hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

1214 Commits

Author SHA1 Message Date
Joe
53ab8dac06 Java: PrintAst: Fix failing tests 2020-09-15 14:45:48 +01:00
Joe
e38b583ec4 Java: PrintAst: Add tests 2020-09-15 14:45:48 +01:00
Tamas Vajk
23a9d0764e Java: Fix range analysis false negative 2020-09-15 12:09:05 +02:00
Tamas Vajk
c66473cb8a Java: Add test for range analysis 2020-09-15 12:07:30 +02:00
Jonas Jensen
464d3630a2 Java: Rename Block -> BlockStmt 2020-09-08 08:40:20 +02:00
CodeQL CI
311e62f21d Merge pull request #4081 from aschackmull/java/dispatch-ctx-this-param 
Approved by aibaars
 2020-09-01 15:06:47 +01:00
Anders Schack-Mulligen
82692876d8 Java: Add some test cases. 2020-09-01 11:24:30 +02:00
Anders Schack-Mulligen
d82fee11b1 Java: Add data flow for record getters. 2020-08-24 11:51:04 +02:00
Anders Schack-Mulligen
bcad18f490 Java: Use the instance argument type in call contexts. 2020-08-20 15:17:04 +02:00
Anders Schack-Mulligen
205dd1aead Merge pull request #3881 from intrigus-lgtm/more-pathcreations 
Java: Centralize and model additional path creations.
 2020-08-06 11:21:39 +02:00
intrigus
1011325cf7 Accept test changes. 2020-08-05 21:45:41 +02:00
intrigus
b705f7f3e9 Improve "PathCreation" Test. 2020-07-19 00:10:39 +02:00
Anders Schack-Mulligen
a1d272e870 Merge pull request #3918 from aibaars/organise-container-flow 
Java: Clean up ContainerFlow, consider more methods
 2020-07-10 14:19:44 +02:00
Arthur Baars
43b61038e9 Drop Map.merge as taint step 2020-07-10 13:00:14 +02:00
Arthur Baars
0d33a77ee3 Fix modelling of Stack.push 
Stack.push(E) returns its argument, it does not propagate taint from
the stack to the return value.
 2020-07-09 16:16:29 +02:00
Anders Schack-Mulligen
879551fc6a Merge pull request #3936 from aibaars/object-clone 
Java: model Object.clone
 2020-07-09 16:09:01 +02:00
Arthur Baars
e183171fea Java: model Object.clone 2020-07-09 14:50:29 +02:00
intrigus
641c5df79f Centralize and model additional path creations. 2020-07-09 14:48:47 +02:00
Arthur Baars
0bd103ac05 Java: add tests for Container taint steps 2020-07-09 12:15:38 +02:00
Anders Schack-Mulligen
777dc6305c Merge pull request #3893 from aibaars/set-map-list-copy-of 
Java: model some new Set,List,Map methods
 2020-07-09 10:18:12 +02:00
Arthur Baars
e8f216c761 Merge remote-tracking branch 'upstream/master' into set-map-list-copy-of 2020-07-08 15:11:13 +02:00
Anders Schack-Mulligen
bf5c5297d3 Merge pull request #3897 from aibaars/util-objects 
Java: data flow for `java.util.Objects`
 2020-07-08 15:07:50 +02:00
Arthur Baars
72a24972e7 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2020-07-08 13:30:24 +02:00
Arthur Baars
940fec5669 Drop taint tracking for Arrays.{deepToString,toString} 2020-07-07 17:26:49 +02:00
Arthur Baars
583f7f914e Drop taint tracking for Arrays.{setAll, parallelSetAll, parallelPrefix} 2020-07-07 17:22:30 +02:00
Arthur Baars
9cf6601d02 Java: Data flow for java.util.Objects 2020-07-07 16:58:22 +02:00
Arthur Baars
19a481f809 Java: Arrays: add tests 2020-07-03 17:15:17 +02:00
Arthur Baars
1485f7c876 Java: model some new Set,List,Map methods 
Models the taint propagation for the copyOf(..),
of(..), ofEntries(..) and entry(..) methods
 2020-07-03 17:14:53 +02:00
Arthur Baars
c629f6b13a Merge pull request #3869 from aibaars/util-collections 
Java: model java.util.Collections
 2020-07-03 17:09:14 +02:00
Arthur Baars
5fff41f35b Don't track taint on Map keys 2020-07-03 14:47:25 +02:00
Arthur Baars
5f2a5f1b55 Java: Collections: add tests 2020-07-02 19:18:02 +02:00
Geoffrey White
cf75397ef1 Java: Rename tests. 2020-06-30 14:33:05 +01:00
Geoffrey White
f8425b8a58 Java: Update uses. 2020-06-30 13:02:48 +01:00
Tom Hvitved
c01f570d9e Java: Implement clearsContent() 2020-06-23 10:55:12 +02:00
Tom Hvitved
e578827626 Java: Add more field-flow tests 2020-06-23 10:55:11 +02:00
Anders Schack-Mulligen
8107fbadc2 Merge pull request #3456 from hvitved/dataflow/precise-field-types 
Data flow: Track precise types during field flow
 2020-06-19 11:50:10 +02:00
Anders Schack-Mulligen
74eab3cbc0 Dataflow: Fix qltest. 2020-06-17 17:23:35 +02:00
Anders Schack-Mulligen
64225c31a6 Java: Add test case. 2020-06-04 10:31:08 +02:00
Anders Schack-Mulligen
37c8917813 Java: Add test. 2020-05-18 13:19:19 +02:00
Tom Hvitved
e608c53c3f Java: Follow-up changes 2020-05-14 15:58:50 +02:00
Anders Schack-Mulligen
0aad24e6db Java: Extend library support for switch expressions. 2020-05-14 15:40:26 +02:00
Anders Schack-Mulligen
2561ba82db Merge pull request #3215 from aibaars/validating-object-input 
Java: teach UnsafeDeserialization about ValidatingObjectInputStream
 2020-05-07 14:57:50 +02:00
Arthur Baars
797721cd31 Test 2020-05-06 12:15:27 +02:00
Anders Schack-Mulligen
3b3ca6d41e Merge pull request #3214 from aibaars/base64 
Java: Add org.apache.commons.codec.(De|En)coder to TaintTrackingUtil
 2020-05-06 09:21:18 +02:00
Anders Schack-Mulligen
b7458091a9 Merge pull request #3110 from hvitved/dataflow/no-more-summaries 
Data flow: No more flow summaries
 2020-05-05 13:27:07 +02:00
Anders Schack-Mulligen
b6a7ab8bf4 Merge pull request #3372 from aibaars/spring-multipart 
Java: add `org.springframework.web.multipart.MultipartFile::getX` as RemoteFlowSource
 2020-04-29 11:35:04 +02:00
Arthur Baars
ae2bab7e9c Add test case 2020-04-28 16:57:03 +02:00
Arthur Baars
31e284a707 Add test case 2020-04-28 11:26:43 +02:00
Arthur Baars
59869ace63 Java: teach Encryption.qll about MessageDigest.getInstance 
We already modelled usage of the protected `MessageDigest(String algo)`
constructor as a crypto algorithm specification. For some reason we did
not model the more commonly used public `MessageDigest.getInstance` method.
 2020-04-25 00:41:10 +02:00
Tom Hvitved
05ec75558d Java: Update test 2020-04-17 13:49:08 +02:00