hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,654 Commits 1,672 Branches 157 Tags
720cf5682b4fb83d80b16b7d2bcb1534a32bd401
Commit Graph

7391 Commits

Author SHA1 Message Date
Chris Smowton
720cf5682b Exclude enum constructor invocations from defaults handling 
These seem to provide null arguments even though the constructor doesn't provide defaults, presumably for completion by a later compiler phase.
 2022-10-06 12:40:01 +01:00
Chris Smowton
6cc74da004 Defaults function extraction: respect the extract-type-accesses flag 2022-10-06 12:39:57 +01:00
Chris Smowton
34a0a0d080 Implement $default method synthesis 
This adds methods that fill in default parameters whenever a constructor or method uses default parameter values. I use as similar an approach to the real Kotlin compiler as possible both because this produces the desirable dataflow, and because it should merge cleanly with the same class file seen by the Java extractor, which will see and
extract the signatures of the default methods.
 2022-10-06 12:38:55 +01:00
Chris Smowton
6f3c9e4403 Split up extractRawMethodAccess 2022-10-06 11:05:27 +01:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic 
Java: Fixes bad magic in `Guard::guardControls_v3`
 2022-10-06 10:14:48 +02:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears 
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
 2022-10-06 09:03:30 +02:00
Chris Smowton
7f8bcf76bf Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted 
Java Guidance: ExecTainted.ql (experimental version)
 2022-10-05 15:05:10 +01:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Tamás Vajk
d0d8ef1236 Merge pull request #10672 from tamasvajk/kotlin-unary-op 
Kotlin: extract unary plus and minus operators
 2022-10-05 13:30:21 +02:00
Tom Hvitved
6f518c1996 Data flow: Sync files 2022-10-05 12:58:29 +02:00
Tony Torralba
527425b397 Fixes bad magic in Guard::guardControls_v3 2022-10-05 12:35:33 +02:00
Anders Schack-Mulligen
6db0db431f Java: Add pruning for local taint flow. 2022-10-05 12:02:05 +02:00
Tamás Vajk
ecfbd5edfe Merge pull request #10674 from tamasvajk/kotlin-implements 
Kotlin: extract `implInterface`
 2022-10-05 09:11:41 +02:00
Tamás Vajk
d0ea7ea2e3 Merge pull request #10677 from tamasvajk/kotlin-param-modifiers 
Kotlin: Extract parameter modifiers (`noinline`, `crossinline`)
 2022-10-04 21:53:48 +02:00
Tamás Vajk
c45a04a2c8 Merge pull request #10675 from tamasvajk/kotlin-enum-constants 
Kotlin: extract `isEnumConstant` relation
 2022-10-04 21:53:22 +02:00
Tamas Vajk
ea0a04a74f Kotlin: extract unary plus and minus operators 2022-10-04 15:18:35 +02:00
Tamas Vajk
2e72ec748f Kotlin: add numeric unary operator test cases 2022-10-04 15:18:35 +02:00
Ian Lynagh
db673c0355 Merge pull request #10646 from tamasvajk/kotlin-java-kotlin-function-mapping 
Kotlin: Simplify `kotlinFunctionToJavaEquivalent`
 2022-10-04 13:46:22 +01:00
Tamas Vajk
81fffce79b Kotlin: Extract parameter modifiers (noinline, crossinline) 2022-10-04 14:02:06 +02:00
Tamas Vajk
09051e76cf Kotlin: extract isEnumConstant relation 2022-10-04 13:30:02 +02:00
Tamas Vajk
876bea653d Kotlin: Add test case for missing enum constants 2022-10-04 13:29:15 +02:00
Tamas Vajk
d2861361d9 Kotlin: extract implInterface 2022-10-04 13:12:01 +02:00
Tamas Vajk
d50be83f57 Kotlin: add test to distinguish implements vs extends 2022-10-04 13:10:19 +02:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
b8fa9433be Fix duplicated test 2022-10-04 12:27:01 +02:00
Tony Torralba
264d6db9d7 Rename AllowListGuard to AllowedPrefixGuard 2022-10-04 12:27:01 +02:00
Tony Torralba
90020b6aab Make block lists work with substring matching too 
A block list approach doesn't need to restrict itself to prefix matching
 2022-10-04 12:27:01 +02:00
Tony Torralba
69d1895175 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-10-04 12:27:01 +02:00
Tony Torralba
6fcaae20e7 Add tests and fix bugs highlighted by them 2022-10-04 12:27:01 +02:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
89d905cc03 Add change note 2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Tony Torralba
d5478a01ab Merge pull request #10671 from github/revert-10640-atorralba/fix-cartesian-product 
Java: Revert #10489 and #10640
 2022-10-04 12:25:46 +02:00
Chris Smowton
e29be411ef Merge pull request #9811 from smowton/smowton/feature/kotlin-jvmoverloads-annotation 
Kotlin: Implement JvmOverloads annotation
 2022-10-04 11:21:44 +01:00
Tony Torralba
2deb3e5625 Reapply "Java: Fix cartesian product" 
This reverts commit c1654ce7cc.
 2022-10-04 11:11:44 +02:00
Chris Smowton
58cb5446c3 Add cross-check to getValueParameterLabel 2022-10-04 10:04:18 +01:00
Tony Torralba
281e49daf7 Revert "Java: Add CompilationUnit.getATypeAvailableBySimpleName()" 
This reverts commit 431aa2cb79.
 2022-10-04 10:59:45 +02:00
Tony Torralba
01b950f68b Revert "Java: Rename predicate to getATypeInScope" 
This reverts commit fd99ae78b3.
 2022-10-04 10:59:43 +02:00
Tony Torralba
df29e05b9f Revert "Java: Adjust ImpossibleJavadocThrows.ql" 
This reverts commit c40b6285a2.
 2022-10-04 10:59:39 +02:00
Tony Torralba
c1654ce7cc Revert "Java: Fix cartesian product" 2022-10-04 10:56:32 +02:00
Tamas Vajk
2c467376ea Revert "Only log once the missing java-kotlin method mapping warnings" 
This reverts commit 7524f3372d.
 2022-10-04 08:54:07 +02:00
Dilan Bhalla
bff2633f8d java guidance: experimental version of exectainted 2022-10-03 11:18:17 -07:00
Chris Smowton
5e2c607650 PrintAst: reliably sort function overloads 2022-10-03 15:28:55 +01:00
Chris Smowton
d3d3ce843a Kotlin: Implement JvmOverloads annotation 
This generates functions that omit parameters with default values, rightmost first, such that Java can achieve a similar experience to Kotlin (which represents calls internally as if the default was supplied explicitly, and/or uses a $default method that supplies the needed arguments).

A complication: combining JvmOverloads with JvmStatic means that both the companion object and the surrounding class get overloads.
 2022-10-03 15:28:55 +01:00
Tony Torralba
ba9eb8c73c Fix stub generator 
Add line break after all stubbed annotations to avoid malformed code

See https://github.com/github/codeql/pull/8695\#discussion_r985674245
 2022-10-03 14:43:58 +02:00