hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,831 Commits 1,672 Branches 157 Tags
82c3e53694132ef432728afef24f5b64e0069e1b
Commit Graph

7214 Commits

Author SHA1 Message Date
Tamás Vajk
82c3e53694 Merge pull request #10473 from tamasvajk/kotlin-suspend 
Kotlin: Extract `suspend` functions
 2022-09-21 14:22:44 +02:00
Ian Lynagh
46a23e107b Merge pull request #10495 from igfoo/igfoo/traplocker 
Kotlin: Tidy up TrapLocker
 2022-09-21 13:05:58 +01:00
Ian Lynagh
aaa3fc0b5c Merge pull request #10353 from tamasvajk/kotlin-fix-not-implemented 
Kotlin: Catch exception thrown by kotlinc
 2022-09-21 13:05:41 +01:00
github-actions[bot]
84159317ee Add changed framework coverage reports 2022-09-21 00:22:14 +00:00
Ian Lynagh
6e249dad7f Kotlin: TrapLocker: Pass the TRAP file to be opened 
We already know what it is, as we've just locked it.
 2022-09-20 15:12:58 +01:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Ian Lynagh
2731740c67 Kotlin: TrapLocker: Remove unused isNonSourceTrapFile 2022-09-20 15:07:35 +01:00
Chris Smowton
f826342112 Merge pull request #6246 from Marcono1234/marcono1234/annotation-improvements 
Java: Improve and add predicates and classes for annotations
 2022-09-20 11:48:29 +01:00
Tony Torralba
4af29e6abf Update java/ql/src/Security/CWE/CWE-094/TemplateInjection.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:40 +02:00
Tony Torralba
4997f36f05 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:18 +02:00
Chris Smowton
6b9d546eaf Merge pull request #10457 from github/smowton/fix/java-really-unique-fixedHasLocation 
Java: really return a unique location for non-source entities
 2022-09-20 10:46:45 +01:00
Chris Smowton
14fa6d4487 Avoid deprecated Annotation.getAValue 2022-09-20 10:15:23 +01:00
Michael Nebel
eefe457c4b Merge pull request #10238 from michaelnebel/csharp/theoremsforfree 
C#: Theorems for Free - Model generation
 2022-09-20 09:30:10 +02:00
Tamas Vajk
9a6b17df0e Kotlin: Add async-await dataflow test case 2022-09-19 13:38:48 +02:00
Tamas Vajk
85d883c647 Kotlin: add test to show suspend function inconsistency between source and bytecode extraction 2022-09-19 13:38:43 +02:00
Tamas Vajk
a6e44ed1cf Kotlin: extract suspend modifier and handle suspend SAM conversions 2022-09-19 13:36:28 +02:00
Tamas Vajk
3e58605e8e Kotlin: Add tests with suspend functions 2022-09-19 13:28:20 +02:00
Tamas Vajk
aae8f393fe Kotlin: Adjust test to reduce overhead of listing modifiers of lambdas 2022-09-19 13:22:00 +02:00
Chris Smowton
3fa1f17b83 Java: really return a unique location for non-source entities 
This was always supposed to pick one of several candidate non-source locations (usually for a generic type instantiation), but since `getFile().toString()` just produces the basename of the class file actually the results would almost always tie and all of the candidate locations would be returned. Use the full class file path as a tiebreaker instead.
 2022-09-16 18:23:31 +01:00
Chris Smowton
0ab5d466f6 Update test expectations now that the Java extractor's nested annotation handling has been fixed 2022-09-16 15:50:54 +01:00
Anders Schack-Mulligen
1945f185ed Apply suggestions from code review 
Autoformat
 2022-09-16 15:49:16 +01:00
Marcono1234
c8b922937b Java: Extend AnnotationType.isATargetType documentation 2022-09-16 15:49:16 +01:00
Marcono1234
37b18914ac Java: Add annotation tests 2022-09-16 15:49:16 +01:00
Marcono1234
8c9bdeb3be Java: Address Annotation review comments and add change note 2022-09-16 15:49:16 +01:00
Marcono1234
659a3a7925 Java: Deprecate RetentionAnnotation.getRetentionPolicyExpression() 2022-09-16 15:49:16 +01:00
Marcono1234
90a9364b00 Java: Rename Annotation.getAnArrayValue with index 
As mentioned by smowton during review, the predicate only has a single result
due to being restricted by the index and therefore its name should not start
with "getA...".

Also remove deprecated `getAValue(string, int)` because it never existed on
the `main` branch.
 2022-09-16 15:49:16 +01:00
Marcono1234
4ef2d156c4 Java: Deprecate error-prone and rarely used annotation predicates 2022-09-16 15:49:16 +01:00
Marcono1234
e3c1b96830 Java: Fix incorrect annotation handling for SpringControllerRequestMappingGetMethod 2022-09-16 15:49:16 +01:00
Marcono1234
998aa95eae Java: Add convenience array value Annotation predicates 2022-09-16 15:49:16 +01:00
Marcono1234
47e38952d1 Java: Improve Annotation.getAnAssociatedAnnotation 
As suggested by smowton during review.
 2022-09-16 15:49:16 +01:00
Marcono1234
fd5fdd89d9 Java: Rename Annotation.getAValue predicates for array values 
Predicate name could lead to confusion with non-array predicate getAValue()
 2022-09-16 15:49:16 +01:00
Marcono1234
b96061aa7e Java: Rename Annotation value predicates 2022-09-16 15:49:16 +01:00
Marcono1234
c226758889 Java: Add classes and predicates for @Repeatable 2022-09-16 15:49:16 +01:00
Marcono1234
02c8fe9346 Java: Add convenience predicates for AnnotationType 2022-09-16 15:49:16 +01:00
Marcono1234
f69b6eef7a Java: Clarify that Annotatable predicates consider inherited annotations 
Additionally changes `hasAnnotation()` to consider inherited annotations
for consistency.
 2022-09-16 15:49:16 +01:00
Marcono1234
afb7462052 Java: Clarify that Annotation value predicates have default value as result 2022-09-16 15:49:15 +01:00
Marcono1234
536f5c7f89 Java: Add Annotation value convenience predicates 2022-09-16 15:49:15 +01:00
Chris Smowton
3165babc88 Merge pull request #10445 from smowton/smowton/fix/annotaton-array-trap-label 
Java: Add test for annotations with annotation-array-typed fields
 2022-09-16 15:45:36 +01:00
Tony Torralba
e140f04881 Merge pull request #10393 from zbazztian/uri-constructor-flow 
Java: Model taint flow for java.net.URI constructors in tainted path queries
 2022-09-16 15:10:40 +02:00
Tony Torralba
3141fdae72 Address review comments re: flow states 2022-09-16 14:48:30 +02:00
Anders Schack-Mulligen
e6d4e87458 Merge pull request #10416 from aschackmull/java/dispatch-confidence 
Java: Remove low confidence dispatch for which we have a manual summary.
 2022-09-16 13:36:04 +02:00
Chris Smowton
80968eef47 Add test for annotations with annotation-array-typed fields 2022-09-16 11:30:16 +01:00
Anders Schack-Mulligen
9714497268 Java: Add change note. 2022-09-16 11:14:44 +02:00
Sebastian Bauersfeld
8c35803749 Add more details to change note. 2022-09-16 16:11:34 +07:00
Anders Schack-Mulligen
726772220c Merge pull request #10191 from smowton/smowton/admin/java-implicit-this-type-tests 
Java: Add test regarding the type of an implicit `this` expression
 2022-09-16 10:58:48 +02:00
Tony Torralba
fdc8453a59 Introduce TaintedPathAdditionalTaintStep 
Use separate configurations for tainted path and tainted path local again.
 2022-09-16 10:42:15 +02:00
Sebastian Bauersfeld
95478f1af6 Address review comments. 2022-09-16 14:35:30 +07:00
github-actions[bot]
0e1aca547b Add changed framework coverage reports 2022-09-16 00:23:05 +00:00
Tony Torralba
c0762dfdb0 Merge pull request #10437 from github/atorralba/fix-0.3.4-changenote 
Java: Fix wrong packages in minor analysis change note
 2022-09-15 19:12:57 +02:00
Philip Ginsbach
c2bdb69476 remove upper-case variable name 2022-09-15 16:32:16 +01:00