hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,895 Commits 1,671 Branches 157 Tags
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
Commit Graph

36895 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
4f54bb66b8 Accept consistency check failure 
The Java extractor assigns a type with unbound type variables to the result of ImmutableSortedMap.of calls.
 2022-05-19 11:55:31 +01:00
Chris Smowton
ea9aa59627 Add test 2022-05-19 11:55:31 +01:00
Chris Smowton
8a90ddefbb Accept test changes 
These are mainly moving the source locations and type specialisations in SAM-converted methods.
 2022-05-19 11:55:31 +01:00
Chris Smowton
ada31f3075 Distinguish result type parameter names 
This makes debugging a little easier.
 2022-05-19 11:55:31 +01:00
Chris Smowton
49c9c36daf Type-variable-in-scope consistency query: account for all enclosing elements that declare type parameters. 2022-05-19 11:55:31 +01:00
Chris Smowton
4e15f5f8c7 Fix extracted type arguments of kotlin.jvm.functions.FunctionN 
Previously we accidentally extracted an argument type instead of the result type.
 2022-05-19 11:55:31 +01:00
Chris Smowton
102cdcdab8 Fix type substitution and source locations in SAM-converted generic interface implementations 
For example, in implementing Producer<T> by an actual lambda of type () -> Int, the return type should be Int, not T. This produced type-variable-out-of-scope consistency check failures.
 2022-05-19 11:55:31 +01:00
Chris Smowton
048a530aac Type parameter scoping check: distinguish type arguments from type parameters 
I had forgotten that the Java QL lib regards a ParameterizedType as either an instantiation Generic<String>, or the unbound declaration Generic<T>.
 2022-05-19 11:55:31 +01:00
Chris Smowton
b09b769932 Extract type parameters without substituting their parent functions 
Otherwise references to type variables declared on kotlin.Xyz.someFunction can refer to its Java equivalent java.Xyz.someFunction if it has one.
 2022-05-19 11:55:31 +01:00
Chris Smowton
d291e0cf10 Fix typeParametersInScope consistency query 
The selection of type variables mentioned in a particular class previously didn't work as intended, so the consistency query would always pass.
 2022-05-19 11:55:31 +01:00
Erik Krogh Kristensen
fff70da650 Merge pull request #9182 from erik-krogh/useStringComp 
use string equality instead of regexps to compare constant strings
 2022-05-19 10:42:37 +02:00
Tom Hvitved
eef5022e3d Merge pull request #9014 from michaelnebel/csharp/dataflowcallablerefactor 
C#: Dataflow callable refactoring.
 2022-05-19 09:02:38 +02:00
Erik Krogh Kristensen
215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Anders Schack-Mulligen
a4dac9fd2b Merge pull request #9201 from Marcono1234/marcono1234/NumericType-type-qll 
Java: Move `NumericType` to `Type.qll`
 2022-05-18 10:31:40 +02:00
Tom Hvitved
209a1e4bd8 Merge pull request #9202 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-18 10:26:55 +02:00
Tom Hvitved
5e57e82997 Merge pull request #9191 from hvitved/ruby/taint-tracking-stage 
Ruby: Force cached taint tracking predicates to be evaluated in data flow stage
 2022-05-18 09:54:38 +02:00
Anders Schack-Mulligen
1d3b3204df Merge pull request #9190 from hvitved/dataflow/summary-arg-param-no-materialize 
Data flow: Do not materialize `summaryArgParam`
 2022-05-18 09:17:57 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Tom Hvitved
23ee033a57 C#: Review fixes 2022-05-18 07:48:21 +02:00
Michael Nebel
df6d86b9aa C#: Use getUnderlyingCallable instead of asCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
6f7af11517 C#: Needs to be updated as SummaryParameterNodes are printed slightly different. 2022-05-18 07:48:21 +02:00
Michael Nebel
b41bb3fe08 C#: System.Web.HttpResponse.Write is now considered safe (known) and will this not show up as untrusted external API. 2022-05-18 07:48:21 +02:00
Michael Nebel
97c6d7884d C#: Source and Sink models are now also considered summarized callables and thus considered safe as they are known external APIs. 2022-05-18 07:48:21 +02:00
Michael Nebel
aeadad62be C#: Improve implementation. 2022-05-18 07:48:21 +02:00
Michael Nebel
26e2cad528 C#: Improve getCallable. 2022-05-18 07:48:21 +02:00
Michael Nebel
f78def5316 C#: Hide SummaryParamterNodes from path explanations. 2022-05-18 07:48:21 +02:00
Michael Nebel
220526f305 C#: Fix issues with summarized callables parameter types and other casting issues. 2022-05-18 07:48:21 +02:00
Michael Nebel
2c414b2201 C#: Add Summary parameter nodes. 2022-05-18 07:48:21 +02:00
Michael Nebel
0e3fc464a3 C#: Use SummarizedCallable external instead of the internal. 2022-05-18 07:48:20 +02:00
Michael Nebel
b578fcb069 C#: Use the external SummarizedCallable implementation. 2022-05-18 07:48:20 +02:00
Michael Nebel
4f7297715d C#: Also extract callable from FlowSummary SummarizedCallable in DataFlowCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
3fa990a984 C#: Make sure that all callables with a summary are added to the external SummarizedCallable class. 2022-05-18 07:48:20 +02:00
Michael Nebel
4810419dfd C#: Extend SummarizedCallable from FlowSummaryImpl. 2022-05-18 07:48:20 +02:00
Michael Nebel
eb022118f3 C#: Fix issue in ExternalApi. 2022-05-18 07:48:20 +02:00
Michael Nebel
68055bc022 C#: Update flow summaries test code. 2022-05-18 07:48:20 +02:00
Michael Nebel
c8a7354086 C#: Refactor to align implementation between languages. 2022-05-18 07:48:20 +02:00
Michael Nebel
0d61a2c797 C#: Add QL doc to SummarizedCallable. 2022-05-18 07:48:20 +02:00
Michael Nebel
2f2ca18898 C#: Update dependencies. 2022-05-18 07:48:20 +02:00
Michael Nebel
e70a283cfd C#: Initial refactor of SummarizedCallable and DataFlowCallable (dependencies needs to be updates). 2022-05-18 07:48:19 +02:00
github-actions[bot]
91694b4bac Add changed framework coverage reports 2022-05-18 00:15:25 +00:00
Marcono1234
c53d315697 Java: Move NumericType to Type.qll 2022-05-18 01:40:17 +02:00
Cornelius Riemenschneider
d352253b02 Merge pull request #9187 from github/criemen/lua-tracing-configs 
Update Lua tracing configs.
 2022-05-18 01:03:15 +02:00
Mathias Vorreiter Pedersen
5d625d6156 Merge pull request #9188 from MathiasVP/fix-GetAPrimaryQlClassConsistency-for-swift 2022-05-17 20:47:24 +01:00
Erik Krogh Kristensen
6c7c9b6a4b Merge pull request #9082 from erik-krogh/countZero 
QL: add query warning about `count(...) = 0`.
 2022-05-17 21:46:58 +02:00
Mathias Vorreiter Pedersen
a6ac14f4de QL: Allow class + 'Base' in 'ql/primary-ql-class-consistency'. 2022-05-17 16:54:12 +01:00
Tony Torralba
53f32f5a97 Merge pull request #9186 from atorralba/atorralba/kotlin-inline-expectations-tests 
Kotlin: Add support for InlineExpectationsTest
 2022-05-17 15:28:03 +02:00
Cornelius Riemenschneider
3836d1550a Update Lua tracing configs. 2022-05-17 13:18:28 +00:00
Erik Krogh Kristensen
86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Geoffrey White
629e90f14b Merge pull request #9176 from geoffw0/xxe9 
C++: Clean up the XXE query QL.
 2022-05-17 12:40:39 +01:00
Erik Krogh Kristensen
440e6214f0 CPP: correctly escape underscores in calls to .matches() 2022-05-17 13:21:02 +02:00