codeql

mirror of https://github.com/github/codeql.git synced 2026-05-24 08:07:07 +02:00

Author	SHA1	Message	Date
Nicolas Will	157a1550e0	Fix Micronaut local threat model value flow test	2026-02-27 17:31:52 +01:00
Nicolas Will	3869abebea	Fix Micronaut ql-for-ql alerts	2026-02-27 17:24:02 +01:00
Nicolas Will	cf31af77c9	Add Micronaut framework support for Java QL Add CodeQL support for Micronaut: add MaD models for HTTP, HTTP client and multipart (sources, sinks and summary propagation), new framework QLL modules (Controller, WebSocket, Config, Data, Security). Add library tests and query tests exercising request inputs, file uploads, HttpClient sinks (SSRF), header sinks (response-splitting) and redirect sinks (open-redirect), plus expected results and extractor options. Include Micronaut 4.x stubs used by the tests.	2026-02-27 17:17:07 +01:00
Anders Schack-Mulligen	5c53677051	Java: Deprecate UnreachableBlocks.	2026-02-12 11:06:34 +01:00
Anders Schack-Mulligen	6f40ac15b4	Java: Rename ReturnStmt.getResult to getExpr.	2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen	5e6e64b2b7	Java: Rename UnaryExpr.getExpr to getOperand.	2026-02-04 10:50:49 +01:00
Tom Hvitved	7024b07dd2	Java: Adapt to changes in `FlowSummaryImpl` Missing manual models were added using the following code added to `FlowSummaryImpl.qll`: ```ql private predicate testsummaryElement( Input::SummarizedCallableBase c, string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model, boolean isExact ) { exists(string input, string output, Callable baseCallable \| summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, kind, provenance, model) and baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext, isExact) and ( c.asCallable() = baseCallable and input = originalInput and output = originalOutput or correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalInput, input) and correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalOutput, output) ) ) } private predicate testsummaryElement2( string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model, string namespace2, string type2 ) { exists(Input::SummarizedCallableBase c \| testsummaryElement(c, namespace2, type2, _, _, _, ext, originalInput, originalOutput, kind, provenance, model, false) and testsummaryElement(c, namespace, type, subtypes, name, _, _, _, _, _, provenance, _, true) and signature = paramsString(c.asCallable()) and not testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance, _, true) ) } private string getAMissingManualModel(string namespace2, string type2) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model \| testsummaryElement2(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, kind, provenance, model, namespace2, type2) and result = "- [\"" + namespace + "\", \"" + type + "\", True, \"" + name + "\", \"" + signature + "\", \"\", \"" + originalInput + "\", \"" + originalOutput + "\", \"" + kind + "\", \"" + provenance + "\"]" ) } ```	2026-01-26 12:40:15 +01:00
Anders Schack-Mulligen	9c1351c3fe	Merge pull request #21149 from aschackmull/java/typeflow-partially-unbound Java: Add TypeFlow base case for partially unbound types.	2026-01-13 12:31:38 +01:00
Anders Schack-Mulligen	8b555ca514	Java: Add test.	2026-01-13 11:20:13 +01:00
Owen Mansel-Chan	8a80158959	Merge pull request #17590 from Kwstubbs/java-mad-test Java: FileUpload Support MaD	2026-01-08 13:33:55 +00:00
Owen Mansel-Chan	6a3c74c989	Merge pull request #20999 from joefarebrother/java-spring-websocket Java: Add models for spring WebSocketHandler	2026-01-07 13:29:19 +00:00
Owen Mansel-Chan	6c291e1e7f	Add model for `handlePongMessage` and update test	2026-01-07 11:09:59 +00:00
Owen Mansel-Chan	bf79b8a792	Merge branch 'main' into java-mad-test	2026-01-01 23:34:45 +00:00
Kevin Stubbings	f73f1a7aa9	Add additional test	2025-12-29 07:09:31 +00:00
Anders Schack-Mulligen	eaa96864f7	Java: Extend test to cover assertion-like barrier guards.	2025-12-10 12:23:52 +01:00
Joe Farebrother	94fcee5340	minor formatting tweak	2025-12-09 14:15:36 +00:00
Joe Farebrother	d98e660803	Test fixes + more tests	2025-12-09 14:13:28 +00:00
Joe Farebrother	a594ca9de8	Add tests	2025-12-09 14:12:45 +00:00
Anders Schack-Mulligen	dc6d3fe7ba	Use flowFrom.	2025-12-03 14:04:18 +01:00
Owen Mansel-Chan	7b533db4fb	Sort models and tests alphabetically	2025-11-12 15:10:29 +00:00
Owen Mansel-Chan	f598027cbd	Apply suggestions from code review	2025-11-12 15:02:42 +00:00
Anders Schack-Mulligen	109a5eb7e7	Java: Accept qltest changes due to dropped UntrackedDef.	2025-11-12 09:06:21 +01:00
Anders Schack-Mulligen	e059ded133	Java: Accept toString changes in qltest.	2025-11-12 09:06:21 +01:00
Anders Schack-Mulligen	f0bd0346f0	Java: Replace usages of SsaVariable.	2025-11-12 09:06:19 +01:00
Anders Schack-Mulligen	f4b9efcdce	Java: Replace getAUse with getARead.	2025-11-12 09:06:18 +01:00
Anders Schack-Mulligen	35caede859	Java: Replace SsaPhiNode with SsaPhiDefinition.	2025-11-12 09:06:18 +01:00
Anders Schack-Mulligen	06df5c0bd1	Java: Introduce SsaCapturedDefinition and replace uses of getAnUltimateDefinition.	2025-11-12 09:06:17 +01:00
Anders Schack-Mulligen	07e635636c	Java: Replace getAFirstUse with top-level predicate.	2025-11-12 09:06:16 +01:00
Owen Mansel-Chan	f3f256d070	Add back import that was accidentally deleted from `options` file	2025-10-29 12:26:19 +00:00
Owen Mansel-Chan	fe6b4330de	Fix test import	2025-10-28 23:14:23 +00:00
Owen Mansel-Chan	74dbafa553	Merge branch 'main' into java-mad-test	2025-10-28 13:28:35 +00:00
Anders Schack-Mulligen	f0bfd7053e	Java: Add test case.	2025-10-07 13:40:44 +02:00
Kevin Stubbings	88f9f90236	Fix merge problems	2025-10-06 22:41:16 -07:00
Kevin Stubbings	0d3b65a35b	Resolved merge conflicts and completed merge	2025-10-06 22:37:28 -07:00
Anders Schack-Mulligen	e8f1ec68db	Java: Accept guards test results.	2025-09-12 15:41:17 +02:00
Anders Schack-Mulligen	b5c7bc1b33	Java: Accept test output.	2025-09-10 15:42:18 +02:00
Idriss Riouak	b89b68dfdb	Merge pull request #20339 from github/idrissrio/scoped-values Java: Add MaDs for `java.lang.ScopedValue`	2025-09-10 11:21:34 +02:00
idrissrio	728a4aff22	Java: Add model for `thenExpand` and accept new results	2025-09-08 13:17:53 +02:00
idrissrio	3aba4d3e1e	Java: Add test showing missing model for `thenExpand`	2025-09-08 13:17:52 +02:00
idrissrio	55ff71b760	Java: Address review comment. Fix dataflow model	2025-09-08 13:17:51 +02:00
idrissrio	311690cffe	Java: accept new test results	2025-09-08 13:17:49 +02:00
idrissrio	16fbe8d96f	Java: add dataflow test for newly added KDF API	2025-09-08 13:17:46 +02:00
idrissrio	666678a582	Java: Address review comment. Inline dataflow annotation	2025-09-08 12:55:20 +02:00
idrissrio	a8541b9f76	Java: accept new test results	2025-09-08 12:55:15 +02:00
idrissrio	0159f5b422	Java: Add failing test for Scoped Values	2025-09-08 12:55:13 +02:00
idrissrio	039b5af2e0	Java: Add module import declaration test	2025-09-06 12:38:40 +02:00
idrissrio	f1186432c1	Java: Accept new test result after extractor changes	2025-09-05 10:43:35 +02:00
idrissrio	b2ef60c165	Java: add tests for compact source files	2025-09-05 10:19:03 +02:00
idrissrio	9363bc318a	Java: Add compact source file tests	2025-09-05 10:18:58 +02:00
idrissrio	1605438333	Java: Accept new test result after extractor changes	2025-09-04 17:01:45 +02:00

1 2 3 4 5 ...

1256 Commits