hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,874 Commits 1,673 Branches 157 Tags
391dd5b38d29d4db421dec26f4474514596b932d
Commit Graph

5674 Commits

Author SHA1 Message Date
smehta23
391dd5b38d Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:55:58 -04:00
smehta23
ebe48ec30a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:53:43 -04:00
smehta23
48e16e52b5 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:52:41 -04:00
Shyam Mehta
1a41d4c379 Add CVE number 2022-07-01 10:51:33 -04:00
Shyam Mehta
300a14c35c Add ESAPI reference 2022-07-01 10:43:59 -04:00
smehta23
209a21655a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:40:38 -04:00
smehta23
c6f2f61bfb Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:39:46 -04:00
Shyam Mehta
16814071df Fix typo in .qhelp 2022-06-29 18:03:57 -04:00
Shyam Mehta
7ab8f0262c Fix duplicate class header and better fix using toPath() 2022-06-29 18:01:12 -04:00
Shyam Mehta
955e614563 Add documentation of the Partial Path Traversal vuln 2022-06-29 17:31:04 -04:00
Shyam Mehta
b5ca2c3d9d Add additional tests from real world query run 2022-06-28 17:32:20 -04:00
Shyam Mehta
7122f29296 Finish Partial Path Traversal Query 2022-06-28 15:02:06 -04:00
Shyam Mehta
4c7d476280 [JAVA] Partial Path Traversal Vuln Query 2022-06-28 13:52:41 -04:00
Ian Lynagh
b6790ef735 Merge pull request #9725 from igfoo/igfoo/inline 
Kotlin: Extract inlineability of functions
 2022-06-28 10:21:30 +01:00
Asger F
0346b6b67a Merge pull request #9698 from github/post-release-prep/codeql-cli-2.10.0 
Post-release preparation for codeql-cli-2.10.0
 2022-06-28 09:05:13 +02:00
Asger F
cc57cb8af5 Merge branch 'main' into post-release-prep/codeql-cli-2.10.0 2022-06-27 20:37:25 +02:00
Ian Lynagh
44e69e1c09 Kotlin: Add Modifier.isInline() 2022-06-27 19:33:08 +01:00
Ian Lynagh
af672b4899 Kotlin: Add a changenote for Modifier.isInline() 2022-06-27 19:31:01 +01:00
Ian Lynagh
4a404aee76 Kotlin: Add inline info to methods test 2022-06-27 19:27:26 +01:00
Ian Lynagh
7dc490ff7c Kotlin: Enhance methods test 2022-06-27 17:59:52 +01:00
Ian Lynagh
c72377cf2c Merge pull request #9711 from igfoo/igfoo/integ 
Kotlin: Add integration tests
 2022-06-27 11:08:12 +01:00
Ian Lynagh
0b312b61e4 Kotlin: qlformat some test queries 2022-06-24 18:35:58 +01:00
Ian Lynagh
31b3c1fff8 Kotlin: Add integration tests 2022-06-24 17:33:58 +01:00
Ian Lynagh
73a79e064c Kotlin: Accept test output 2022-06-24 16:24:41 +01:00
Ian Lynagh
27b83a0b33 Java: Add an upgrade script 2022-06-24 14:01:07 +01:00
Ian Lynagh
008a8f0bba Kotlin: Add an enum class to the methods test 2022-06-24 14:00:47 +01:00
Ian Lynagh
20817a54da Kotlin: Mark enum class special members as cmopiler-generated 2022-06-24 14:00:47 +01:00
Ian Lynagh
c5d6ca7afc Kotlin: Accept method test changes 2022-06-24 14:00:47 +01:00
Ian Lynagh
50eeb47244 Kotlin: Mark <clinit> as compiler-generated 2022-06-24 14:00:47 +01:00
Ian Lynagh
c0600820ac Kotlin: Update methods test 2022-06-24 14:00:47 +01:00
Ian Lynagh
c06eb09100 Kotlin: Record that DEFAULT_PROPERTY_ACCESSOR are compiler-generated 2022-06-24 14:00:47 +01:00
Ian Lynagh
aefd89ed49 Kotlin: Add compiler-generated info to methods test 2022-06-24 14:00:47 +01:00
Ian Lynagh
5fc294d49e Kotlin: Record that generated data class members are compiler-generated 2022-06-24 14:00:47 +01:00
Tamás Vajk
381bcf7dad Merge pull request #9153 from tamasvajk/kotlin-simplify-loop-breaks-1 
Kotlin: Unify loop `break`/`continue` statement handling between java and kotlin
 2022-06-24 14:45:57 +02:00
Chris Smowton
d0e521ef4a Merge pull request #9681 from smowton/smowton/fix/reintroduce-obinit 
Kotlin: reintroduce obinit when we have multiple secondary constructors and no primary
 2022-06-24 10:25:24 +01:00
github-actions[bot]
d506f448ef Post-release preparation for codeql-cli-2.10.0 2022-06-24 07:36:33 +00:00
Chris Smowton
a124d83265 Autoformat 2022-06-23 20:13:27 +01:00
Chris Smowton
af5230349b Kotlin: reintroduce obinit when we have multiple secondary constructors and no primary 
This avoids DB inconsistencies because complex initialisers are extracted to more than one function.
 2022-06-23 16:26:54 +01:00
Chris Smowton
1aae3c5f5e Fix whenexpr test 
Prior to Kotlin 1.7 the gratuitous `?` was ignored for typing purposes; now it yields a `String?`. We should make the test work everywhere by using a real nullable type.
 2022-06-23 15:34:40 +01:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Tamas Vajk
cf18a9a04b Fix bad join order in Shadowing::shadows 
Fixes the bad join order in `Shadowing::shadows`:
Tuple counts for Shadowing::shadows#f4fb89a3#ffff@c4b8a90j:
           182915  ~0%    {2} r1 = Variable::LocalVariableDecl::getCallable#dispred#f0820431#ff AND NOT Shadowing::shadows#f4fb89a3#ffff#antijoin_rhs(Lhs.0, Lhs.1)
           182915  ~0%    {3} r2 = JOIN r1 WITH localvars ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.2
           182915  ~3%    {4} r3 = JOIN r2 WITH Member::Member::getDeclaringType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2
           182833  ~0%    {4} r4 = JOIN r3 WITH classes ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.0
           182833  ~3%    {5} r5 = JOIN r4 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.0, Lhs.1, Lhs.3, Rhs.1
        183352620  ~5%    {5} r6 = JOIN r5 WITH Member::Field::getType#dispred#f0820431#bf_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.1, Lhs.2, Lhs.4
            40529  ~0%    {5} r7 = JOIN r6 WITH Member::Field::getDeclaringType#dispred#f0820431#fb ON FIRST 2 OUTPUT Lhs.0, Lhs.4, Lhs.2, Lhs.3, Lhs.1
              678  ~4%    {4} r8 = JOIN r7 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0
              670  ~4%    {4} r9 = r8 AND NOT Member::Field::isStatic#dispred#f0820431#b(Lhs.3)
              670  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, In.2, In.3, In.1
                          return r10

After the fix:
Tuple counts for Shadowing::shadows#f4fb89a3#ffff@95ca976v:
        182915  ~0%    {2} r1 = Variable::LocalVariableDecl::getCallable#dispred#f0820431#ff AND NOT Shadowing::shadows#f4fb89a3#ffff#antijoin_rhs(Lhs.0, Lhs.1)
        182915  ~0%    {3} r2 = JOIN r1 WITH localvars ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.2
        182915  ~0%    {4} r3 = JOIN r2 WITH Member::Member::getDeclaringType#dispred#f0820431#bf ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
        182915  ~7%    {5} r4 = JOIN r3 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.2, Lhs.0, Lhs.1
           678  ~4%    {4} r5 = JOIN r4 WITH Shadowing::getField#f4fb89a3#ffff ON FIRST 3 OUTPUT Lhs.3, Lhs.4, Lhs.0, Rhs.3
           670  ~4%    {4} r6 = r5 AND NOT Member::Field::isStatic#dispred#f0820431#b(Lhs.3)
           670  ~3%    {4} r7 = SCAN r6 OUTPUT In.0, In.2, In.3, In.1
                       return r7
 2022-06-23 10:30:39 +02:00
Tamas Vajk
e65a046235 Fix test file after rebase 2022-06-23 09:51:48 +02:00
Tamas Vajk
579bfc22f3 Fix performance change in SecurityFlag 2022-06-23 08:46:33 +02:00
Tamas Vajk
79ec998636 Fix DB change compatibility to backwards 2022-06-23 08:45:11 +02:00
Tamas Vajk
7dad2f7fcb Fix DB upgrade properties 2022-06-23 08:45:11 +02:00
Tamas Vajk
074b90ea1a Add change note 2022-06-23 08:45:11 +02:00
Tamas Vajk
053ca2e940 Update DB stats file 2022-06-23 08:45:11 +02:00
Tamas Vajk
e03b48f293 Add DB upgrade folder 2022-06-23 08:45:11 +02:00
Tamas Vajk
dabc956dbf Unify loop break/continue statement handling between java and kotlin 2022-06-23 08:45:11 +02:00
Chris Smowton
00b4070866 Merge pull request #9659 from smowton/smowton/admin/invert-java-log-injection-query 
Java: Report log-injection at the source rather than the sink
 2022-06-22 14:27:50 +01:00