hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,269 Commits 1,671 Branches 157 Tags
1ad239459f505f7da741ec13fa93fd054a1e1033
Commit Graph

13815 Commits

Author SHA1 Message Date
yoff
1ad239459f java: move shared code into Concurrency.qll 2025-10-09 13:36:35 +02:00
yoff
f90e9dbb5e java: favour inline_late over inline 
This gives much greater control over the join-order
 2025-10-09 13:01:25 +02:00
yoff
26c1b2f143 java: adjust test expectations; new queries are enabled in extended 2025-10-09 12:29:42 +02:00
yoff
830f02af1f java: fixes from the CI bots 2025-10-09 09:37:31 +02:00
yoff
93fc287ef1 java: add auto-generated overlay annotations 2025-10-09 09:25:57 +02:00
yoff
a1671ea8af java: small cleanups 
- add missing qldoc
- remove use of `getErasure`
- remove use of `getTypeDescriptor`
- define `ExposedField`
 2025-10-09 09:16:25 +02:00
yoff
821b1de5b3 java: inline char pred 2025-10-09 09:16:25 +02:00
yoff
01ddc11fa7 java: address some review comments 2025-10-09 09:16:25 +02:00
yoff
77734f83d5 java: better detection of thread safe fields. 
Identified by triage of DCA results.
Previously, we did not use the erased type, so would not recgnize `CompletableFuture<R>`.
We now also recognize safe initializers.
 2025-10-09 09:16:25 +02:00
yoff
bf138693a3 java: update expectations for java-code-quality suite 2025-10-09 09:16:07 +02:00
yoff
096d5f2a56 java: implement SCC contraction of the call graph 
Our monitor analysis would be fooled by cycles in the call graph,
since it required all edges on a path to a conflicting access to be either
 - targetting a method where the access is monitored (recursively) or
 - monitored locally, that is the call is monitored in the calling method
For access to be monitored (first case) all outgoing edges (towards an access) need
to satisfy this property. For a loop, that is too strong, only edges out of the loop
actually need to be protected. This led to FPs.
 2025-10-09 09:14:16 +02:00
yoff
5b30153113 java: add Escaping query (P1) 2025-10-09 09:14:16 +02:00
yoff
328b53576a java: add SafePublication query (P2) 2025-10-09 09:14:16 +02:00
yoff
fe487e8bf0 java: add ThreadSafe query (P3) 
Co-authored-by: Raúl Pardo <raul.pardo@protonmail.com>
Co-authored-by: SimonJorgensenMancofi <simon.jorgensen@mancofi.dk>
Co-authored-by: Bjørnar Haugstad Jåtten <bjornjaat@hotmail.com>
 2025-10-09 09:14:16 +02:00
Anders Schack-Mulligen
99f5dcaaa4 Java: Fix bug in ConstantExpAppearsNonConstant. 2025-10-08 10:32:51 +02:00
Idriss Riouak
28fe20e3e4 Merge pull request #20595 from github/idrissrio/java-lambda 
Java: Add integration test for buildless lambda recovery
 2025-10-08 09:53:29 +02:00
Alex Eyers-Taylor
542bdf0792 Java: Use Overlay dataflow in java. 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
c49e2ab2da DataFlow: Add code to do overlay informed dataflow. 2025-10-07 17:52:12 +01:00
idrissrio
f69e5f5ffc Java: Accept new test results after extractor changes 2025-10-07 16:55:53 +02:00
idrissrio
55b15a261a Java: Add integration test for buildless lambda recovery 2025-10-07 16:55:52 +02:00
Anders Schack-Mulligen
18e33b193e Merge pull request #20589 from aschackmull/java/array-entrypoint-read-taint 
Java: Allow taint-read-steps for array sources.
 2025-10-07 15:04:03 +02:00
Anders Schack-Mulligen
7dadbc43fb Java: Add change note. 2025-10-07 13:51:49 +02:00
Anders Schack-Mulligen
f0bfd7053e Java: Add test case. 2025-10-07 13:40:44 +02:00
Anders Schack-Mulligen
11665bea0a Java: Allow taint-read-steps for array sources. 2025-10-07 10:10:02 +02:00
idrissrio
5c6d187ef2 Java: Fix buildless test HTTP server binding on macOS26 2025-10-07 09:24:55 +02:00
Nicolas Will
e2a8d58e02 Merge pull request #20583 from bdrodes/jca_signature_extensions 
Crypto: Add JCA signatures, RNG, and unit tests
 2025-10-06 18:51:30 +02:00
REDMOND\brodes
cb812b47ed Crypto: more non-ascii removal. 2025-10-06 11:53:39 -04:00
Nicolas Will
9e278b9fa4 Merge pull request #20258 from bdrodes/java_nonce_reuse_tests 
Crypto: Add reuse nonce test for Java
 2025-10-06 17:42:25 +02:00
REDMOND\brodes
017a956d5e Crypto: more non-ascii removal. 2025-10-06 11:34:45 -04:00
REDMOND\brodes
abeb3141b1 Crypto: Formatting test cases, more removal of non-ascii 2025-10-06 10:46:09 -04:00
Nicolas Will
15e9bb9cc1 Format Test and update .expected 2025-10-06 16:29:25 +02:00
REDMOND\brodes
96f6832a6f Crypto: Updating expected files for unit tests. 2025-10-06 10:07:15 -04:00
REDMOND\brodes
606aef38cb Crypto: Removing non-ascii characters from unit tests 2025-10-06 09:56:14 -04:00
Ben Rodes
b32a6407b9 Update java/ql/lib/experimental/quantum/JCA.qll 
Co-authored-by: Nicolas Will <nicolaswill@github.com>
 2025-10-06 09:04:19 -04:00
Idriss Riouak
4a1157bff9 Merge pull request #20491 from github/idrissrio/java-maven 
Java: Integration tests for Maven 4
 2025-10-06 14:57:22 +02:00
Nicolas Will
579da1dbd6 Fix QL-for-QL alerts 2025-10-06 14:45:45 +02:00
idrissrio
a22ec2d9c6 Java: Accept new test results after extractor changes 2025-10-06 11:18:16 +02:00
idrissrio
f6b6a007b1 Java: Add integration tests for Maven 4 2025-10-06 11:18:15 +02:00
REDMOND\brodes
9fa30a3884 Crypto: Updating algorithm string literals and key generation algorithm literal sources to include signatures. 2025-10-03 18:09:27 -04:00
REDMOND\brodes
9c5765a48c Crypto: Add missing string constants for signature algorithms. 2025-10-03 17:17:07 -04:00
REDMOND\brodes
66e9d7671d Crypto: Add jca unit tests. 2025-10-03 13:32:02 -04:00
REDMOND\brodes
f1eb6511a7 Crypto: Add modeling for JCA signatures. Make consistent use of "unknown" or "other" for unrecognized types. 2025-10-03 12:07:37 -04:00
REDMOND\brodes
a46bd4c4ca Crypto: JCA random number generation model. 2025-10-02 15:21:28 -04:00
Ben Rodes
e823d80f0c Merge branch 'main' into java_nonce_reuse_tests 2025-10-02 13:31:40 -04:00
Nicolas Will
4901cdf929 Crypto: Refactor and change casts to super 2025-10-02 18:43:38 +02:00
REDMOND\brodes
9673b81677 Crypto: Update JCA 'wihHmac" raw name to be the entire raw string, not just "Hmac" 2025-10-02 11:49:23 -04:00
REDMOND\brodes
704a06e1fa Crypto: Update JCA PBKDF2 modeling: 1) add further inheritance structures to make the inheritance decomposition and caveats clearer, and 2) use getConsumer to establish the hash and hmac consumer. Update the Model to expect hash node types specifically for HMAC getHashALgorithmOrUnknown. 2025-10-02 11:45:13 -04:00
REDMOND\brodes
850c1ec12d Crypto: Fix use of a member where a singleton set literal exists 2025-10-02 09:20:40 -04:00
REDMOND\brodes
b08533b322 Crypto: Fix missing output variable 2025-10-02 09:10:50 -04:00
REDMOND\brodes
c37b7c1389 Merge branch 'signature_model_refactor' of https://github.com/bdrodes/codeql into signature_model_refactor 2025-10-02 09:05:09 -04:00