hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,642 Commits 1,672 Branches 157 Tags
77a321ee9afcf5c9611704a50bebb3456fc0a5d4
Commit Graph

6505 Commits

Author SHA1 Message Date
Tamas Vajk
776322bac2 Add foreach dataflow tests 2022-05-12 22:36:28 +01:00
Chris Smowton
7e17074b41 Allow arithmetic functions not mapping to Java equivalents 2022-05-12 22:36:28 +01:00
Chris Smowton
b1849f5f0a Expand error message 2022-05-12 22:36:28 +01:00
Chris Smowton
22e48ca39a Accept test changes 2022-05-12 22:36:28 +01:00
Chris Smowton
16af811b69 Allow imprecise matching for Kotlin -> Java method translation 
This allows the particular case of Collection.toArray(IntFunction<T>) to match, since both Java and Kotlin functions take an IntFunction<T> but they use different function-local type variables.

This would also allow toArray(Array<T>) to work similarly.
 2022-05-12 22:36:28 +01:00
Chris Smowton
77056c9bff Add test expectations 2022-05-12 22:36:28 +01:00
Chris Smowton
71d2e7be3e Don't replace own callables, and use a more exact replacement-finding test 2022-05-12 22:36:28 +01:00
Chris Smowton
ce87a89009 Replace Map and similar functions with their Java cousins 
This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V).

These have different erasures which was leading to callable-binding inconsistencies.
 2022-05-12 22:36:28 +01:00
Tamas Vajk
fa0bd0366c Fix extension property labels 2022-05-12 22:36:28 +01:00
Tamas Vajk
25fce5f6bb Identify data classes during extraction 2022-05-12 22:36:28 +01:00
Chris Smowton
1e78f2893c Add test for special method getters 2022-05-12 22:36:28 +01:00
Chris Smowton
134f88fe8e Accept test results 2022-05-12 22:36:27 +01:00
Chris Smowton
12e3401ae0 Map special getters onto their correct JVM names 
These include Collection.size() for example, which has a Kotlin property called `size` but whose getter is not named `getSize()`.

These would normally be accounted for using `@JvmName`, but some core methods are lowered by a special compiler pass instead.
 2022-05-12 22:36:27 +01:00
Chris Smowton
cb6941d212 Account for JVM type equivalency when recognising unspecialised types 
(As before, these are not really unspecialised, they are instantiated by their own type parameters, but this replicates the behaviour of the Java extractor)
 2022-05-12 22:36:27 +01:00
github-actions[bot]
b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Nick Rolfe
6c52831143 Java: sync spelling correction in shared qll 2022-05-12 16:11:29 +01:00
Nick Rolfe
1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Nick Rolfe
128fac4414 Java: fix typos in comments 2022-05-12 14:28:49 +01:00
Ian Lynagh
75ca116ef9 Kotlin: QLDoc tweaks from intrigus 2022-05-12 14:12:01 +01:00
Ian Lynagh
02101fab6a Kotlin: Don't use capture_output or text 
Older python versions don't support them
 2022-05-12 14:08:19 +01:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Anders Schack-Mulligen
adb56dfa39 Dataflow: Improve standard order through easier type check elimination. 2022-05-12 14:31:38 +02:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Mathias Vorreiter Pedersen
f76d52407d Update java/ql/lib/change-notes/released/0.2.1.md 2022-05-12 11:47:01 +01:00
Mathias Vorreiter Pedersen
1143b48338 Update java/ql/lib/CHANGELOG.md 2022-05-12 11:46:53 +01:00
Mathias Vorreiter Pedersen
55ce069e30 Update java/ql/lib/change-notes/released/0.2.1.md 2022-05-12 11:43:55 +01:00
Mathias Vorreiter Pedersen
eb3a35eaea Update java/ql/src/change-notes/released/0.1.2.md 2022-05-12 11:43:27 +01:00
Mathias Vorreiter Pedersen
11707f8522 Update java/ql/src/CHANGELOG.md 2022-05-12 11:43:19 +01:00
Mathias Vorreiter Pedersen
2ef976a152 Update java/ql/src/CHANGELOG.md 2022-05-12 11:43:08 +01:00
Mathias Vorreiter Pedersen
22bdde6eaa Update java/ql/lib/change-notes/released/0.2.1.md 2022-05-12 11:43:01 +01:00
Mathias Vorreiter Pedersen
e9e8f3810b Update java/ql/lib/CHANGELOG.md 2022-05-12 11:41:20 +01:00
Mathias Vorreiter Pedersen
1f7eefe95c Update java/ql/lib/CHANGELOG.md 2022-05-12 11:41:13 +01:00
github-actions[bot]
ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
Tony Torralba
f0a0ac100b Add live literals as sanitizers for sensitive logging 2022-05-12 11:57:44 +02:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00
Tony Torralba
5db8306fef Stop considering usernames sensitive info 
Require variables to be static to be considered constants
 2022-05-12 11:46:52 +02:00
Anders Schack-Mulligen
e0c74d4390 Merge pull request #9124 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-12 09:06:07 +02:00
Anders Schack-Mulligen
fad7d9ae72 Merge pull request #9120 from igfoo/igfoo/fixes 
Kotlin: Fix some alerts
 2022-05-12 08:29:34 +02:00
github-actions[bot]
acaf4517c0 Add changed framework coverage reports 2022-05-12 00:17:30 +00:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00
Tom Hvitved
46ab25b61e Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Ian Lynagh
33e17f1665 Kotlin: Fix some alerts 2022-05-11 17:58:50 +01:00
Nick Rolfe
e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Ian Lynagh
cfde0a1491 Merge pull request #9109 from igfoo/igfoo/kotlin_merge 
Initial Kotlin support
 2022-05-11 16:16:22 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Henry Mercer
6ecc542ca3 Merge pull request #9117 from github/henrymercer/java/tag-telemetry 
Java: Tag telemetry queries with `telemetry`
 2022-05-11 15:13:35 +01:00
Anders Schack-Mulligen
4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Chris Smowton
f7e1f3e1a5 Remove URL fragment from Google search 2022-05-11 14:38:09 +01:00
Tom Hvitved
5df87d526c Sync files 2022-05-11 15:17:27 +02:00