hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
55,552 Commits 1,673 Branches 157 Tags
3cd06b00264ea09f06925fd6bbfd84ece679ada3
Commit Graph

8758 Commits

Author SHA1 Message Date
Tony Torralba
3cd06b0026 More review suggestions 2023-10-17 11:54:32 +02:00
Tony Torralba
62a9ffd277 Apply suggestions from code review 2023-10-17 11:51:55 +02:00
Taus
e5b17af9b5 Java: Fix bad tool output 2023-06-14 12:16:44 +02:00
Taus
b860b21ced Update MaD Declarations after Triage 2023-06-13 16:50:58 +02:00
Anders Schack-Mulligen
1b7bbf6320 Merge pull request #13083 from aschackmull/dataflow/typestrengthen 
Dataflow: Strengthen tracked types.
 2023-06-09 13:23:30 +02:00
Anders Schack-Mulligen
44b09507ab Merge pull request #13408 from aschackmull/java/loginjection-perf 
Java: Add more negation context to reduce string ops and improve perf.
 2023-06-09 08:44:27 +02:00
Anders Schack-Mulligen
68f1e40370 Java/C#: Add change notes. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
85d6b44d92 Java: Fix test output. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
d230509905 Dataflow: Address review comments. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
95afd551ff Java: Fix qltest 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
4399138c82 Dataflow: Fix QL4QL alert. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
8a584b78ac Dataflow: Enable type strengthening in partial flow. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
441ccef6c4 Dataflow: Bugfix, use arg type rather than strengthened param type. 2023-06-09 08:37:36 +02:00
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
4633abe19e Java: Autoformat 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
ad461a87b4 Dataflow: Strengthen tracked types. 2023-06-09 08:37:35 +02:00
Anders Schack-Mulligen
1d87f0793b Dataflow: Minor refactor. 2023-06-09 08:37:35 +02:00
Tony Torralba
abb775c616 Merge pull request #13409 from atorralba/atorralba/java/fix-gson-models 
Java: Fix more problems in the Gson models
 2023-06-08 17:36:40 +02:00
Tony Torralba
4608481d7b Java: Fix more problems in the Gson models 
Found during type strengthening work by @aschackmull
 2023-06-08 14:53:09 +02:00
Anders Schack-Mulligen
5a2ac1b5ca Java: Add more negation context to reduce string ops and improve perf. 2023-06-08 14:04:57 +02:00
Anders Schack-Mulligen
dabb4dd643 Java: Improve join-order for FunctionalInterface. 2023-06-08 13:02:54 +02:00
Anders Schack-Mulligen
cc45db7c76 Merge pull request #13394 from atorralba/atorralba/java/fix-gson-jsonarray-models 
Java: Fix Gson's JsonArray.add models
 2023-06-08 11:05:40 +02:00
Tony Torralba
c0135673fa Fix JsonArray.addAll model 
Properly test JsonArray.add(String) and JsonArray.addAll(JsonArray) as well
 2023-06-07 16:18:32 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Tony Torralba
35b4c438ff Fix Gson's JsonArray.add models 
When the type of the argument isn't JsonElement, the summary must be taint flow instead of value flow
 2023-06-07 14:12:20 +02:00
yoff
911835c30e Merge pull request #13392 from yoff/java/test-type-tracking-through-flow-summaries 
java: test type tracking through flow summaries
 2023-06-07 14:10:23 +02:00
Erik Krogh Kristensen
6ba7f9a238 Merge pull request #13352 from erik-krogh/once-again-deps-not-py-cpp 
delete old deprecations
 2023-06-07 13:00:57 +02:00
Tony Torralba
46b30453e3 Merge pull request #13386 from github/java/update-mad-decls-after-triage-2023-06-06T14-38-29 
Java: Update MaD Declarations after Triage
 2023-06-07 12:33:26 +02:00
Rasmus Lerchedahl Petersen
aec1e4a713 java: address ql alert 2023-06-07 11:40:50 +02:00
Rasmus Lerchedahl Petersen
76e1c6f76f java: test type tracking through flow summaries 2023-06-07 11:18:53 +02:00
Tony Torralba
416d3d587d Accept test changes 
An uncovered test case is now correctly covered
 2023-06-07 10:33:17 +02:00
Tony Torralba
27763d6bbe Improve ZipSlip exclusion to take varargs into account 2023-06-07 09:25:56 +02:00
Tony Torralba
8001ae9669 Update java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-07 09:08:24 +02:00
Tony Torralba
60725e9580 Update java/ql/lib/ext/org.springframework.core.io.model.yml 2023-06-07 09:07:22 +02:00
Tony Torralba
2f12ae2e0d Update java/ql/lib/ext/okhttp3.model.yml 2023-06-07 08:57:12 +02:00
Stephan Brandauer
b31131d33a Merge pull request #13344 from github/java/update-mad-decls-after-triage-2023-06-01T12-58-13 
Java: Update MaD Declarations after Triage
 2023-06-06 17:08:50 +02:00
Stephan Brandauer
75cbcdd72e Update MaD Declarations after Triage 2023-06-06 16:38:31 +02:00
Tony Torralba
49c6ea27a0 Merge pull request #13379 from atorralba/atorralba/kotlin/use-with-flow 
Kotlin: Add flow through kotlin.io.use and kotlin.with
 2023-06-06 13:44:14 +02:00
Taus
f4fd908f7f Java: Comment out sinks for which no query exists 2023-06-06 13:01:59 +02:00
Ian Lynagh
f690d150b0 Merge pull request #13373 from igfoo/igfoo/kotlin-loc 
Java/Kotlin: Split lines of code by language
 2023-06-06 11:49:18 +01:00
Tony Torralba
1d8ca88aca Add change note 2023-06-06 11:25:07 +02:00
Tony Torralba
72af634575 Kotlin: Add flow through use and with 2023-06-06 11:22:16 +02:00
Nick Rolfe
6c5c338e6b Merge pull request #13348 from github/nickrolfe/java-location-tostring 
Java: avoid call to `Location.toString()`
 2023-06-06 09:55:42 +01:00
Tony Torralba
1601846478 Add exclusion to the ZipSlip query to avoid FPs 2023-06-06 10:28:49 +02:00
Tony Torralba
0065e6e1d6 Apply suggestions from code review 
Fix incorrect models-as-data rows
 2023-06-06 10:04:22 +02:00
Tony Torralba
1ccec90c6f Apply suggestions from code review 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-06-06 09:10:18 +02:00
Taus
7ad860fc98 Java: Update MaD declarations after triage 
Co-authored-by: Stephan Brandauer <kaeluka@github.com>
 2023-06-05 18:00:40 +02:00
Ian Lynagh
e49b278d61 Java/Kotlin: Add a changenote for the lines-of-code changes. 2023-06-05 16:33:12 +01:00
Ian Lynagh
a4a7ad8f99 Java/Kotlin: Split lines of code by language 
We were giving the sum of all lines for both languages, but labelling it
as "Total lines of Java code in the database", which was confusing.

Now we give separate sums for Kotlin and Java lines.
 2023-06-05 13:57:47 +01:00
Jami
64830809a6 Merge pull request #13228 from jcogs33/jcogs33/deprecated-sink-error-message 
Java: add error message for outdated sink kinds in `getInvalidModelKind`
 2023-06-02 13:44:18 -04:00