hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,671 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

137 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
4cb28d9b1d Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant. 2020-01-28 10:13:34 +01:00
Chris Gavin
0e8d435ca1 Java: Add a test for java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Esben Sparre Andreasen
8deefd60a7 java: fixup whitespace/tabs in test 2020-01-24 11:01:38 +01:00
Esben Sparre Andreasen
57b3a55b48 java: sharpen java/maven/non-https-url to allow localhost URLs 2020-01-24 08:51:54 +01:00
Esben Sparre Andreasen
a5558809f4 java: add more tests for java/maven/non-https-url 2020-01-24 08:49:59 +01:00
Anders Schack-Mulligen
2dca188288 Java: Document two FPs with unit tests. 2020-01-17 09:57:11 +01:00
Anders Schack-Mulligen
ad92d6fe0f Merge pull request #2607 from yo-h/java-alert-suppression-block-comment 
Java: allow single-line `/* ... */` comments for alert suppression
 2020-01-10 11:05:23 +01:00
yo-h
1078424f79 Java: allow single-line /* ... */ comments for alert suppression 2020-01-08 09:19:25 -05:00
Anders Schack-Mulligen
e74aa33f9d Java: Include non-null final fields in clearlyNotNull. 2020-01-03 16:24:54 +01:00
Anders Schack-Mulligen
7e987c570f Merge pull request #2413 from JLLeitschuh/feature/JLL/maven_insecure_artifact_resolution 
Java: Use of HTTP/FTP to download/upload Maven artifacts
 2020-01-02 14:47:30 +01:00
Anders Schack-Mulligen
f88623ccb4 Java: Add .expected file to qltest. 2019-12-13 14:34:29 +01:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Henning Makholm
95c26a51af remove java test EmptyInterface 
This is a test of an internal query for the Semmle repository. It cannot
run against the public QL repository alone, and therefore should not be
tested here.

https://git.semmle.com/Semmle/code/pull/35690 adds the test back to the
internal repo.
 2019-12-02 15:29:42 +01:00
Anders Schack-Mulligen
2c3a6d7359 Java: Allow explicit zero multiplication in java/evaluation-to-constant. 2019-11-27 11:49:43 +01:00
Cornelius Riemenschneider
5d4b6c3a8c Nullness: Track correlated conditions of equality tests of variables. 2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider
92f32a12d8 Add tests for nullness tracking by comparing variables. 2019-11-21 19:23:39 +01:00
Cornelius Riemenschneider
3e5324e772 More precise Nullness tracking by taking correlated instanceof expressions into account. 
Fixes #2238.
 2019-11-21 18:38:27 +01:00
Cornelius Riemenschneider
d8aae1c126 Add tests to track nullness by instanceof checks. 2019-11-21 18:38:27 +01:00
Anders Schack-Mulligen
81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Anders Schack-Mulligen
6a2edce040 Merge pull request #2205 from rneatherway/java/hamcrest-nullness 
Java: Respect Hamcrest assertThat(X, notNullValue())
 2019-11-14 13:09:56 +01:00
yh-semmle
429c307832 Merge pull request #2304 from aschackmull/java/rangeanalysis-integral-fix 
Java: Fix range analysis bug in integral inequality bounds.
 2019-11-12 16:33:12 -05:00
Anders Schack-Mulligen
7619275c8b Java: Fix range analysis bug in integral inequality bounds. 2019-11-12 17:28:40 +01:00
Anders Schack-Mulligen
8cd6b51763 Java: Add ConditionalExpr to overflow candidate pattern. 2019-11-12 17:27:18 +01:00
Robin Neatherway
96f9a01355 Correct minor compilation errors in test code 2019-10-29 17:52:13 +00:00
Robin Neatherway
84202ff2e1 Java: Respect Hamcrest assertThat(X, notNullValue()) 2019-10-29 17:52:13 +00:00
yh-semmle
80fd5b2ada Merge pull request #2175 from aschackmull/java/continue-in-false-loop 
Java: Port C++ query cpp/continue-in-false-loop to Java.
 2019-10-24 20:47:59 -04:00
Anders Schack-Mulligen
fe2988ab39 Merge pull request #2152 from yh-semmle/java-alert-suppression-annotations 
Java: support LGTM alert suppression using `@SuppressWarnings` annotations
 2019-10-24 15:04:29 +02:00
Anders Schack-Mulligen
3462624995 Java: Add test. 2019-10-23 16:24:26 +02:00
yh-semmle
afcde14403 Merge pull request #2085 from aschackmull/java/overflow-check-fp 
Java: Add another overflow check pattern to UselessComparisonTest.
 2019-10-18 11:01:24 -04:00
yh-semmle
ee2c97f147 Java: add extra test for java/alert-suppression-annotations 2019-10-17 22:09:04 -04:00
yh-semmle
62521dca32 Java: account for multiple strings in java/alert-suppression-annotations 2019-10-17 22:09:04 -04:00
yh-semmle
e3f828c588 Java: refine ranges in java/alert-suppression-annotations 2019-10-17 22:09:03 -04:00
yh-semmle
b2bc8382b0 Java: add alert-suppression query for @SuppressWarnings("lgtm[...]") 2019-10-17 22:09:02 -04:00
Anders Schack-Mulligen
066a2f0d12 Java: Add another overflow check pattern to UselessComparisonTest. 2019-10-04 15:04:40 +02:00
Tom Hvitved
7f6e253425 Java: Update expected test output 2019-10-04 11:09:44 +02:00
Anders Schack-Mulligen
0afea80d53 Java: Improve guards for equal ssa variables. 2019-09-26 16:29:13 +02:00
Tom Hvitved
6318cc9a71 Java: Update expected test output 2019-09-18 13:36:15 +02:00
Anders Schack-Mulligen
2d620698d8 Java: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Jonas Jensen
9c9b7ac651 C#/C++/Java: Revert AccessPathNil.toString changes 
This caused too many `*.expected` files to change, also in our internal
repo.
 2019-09-02 15:59:36 +02:00
Jonas Jensen
a98992f0f9 C#/C++/Java: distinguish toString of nil from cons 2019-09-02 14:22:03 +02:00
Jonas Jensen
6c96a8d339 Java: Accept test changes 
Note: the results in `partial` have regressed and will need to be fixed
in a follow-up commit.
 2019-09-02 13:14:17 +02:00
Luke Cartey
dfa371c65b Java: Add missing SQL query APIs. 
* executeLargeUpdate
 * prepareCall
 2019-08-30 10:40:49 +01:00
Anders Schack-Mulligen
a50ea54ff6 Java: Fix tests. 2019-08-08 12:03:01 +02:00
Anders Schack-Mulligen
a583f000c1 Java: Fix tests. 2019-06-27 13:20:03 +02:00
Anders Schack-Mulligen
48b19f1fea Java: Replace ValidatedVariable with guarded accesses. 2019-05-20 16:46:11 +02:00
Anders Schack-Mulligen
dec31a3dd6 Java: Use range analysis in IntMultToLong. 2019-04-05 10:42:23 +02:00
Anders Schack-Mulligen
52ad816074 Merge pull request #904 from rneatherway/zipslip-fix 
Java: Add a flow step for `Path::toFile` in ZipSlip
 2019-02-11 13:08:38 +01:00
Robin Neatherway
409733838b Java: Add a flow step for Path::toFile in ZipSlip 2019-02-11 10:33:44 +00:00
Henning Makholm
b8a03464bf Fix false positives in java/unused parameter 
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
 2019-02-07 21:14:36 +01:00