hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
51,083 Commits 1,671 Branches 157 Tags
955cc5a1bed4fa9ff83a85dd193ecb651747af67
Commit Graph

8810 Commits

Author SHA1 Message Date
alexet
1b0952c512 Use Java 11 for some integration tests 2023-01-27 13:51:44 +00:00
Ian Lynagh
75562e7fb5 Kotlin: Remove legacy trap-locking support 2023-01-26 16:58:51 +00:00
Chris Smowton
fea97a22c6 Merge pull request #11827 from smowton/smowton/admin/test-gradle-script-parsing 
Java: Add integration tests for Android projects
 2023-01-23 11:39:24 +00:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Michael Nebel
69a42d8b1f Merge pull request #11931 from michaelnebel/csharp/refactor 
Remove the Csv postfix of some predicate names.
 2023-01-23 09:09:48 +01:00
Chris Smowton
a2e7b83411 Add additional note to Android tests 2023-01-21 11:57:54 +00:00
Chris Smowton
81e59e9005 Force Gradle tests to run sequentially 
Otherwise starting multiple Gradle daemons in parallel can fail
 2023-01-21 11:57:53 +00:00
Chris Smowton
4197d7bd20 Android tests: use Java 11 under Actions 
Some runners still default to Java 8 (e.g. windows-2022 and macos-12), so we need to manually pull Java 11 in in such cases.
 2023-01-21 11:57:53 +00:00
Chris Smowton
b6df415fe8 Add Android and Kotlin build script tests 
This adds a single plain Gradle project that uses a modern Kotlin build script (i.e. settings.gradle.kts and no build.gradle.kts), plus basic Android samples exercising the possible permutations of: (old vs. new-style build script, Groovy vs. Kotlin build script, wrapper present vs. absent)

Old vs. new style tests our recognition of different cues that this is likely a Droid project and requires `gradle assemble` not `gradle testClasses` (the example given at https://developer.android.com/studio/build/#top-level changed style as of plugin version ~7.3.0).

Groovy vs. Kotlin build script language checks that the regexes recognising Android dependencies and versions work for both build script kinds.

Wrapper present vs. absent exercises the autobuilder logic that guesses an appropriate Gradle version and sets it up in the event the Gradle wrapper isn't provided.
 2023-01-21 11:57:53 +00:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
Jeroen Ketema
cddaa0c8fa Apply suggestions from code review 2023-01-20 14:10:27 +01:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Ian Lynagh
05c80b3f3c Merge pull request #11894 from igfoo/igfoo/make-private 
Kotlin: Make a couple of functions private
 2023-01-19 20:59:32 +00:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Rasmus Wriedt Larsen
e0ccb9306a Merge pull request #11908 from RasmusWL/dataflow-consistency-more-excludes 
DataFlow: Add `uniqueParameterNodePositionExclude`
 2023-01-18 10:44:51 +01:00
github-actions[bot]
571942fb21 Add changed framework coverage reports 2023-01-18 00:17:19 +00:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Jami Cogswell
10f0975812 Java: remove models for System.[get|set]Property 2023-01-17 08:51:48 -05:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00
Rasmus Wriedt Larsen
2b0a5fd5d1 DataFlow: Add uniqueParameterNodeAtPositionExclude 2023-01-17 14:05:17 +01:00
Antoine Taillefer
660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
 2023-01-16 21:14:29 +01:00
Ian Lynagh
17de5c120a Kotlin: Make a couple of functions private 2023-01-16 15:29:14 +00:00
Tony Torralba
cca6a13fbb Update java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.qhelp 2023-01-16 14:21:03 +01:00
jelaiw
cf7189bb28 Fix small typo in good/bad code sample. 2023-01-13 19:16:11 -06:00
Jami Cogswell
fb6725ddaa Java: add WithoutElement comment for clear methods 2023-01-13 13:20:45 -05:00
Jami Cogswell
a43f3cf95f Java: remove Supplier.get model 2023-01-12 17:09:13 -05:00
Jami Cogswell
f040ff2d8d Java: undo change to Function.apply test case 2023-01-12 17:01:58 -05:00
Jami Cogswell
c3a1d088ac Java: update change note 2023-01-12 16:32:52 -05:00
Jami Cogswell
a39b2aaaac Java: remove endsWith test case 2023-01-12 16:24:57 -05:00
Jami Cogswell
ffb267937a Java: add endsWith additionalTaintStep to ConditionalBypassFlowConfig 2023-01-12 16:24:05 -05:00
Michael Nebel
5c466f3319 Java: Sync files and update other relavant files related to the new naming of shift. 2023-01-12 19:06:29 +01:00
Chris Smowton
8aa2c23ba8 Merge pull request #11700 from JLLeitschuh/doc/JLL/improve-java-unsafe-deserialization-documentation 
[Java] Document fixes for deserialization vulnerabilities by framework
 2023-01-12 18:04:13 +00:00
Chris Smowton
09d8a50494 Spelling 2023-01-12 17:46:00 +00:00
Jami Cogswell
e0444449c8 Java: remove Function.apply model 2023-01-12 09:58:53 -05:00
Jami
c725c447ac Merge branch 'main' into jcogs33/update-paramsString 2023-01-12 08:24:57 -05:00
Ian Lynagh
9ebe59d353 Merge pull request #11637 from igfoo/igfoo/kotlin-1.8 
Kotlin: Add 1.8 support
 2023-01-12 12:15:00 +00:00
Joe Farebrother
e12febfd96 Add change note 2023-01-12 11:44:39 +00:00
Joe Farebrother
b565f997a0 Improve qhelp 2023-01-12 11:44:39 +00:00
Joe Farebrother
639c42c9e9 Fix qhelp errors and ql-for-ql errors 2023-01-12 11:44:39 +00:00
Joe Farebrother
f52db7f9a3 Add qhelp 2023-01-12 11:44:39 +00:00
Joe Farebrother
a88759283a Fix typo in qldoc 2023-01-12 11:44:39 +00:00
Joe Farebrother
7e7b5b4488 Improve test case 2023-01-12 11:44:39 +00:00
Joe Farebrother
8449dabefe Add qldoc 2023-01-12 11:44:39 +00:00
Joe Farebrother
de565f9ccc Add test and fix a bug 2023-01-12 11:44:39 +00:00
Joe Farebrother
b96edb9c64 Add Sensitive Result Receiver query 2023-01-12 11:44:39 +00:00
Michael Nebel
18a815ca8b Merge pull request #11721 from michaelnebel/csharpjava/refactorprovenance 
C#/Java: Re-factor provenance related predicates.
 2023-01-12 10:50:31 +01:00
Jami Cogswell
fd593fd4f0 Java: undo changes to tests that were affected by numeric-flow summary models 2023-01-11 22:34:19 -05:00
Jami Cogswell
ce74c9d959 Java: Date models as neutral 2023-01-11 22:15:41 -05:00