hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 13:11:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,589 Commits 1,689 Branches 160 Tags
31867a56fb2d662b60ed4de16427fb05d2d5689d
Commit Graph

12775 Commits

Author SHA1 Message Date
Anders Fugmann
31867a56fb Kotlin: Accept test changes 
Accept test changes from Kotlin 2.3.0 update

Updates expected test outputs for kotlin2 library tests to match
actual compiler output. Changes include:
- Location adjustments for properties/methods (now point to identifiers)
- CastExpr -> ImplicitCastExpr for implicit type casts
- Removed duplicate BlockStmt entries in loop ASTs
- Super constructor call location changes

Note that in Kotlin 2.3.0 super constructor calls now have locations spanning
entire class declarations instead of the actual super call site.
 2026-01-28 10:11:21 +01:00
Anders Fugmann
86d9c349ec Kotlin: Accept test changes 2026-01-28 10:11:21 +01:00
Anders Fugmann
59fa01e386 Kotlin: Add bitwise 'and' operation expected by Kotlin 2.3 compiler to exist in the stdlib 2026-01-28 10:11:20 +01:00
Anders Fugmann
a6f8af0de5 Kotlin: Accept column location changes in tests 2026-01-28 10:11:20 +01:00
Anders Fugmann
f6f5b7e1e9 Kotlin: Accept test changes after rebasing to include changes from https://github.com/github/codeql/pull/21216 2026-01-28 10:11:19 +01:00
Anders Fugmann
275724000b Kotlin: Update kotlin serialization integration test to use Kotlin compiler 1.8.10 and accept test changes 2026-01-28 09:30:22 +01:00
Anders Fugmann
939f3e83aa Kotlin: Update kotlin compiler version in integration tests 2026-01-28 09:30:22 +01:00
Anders Fugmann
d69fe20d7d Kotlin: Bump upper bound for supported kotlin version in integration test 2026-01-28 09:30:22 +01:00
Anders Fugmann
6d60595d73 Kotlin: Add changenotes for Kotlin 2.3 support and removal of support for Kotlin 1.6 and 1.7 2026-01-28 09:30:21 +01:00
Anders Peter Fugmann
f4edff9452 Merge pull request #21216 from github/andersfugmann/kotlin_extractor_load_last 
Kotlin: Load kotlin extractor last
 2026-01-28 09:22:46 +01:00
Mads Navntoft
b7125a009e Merge pull request #21221 from github/navntoft/struts 
Java: Add support for Struts 7.x package names
 2026-01-27 15:53:26 +01:00
Mads Navntoft
ede05b54ea Java: Add change note for Struts 7.x package name support 2026-01-27 13:00:16 +01:00
Mads Navntoft
9a94d0474c Java: Add support for Struts 7.x package names 
Updates Struts library to recognize both legacy xwork2 and new struts2
packages:
- StrutsActions.qll: Add org.apache.struts2 alternatives for Action,
  Preparable, ActionSupport
- StrutsConventions.qll: Add org.apache.struts2.action.Action
  alternative

This maintains backward compatibility for analyzing Struts 2.x-6.x apps
while supporting Struts 7.x which renamed packages from
com.opensymphony.xwork2 to org.apache.struts2.
 2026-01-27 12:57:55 +01:00
Anders Fugmann
73850f1b56 Kotlin: Add changenote 2026-01-26 13:27:34 +01:00
Tom Hvitved
0f6bae0ae1 Add change notes 2026-01-26 12:40:22 +01:00
Tom Hvitved
7024b07dd2 Java: Adapt to changes in FlowSummaryImpl 
Missing manual models were added using the following code added to `FlowSummaryImpl.qll`:

```ql
    private predicate testsummaryElement(
      Input::SummarizedCallableBase c, string namespace, string type, boolean subtypes, string name,
      string signature, string ext, string originalInput, string originalOutput, string kind,
      string provenance, string model, boolean isExact
    ) {
      exists(string input, string output, Callable baseCallable |
        summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput,
          kind, provenance, model) and
        baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext, isExact) and
        (
          c.asCallable() = baseCallable and input = originalInput and output = originalOutput
          or
          correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalInput,
            input) and
          correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalOutput,
            output)
        )
      )
    }

    private predicate testsummaryElement2(
      string namespace, string type, boolean subtypes, string name, string signature, string ext,
      string originalInput, string originalOutput, string kind, string provenance, string model,
      string namespace2, string type2
    ) {
      exists(Input::SummarizedCallableBase c |
        testsummaryElement(c, namespace2, type2, _, _, _, ext, originalInput, originalOutput, kind,
          provenance, model, false) and
        testsummaryElement(c, namespace, type, subtypes, name, _, _, _, _, _, provenance, _, true) and
        signature = paramsString(c.asCallable()) and
        not testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance,
          _, true)
      )
    }

    private string getAMissingManualModel(string namespace2, string type2) {
      exists(
        string namespace, string type, boolean subtypes, string name, string signature, string ext,
        string originalInput, string originalOutput, string kind, string provenance, string model
      |
        testsummaryElement2(namespace, type, subtypes, name, signature, ext, originalInput,
          originalOutput, kind, provenance, model, namespace2, type2) and
        result =
          "- [\"" + namespace + "\", \"" + type + "\", True, \"" + name + "\", \"" + signature +
            "\", \"\", \"" + originalInput + "\", \"" + originalOutput + "\", \"" + kind + "\", \"" +
            provenance + "\"]"
      )
    }
```
 2026-01-26 12:40:15 +01:00
Michael B. Gale
f76211c64a Merge pull request #21136 from github/mbg/java/maven-plugin-repo-changenote 
Java: Add change note for plugin repo support
 2026-01-26 10:44:51 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
Nick Rolfe
783676566c Fix typo in changelog 2026-01-19 15:12:05 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Owen Mansel-Chan
a5d9cb179a Merge pull request #20930 from owen-mc/java/spring-rest-template-request-forgery-sinks 
Java: add more Spring RestTemplate request forgery sinks
 2026-01-15 14:23:15 +00:00
Owen Mansel-Chan
97e0b4e9fd Use parameter name to only select correct overloads 2026-01-15 10:36:03 +00:00
Anders Schack-Mulligen
c632e8f188 Merge pull request #20448 from github/alexet/avoid-path-node-java 
Java: Eliminate pointless use of PathNodes over DataFlow::Node
 2026-01-15 10:55:09 +01:00
Mauro Baluda
f71b6c1bfd Improved models for Supplier arguments 2026-01-14 12:32:42 +01:00
Mauro Baluda
5cef0376a9 Update java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCouchBaseCredentials.java 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-01-14 11:50:52 +01:00
Mauro Baluda
9efefa6120 Fix test expectations 2026-01-13 22:46:42 +01:00
Mauro Baluda
29f23ee192 Fix extraction error 2026-01-13 22:33:01 +01:00
Mauro Baluda
4b7662f652 Merge branch 'main' into couchdb 2026-01-13 21:50:44 +01:00
Mauro Baluda
d335f039ef Improve model for CWE-089 2026-01-13 21:48:43 +01:00
Mauro Baluda
89f0e79ea1 Fix SqlTainted test 2026-01-13 13:55:14 +01:00
Ian Lynagh
63f78e7609 Merge pull request #21156 from igfoo/igfoo/mb 
Merge rc/3.20 into main
 2026-01-13 12:11:37 +00:00
Mauro Baluda
dda042f7df rename change notes 2026-01-13 13:07:14 +01:00
Anders Schack-Mulligen
9c1351c3fe Merge pull request #21149 from aschackmull/java/typeflow-partially-unbound 
Java: Add TypeFlow base case for partially unbound types.
 2026-01-13 12:31:38 +01:00
Anders Schack-Mulligen
8b555ca514 Java: Add test. 2026-01-13 11:20:13 +01:00
Ian Lynagh
dcd0a69759 Merge remote-tracking branch 'upstream/main' into igfoo/mb 2026-01-13 01:01:35 +00:00
Anders Schack-Mulligen
8e2d74a7b1 Java: Add TypeFlow base case for partially unbound types. 2026-01-12 12:45:06 +01:00
Mauro Baluda
0464e64469 Merge branch 'github:main' into couchdb 2026-01-09 17:24:01 +01:00
Mauro Baluda
4c8058d97b Merge branch 'github:main' into couchdb 2026-01-09 17:20:40 +01:00
Chris Smowton
634e9e6c39 Reapply "Change note" 
This reverts commit 688f10daf1.
 2026-01-09 13:42:48 +00:00
Chris Smowton
13e0e6c694 Reapply "Add integration test for paths and paths-ignore vs. Java buildless mode" 
This reverts commit 9db11f73c5.
 2026-01-09 13:42:43 +00:00
Michael B. Gale
157487d8f2 Java: Add change note for plugin repo support 2026-01-09 12:49:12 +00:00
Owen Mansel-Chan
d7acb75f9d Merge pull request #21055 from owen-mc/java/allow-mad-barriers 
Java: allow MaD barriers
 2026-01-09 10:27:48 +00:00
Owen Mansel-Chan
8c9318b1a0 Minor tweaks to QLDocs 2026-01-09 09:38:10 +00:00
Owen Mansel-Chan
cce6823d3b Delete experimental models that have been promoted 
They were promoted in https://github.com/github/codeql/pull/17590
 2026-01-08 15:33:59 +00:00
Owen Mansel-Chan
8a80158959 Merge pull request #17590 from Kwstubbs/java-mad-test 
Java: FileUpload Support MaD
 2026-01-08 13:33:55 +00:00
yoff
608fa1a0a3 Merge pull request #20910 from yoff/java/more-thread-safe-initialisers 2026-01-08 13:16:39 +01:00
Chris Smowton
d048d394b4 Merge pull request #21117 from smowton/smowton/admin/revert-java-paths-directives 
Java: revert filtering of ancillary data extraction
 2026-01-07 16:13:21 +00:00
Owen Mansel-Chan
6a3c74c989 Merge pull request #20999 from joefarebrother/java-spring-websocket 
Java: Add models for spring WebSocketHandler
 2026-01-07 13:29:19 +00:00
Chris Smowton
688f10daf1 Revert "Change note" 
This reverts commit 6fb6923f63.
 2026-01-07 13:20:17 +00:00
Chris Smowton
9db11f73c5 Revert "Add integration test for paths and paths-ignore vs. Java buildless mode" 
This reverts commit 102cfd06a7.
 2026-01-07 13:20:12 +00:00