hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,380 Commits 1,671 Branches 157 Tags
16836de02b3e2879bdda804564c4636332e6144d
Commit Graph

7107 Commits

Author SHA1 Message Date
Tamas Vajk
16836de02b Code quality improvment to simplify test QL 2022-09-14 15:15:06 +02:00
Tamas Vajk
a68b61f50a Kotlin: adjust expected test results after fixing compiler argument interception 2022-09-14 13:15:29 +02:00
Tamas Vajk
6eccb5e99c Kotlin: Add integration test to show missing compiler arguments 2022-09-14 13:15:29 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
Ian Lynagh
f807b801ce Merge pull request #10401 from igfoo/igfoo/throw 
Kotlin: Remove a throw statement
 2022-09-13 17:41:31 +01:00
Tony Torralba
4708052741 Merge pull request #10408 from giper45/patch-1 
Updated vulnerable XSS.java version
 2022-09-13 17:50:47 +02:00
Tony Torralba
ac46a38b9d Update java/ql/src/Security/CWE/CWE-079/XSS.java 2022-09-13 16:49:20 +02:00
Tony Torralba
2b027709e4 Update XSS qhelp 2022-09-13 16:39:48 +02:00
gx1
1c4488e7c8 Updated vulnerable XSS.java version 2022-09-13 15:58:25 +02:00
Tamas Vajk
2c757c714d Kotlin: Code quality improvements: refactor a cast 2022-09-13 15:44:54 +02:00
Ian Lynagh
2f8151d8d2 Kotlin: Remove a throw statement 
We have a way to carry on here, so we may as well do so
 2022-09-13 13:51:00 +01:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Tamás Vajk
4569b9585f Merge pull request #10313 from tamasvajk/kotlin-fix-vararg 
Kotlin: Fix `vararg` extraction outside of method call
 2022-09-12 15:54:50 +02:00
Tamás Vajk
ed772e54d1 Merge pull request #10328 from tamasvajk/kotlin-kfunction-fix 
Kotlin: fix `KFunctionX.invoke` extraction
 2022-09-12 15:54:33 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Ed Minnix
817f12cae6 Updated expectations file with new message 
The warning message for the `android:allowBackup` query was updated.
This updates the message in the expectations file.
 2022-09-09 11:35:48 -04:00
Ian Lynagh
c7e3051edd Merge pull request #10239 from tamasvajk/kotlin-fix-declaration-stack 
Kotlin: Fix declaration stack
 2022-09-09 16:03:31 +01:00
Tamás Vajk
05fcbdd9e3 Merge pull request #10365 from tamasvajk/kotlin-fix-isUnspecialised-2 
Kotlin: Fix `isUnspecialised` to handle generic classes inside generic methods
 2022-09-09 16:27:19 +02:00
Edward Minnix III
08a17b355e allowBackup documentation updates 
Make error messages and descriptions clearer about application backups not being disabled, rather than focusing on `android:allowBackup` specifically.

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-09 09:30:49 -04:00
Tamas Vajk
b8b0fd8a74 Kotlin: Fix isUnspecialised to handle generic classes inside generic methods 2022-09-09 14:32:38 +02:00
Tamas Vajk
3267d7c96e Kotlin: Add test case with various nested generics 2022-09-09 11:09:50 +02:00
Edward Minnix III
83c8e22225 Apply suggestions from documentation review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-09-08 15:55:00 -04:00
Tony Torralba
7db1eb98f5 Sync files 2022-09-08 17:32:03 +02:00
Tony Torralba
1b87167d96 Add implicit reads for FlowState sinks and steps 2022-09-08 17:26:59 +02:00
Tony Torralba
d5f101d7e6 Add implicit read FlowState test 2022-09-08 17:19:39 +02:00
Ed Minnix
59909751ae Change allowBackup tests to use qlref test format 
Due to some limitations of comments in XML, it is simpler to implement
the `android:allowBackup` tests using the qlref/expectations test format.
 2022-09-08 10:34:17 -04:00
Ed Minnix
e69a8269ad Move CleartextStorage test files into separate dir 
Move the files for the CleartextStorage tests into their own directory
to avoid issues with extraction
 2022-09-08 10:33:05 -04:00
Ian Lynagh
b62193d4bf Merge pull request #10333 from igfoo/igfoo/extractStaticInitializer2 
Kotlin: Remove a cast from extractStaticInitializer
 2022-09-08 10:51:36 +01:00
Tamas Vajk
56ef1739a3 Kotlin: fix KFunctionX.invoke extraction 2022-09-08 10:49:10 +02:00
Tamas Vajk
fdf3488500 Kotlin: Add test with extraction error due to missing base class of KFunctionX 2022-09-08 10:49:01 +02:00
Michael Nebel
e265b07a93 Merge pull request #10127 from michaelnebel/csharp/clearscontent 
C#: Replace clears content with CSV summaries.
 2022-09-08 09:26:08 +02:00
github-actions[bot]
7e72f53631 Add changed framework coverage reports 2022-09-08 00:21:30 +00:00
Ed Minnix
09b723fc6d Formatting fixes for allowBackup tests 2022-09-07 13:30:19 -04:00
Ed Minnix
c69a2be976 Moved allowBackup query logic to allowsBackup pred 2022-09-07 12:08:25 -04:00
Ed Minnix
5206c792b0 Additional Unit tests for the allowBackup query 2022-09-07 12:07:48 -04:00
Tamás Vajk
b129c4098d Merge pull request #10278 from tamasvajk/kotlin-reified-enum 
Kotlin: Extract error expression for `enumValues<T>` calls
 2022-09-07 17:33:08 +02:00
Edward Minnix III
f6c8144eed Update java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:36 -04:00
Edward Minnix III
9ddfcf935b Update java/ql/src/change-notes/2022-08-18-android-allowbackup-query.md 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2022-09-07 09:46:16 -04:00
Tamas Vajk
2728517c7f Improve error handling 2022-09-07 15:31:23 +02:00
Tamas Vajk
0f967060e5 Fix merge conflict 2022-09-07 15:24:25 +02:00
Tamas Vajk
acac5fe4fd Improve code quality 2022-09-07 15:21:12 +02:00
Tamas Vajk
7f7cb2c579 Kotlin: refactor declaration stack to handle file as declaration parent 2022-09-07 15:21:11 +02:00
Tamas Vajk
25977778a2 Kotlin: Fix duplicate field entry in declaration stack 2022-09-07 15:21:11 +02:00
Tamas Vajk
0c257a1b78 Kotlin: add test for incorrect declaration stack 2022-09-07 15:21:10 +02:00
Ian Lynagh
bf6e988fcd Merge pull request #10331 from igfoo/igfoo/extractConstructorCall3 
Kotlin: Remove a cast from extractConstructorCall
 2022-09-07 14:01:40 +01:00
Tamas Vajk
f84e62e16b Add todo comment based on PR review 2022-09-07 13:47:28 +02:00
Ian Lynagh
b2c83ae69b Kotlin: Remove a cast from extractStaticInitializer 2022-09-07 12:46:26 +01:00
Ian Lynagh
159ee99b6d Kotlin: Remove a cast from extractConstructorCall 2022-09-07 12:29:24 +01:00
Tamás Vajk
3410dd589d Merge pull request #9783 from tamasvajk/feature/kotlin-stdlib-mad 
Kotlin: Add MaD for stdlib
 2022-09-07 12:57:23 +02:00
Tamás Vajk
5c37430031 Merge pull request #10329 from tamasvajk/kotlin-type-access-todo 
Kotlin: Add todo comment describing type access extraction inconsistency
 2022-09-07 12:56:54 +02:00