hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
44,663 Commits 1,672 Branches 157 Tags
764c139e3ea2d59bc6f1dd4876b5dc911d1381f3
Commit Graph

7400 Commits

Author SHA1 Message Date
Chris Smowton
764c139e3e Visibility consistency query: allow $default methods to have package-private (default) visibility 2022-10-06 12:40:03 +01:00
Chris Smowton
34b83f01d0 Fix naming of internal default methods 2022-10-06 12:40:03 +01:00
Chris Smowton
5e182755a5 Fix generated $default method visibilities 2022-10-06 12:40:03 +01:00
Chris Smowton
bec948682d Fix calls to static methods defined in association with local functions 
These are a bit weird since they involve static calls to unnamed synthetic class members, but while unwriteable as Java they ought to work as a database description.
 2022-10-06 12:40:03 +01:00
Chris Smowton
b79d273de4 When calling a $default method, ensure the real method gets extracted 2022-10-06 12:40:02 +01:00
Chris Smowton
3452dcbced Fix class type parameter erasure within $default methods 2022-10-06 12:40:02 +01:00
Chris Smowton
be655432d6 Use new terse extraction functions where applicable 2022-10-06 12:40:02 +01:00
Chris Smowton
03c895853b Clarify test and accept test changes 2022-10-06 12:40:02 +01:00
Chris Smowton
6119670be8 Suppress use of function type parameters in the context of building a $defaults method 
These methods have erased signatures and no type parameters, so anything that refers to one must itself be erased. For signatures this would be easy, but for potentially deep default expressions these types can occur in various places and need erasing at each occurence.
 2022-10-06 12:40:02 +01:00
Chris Smowton
720cf5682b Exclude enum constructor invocations from defaults handling 
These seem to provide null arguments even though the constructor doesn't provide defaults, presumably for completion by a later compiler phase.
 2022-10-06 12:40:01 +01:00
Chris Smowton
6cc74da004 Defaults function extraction: respect the extract-type-accesses flag 2022-10-06 12:39:57 +01:00
Chris Smowton
34a0a0d080 Implement $default method synthesis 
This adds methods that fill in default parameters whenever a constructor or method uses default parameter values. I use as similar an approach to the real Kotlin compiler as possible both because this produces the desirable dataflow, and because it should merge cleanly with the same class file seen by the Java extractor, which will see and
extract the signatures of the default methods.
 2022-10-06 12:38:55 +01:00
Chris Smowton
6f3c9e4403 Split up extractRawMethodAccess 2022-10-06 11:05:27 +01:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic 
Java: Fixes bad magic in `Guard::guardControls_v3`
 2022-10-06 10:14:48 +02:00
Tom Hvitved
0e6735b804 Merge pull request #10691 from hvitved/dataflow/conjunctive-clears 
Data flow: Take conjunctive `With(out)Contents` into account in `prohibitsUseUseFlow`
 2022-10-06 09:03:30 +02:00
Chris Smowton
7f8bcf76bf Merge pull request #10665 from dilanbhalla/dilan-java/guidance-exectainted 
Java Guidance: ExecTainted.ql (experimental version)
 2022-10-05 15:05:10 +01:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Tamás Vajk
d0d8ef1236 Merge pull request #10672 from tamasvajk/kotlin-unary-op 
Kotlin: extract unary plus and minus operators
 2022-10-05 13:30:21 +02:00
Tom Hvitved
6f518c1996 Data flow: Sync files 2022-10-05 12:58:29 +02:00
Tony Torralba
527425b397 Fixes bad magic in Guard::guardControls_v3 2022-10-05 12:35:33 +02:00
Anders Schack-Mulligen
6db0db431f Java: Add pruning for local taint flow. 2022-10-05 12:02:05 +02:00
Tamás Vajk
ecfbd5edfe Merge pull request #10674 from tamasvajk/kotlin-implements 
Kotlin: extract `implInterface`
 2022-10-05 09:11:41 +02:00
Tamás Vajk
d0ea7ea2e3 Merge pull request #10677 from tamasvajk/kotlin-param-modifiers 
Kotlin: Extract parameter modifiers (`noinline`, `crossinline`)
 2022-10-04 21:53:48 +02:00
Tamás Vajk
c45a04a2c8 Merge pull request #10675 from tamasvajk/kotlin-enum-constants 
Kotlin: extract `isEnumConstant` relation
 2022-10-04 21:53:22 +02:00
Tamas Vajk
ea0a04a74f Kotlin: extract unary plus and minus operators 2022-10-04 15:18:35 +02:00
Tamas Vajk
2e72ec748f Kotlin: add numeric unary operator test cases 2022-10-04 15:18:35 +02:00
Ian Lynagh
db673c0355 Merge pull request #10646 from tamasvajk/kotlin-java-kotlin-function-mapping 
Kotlin: Simplify `kotlinFunctionToJavaEquivalent`
 2022-10-04 13:46:22 +01:00
Tamas Vajk
81fffce79b Kotlin: Extract parameter modifiers (noinline, crossinline) 2022-10-04 14:02:06 +02:00
Tamas Vajk
09051e76cf Kotlin: extract isEnumConstant relation 2022-10-04 13:30:02 +02:00
Tamas Vajk
876bea653d Kotlin: Add test case for missing enum constants 2022-10-04 13:29:15 +02:00
Tamas Vajk
d2861361d9 Kotlin: extract implInterface 2022-10-04 13:12:01 +02:00
Tamas Vajk
d50be83f57 Kotlin: add test to distinguish implements vs extends 2022-10-04 13:10:19 +02:00
Tony Torralba
9db65eae7f Address review comments 2022-10-04 12:27:01 +02:00
Tony Torralba
b8fa9433be Fix duplicated test 2022-10-04 12:27:01 +02:00
Tony Torralba
264d6db9d7 Rename AllowListGuard to AllowedPrefixGuard 2022-10-04 12:27:01 +02:00
Tony Torralba
90020b6aab Make block lists work with substring matching too 
A block list approach doesn't need to restrict itself to prefix matching
 2022-10-04 12:27:01 +02:00
Tony Torralba
69d1895175 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-10-04 12:27:01 +02:00
Tony Torralba
6fcaae20e7 Add tests and fix bugs highlighted by them 2022-10-04 12:27:01 +02:00
Tony Torralba
f19eb783be Generalize file/path taint steps 
This is needed by PathSanitizer but also helps simplify ZipSlip.ql
 2022-10-04 12:27:01 +02:00
Tony Torralba
4e29c39c78 Merge ZipSlip sanitization logic into PathSanitizer.qll 
Apply code review suggestions regarding weak sanitizers
 2022-10-04 12:27:01 +02:00
Tony Torralba
89d905cc03 Add change note 2022-10-04 12:27:01 +02:00
Tony Torralba
08c67fb174 Use PathInjectionSanitizer in relevant queries 2022-10-04 12:27:01 +02:00
Tony Torralba
dff878e531 Apply TaintedPath recent changes to TaintedPathLocal 2022-10-04 12:26:59 +02:00
Tony Torralba
5706e8b377 Improve PathSanitizer 
Rename PathTraversalSanitizer to PathInjectionSanitizer
 2022-10-04 12:26:17 +02:00
Tony Torralba
50ad234694 Move PathSanitizer to the main library 2022-10-04 12:26:17 +02:00
Tony Torralba
d5478a01ab Merge pull request #10671 from github/revert-10640-atorralba/fix-cartesian-product 
Java: Revert #10489 and #10640
 2022-10-04 12:25:46 +02:00
Chris Smowton
e29be411ef Merge pull request #9811 from smowton/smowton/feature/kotlin-jvmoverloads-annotation 
Kotlin: Implement JvmOverloads annotation
 2022-10-04 11:21:44 +01:00
Tony Torralba
2deb3e5625 Reapply "Java: Fix cartesian product" 
This reverts commit c1654ce7cc.
 2022-10-04 11:11:44 +02:00
Chris Smowton
58cb5446c3 Add cross-check to getValueParameterLabel 2022-10-04 10:04:18 +01:00