hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,575 Commits 1,672 Branches 157 Tags
98b930cd6750dd7d7deddf13d74be97f5ed92e6d
Commit Graph

6499 Commits

Author SHA1 Message Date
Tony Torralba
98b930cd67 Accept test changes in experimental query after AsyncTask improvements 2022-08-08 09:23:12 +02:00
Tony Torralba
03b854a1ed Add test for initializer method 2022-08-05 15:29:17 +02:00
Tony Torralba
b75b073dae Remove unused class member 2022-08-05 12:21:22 +02:00
Tony Torralba
9ee90f8022 Remove unnecessary import from test 2022-08-05 11:11:13 +02:00
Tony Torralba
792d34c3a1 Add change note 2022-08-05 11:10:09 +02:00
Tony Torralba
5ebce6ee4f Improve AsyncTask data flow support 
Model the life-cycle described here: https://developer.android.com/reference/android/os/AsyncTask\#the-4-steps
 2022-08-05 10:29:49 +02:00
Anders Schack-Mulligen
43d4324f65 Java: Improve performance of ConfusingOverloading. 2022-08-04 16:05:30 +02:00
Anders Schack-Mulligen
a5a58f46eb Merge pull request #9945 from aschackmull/java/wrappedinvocation-joinorder 
Java: Improve join-order.
 2022-08-04 11:12:23 +02:00
Anders Schack-Mulligen
c2b99747d4 Merge pull request #9951 from aschackmull/java/notintersect-perf 
Java: Improve join-order for `not haveIntersection`.
 2022-08-04 11:08:02 +02:00
Chris Smowton
af274354a0 Merge pull request #9956 from github/smowton/feature/tainted-path-query-mad 
Make java/path-injection recognise create-file MaD sinks
 2022-08-04 08:59:59 +01:00
Chris Smowton
977823bd76 Create 2022-08-03-tainted-path-mad.md 2022-08-03 10:54:35 +01:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Rasmus Wriedt Larsen
8fb85a98d8 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-03 10:42:02 +02:00
Chris Smowton
83498f58db Add missing import 2022-08-03 08:53:43 +01:00
Chris Smowton
81f3bcd802 Don't require a PathCreation for every tainted-path sink 2022-08-02 21:30:06 +01:00
Chris Smowton
c95f17fdf2 Make java/path-injection recognise create-file MaD sinks 2022-08-02 21:28:00 +01:00
Alex Ford
8e3548efb3 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-02 20:29:26 +01:00
Anders Schack-Mulligen
aabdf84300 Java: Improve join-order for not haveIntersection. 2022-08-02 14:29:03 +02:00
Anders Schack-Mulligen
80bba605e3 Java: Fix join-order in SameNameAsSuper. 2022-08-02 12:49:21 +02:00
Anders Schack-Mulligen
cd356a5ac1 Java: Improve join-order. 2022-08-02 08:49:58 +02:00
Tony Torralba
593ce01362 Merge pull request #9908 from atorralba/atorralba/xml-inline-exp-test 
Java: Add support for XML InlineExpectationsTest
 2022-07-29 14:49:19 +02:00
Tony Torralba
ec03ebbbfc Add spurious and missing test cases 2022-07-29 13:44:25 +02:00
Tony Torralba
6091f0dbce Use camelCase for XML acronym 2022-07-29 13:44:11 +02:00
github-actions[bot]
e8747d3176 Post-release preparation for codeql-cli-2.10.2 2022-07-28 20:00:09 +00:00
Chris Smowton
1737ed50ba Add test cases for wildcard lowering of array types 2022-07-28 15:52:00 +01:00
Chris Smowton
8cd2aeb65d Accept test changes 2022-07-28 15:52:00 +01:00
Chris Smowton
7475f84ea5 Fix type-parameter-out-of-scope test 2022-07-28 15:51:59 +01:00
Chris Smowton
e7f275382e Add test for Java wildcard substitution 2022-07-28 15:51:59 +01:00
Alex Ford
a8345e00fc Update java/ql/lib/change-notes/released/0.3.2.md 2022-07-28 14:58:38 +01:00
Alex Ford
258b58cd37 Update java/ql/lib/CHANGELOG.md 2022-07-28 14:58:34 +01:00
github-actions[bot]
212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
Tony Torralba
7ca955a0e6 Add support for XML InlineExpectationsTest 2022-07-27 17:23:10 +02:00
Anders Schack-Mulligen
70e6db3ce1 Merge pull request #9902 from aschackmull/java/junit5-assertnotnull 
Java: Add support for JUnit5 assertions in the nullness queries.
 2022-07-27 13:52:01 +02:00
Chris Smowton
9e7fc1731f Merge pull request #9898 from smowton/smowton/fix/kotlin-super-calls 
Kotlin: implement super-method calls
 2022-07-27 11:31:36 +01:00
Tony Torralba
e179126abb Merge pull request #9129 from atorralba/atorralba/get-underlying-expr 
Java: Add Expr::getUnderlyingExpr predicate
 2022-07-27 11:42:28 +02:00
Anders Schack-Mulligen
cc423af8f1 Java: Add support for JUnit5 assertions in the nullness queries. 2022-07-27 10:20:47 +02:00
github-actions[bot]
30accecd8a Add changed framework coverage reports 2022-07-27 00:19:16 +00:00
Chris Smowton
5086841b46 Kotlin: implement super-method calls 
If we only look at the dispatch receiver, these show up like `this` references rather than `super` references, preventing flow through super-calls. The super-interface case requires properly noting that interface methods with a body get a `default` modifier in order to avoid QL discarding the method as a possible callee.
 2022-07-26 17:03:46 +01:00
Tony Torralba
33f5620782 Add more models 2022-07-26 11:06:11 +02:00
Tony Torralba
c56e0f7c0d Add change note 2022-07-26 10:50:34 +02:00
Tony Torralba
95db81658b Add CSV models for java.util.Scanner 2022-07-26 10:42:24 +02:00
Chris Smowton
3f6925e7be Merge pull request #9875 from smowton/smowton/fix/charat-naming 
Kotlin: Special-case String.charAt naming
 2022-07-25 16:10:13 +01:00
Chris Smowton
715b0b3fb8 Accept test changes 2022-07-25 15:17:14 +01:00
Chris Smowton
9593ceeda5 Kotlin: Special-case String.charAt naming 
In the Kotlin universe this is called `get` so that Kotlin programmers can use the `[]` operator on `String`s.
 2022-07-21 09:17:08 +01:00
Chris Smowton
1cbe26a54f Kotlin: fix for-loop iterators over primitive or wildcard types 
Array<*> can't be queried for an argument type, and IntArray doesn't have an argument at all; both were previously causing the extractor to fail to extract the whole file due to throwing an exception.
 2022-07-21 09:13:55 +01:00
Asger F
b9bdee6651 Merge branch 'main' into post-release-prep/codeql-cli-2.10.1 2022-07-19 16:24:35 +02:00
yo-h
d4443592eb Merge pull request #9776 from raulgarciamsft/azure-sdk-client-encryption-version 
New queries to detect unsafe client side encryption in Azure Storage
 2022-07-16 14:59:51 -04:00
Raul Garcia
eefa659503 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:23:59 -07:00
Raul Garcia
fe789c8aa9 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:22:18 -07:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00