hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,098 Commits 1,671 Branches 157 Tags
66737402c20fc83b3d3a654dcccf4b26c901b100
Commit Graph

12946 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
86708c9ff8 Dataflow: Fix missing subpaths due to type strengthening. 2024-08-15 18:57:10 +02:00
Chris Smowton
0b56bf98f3 Java: add test for Apache Camel dead-code analysis 
This exercises code that detects Camel entry-points and marks them as live.
 2024-08-15 17:26:38 +01:00
Anders Schack-Mulligen
e77c3dfda1 Java: Fix expected files following https://github.com/github/codeql/pull/17233 and https://github.com/github/codeql/pull/17224. 2024-08-15 15:45:37 +02:00
Rasmus Wriedt Larsen
1e7eae58f4 Java: Add change-note 2024-08-15 15:45:20 +02:00
Rasmus Wriedt Larsen
fee38b3781 Java: Fixup test 2024-08-15 15:37:35 +02:00
Rasmus Wriedt Larsen
1e12c11adc Java: Model System.in as stdin threat-model 2024-08-15 15:37:35 +02:00
Anders Schack-Mulligen
7d61d9282c Merge pull request #17233 from aschackmull/dataflow/match-summarylabel 
Dataflow: Fix missing join on summaryLabel.
 2024-08-15 14:55:38 +02:00
Anders Schack-Mulligen
6f23e8dcf3 Merge pull request #17224 from aschackmull/java/inlineflow-pathgraph 
Java: Add PathGraph to test output for default inline flow tests.
 2024-08-15 13:35:24 +02:00
Anders Schack-Mulligen
a85f8a2fbd Java/C#: Accept expected changes. 2024-08-15 13:24:31 +02:00
Paolo Tranquilli
f0de9f9276 Merge pull request #17232 from github/redsun82/kotlin 
Kotlin: fix wrapper on windows and use `os.execv` on POSIX
 2024-08-15 12:50:46 +02:00
Chris Smowton
3450e509fe Merge pull request #17228 from smowton/smowton/admin/missing-change-notes 
Java: add change notes for three recent buildless fixes
 2024-08-15 10:56:22 +01:00
Michael Nebel
4b3cc5bd0e Merge pull request #17219 from michaelnebel/shared/neutralsourcesink 
C#/Java: Fix source- and sink callable provenance overlap.
 2024-08-15 11:02:18 +02:00
Anders Schack-Mulligen
fb1dfd4217 Java: Accept test changes. 2024-08-15 10:32:12 +02:00
Paolo Tranquilli
beba032ba5 Kotlin: fix wrapper on windows 2024-08-15 10:31:32 +02:00
Anders Schack-Mulligen
3cdc8d5eca Java: Add PathGraph to test output for default inline flow tests. 2024-08-15 10:17:31 +02:00
Chris Smowton
b4a42de7f4 Java: add change notes for three recent buildless fixes 2024-08-14 18:34:25 +01:00
Anders Schack-Mulligen
79dec723b0 Dataflow: Add test highlighting missing subpath. 2024-08-14 13:30:13 +02:00
Michael Nebel
eaf4f5eeab C#/Java: Update model generation expected output. 2024-08-14 09:57:49 +02:00
Michael Nebel
f0817dc07c C#/Java: Use a parameterized module for making the source and sink callable classes. 2024-08-14 09:50:38 +02:00
Michael Nebel
046018fa25 Java: Add example of missing sink generation. 2024-08-14 09:50:34 +02:00
Tom Hvitved
d638b5c7d4 Sync shared file 2024-08-13 15:27:38 +02:00
Tom Hvitved
aeabee3e34 Merge pull request #17179 from hvitved/shared/pretty-print-models 
Go/Java: Share more `PrettyPrintModels.ql` logic
 2024-08-13 14:15:40 +02:00
Tom Hvitved
f83df76928 Shared: Apply ShowProvenance in InlineFlowTest.qll 2024-08-13 13:34:43 +02:00
Tom Hvitved
d5a0df3f87 Go/Java: Share more PrettyPrintModels.ql logic 2024-08-13 12:48:22 +02:00
Michael Nebel
4a5c9f0ec4 Merge pull request #17007 from michaelnebel/shared/neutralimplementation 
C#/Java/Go: Neutrals are split into separate classes.
 2024-08-12 13:58:12 +02:00
Anders Schack-Mulligen
f28f42bcba Merge pull request #17049 from aschackmull/dataflow/bugfix-flowfeature-sinkctx 
Dataflow: Fix bug causing spurious flow for FeatureHasSinkCallContext
 2024-08-12 13:29:42 +02:00
Chris Smowton
00efebe8b0 Add test for buildless fetching an executable war file 2024-08-09 12:32:43 +01:00
Chris Smowton
4de0d10dce Merge pull request #17111 from smowton/smowton/admin/gradle-classifier-test 
Java: Add test for Gradle fetching a jar with a classifier
 2024-08-08 17:50:50 +01:00
Alexander Eyers-Taylor
ffd811a55d Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 
Post-release preparation for codeql-cli-2.18.2
 2024-08-08 16:28:03 +01:00
Chris Smowton
84f3b7322e Add test for Gradle fetching a jar with a classifier 2024-08-08 15:49:11 +01:00
github-actions[bot]
cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
Tamás Vajk
ef21ee53a5 Merge pull request #17169 from tamasvajk/buildless/db-quality-query 
C#: Add diagnostic query indicating low database quality
 2024-08-07 21:36:37 +02:00
github-actions[bot]
019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Tamas Vajk
0263cc1609 Improve code quality 2024-08-07 15:27:14 +02:00
Alexander Eyers-Taylor
46577b585e Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
Tom Hvitved
d9ff4ef567 Merge pull request #17155 from hvitved/java/array-ref-bad-join 
Java: Fix bad join
 2024-08-07 12:39:40 +02:00
github-actions[bot]
d88b25c243 Add changed framework coverage reports 2024-08-07 00:18:15 +00:00
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
Tom Hvitved
a7410e4a16 Java: Fix bad join 
Before
```
[2024-08-06 10:37:59] Evaluated non-recursive predicate BoundingChecks::arrayReference/1#754911ba@0628dahn in 20981ms (size: 2009682526).
Evaluated relational algebra for predicate BoundingChecks::arrayReference/1#754911ba@0628dahn with tuple counts:
             94480   ~0%    {2} r1 = SCAN `Expr::ArrayAccess.getArray/0#dispred#b90c658a` OUTPUT In.1, In.0

                32   ~0%    {2} r2 = JOIN r1 WITH `Expr::MethodCall.getMethod/0#dispred#41989dc9` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
              1013   ~1%    {2}    | JOIN WITH `Expr::MethodCall.getMethod/0#dispred#41989dc9_10#join_rhs` ON FIRST 1 OUTPUT Lhs.1, Rhs.1

             92091   ~4%    {2} r3 = JOIN r1 WITH variableBinding ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        2009681513   ~0%    {2}    | JOIN WITH variableBinding_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1

        2009682526   ~0%    {2} r4 = r2 UNION r3
                            return r4

[2024-08-06 10:38:02] Evaluated non-recursive predicate BoundingChecks::lessthanLength/1#48b5e1b7@2885308n in 0ms (size: 108).
Evaluated relational algebra for predicate BoundingChecks::lessthanLength/1#48b5e1b7@2885308n with tuple counts:
        1518  ~0%    {2} r1 = JOIN `Expr::ComparisonExpr.isStrict/0#dispred#fd8c6ddb` WITH `Expr::ComparisonExpr.getGreaterOperand/0#dispred#e8df4b14` ON FIRST 1 OUTPUT Rhs.1, Lhs.0
         455  ~2%    {2}    | JOIN WITH Expr::FieldAccess#2b664c37 ON FIRST 1 OUTPUT Lhs.1, Lhs.0
         455  ~1%    {3}    | JOIN WITH `Expr::ComparisonExpr.getLesserOperand/0#dispred#d7744bc2` ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.1
         455  ~0%    {5}    | JOIN WITH `Expr::FieldAccess.getField/0#dispred#29ef4aa0` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Lhs.0, Lhs.2
         455  ~0%    {5}    | REWRITE WITH Out.1 := "length"
         116  ~0%    {3}    | JOIN WITH `Element::Element.hasName/1#dispred#8acbbbde` ON FIRST 2 OUTPUT Lhs.4, Lhs.2, Lhs.3
          93  ~0%    {3}    | JOIN WITH variableBinding ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
          93  ~1%    {3}    | JOIN WITH `Expr::VarAccess.getQualifier/0#dispred#2b0f1cd1` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Rhs.1
         484  ~2%    {3}    | JOIN WITH variableBinding_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2
         277  ~3%    {2}    | JOIN WITH `BoundingChecks::conditionHolds/2#fa0354b9#bb` ON FIRST 2 OUTPUT Lhs.1, Lhs.2
         166  ~5%    {2}    | JOIN WITH `Expr::ArrayAccess.getIndexExpr/0#dispred#345f6cf4_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
         110  ~0%    {1}    | JOIN WITH `BoundingChecks::arrayReference/1#754911ba` ON FIRST 2 OUTPUT Lhs.0
                     return r1
```

After
```
[2024-08-06 13:29:50] Evaluated non-recursive predicate BoundingChecks::lengthAccess/2#54b10eff@719e68tb in 0ms (size: 309).
Evaluated relational algebra for predicate BoundingChecks::lengthAccess/2#54b10eff@719e68tb with tuple counts:
        6241  ~0%    {2} r1 = JOIN `BoundingChecks::getAnAccess/1#152ad44e_10#join_rhs` WITH `Expr::VarAccess.getQualifier/0#dispred#2b0f1cd1_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1
        6240  ~0%    {4}    | JOIN WITH `Expr::FieldAccess.getField/0#dispred#29ef4aa0` ON FIRST 1 OUTPUT Rhs.1, _, Lhs.1, Lhs.0
        6240  ~0%    {4}    | REWRITE WITH Out.1 := "length"
         309  ~2%    {2}    | JOIN WITH `Element::Element.hasName/1#dispred#8acbbbde` ON FIRST 2 OUTPUT Lhs.3, Lhs.2
                     return r1

[2024-08-06 13:29:50] Evaluated non-recursive predicate BoundingChecks::lessthanLength/1#48b5e1b7@0fcac509 in 1ms (size: 108).
Evaluated relational algebra for predicate BoundingChecks::lessthanLength/1#48b5e1b7@0fcac509 with tuple counts:
        94480  ~0%    {3} r1 = JOIN `Expr::ArrayAccess.getArray/0#dispred#b90c658a` WITH `Expr::ArrayAccess.getIndexExpr/0#dispred#345f6cf4` ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1
          648  ~4%    {4}    | JOIN WITH variableBinding ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.0, Rhs.1
          621  ~1%    {4}    | JOIN WITH `BoundingChecks::getAnAccess/1#152ad44e_10#join_rhs` ON FIRST 1 OUTPUT Lhs.2, Lhs.1, Lhs.3, Rhs.1
          344  ~0%    {4}    | JOIN WITH `BoundingChecks::conditionHolds/2#fa0354b9#bb_10#join_rhs` ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.2, Lhs.3
          341  ~0%    {4}    | JOIN WITH `Expr::ComparisonExpr.isStrict/0#dispred#fd8c6ddb` ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Lhs.2, Lhs.3
          341  ~0%    {5}    | JOIN WITH `Expr::ComparisonExpr.getGreaterOperand/0#dispred#e8df4b14` ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.1, Lhs.2, Lhs.0
          110  ~2%    {3}    | JOIN WITH `BoundingChecks::lengthAccess/2#54b10eff` ON FIRST 2 OUTPUT Lhs.4, Lhs.2, Lhs.3
          110  ~0%    {3}    | JOIN WITH `Expr::ComparisonExpr.getLesserOperand/0#dispred#d7744bc2` ON FIRST 1 OUTPUT Rhs.1, Lhs.2, Lhs.1
          110  ~0%    {1}    | JOIN WITH variableBinding ON FIRST 2 OUTPUT Lhs.2
                      return r1
```
 2024-08-06 13:30:19 +02:00
Dave Bartolomeo
a6e2fbb241 Merge remote-tracking branch 'origin/main' into dbartol/provenance/qltest 2024-08-05 13:16:31 -04:00
Dave Bartolomeo
aea13b46ce Merge remote-tracking branch 'origin/main' into dbartol/provenance/qltest 2024-08-05 10:33:31 -04:00
Chris Smowton
95e504a5ff Merge branch 'main' into am0o0-java-PathInjection 2024-08-05 11:41:25 +01:00
github-actions[bot]
f5394c9ee9 Add changed framework coverage reports 2024-08-04 00:19:56 +00:00
am0o0
4169cfac9f use the current slf4j stubs instead of new one 2024-08-03 14:12:18 +02:00
Dave Bartolomeo
6596705811 Update test expectations after extension numbering fix 2024-08-02 16:55:02 -04:00
Chris Smowton
f891423810 Run Maven integration tests sequentially due to conflicts over ~/.m2 2024-08-02 20:13:41 +01:00
Chris Smowton
1ee87670c6 Switch to measuring just diagnostics 2024-08-02 20:13:40 +01:00
Chris Smowton
ee11307751 Add test for ECJ compiling an enum with a constructor parameter annotation 2024-08-02 20:13:39 +01:00
Andrew Eisenberg
6a49647a28 Merge pull request #17132 from github/aeisenberg-patch-1 
Update CHANGELOG.md
 2024-08-02 07:55:06 -07:00
Chris Smowton
be945f14f6 Merge pull request #17135 from github/smowton/admin/build-mode-none-ga 
Announce Java build-mode: none GA
 2024-08-02 12:05:39 +01:00