hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,673 Commits 1,673 Branches 157 Tags
22e48ca39a000db590439b3c5082178b9cecbbbd
Commit Graph

5392 Commits

Author SHA1 Message Date
Chris Smowton
22e48ca39a Accept test changes 2022-05-12 22:36:28 +01:00
Chris Smowton
77056c9bff Add test expectations 2022-05-12 22:36:28 +01:00
Chris Smowton
ce87a89009 Replace Map and similar functions with their Java cousins 
This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V).

These have different erasures which was leading to callable-binding inconsistencies.
 2022-05-12 22:36:28 +01:00
Tamas Vajk
fa0bd0366c Fix extension property labels 2022-05-12 22:36:28 +01:00
Tamas Vajk
25fce5f6bb Identify data classes during extraction 2022-05-12 22:36:28 +01:00
Chris Smowton
1e78f2893c Add test for special method getters 2022-05-12 22:36:28 +01:00
Chris Smowton
134f88fe8e Accept test results 2022-05-12 22:36:27 +01:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00
Anders Schack-Mulligen
fad7d9ae72 Merge pull request #9120 from igfoo/igfoo/fixes 
Kotlin: Fix some alerts
 2022-05-12 08:29:34 +02:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Ian Lynagh
33e17f1665 Kotlin: Fix some alerts 2022-05-11 17:58:50 +01:00
Nick Rolfe
e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Henry Mercer
6ecc542ca3 Merge pull request #9117 from github/henrymercer/java/tag-telemetry 
Java: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:35 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Tom Hvitved
5df87d526c Sync files 2022-05-11 15:17:27 +02:00
Tom Hvitved
333780e635 Merge pull request #8898 from hvitved/dataflow/clear-expect-summary-components 
Data flow: Introduce 'with/without content' summary components
 2022-05-11 15:16:42 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
Henry Mercer
b6f1ddcdab Java: Tag telemetry queries with telemetry 
This will exclude the results of these queries from the summary tables
produced by `codeql database analyze` in a future version of the CodeQL
CLI.
 2022-05-11 13:29:25 +01:00
Anders Schack-Mulligen
9a4d86e9b4 Merge pull request #8571 from Marcono1234/marcono1234/statement-expression 
Java: Add `ValueDiscardingExpr`
 2022-05-11 13:37:24 +02:00
Chris Smowton
0044326884 Add change note 2022-05-11 12:06:27 +01:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00
luchua-bc
f85c01c975 Correct string source 2022-05-11 10:37:22 +00:00
Chris Smowton
1af0e9b619 Servlets.qll: don't use deprecated library visiblity modifier. 2022-05-11 11:31:14 +01:00
Anders Schack-Mulligen
25336df302 Merge pull request #8873 from atorralba/atorralba/android-startactivity-flowstep 
Java: Add flow step from startActivity to getIntent
 2022-05-11 11:08:08 +02:00
Anders Schack-Mulligen
c217a1e502 Update java/ql/lib/semmle/code/java/Expr.qll 2022-05-11 11:03:13 +02:00
Tony Torralba
43b425d0e4 Merge pull request #9002 from atorralba/atorralba/https-urls-improvs 
Java: Add OkHttp and Retrofit models
 2022-05-11 10:48:08 +02:00
Ian Lynagh
b7a0b56e41 Kotlin: Add a this. 2022-05-10 19:51:31 +01:00
Ian Lynagh
8a89251c4f Kotlin: Tweak dbscheme 2022-05-10 19:51:31 +01:00
Ian Lynagh
3662611b04 Kotlin: Fix compilation_finished upgrade script 2022-05-10 19:51:31 +01:00
Ian Lynagh
b5572422df Kotlin: Autoformat 2022-05-10 19:51:31 +01:00
Ian Lynagh
ab2946cf10 Kotlin: Add release notes 2022-05-10 19:51:31 +01:00
Ian Lynagh
e1d832c2e9 Upgrades: All old diagnostics are generated by the Java extractor 2022-05-10 19:51:31 +01:00
Tamas Vajk
26dfca8010 Add DB upgrade scripts for diagnostics and compilation_finished 2022-05-10 19:51:31 +01:00
Tony Torralba
a5a31db835 Rename AnyEqualsExpr and AnyNotEqualsExpr 2022-05-10 19:51:31 +01:00
Tony Torralba
0e3db78eba Make GeneratedFileMarker an instance of JavadocElement 2022-05-10 19:51:31 +01:00
Tamas Vajk
4f256d2958 Change LambdaExpr::asMethod to return the big-arity invoke instead of the wrapper 2022-05-10 19:51:31 +01:00
Ian Lynagh
af3bc4f44d Kotlin: Apply review feedback 2022-05-10 19:51:31 +01:00
Ian Lynagh
2e3d2b8e11 Java: Use the Diagnostics class in DiagnosticsReporting.qll 
We shouldn't use database types/tables directly in src/
 2022-05-10 19:51:31 +01:00
Tamas Vajk
464d13775d Add QL doc for LambdaExpr::isKotlinFunctionN 2022-05-10 19:51:31 +01:00
Ian Lynagh
1151f79eca Kotlin: Apply some review feedback 2022-05-10 19:51:31 +01:00
Ian Lynagh
726a005cc2 Update java/ql/lib/semmle/code/java/Expr.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-05-10 19:51:31 +01:00
Ian Lynagh
1a36b1ab53 Kotlin: Format queries 2022-05-10 19:51:31 +01:00
Ian Lynagh
efe3c0d1ea Kotlin: Performance tweak 2022-05-10 19:51:30 +01:00