hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

5917 Commits

Author SHA1 Message Date
Chris Smowton
f3868887b8 Test case generator: rework to use a less-invasive ExternalFlow API 
Some predicate/type names and docs are also improved
 2021-06-29 15:59:14 +01:00
Chris Smowton
59725d635b Test case generator: improve error reporting 
We now distinguish cases where SSV rows are not in scope at all from those where they don't identify a known type or method, or where input or output specs could not be parsed.
 2021-06-29 15:59:14 +01:00
Chris Smowton
dff9c717bc Fix test case generation when no auxiliary support functions are required 2021-06-29 15:59:14 +01:00
Chris Smowton
c49d5253f0 Revise ExternalFlow and FlowSummaryImpl API used for test generation 2021-06-29 15:59:14 +01:00
Chris Smowton
b1af90991d Add help text to GenerateFlowTestCase.py 2021-06-29 15:59:14 +01:00
Chris Smowton
5f1a491516 Fix test-generation when a type variable's bound is itself a type variable 
For example, class G<A, B extends A>
 2021-06-29 15:59:14 +01:00
Chris Smowton
e542e71cf5 Fix testing methods with 2-qualifier or deeper input specifications 
For example, an identity function on lists-of-maps, which might convey MapValue of Element of Argument[0] to MapValue of Element of ReturnValue, requiring `newWithElement(newWithMapValue(source())` on the input side but `getMapValue(getElement(out))` on the output side.
 2021-06-29 15:59:13 +01:00
Chris Smowton
0d8124bc95 Document test generator 2021-06-29 15:59:13 +01:00
Chris Smowton
617201930d Always use source declarations (i.e, raw types) when naming types in tests 2021-06-29 15:59:13 +01:00
Chris Smowton
e8acfec070 Fix formatting of instance variables 2021-06-29 15:59:13 +01:00
Chris Smowton
e2cfc17bfe Fix output of nested and generic type names, and disambiguate overloads where necessary 2021-06-29 15:59:11 +01:00
Chris Smowton
6d9661f412 Fix open-for-writing statement 2021-06-29 15:58:39 +01:00
Chris Smowton
d6edfd50da Determine when a model row didn't produce any tests; fix the model specifications revealed defective by this feature. 2021-06-29 15:55:34 +01:00
Chris Smowton
6360e0b7c4 Add flow-through test case generator 2021-06-29 15:55:13 +01:00
Chris Smowton
6fee40cfde Add flow-through test case generator 2021-06-29 15:55:13 +01:00
Chris Smowton
ba5dc3cdbc Add models of the javax.json package 2021-06-29 15:21:01 +01:00
Sauyon Lee
b76f761e56 Import springvalidation in ExternalFlow.qll 2021-06-29 05:51:58 -07:00
Sauyon Lee
92f1c51653 fixup! Add models for Spring validation.Errors 
Rename SpringErrors to SpringValidation
 2021-06-29 05:51:36 -07:00
Sauyon Lee
534ab86900 Add models for Spring validation.Errors 2021-06-29 05:51:21 -07:00
Chris Smowton
d4bb8a70c2 Merge pull request #5976 from github/sauyon/java/spring-util 
Model Spring `util`
 2021-06-29 13:50:12 +01:00
Anders Schack-Mulligen
ad8bef5177 Update java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll 2021-06-29 14:08:48 +02:00
Chris Smowton
9551321592 Fix LinkedMultiValueMap models and make tests more realistic 2021-06-29 12:40:57 +01:00
Chris Smowton
d6c4325c13 Import SpringUtil from ExternalFlow.qll 2021-06-29 12:18:30 +01:00
Chris Smowton
3d270bbc50 Drop models for stringifying functions 
Per default stringification isn't taint-propagating in Java
 2021-06-29 12:01:08 +01:00
Chris Smowton
0441098b18 Amend models of MultiValueMap.addAll overloads 2021-06-29 11:58:46 +01:00
Chris Smowton
b202110285 Drop redundant model that can be inherited from java.util.Iterator 2021-06-29 11:47:22 +01:00
Chris Smowton
f67e9ae1cc Drop tests for protected inner classes 2021-06-29 11:45:59 +01:00
Chris Smowton
5769f4718f Add missing CollectionUtils model 2021-06-29 11:44:29 +01:00
Chris Smowton
659478cc39 Remove model for protected class 
Can't be accessed outside the org.springframework.util package.
 2021-06-29 11:40:19 +01:00
Chris Smowton
f7a4614f56 Add missing tests for AntPathMatcher's protected methods; fix models accordingly 2021-06-29 11:35:25 +01:00
Chris Smowton
dec0123751 Autoformat 2021-06-29 09:52:24 +01:00
yo-h
aa19fe606d Java: add dbscheme stats for permits relation 2021-06-28 21:18:25 -04:00
yo-h
1f6996002a Java: add permits relation to dbscheme (sealed classes) 2021-06-28 19:48:39 -04:00
Sauyon Lee
4012076c90 fixup! Model spring util 
Apply review comments
 2021-06-28 10:52:58 -07:00
Sauyon Lee
92ebb63b1f Model Spring AntPath utils 2021-06-28 08:26:38 -07:00
Sauyon Lee
c4e9b1fd8e Model Spring util 2021-06-28 08:26:37 -07:00
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Tony Torralba
393b95cbbe Remove 'magic' from tests 2021-06-28 17:01:34 +02:00
Chris Smowton
3d69868297 Change ID and description of cloned query 
This should be cleaned up more effectively soon, but this suffices to fix the clashing-id problem.
 2021-06-28 12:18:59 +01:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
Timo Mueller
e5fa5325b5 Auto formatting .ql file 2021-06-25 22:31:29 +02:00
Chris Smowton
def4a23af2 Merge pull request #4879 from intrigus-lgtm/java/improve-trustmanager 
Java: Add/improve insecure trustmanager query
 2021-06-25 18:15:55 +01:00
Anders Schack-Mulligen
a79356e316 Apply suggestions from code review 2021-06-25 16:47:26 +02:00
intrigus
36575bb26f Move back to experimental......... 2021-06-25 16:47:25 +02:00
intrigus
fe923facc8 Java: Move comments to separate lines. 
Move comments to separate lines to improve
the rendering in the finished query help.
 2021-06-25 16:47:25 +02:00
intrigus-lgtm
f527df73d5 Apply suggestions from code review. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-25 16:47:25 +02:00
intrigus
6bfdf8d148 Java: Fix qhelp errors. 2021-06-25 16:47:24 +02:00
intrigus
dc0b06a735 Java: Factor out SecurityFlag library. 2021-06-25 16:47:24 +02:00
intrigus-lgtm
51fdcf86c8 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-25 16:47:24 +02:00
intrigus
6f217d37da Java: Apply suggestions from review. 2021-06-25 16:47:24 +02:00