hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,275 Commits 1,671 Branches 157 Tags
tausbn/python-refine-location-of-flask-request-sources
Commit Graph

3153 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
0607fefc57 Java: Refactor integerGuard. 2025-06-26 07:17:33 +02:00
Anders Schack-Mulligen
a2778eee75 Java: Refactor clearlyNotNullExpr into a base case that does not rely on SSA. 2025-06-26 07:17:32 +02:00
Anders Schack-Mulligen
994c1f6427 Java: Add hasInputFromBlock predicate in BaseSSA. 2025-06-26 07:17:28 +02:00
Nora Dimitrijević
a49999dd5d PolynomialReDoS: disable diff-informed support 
This is because it was failing the diff-informed consistency check, and like other ReDoS queries (Python?) the query tries to be helpful by showing a substring of a regex, which has a `hasLocation(...)` (intensional) but no corresponding `getLocation()` (extensional). Until the location overrides get updated to support `hasLocation`-based locations, it's probably best to turn off diff-informed support.
 2025-06-24 16:42:41 +02:00
Nora Dimitrijević
b2cb585bf2 UnsafeDeserialization: add missing getASelectedSinkLocation override 
This fixes the failing diff-informed consistency check.
 2025-06-24 16:42:39 +02:00
Kasper Svendsen
0ee6a78a4a Java: Allow methods with empty bodies for overlay 2025-06-24 10:38:07 +02:00
Kasper Svendsen
6e92d7e247 Java: Add entity discard predicates 2025-06-24 10:38:06 +02:00
Kasper Svendsen
81b677a2d9 rename overlay[caller] to overlay[caller?] 2025-06-24 10:25:07 +02:00
Kasper Svendsen
c207cfdeb7 Overlay: Add overlay annotations to Java & shared libraries 2025-06-24 10:25:06 +02:00
Nora Dimitrijević
aa5dd7bb4e Java: mass enable diff-informed data flow + none() overrides 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on github#18346 and github/codeql-patch#88
 2025-06-17 14:05:36 +02:00
Anders Schack-Mulligen
6131c680f6 Update java/ql/lib/semmle/code/java/ControlFlowGraph.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2025-06-13 14:07:46 +02:00
Anders Schack-Mulligen
f27e310ba3 Java: Adjust references. 2025-06-11 15:53:02 +02:00
Anders Schack-Mulligen
b3bb71f2e2 Java: Update the CFG for assert statements to make them proper guards. 2025-06-11 15:38:29 +02:00
Anders Schack-Mulligen
62000319fe Rangeanalysis: Simplify Guards integration. 2025-05-23 13:39:53 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Owen Mansel-Chan
663c83d8c6 Merge pull request #19556 from owen-mc/java/pr/19512 
Java: Fix SpringRequestMappingMethod URL Extraction #2
 2025-05-22 15:08:31 +01:00
Owen Mansel-Chan
476ada13db Improve QLDoc for SpringRequestMappingMethod.getAValue 2025-05-22 14:22:28 +01:00
Owen Mansel-Chan
59d4f039d8 Deprecate SpringRequestMappingMethod.getValue (which didn't work) 2025-05-22 12:29:29 +01:00
Owen Mansel-Chan
775338ebdd Rename getArrayValue to getAValue 2025-05-22 12:21:20 +01:00
Anders Schack-Mulligen
10efea1075 Java/Shared: Address review comments. 2025-05-21 09:01:47 +02:00
Anders Schack-Mulligen
3fde675d08 Java: Extend qldoc. 2025-05-21 09:01:47 +02:00
Anders Schack-Mulligen
a98d93b98b Java: Override dominates to reference the right type. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
db01828717 Java: Deprecate redundant basic block predicates. 2025-05-21 09:01:46 +02:00
Anders Schack-Mulligen
f202586f5e Java: Use the shared BasicBlocks library. 2025-05-21 09:01:45 +02:00
sentient0being
f575d2f941 get array string url 2025-05-17 19:40:41 +08:00
Jami
02ded89d84 Merge branch 'main' into jcogs33/java/junit5-missing-nested-annotation 2025-04-21 09:46:49 -04:00
Chris Smowton
0a293cf357 Add EnumType to SimpleTypeSanitizer 2025-04-09 12:12:35 +01:00
Chris Smowton
77e4d9e692 Fix stray references to the javax package name 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-04-02 10:03:49 +01:00
Jami Cogswell
faeb7ab890 Java: add blank lines to qldocs 2025-04-01 14:54:46 -04:00
Chris Smowton
20839745bd Remove redundant import 2025-04-01 16:49:56 +01:00
Chris Smowton
50119ae481 Update docs 2025-04-01 16:20:06 +01:00
Chris Smowton
a5a6fd37df Enable recognising jakarta.persistence in dead-code queries 2025-04-01 16:19:42 +01:00
Chris Smowton
fb6296a564 Persistence models: recognise jakarta.persistence 2025-04-01 16:07:40 +01:00
Anders Schack-Mulligen
e8e9403b4c Merge pull request #19093 from aschackmull/java/caching 
Java: Adjust caching of BasicBlocks, BaseSSA, and CompileTimeConstants
 2025-03-31 10:48:12 +02:00
Anders Schack-Mulligen
5a986f5327 SSA: Remove empty predicates and dead code. 2025-03-28 12:00:38 +01:00
Anders Schack-Mulligen
4c420c5bae Java: Switch from ssaDefAssigns/ssaDefInitializesParam to ssaDefHasSource. 2025-03-28 11:57:27 +01:00
Anders Schack-Mulligen
0c74f21107 Merge pull request #19044 from aschackmull/ssa/useuse-trim 
Ssa: Trim the use-use relation to skip irrelevant nodes
 2025-03-28 11:55:34 +01:00
Jami
e458aca806 Merge branch 'main' into jcogs33/java/junit5-missing-nested-annotation 2025-03-27 21:31:09 -04:00
Anders Schack-Mulligen
d5d0274ce7 Java/SSA: Keep proper distinction between cached stages. 2025-03-25 13:43:55 +01:00
Anders Schack-Mulligen
7c82f51381 Java: Skip SSA definition nodes in data flow. 2025-03-25 12:31:01 +01:00
Anders Schack-Mulligen
dc0ca1ac18 Java: Fix TC magic in SystemProperty. 2025-03-24 13:31:23 +01:00
Jami Cogswell
35b647839c Java: include RepeatedTest, ParameterizedTest, TestFactory, and TestTemplate when identifying JUnit 5 test methods 2025-03-23 19:49:55 -04:00
Jami Cogswell
4d7bed6181 Java: exclude anonymous, local, and private classes 2025-03-23 19:49:53 -04:00
Jami Cogswell
f17e7266cf Java: refactor QL 2025-03-23 19:48:15 -04:00
Anders Schack-Mulligen
3c6db09039 Java: Cache the other compiletimeconstant value predicates 2025-03-21 15:53:26 +01:00
Anders Schack-Mulligen
e75ed5a085 Java: Merge BaseSSA cached stages. 2025-03-21 15:45:50 +01:00
Anders Schack-Mulligen
33135330fd Java: Merge cached stages for BasicBlocks. 2025-03-21 15:21:25 +01:00
mc
1f76793863 Merge branch 'main' into tamasvajk/java_empty_method 2025-03-21 10:01:10 +00:00
Tamás Vajk
246c8276e0 Update java/ql/lib/semmle/code/java/UnitTests.qll 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-03-20 09:22:13 +01:00
Jami
2750d1d889 Merge pull request #18646 from jcogs33/jcogs33/java/directory-chars-path-sanitizer 
Java: path sanitizer for `replace`, `replaceAll`, and `matches`
 2025-03-18 13:26:01 -04:00