hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-24 16:17:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
72,222 Commits 1,758 Branches 168 Tags
4765917d34aeed329eaa6162e00a15b6029440e7
Commit Graph

2874 Commits

Author SHA1 Message Date
Ian Lynagh
cc0eb9ab36 KE2: Put diagnostics from the analysis API into the database 2024-11-26 15:42:38 +00:00
Ian Lynagh
2c595417f1 KE2: Don't actually deprecate WhenBranch.getCondition() yet 
It makes a lot of noise in the CFG QLL, that we aren't fixing yet
 2024-11-25 17:14:35 +00:00
Tamás Vajk
0103711b47 Merge pull request #18058 from tamasvajk/ke2-when 
KE2: Extract `when` expressions
 2024-11-25 09:04:24 +01:00
Tamas Vajk
3abd9a755e Code quality improvements 2024-11-22 16:22:39 +01:00
Tamas Vajk
6c8cb103fc Fix KE1 2024-11-22 11:37:09 +01:00
Ian Lynagh
82c41316c6 KE2: Populate Kotlin type nullability and alias information 2024-11-21 16:00:01 +00:00
Ian Lynagh
d17e3d521c KE2: Start working on KtTypes 2024-11-21 15:21:34 +00:00
Tamas Vajk
a2d90ed0c6 KE2: Extract when expressions 2024-11-21 16:02:20 +01:00
Ian Lynagh
8fe48d6dce Merge commit 'e3990b7d04db2ca3ac99c029a0afc131e695db0b' into ke2 
That is the repo ql as at the internal repo's
    git merge-base origin/rc/3.16 origin/main
 2024-11-20 17:40:00 +00:00
Owen Mansel-Chan
bf0fba6c49 Refactor UnreachableBasicBlock to make it clearer 2024-11-14 14:53:12 +00:00
Owen Mansel-Chan
efb34aea45 Fix bug in UnreachableBlocks 2024-11-14 14:50:25 +00:00
Ian Lynagh
22096b1984 KE2: Rename safeAccess to isSafeAccess 
To follow our standard naming convention.
 2024-11-13 12:32:36 +00:00
Ian Lynagh
4aed952c7d Java: Remove redundant getErasure overrides 
The root definition covers these cases already
 2024-11-11 17:48:17 +00:00
Anders Schack-Mulligen
5602570e18 Kotlin: Support NotNullExpr in TypeFlow. 2024-11-07 15:25:23 +01:00
Anders Schack-Mulligen
4df4a1e6c6 Merge pull request #17863 from aschackmull/shared/universal-flow 
Shared: Add a Universal Flow library and refactor TypeFlow to use it.
 2024-11-06 13:46:13 +01:00
Tamas Vajk
84166e8731 KE2: Extract safe qualified expressions 2024-10-31 13:14:07 +01:00
Anders Schack-Mulligen
b556590ef8 Merge pull request #17663 from aschackmull/dataflow/speculative-flow 
Dataflow: Add support for speculative taint flow.
 2024-10-31 08:12:43 +01:00
Anders Schack-Mulligen
9b493c1e1b Java: Fix bug related to null inference for pattern initializer. 2024-10-30 15:05:36 +01:00
Ian Lynagh
6c9739023d Java: Remove redundant getErasure overrides 
The root definition covers these cases already
 2024-10-29 11:32:16 +00:00
Anders Schack-Mulligen
fba4d09e65 TypeFlow: Simplify interface. 2024-10-28 15:09:09 +01:00
Anders Schack-Mulligen
3939eff260 TypeFlow: Rename step to uniqStep. 2024-10-28 15:00:05 +01:00
Michael Nebel
786d04e939 Java: Add the clone method to the model generation exclusions. 2024-10-21 15:19:43 +02:00
Anders Schack-Mulligen
c20f12fa6c Add qldoc. 2024-10-16 14:35:23 +02:00
Anders Schack-Mulligen
8b99154a00 Java: Add support for speculative taint flow. 2024-10-16 14:35:19 +02:00
Anders Schack-Mulligen
c80627a3d3 Dataflow: add plumbing for adding provenance to state-steps. 2024-10-16 14:35:18 +02:00
Ian Lynagh
b003eb16cc KE2: Add some Java dbscheme and library comments 2024-10-07 16:35:46 +01:00
Owen Mansel-Chan
927b402a3a Merge pull request #17668 from igfoo/igfoo/typo 
Java: Typo in a comment
 2024-10-06 13:22:08 +01:00
Ian Lynagh
d24bdbb4e4 Java: Typo in a comment 2024-10-04 17:34:39 +01:00
Tom Hvitved
2832318711 Java: Account for top-level res folders in AndroidLayoutXmlFile 2024-10-04 08:35:28 +02:00
Anders Schack-Mulligen
6081ba5902 Merge pull request #17604 from aschackmull/java/neutral-overrides 
Java/C#: Add overrides to the interpretation of neutral MaD models.
 2024-10-01 14:55:54 +02:00
Anders Schack-Mulligen
ec0bd4494c Java: Add overrides to the interpretation of neutral MaD models. 2024-09-30 13:11:49 +02:00
Anders Schack-Mulligen
a017f92b78 Merge pull request #17579 from aschackmull/java/type-sanitizers 
Java: Add more type-based sanitizers.
 2024-09-30 10:07:06 +02:00
Rasmus Wriedt Larsen
381ea93ec3 Merge pull request #17424 from RasmusWL/active-threat-model-source 
Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`
 2024-09-26 13:08:17 +02:00
Michael Nebel
dd993c3900 Merge pull request #17509 from michaelnebel/modelgen/parammodule 
C#/Java: Re-factor the model generator to be a parameterized module.
 2024-09-26 10:57:16 +02:00
Anders Schack-Mulligen
aaecb9bb7a Java: Add more type-based sanitizers. 2024-09-25 10:38:17 +02:00
Ian Lynagh
bda779a58d Java: Deprecate Field.getSourceDeclaration() and Field.isSourceDeclaration() 
Also follows the removal of the sourceid column of fields.
 2024-09-24 14:06:54 +01:00
Chuan-kai Lin
1cd8af54f2 Merge pull request #17190 from github/cklin/diff-informed-java-queries 
Java: add support for alert location restrictions
 2024-09-23 08:39:24 -07:00
Rasmus Wriedt Larsen
63c3a71d95 Merge branch 'main' into active-threat-model-source 2024-09-23 11:18:14 +02:00
Chuan-kai Lin
75ec8ce58e Java: apply query alert restrictions 2024-09-20 07:47:58 -07:00
Anders Schack-Mulligen
3a1e50dcf9 Dataflow: Simplify diff-informed implementation and tweak flag name. 2024-09-20 07:07:10 -07:00
Michael Nebel
2033818e39 Java: Use the shared model generator implementation. 2024-09-19 12:20:51 +02:00
Anders Schack-Mulligen
2837d2551a Merge pull request #17490 from aschackmull/java/capture-in-obinit 
Java: Fix support for variable capture inside object initializers.
 2024-09-18 09:29:01 +02:00
Ian Lynagh
9f1c251809 Java: Follow removeal of typeVars.kind in qlls 2024-09-17 11:39:07 +01:00
Anders Schack-Mulligen
20661a3c56 Java: Fix support for variable capture inside object initializers. 2024-09-17 10:42:21 +02:00
Ian Lynagh
41ed6e6695 Java: Deprecate RefType.nestedName(), and add RefType.getNestedName() 2024-09-16 17:16:25 +01:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Chuan-kai Lin
ff78bebf19 Shared support for alert filtering 2024-09-11 13:18:26 -07:00
Rasmus Wriedt Larsen
038bc832a7 Go/Java/C#: Rename to ActiveThreatModelSource 
As part of adding support for threat-models to Python/JS (see
https://github.com/github/codeql/pull/17203), we ran into some trouble
with name clashes.

Naming in existing languages supporting threat-models:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and we had to come up with new names.

Initially I used `ThreatModelSource` for the "QL only modeling", but
that meant that we needed a new name to represent the active sources
coming from either QL or data-extensions... for this I came up with
`ActiveThreatModelSource`, and I really liked it. To me, it's much
clearer that this class only contains the currently active threat
model sources.

So to align languages, I got approval from @michaelnebel to rename the
existing classes.
 2024-09-10 14:46:15 +02:00
Michael Nebel
a5b462292f Merge pull request #17330 from michaelnebel/java/modelgenfieldbased 
Java/C#: Field based model generator (Experimental).
 2024-09-06 11:11:46 +02:00
erik-krogh
846882d22c delete imports to a deleted file 2024-09-03 20:31:00 +02:00