hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,685 Commits 1,703 Branches 162 Tags
a51c2c496f8f119d931800bfd74ffa47260cd259
Commit Graph

36685 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
a51c2c496f Add test with colliding property accessor and function names 2022-05-12 22:37:06 +01:00
Tamas Vajk
857a74cf14 Adjust class label generation to handle classes in field initializers 2022-05-12 22:37:06 +01:00
Tamas Vajk
394ec56d9d Add test case for local class declaration in field initializer 2022-05-12 22:37:06 +01:00
Chris Smowton
4ceb2f13c4 Add test 2022-05-12 22:37:06 +01:00
Chris Smowton
2600dcd182 Fix extracting type accesses relating to proprerty getters/setters and SAM-converted methods 
These should be handled the same as regular methods: extract type accesses for parameters and methods only if we're extracting "from source", i.e. at some point we're descended from extractFileContents.
 2022-05-12 22:37:06 +01:00
Chris Smowton
301fa11450 Only extract parameter and method type-accesses once 
Previously we extracted them whenever something was non-external, but this led to re-extraction when an instance of a generic type defined in source was extracted multiple times.
 2022-05-12 22:37:06 +01:00
Chris Smowton
8d970a3cbd Don't extract private members of instantiated or external classes 
This is both consistent with the Java extractor's behaviour, and prevents us from trying to refer to anonymous types (e.g. anonymous objects that directly initialize properties) out of scope.
 2022-05-12 22:37:06 +01:00
Tamas Vajk
fbae0f5053 Revert dataflow changes, extract actual iterator function 2022-05-12 22:37:06 +01:00
Tamas Vajk
538e05995a Fix dataflow for kotlin.Array.iterator() 2022-05-12 22:37:03 +01:00
Tamas Vajk
776322bac2 Add foreach dataflow tests 2022-05-12 22:36:28 +01:00
Chris Smowton
7e17074b41 Allow arithmetic functions not mapping to Java equivalents 2022-05-12 22:36:28 +01:00
Chris Smowton
b1849f5f0a Expand error message 2022-05-12 22:36:28 +01:00
Chris Smowton
22e48ca39a Accept test changes 2022-05-12 22:36:28 +01:00
Chris Smowton
16af811b69 Allow imprecise matching for Kotlin -> Java method translation 
This allows the particular case of Collection.toArray(IntFunction<T>) to match, since both Java and Kotlin functions take an IntFunction<T> but they use different function-local type variables.

This would also allow toArray(Array<T>) to work similarly.
 2022-05-12 22:36:28 +01:00
Chris Smowton
77056c9bff Add test expectations 2022-05-12 22:36:28 +01:00
Chris Smowton
71d2e7be3e Don't replace own callables, and use a more exact replacement-finding test 2022-05-12 22:36:28 +01:00
Chris Smowton
ce87a89009 Replace Map and similar functions with their Java cousins 
This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V).

These have different erasures which was leading to callable-binding inconsistencies.
 2022-05-12 22:36:28 +01:00
Tamas Vajk
fa0bd0366c Fix extension property labels 2022-05-12 22:36:28 +01:00
Tamas Vajk
25fce5f6bb Identify data classes during extraction 2022-05-12 22:36:28 +01:00
Chris Smowton
1e78f2893c Add test for special method getters 2022-05-12 22:36:28 +01:00
Chris Smowton
134f88fe8e Accept test results 2022-05-12 22:36:27 +01:00
Chris Smowton
12e3401ae0 Map special getters onto their correct JVM names 
These include Collection.size() for example, which has a Kotlin property called `size` but whose getter is not named `getSize()`.

These would normally be accounted for using `@JvmName`, but some core methods are lowered by a special compiler pass instead.
 2022-05-12 22:36:27 +01:00
Chris Smowton
cb6941d212 Account for JVM type equivalency when recognising unspecialised types 
(As before, these are not really unspecialised, they are instantiated by their own type parameters, but this replicates the behaviour of the Java extractor)
 2022-05-12 22:36:27 +01:00
Mathias Vorreiter Pedersen
39551fd84d Merge pull request #9114 from geoffw0/xxe7 
C++: Repair support for createLSParser in the CWE-611 XXE query.
 2022-05-12 15:47:53 +01:00
Jeroen Ketema
941485d66f Merge pull request #9130 from jketema/cpp17-init 
C++: Handle C++17 if and switch initializers
 2022-05-12 16:37:44 +02:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Geoffrey White
df30d2286c Merge branch 'main' into xxe7 2022-05-12 14:35:16 +01:00
Jeroen Ketema
723f3b09fe C++: Address review comments 2022-05-12 15:09:06 +02:00
Erik Krogh Kristensen
762f7bf7fe Merge pull request #9115 from erik-krogh/fileAndFolder 
JS: resolve main module when there is a folder with the same name as the main file
 2022-05-12 14:55:28 +02:00
Jeroen Ketema
72823e9576 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-05-12 14:54:43 +02:00
Taus
e8b7262712 Merge pull request #9133 from tausbn/devcontainer-install-test-extension-dependencies 
Devcontainer: Install test dependencies
 2022-05-12 14:51:18 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Erik Krogh Kristensen
4bef451156 Merge pull request #9021 from erik-krogh/actions 
JS: promote `js/actions/injection` out of experimental
 2022-05-12 14:38:38 +02:00
Taus
12b34bcf04 Devcontainer: Install test dependencies 
These _should_ get installed automatically if missing, by in my
experience this can be a bit flaky. Installing theme here should make
this a bit more robust.
 2022-05-12 12:17:04 +00:00
Rasmus Wriedt Larsen
7cd51d6147 Merge pull request #9126 from RasmusWL/moduleimport-with-dots 
Python: Fully disallow `API::moduleImport` of module with dots
 2022-05-12 14:16:25 +02:00
AlexDenisov
dd900e622c Merge pull request #9107 from redsun82/swift-arena 
Swift: `TrapOutput`
 2022-05-12 14:09:18 +02:00
Rasmus Wriedt Larsen
795adf0566 Python: Fix API::moduleImport("foo.bar") 2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen
3844c5b5c0 Python: Add change-note 2022-05-12 13:32:59 +02:00
Rasmus Wriedt Larsen
f8253f5fef Python: Fully disallow API::moduleImport of module with dots 
Inspired by discussion about this for MaD in
https://github.com/github/codeql/pull/8883#discussion_r865858084
 2022-05-12 13:30:26 +02:00
Rasmus Wriedt Larsen
597a8414d9 Python: Add test of API::moduleImport with dots 
This is currently semi-works -- the import is allowed, but doesn't
always work when used :|
 2022-05-12 13:29:16 +02:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Erik Krogh Kristensen
fef4455ccc apply suggestion from doc review 
Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
 2022-05-12 13:28:45 +02:00
Jeroen Ketema
e23e5e5b12 C++: Add change notes for C++17 if and switch initializers 2022-05-12 12:56:50 +02:00
Jeroen Ketema
894380d701 C++: Update stats file 2022-05-12 12:56:50 +02:00
Jeroen Ketema
97bba115da C++: Add upgrade and downgrade script 2022-05-12 12:56:50 +02:00
Jeroen Ketema
71c019e126 C++: Handle C++17 switch initializers 2022-05-12 12:56:50 +02:00
Jeroen Ketema
ebbd9c5b90 C++: Handle C++17 if initializers 2022-05-12 12:56:50 +02:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00
Nick Rolfe
12a43b6fae C++: fix another use of AnalysedString 2022-05-12 10:38:13 +01:00
Harry Maclean
e8972b814f Merge pull request #8635 from hmac/hmac/io-popen 
Ruby: Model IO.popen
 2022-05-12 21:17:55 +12:00