hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,895 Commits 1,671 Branches 157 Tags
4f54bb66b807ee4b22f6be28cfbb71d21b901b10
Commit Graph

2190 Commits

Author SHA1 Message Date
Chris Smowton
77056c9bff Add test expectations 2022-05-12 22:36:28 +01:00
Chris Smowton
ce87a89009 Replace Map and similar functions with their Java cousins 
This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V).

These have different erasures which was leading to callable-binding inconsistencies.
 2022-05-12 22:36:28 +01:00
Tamas Vajk
fa0bd0366c Fix extension property labels 2022-05-12 22:36:28 +01:00
Tamas Vajk
25fce5f6bb Identify data classes during extraction 2022-05-12 22:36:28 +01:00
Chris Smowton
1e78f2893c Add test for special method getters 2022-05-12 22:36:28 +01:00
Chris Smowton
134f88fe8e Accept test results 2022-05-12 22:36:27 +01:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe
128fac4414 Java: fix typos in comments 2022-05-12 14:28:49 +01:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Tony Torralba
5db8306fef Stop considering usernames sensitive info 
Require variables to be static to be considered constants
 2022-05-12 11:46:52 +02:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Ian Lynagh
c0a755e061 Merge remote-tracking branch 'upstream/main' into igfoo/kotlin_merge 
Resolving conflicts:
	java/ql/lib/semmle/code/java/Expr.qll
 2022-05-11 14:13:09 +01:00
Anders Schack-Mulligen
9a4d86e9b4 Merge pull request #8571 from Marcono1234/marcono1234/statement-expression 
Java: Add `ValueDiscardingExpr`
 2022-05-11 13:37:24 +02:00
Chris Smowton
c17ef42cc7 Insecure cookie query: accept ServletRequest.isSecure(), and allow more than one possible input to a setSecure(...) call. 2022-05-11 11:59:37 +01:00
Anders Schack-Mulligen
25336df302 Merge pull request #8873 from atorralba/atorralba/android-startactivity-flowstep 
Java: Add flow step from startActivity to getIntent
 2022-05-11 11:08:08 +02:00
Tony Torralba
43b425d0e4 Merge pull request #9002 from atorralba/atorralba/https-urls-improvs 
Java: Add OkHttp and Retrofit models
 2022-05-11 10:48:08 +02:00
Tamas Vajk
4f256d2958 Change LambdaExpr::asMethod to return the big-arity invoke instead of the wrapper 2022-05-10 19:51:31 +01:00
Ian Lynagh
e0053cd471 Kotlin: qlformat a query 2022-05-10 19:51:30 +01:00
Tamas Vajk
749d606f84 Fix expected file of useless null check test 2022-05-10 19:51:30 +01:00
Tamas Vajk
3af8273620 Modify extraction of &&/|| to resugar it from when expression 2022-05-10 19:51:30 +01:00
Tamas Vajk
d33224a058 Add test case for missing CFG successor 2022-05-10 19:51:30 +01:00
Tamas Vajk
b66a3141f6 Extract functions using their name from JvmName annotation 2022-05-10 19:51:30 +01:00
Tamas Vajk
a24753f552 Extract final modifier on local variables 2022-05-10 19:51:30 +01:00
Tamas Vajk
4efb87a7dd Extract enum entry initializers 2022-05-10 19:51:30 +01:00
Tamas Vajk
fc5229a0a5 Extract type access expression for static field access in initializer 2022-05-10 19:51:29 +01:00
Tamas Vajk
c6a75957e9 Fix expected files, fix type access extraction of file level static declarations 2022-05-10 19:51:29 +01:00
Tamas Vajk
1e529b2563 Add missing type access expression for static field accesses 2022-05-10 19:51:29 +01:00
Tamas Vajk
246f228a3b Add static field access test 2022-05-10 19:51:29 +01:00
Tamas Vajk
f43296a157 Extract type access for enum value access 2022-05-10 19:51:29 +01:00
Tamas Vajk
b5c8d29e40 Extract enum field declarations 2022-05-10 19:51:29 +01:00
Tamas Vajk
d6cbcdc847 Extract type access expression for parameter types 2022-05-10 19:51:29 +01:00
Tamas Vajk
f557719fe5 Extract type access expression for function return types 2022-05-10 19:51:29 +01:00
Tamas Vajk
dcac285a99 Add type access tests 2022-05-10 19:51:29 +01:00
Chris Smowton
7ef9420bfd Accept test changes 2022-05-10 19:51:29 +01:00
Chris Smowton
11fed0b4f8 Adjust test expectations 2022-05-10 19:51:29 +01:00
Chris Smowton
f3bd89a5cf Adjust test expectations 2022-05-10 19:51:29 +01:00
Chris Smowton
a317dc4246 Extract field initializers 2022-05-10 19:51:29 +01:00
Chris Smowton
9e8e99f4c3 Add interface-delegate test 2022-05-10 19:51:28 +01:00
Chris Smowton
62f39d7a22 Add test expectation 2022-05-10 19:51:28 +01:00
Chris Smowton
bfe3722018 Extract synthetic coroutine classes 2022-05-10 19:51:28 +01:00
Ian Lynagh
b35b74779a Revert "Fix CFG construction of ExprStmt and StmtExpr" 
This reverts commit db8d718cdbf0bef9cdf246221a921b99d4b22bea.

It broke ql/java/ql/test/library-tests/successors/TestDeclarations
 2022-05-10 19:51:28 +01:00
Ian Lynagh
d2f6871868 Revert "Fix ExprStmt and StmtExpr in Boolean context" 
This reverts commit 8a42837578e1c4361ed25682312ea5497ad0a12e.
 2022-05-10 19:51:28 +01:00
Tamas Vajk
82b937dedd Add query and script to plot CFG from DB 2022-05-10 19:51:28 +01:00
Tamas Vajk
037d66de15 Fix ExprStmt and StmtExpr in Boolean context 2022-05-10 19:51:28 +01:00
Tamas Vajk
8282e57db5 Fix CFG construction of ExprStmt and StmtExpr 2022-05-10 19:51:28 +01:00
Tamas Vajk
81cb81366b Add test case for CFG issue with && in if condition 2022-05-10 19:51:28 +01:00
Tamas Vajk
953c6fdb7b Fix expected test file 2022-05-10 19:51:28 +01:00
Tamas Vajk
47799ae040 Code quality improvements + add dedicated DeadRefTypes test 2022-05-10 19:51:28 +01:00