hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,410 Commits 1,673 Branches 157 Tags
0fb1dedbb29ba6714b8b3c5e833dff4dcbbf9553
Commit Graph

7127 Commits

Author SHA1 Message Date
Tamás Vajk
e4a712c9d6 Merge pull request #10402 from tamasvajk/kotlin-comp-args 
Kotlin: Add integration test for compiler argument extraction
 2022-09-14 15:27:18 +02:00
Tamas Vajk
16836de02b Code quality improvment to simplify test QL 2022-09-14 15:15:06 +02:00
Ian Lynagh
b3b1efb1a1 Merge pull request #10414 from igfoo/igfoo/getQualifiedName 
Java: Tweak Member.getQualifiedName()
 2022-09-14 13:30:22 +01:00
Anders Schack-Mulligen
d713910714 Merge pull request #10334 from aschackmull/java/uniontypeflow 
Java: Implement union type flow and replace ad-hoc variable tracking in dispatch
 2022-09-14 13:34:28 +02:00
Tamas Vajk
a68b61f50a Kotlin: adjust expected test results after fixing compiler argument interception 2022-09-14 13:15:29 +02:00
Tamas Vajk
6eccb5e99c Kotlin: Add integration test to show missing compiler arguments 2022-09-14 13:15:29 +02:00
Ian Lynagh
4ac0ecbc61 Java: Mark the getQualifiedName change as breaking 2022-09-14 12:10:50 +01:00
Ian Lynagh
d735b9e6f2 Java: Format QL 2022-09-14 11:56:13 +01:00
Ian Lynagh
fec6c35f21 Java: Accept test output for getQualifiedName change 2022-09-14 10:52:43 +01:00
Anders Schack-Mulligen
64e2f4164d Java: Add test for disjunctive type in call context. 2022-09-14 10:38:10 +02:00
Anders Schack-Mulligen
9f200633ca Java: convert test to inline expectation 2022-09-14 10:17:31 +02:00
Anders Schack-Mulligen
83e7bf71d7 Java: Adjust qldoc. 2022-09-14 10:16:09 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
Ian Lynagh
f807b801ce Merge pull request #10401 from igfoo/igfoo/throw 
Kotlin: Remove a throw statement
 2022-09-13 17:41:31 +01:00
Tony Torralba
4708052741 Merge pull request #10408 from giper45/patch-1 
Updated vulnerable XSS.java version
 2022-09-13 17:50:47 +02:00
Ian Lynagh
6a63b86f8a Java: Member.getQualifiedName() tweaked 
It now includes the qualified name of the declaring type.
 2022-09-13 16:05:51 +01:00
Ian Lynagh
fc445736b2 Java: Use hasQualifiedName rather than getQualifiedName in ExternalAPIs 
It's more efficient, as it doesn't require building intermediate
strings.
 2022-09-13 15:58:00 +01:00
Tony Torralba
ac46a38b9d Update java/ql/src/Security/CWE/CWE-079/XSS.java 2022-09-13 16:49:20 +02:00
Tony Torralba
2b027709e4 Update XSS qhelp 2022-09-13 16:39:48 +02:00
gx1
1c4488e7c8 Updated vulnerable XSS.java version 2022-09-13 15:58:25 +02:00
Tamas Vajk
2c757c714d Kotlin: Code quality improvements: refactor a cast 2022-09-13 15:44:54 +02:00
Ian Lynagh
2f8151d8d2 Kotlin: Remove a throw statement 
We have a way to carry on here, so we may as well do so
 2022-09-13 13:51:00 +01:00
Anders Schack-Mulligen
b8a1818422 Java: Fix test expectation. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
0e376b32d2 Java: extend typeflow tests to cover union types. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
d0f7052de2 Java: Support instanceof disjunction in union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
686e03e1cc Java: Fix perf issue. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
c8b93e0910 Java: Replace uses of deprecated variableTrack. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
a8eedce8ab Java: Replace ad-hoc variable tracking with union type flow in dispatch. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
6f06267892 Java: Implement union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
7692a9e2e7 Java: Minor TypeFlow tweaks. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
85d4742a01 Java: Add dispatch test showing lack of union types. 2022-09-13 13:30:40 +02:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Tamás Vajk
4569b9585f Merge pull request #10313 from tamasvajk/kotlin-fix-vararg 
Kotlin: Fix `vararg` extraction outside of method call
 2022-09-12 15:54:50 +02:00
Tamás Vajk
ed772e54d1 Merge pull request #10328 from tamasvajk/kotlin-kfunction-fix 
Kotlin: fix `KFunctionX.invoke` extraction
 2022-09-12 15:54:33 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Ed Minnix
817f12cae6 Updated expectations file with new message 
The warning message for the `android:allowBackup` query was updated.
This updates the message in the expectations file.
 2022-09-09 11:35:48 -04:00
Ian Lynagh
c7e3051edd Merge pull request #10239 from tamasvajk/kotlin-fix-declaration-stack 
Kotlin: Fix declaration stack
 2022-09-09 16:03:31 +01:00
Tamás Vajk
05fcbdd9e3 Merge pull request #10365 from tamasvajk/kotlin-fix-isUnspecialised-2 
Kotlin: Fix `isUnspecialised` to handle generic classes inside generic methods
 2022-09-09 16:27:19 +02:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Tamas Vajk
b8b0fd8a74 Kotlin: Fix isUnspecialised to handle generic classes inside generic methods 2022-09-09 14:32:38 +02:00
Tamas Vajk
3267d7c96e Kotlin: Add test case with various nested generics 2022-09-09 11:09:50 +02:00
Edward Minnix III
83c8e22225 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-08 15:55:00 -04:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Tony Torralba
1b87167d96 Add implicit reads for FlowState sinks and steps 2022-09-08 17:26:59 +02:00
Tony Torralba
d5f101d7e6 Add implicit read FlowState test 2022-09-08 17:19:39 +02:00
Ed Minnix
59909751ae Change allowBackup tests to use qlref test format 
Due to some limitations of comments in XML, it is simpler to implement
the `android:allowBackup` tests using the qlref/expectations test format.
 2022-09-08 10:34:17 -04:00
Ed Minnix
e69a8269ad Move CleartextStorage test files into separate dir 
Move the files for the CleartextStorage tests into their own directory
to avoid issues with extraction
 2022-09-08 10:33:05 -04:00
Ian Lynagh
b62193d4bf Merge pull request #10333 from igfoo/igfoo/extractStaticInitializer2 
Kotlin: Remove a cast from extractStaticInitializer
 2022-09-08 10:51:36 +01:00
Tamas Vajk
56ef1739a3 Kotlin: fix KFunctionX.invoke extraction 2022-09-08 10:49:10 +02:00
Tamas Vajk
fdf3488500 Kotlin: Add test with extraction error due to missing base class of KFunctionX 2022-09-08 10:49:01 +02:00