligen	f28da00ec4	Java: Fix qldoc as followup to https://github.com/github/codeql/pull/8323	2022-03-31 12:50:36 +02:00
Chris Smowton	19cd97e426	Java: Clarify the meaning of getRuleExpression/Statement	2022-03-30 17:58:11 +01:00
Marcono1234	a93b4ed0f2	Java: Make JumpStmt a proper superclass	2022-03-30 00:30:27 +02:00
Marcono1234	f19ade3446	Java: Add StmtExpr	2022-03-27 01:42:34 +01:00
Chris Smowton	005a020f04	Merge pull request #8508 from igfoo/igfoo/error_elements ... Java: Add ErrorExpr, ErrorStmt	2022-03-24 10:39:14 +00:00
Jonathan Leitschuh	bd87be636a	Refactor to conditionCheckArgument deprecate old method	2022-03-22 11:56:43 -04:00
Michael Nebel	1d45996001	Merge pull request #8466 from michaelnebel/csharp/refactor-aspartial ... C#: Refactor asPartial to allow re-use.	2022-03-22 10:54:54 +01:00
Jonathan Leitschuh	b3ee1bd313	Refactor Preconditions and add Tests	2022-03-21 11:20:05 -04:00
Jonathan Leitschuh	1d0275344d	[Java]: Add precondition support for testing library asserts	2022-03-18 20:39:24 -04:00
Chris Smowton	767453520e	Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os ... Java: Add Guard Classes for checking OS & unify System Property Access	2022-03-18 11:20:36 +00:00
Tom Hvitved	79ea2a3a9c	Data flow: Sync files	2022-03-17 14:03:58 +01:00
Erik Krogh Kristensen	879680057e	fix all ql/unused-field warnings	2022-03-17 09:41:42 +01:00
Michael Nebel	4a68b74aa3	C#: Re-use the asPartialModel for DataFlowPrivate in tests.	2022-03-16 17:02:00 +01:00
Jeroen Ketema	7a9a9d833a	Merge pull request #8435 from jketema/all-the-barriers ... Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard	2022-03-16 15:50:19 +01:00
Tony Torralba	8790df7a34	Style fixes	2022-03-16 15:11:04 +01:00
Ian Lynagh	2116e6d120	Java: Add ErrorExpr, ErrorStmt	2022-03-15 17:30:19 +00:00
Jonathan Leitschuh	09cc8ee09e	Add tests for StandardSystemProperty	2022-03-15 12:37:42 -04:00
jorgectf	ed198709b4	Refactor MyBatisAbstractSQLMethodsStep ... Set output to `Argument[-1]` instead of `ReturnValue` to be able to get rid of `MyBatisAbstractSQLAnonymousClassStep`. Thanks @pwntester!	2022-03-15 13:46:06 +01:00
jorgectf	9aa440e5b6	Refactor MyBatisAbstractSQLMethodsStep and MyBatisAbstractSQLMethod ... See https://github.com/github/codeql/pull/8345\#discussion_r826734537	2022-03-15 13:23:23 +01:00
Chris Smowton	451661dd20	Improve guard class names	2022-03-15 11:46:54 +00:00
Jeroen Ketema	157a36bc4f	Use node variable in all disjuncts	2022-03-15 11:55:35 +01:00
Jeroen Ketema	9a0e94f389	Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard	2022-03-15 11:55:34 +01:00
Erik Krogh Kristensen	c7509c4dd3	Merge branch 'main' into deadCode	2022-03-15 09:19:14 +01:00
jorgectf	b62b8c8d28	Use SummaryModelCsv for the toString taint step	2022-03-14 21:47:06 +01:00
jorgectf	c683b48af7	Add MyBatisInjectionSink's QLDoc	2022-03-14 21:41:36 +01:00
jorgectf	8482c01959	Make MyBatisProviderStep an AdditionalValueStep	2022-03-14 21:35:26 +01:00
jorgectf	32f494eba1	Use SummaryModelCsv in MyBatisAbstractSQLMethodsStep	2022-03-14 21:32:55 +01:00
Jorge	158366ab46	Apply suggestions from code review ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2022-03-14 21:27:37 +01:00
Michael Nebel	bcdbfefb2b	Merge pull request #8329 from michaelnebel/csharp/model-generator ... C#: Capture Summary models.	2022-03-14 16:10:05 +01:00
Joe Farebrother	d4b5eed3e4	Merge pull request #8410 from joefarebrother/sensitive-logging ... Java: Promote Sensitive Logging query	2022-03-14 14:50:26 +00:00
Chris Smowton	9f02ca0db2	Merge pull request #8357 from p0wn4j/jdbc-url-ssrf-sink ... Java: Add JDBC connection SSRF sinks	2022-03-14 13:27:34 +00:00
Chris Smowton	ca8237b9de	Make comment into qldoc	2022-03-14 13:14:31 +00:00
Joe Farebrother	e4b762b5c5	Improve qldoc; make taint tracking	2022-03-14 13:10:34 +00:00
Michael Nebel	48dc9d7057	C#/Java: Move containerContent to DataFlowPrivate.	2022-03-14 13:50:55 +01:00
Michael Nebel	665e3c9326	C#: Re-factor containerContent into standalone predicate in DataFlow library.	2022-03-14 13:49:51 +01:00
Chris Smowton	b351d5bc2f	Autoformat	2022-03-14 12:44:40 +00:00
jorgectf	a0bf68f7cd	Generally extend TaintTracking::AdditionalTaintStep	2022-03-14 13:39:20 +01:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Chris Smowton	aada8d3af9	Merge pull request #8405 from smowton/smowton/fix/range-analysis-use-ranked-phi-nodes ... C#/Java: Range analysis: use ranked phi nodes	2022-03-14 11:55:55 +00:00
Jeroen Ketema	4c2081b7fc	Merge pull request #8401 from jketema/taint-flow ... Extend taint tracking interface with flow states	2022-03-14 12:06:10 +01:00
Erik Krogh Kristensen	bbb2847ec1	Merge pull request #8323 from erik-krogh/acronyms ... Enforcing consistent casing of acronyms	2022-03-14 11:38:25 +01:00
jorgectf	ded9663f2b	Finish taint steps	2022-03-13 13:59:03 +01:00
p0wn4j	ee67d27b56	Java: Add JDBC connection SSRF sinks	2022-03-12 16:35:32 +04:00
Joe Farebrother	594d51e84d	Exclude constants	2022-03-11 17:45:42 +00:00
Jonathan Leitschuh	50ff2c2c68	Code cleanup from code review	2022-03-11 11:44:15 -05:00
Chris Smowton	496cae7742	Revert 8325, Add CharacterLiteral to CompileTimeConstantExpr.getStringValue ... As pointed out in 8325's thread, this breaks the corner case of char-literal addition and the convention that getStringValue only applies to String-typed constants.	2022-03-11 12:45:53 +00:00
Chris Smowton	579b57cf67	Range analysis: use ranked phi nodes ... This borrows a technique (and the implementing code) off Modulus analysis.	2022-03-11 12:32:12 +00:00
Erik Krogh Kristensen	1e365611fc	fix all other implicit-this warnings introduced by the acronym patch	2022-03-11 13:22:07 +01:00
Jeroen Ketema	93a0da75b6	Fix taint tracking configurations that broke due to interface change	2022-03-11 12:18:04 +01:00