hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

3186 Commits

Author SHA1 Message Date
Tamas Vajk
f51c13f0c1 Kotlin: Recognize generated files 2022-10-07 09:32:00 +02:00
Tony Torralba
ceae5eef28 Revert "Decouple from #10177" 
This reverts commit 7b34b10cee.
 2022-10-06 16:30:23 +02:00
Tony Torralba
21a0c446b4 Update java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-10-06 16:28:17 +02:00
Tony Torralba
7b34b10cee Decouple from #10177 2022-10-06 16:28:17 +02:00
Tony Torralba
4a18892da9 Second query version 
Remove sinks flowing to write operations requirement
 2022-10-06 16:28:17 +02:00
Chris Smowton
34a0a0d080 Implement $default method synthesis 
This adds methods that fill in default parameters whenever a constructor or method uses default parameter values. I use as similar an approach to the real Kotlin compiler as possible both because this produces the desirable dataflow, and because it should merge cleanly with the same class file seen by the Java extractor, which will see and
extract the signatures of the default methods.
 2022-10-06 12:38:55 +01:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic 
Java: Fixes bad magic in `Guard::guardControls_v3`
 2022-10-06 10:14:48 +02:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Tamas Vajk
082544e88c Kotlin: Extract lateinit modifier 2022-10-05 15:25:49 +02:00
Tom Hvitved
6f518c1996 Data flow: Sync files 2022-10-05 12:58:29 +02:00
Tony Torralba
527425b397 Fixes bad magic in Guard::guardControls_v3 2022-10-05 12:35:33 +02:00
Anders Schack-Mulligen
6db0db431f Java: Add pruning for local taint flow. 2022-10-05 12:02:05 +02:00
Tamás Vajk
d0ea7ea2e3 Merge pull request #10677 from tamasvajk/kotlin-param-modifiers 
Kotlin: Extract parameter modifiers (`noinline`, `crossinline`)
 2022-10-04 21:53:48 +02:00
Tamas Vajk
81fffce79b Kotlin: Extract parameter modifiers (noinline, crossinline) 2022-10-04 14:02:06 +02:00
Jami Cogswell
25cb3236a2 apply review suggestions 2022-10-04 12:33:24 +02:00
Jami Cogswell
91db1be399 update Intent file 2022-10-04 12:33:24 +02:00
Tony Torralba
1857a5d311 Refactor Intent flow steps 2022-10-04 12:33:24 +02:00
Jami Cogswell
9a7cf7db65 simplify hasName usage 2022-10-04 12:33:23 +02:00
Jami Cogswell
012cfebd7a resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
66b3c4687d resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
0f64361065 remove simple query 2022-10-04 12:33:23 +02:00
Jami Cogswell
af812cf407 fix code scanning bot warnings 2022-10-04 12:33:23 +02:00
Jami Cogswell
47fcbdd4b4 resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
d07babe3c5 add initial framework for service and receiver test cases 2022-10-04 12:33:23 +02:00
Jami Cogswell
6cf3898101 add experimental global flow config, and clean-up some code 2022-10-04 12:33:23 +02:00
Jami Cogswell
9947b32446 resolve merge conflict 2022-10-04 12:33:23 +02:00
Jami Cogswell
11ce910c38 resolved merge conflict in FlowSources 2022-10-04 12:33:23 +02:00
Jami Cogswell
7576047214 create simple query and initial experimentation 2022-10-04 12:33:23 +02:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
264d6db9d7 Rename AllowListGuard to AllowedPrefixGuard 2022-10-04 12:27:01 +02:00
Tony Torralba
90020b6aab Make block lists work with substring matching too 
A block list approach doesn't need to restrict itself to prefix matching
 2022-10-04 12:27:01 +02:00
Tony Torralba
69d1895175 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-10-04 12:27:01 +02:00
Tony Torralba
6fcaae20e7 Add tests and fix bugs highlighted by them 2022-10-04 12:27:01 +02:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Tony Torralba
d5478a01ab Merge pull request #10671 from github/revert-10640-atorralba/fix-cartesian-product 
Java: Revert #10489 and #10640
 2022-10-04 12:25:46 +02:00
Tony Torralba
281e49daf7 Revert "Java: Add CompilationUnit.getATypeAvailableBySimpleName()" 
This reverts commit 431aa2cb79.
 2022-10-04 10:59:45 +02:00
Tony Torralba
01b950f68b Revert "Java: Rename predicate to getATypeInScope" 
This reverts commit fd99ae78b3.
 2022-10-04 10:59:43 +02:00
Edward Minnix III
cfc0bb595f Documentation fix for hasIncompletePermissions 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-10-03 11:20:15 -04:00
Chris Smowton
5e2c607650 PrintAst: reliably sort function overloads 2022-10-03 15:28:55 +01:00
Chris Smowton
d3d3ce843a Kotlin: Implement JvmOverloads annotation 
This generates functions that omit parameters with default values, rightmost first, such that Java can achieve a similar experience to Kotlin (which represents calls internally as if the default was supplied explicitly, and/or uses a $default method that supplies the needed arguments).

A complication: combining JvmOverloads with JvmStatic means that both the companion object and the surrounding class get overloads.
 2022-10-03 15:28:55 +01:00
Ed Minnix
e72963986f Moved Android manifest incomplete permission logic into library 2022-09-29 14:06:18 -04:00
Anders Schack-Mulligen
b48b5d45ef Merge pull request #10498 from Marcono1234/marcono1234/compilation-unit-simple-name-type 
Java: Add `CompilationUnit.getATypeInScope()`
 2022-09-28 13:18:29 +02:00
Joe Farebrother
6cb26d5129 Merge pull request #10241 from joefarebrother/android-webview-dubugging 
Java: Add query for WebView debugging enabled
 2022-09-28 10:50:51 +01:00
Tom Hvitved
df2b586e7c Merge pull request #10577 from hvitved/dataflow/get-a-read-content-fan-in 
Data flow: Fix bad join-order when getAReadContent has large fan-in
 2022-09-27 20:04:58 +02:00
Jami
56e3334c6d Merge pull request #10479 from jcogs33/android-service-sources 
Java: add Android service sources
 2022-09-27 12:40:18 -04:00
Jami Cogswell
7e0c61de2c switch to hasName 2022-09-27 10:45:52 -04:00