hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,700 Commits 1,672 Branches 157 Tags
b18de9e6417c60b51d2371c98394f4033d2683e4
Commit Graph

10374 Commits

Author SHA1 Message Date
Tony Torralba
16529cdd18 Add failing test 2023-07-10 17:40:15 +02:00
Tony Torralba
b70e21df4f Merge pull request #13702 from atorralba/atorralba/kotlin/apply 
Kotlin: Support apply
 2023-07-10 17:39:57 +02:00
Tony Torralba
0f18c0227b Kotlin: Support apply 2023-07-10 16:15:27 +02:00
github-actions[bot]
13cf054a9d Post-release preparation for codeql-cli-2.14.0 2023-07-07 14:55:41 +00:00
github-actions[bot]
6484ee106e Release preparation for version 2.14.0 2023-07-07 08:22:14 +00:00
Taus
f666260cd8 Java: Add meta query for metrics gathering 
Exposes the same information as the existing queries through two query
predicates instead. This makes the downstream data gathering a bit more
convenient to implement.
 2023-07-06 16:59:15 +02:00
Taus
36c6c7235c Java: Move instance counting logic into utility library 2023-07-06 16:59:15 +02:00
Dave Bartolomeo
9631e9f2f1 Bump minor version numbers post-GHES 2023-07-06 10:10:01 -04:00
Dave Bartolomeo
2bb9adfbf1 Merge remote-tracking branch 'origin/main' into dbartol/mergeback-3.10 2023-07-06 10:00:46 -04:00
Mathias Vorreiter Pedersen
83d0dec0fb DataFlow: Sync identical files. 2023-07-06 14:00:00 +01:00
Taus
97610d2cac Java: Add query for counting sink model instances 
Also adds a more sensible ordering to the existing queries.
 2023-07-04 14:24:52 +02:00
Michael Nebel
3cde59e409 Merge pull request #13651 from michaelnebel/telemetrytop100 
Java/C#: Reduce the amount of telemetry being produced.
 2023-07-04 08:33:53 +02:00
Michael Nebel
238f390738 Merge pull request #13452 from michaelnebel/refactorstackprinting 
Re-factor printing of summary component stacks.
 2023-07-04 08:29:10 +02:00
Taus
b7e4bd290d Java: Use an IPA type instead of a string 
While the string representation is useful for quickly modifying queries, it's
a bit clunky when the data needs to be further parsed. Instead, the two queries
now select all of the columns of the sinkmodel separately (which makes it easy
to pull them out of the relevant output later on).
 2023-07-03 23:17:55 +02:00
Michael Nebel
243c592447 Address review comments. 2023-07-03 17:01:08 +02:00
Michael Nebel
23a119b8c2 Java/C#: Reduce the amount of telemetry being produced. 2023-07-03 16:54:07 +02:00
Chuan-kai Lin
6912f7ed3a Merge pull request #13638 from cklin/remove-pragma-assume-small-delta 
Remove pragma[assume_small_delta]
 2023-07-03 07:00:36 -07:00
Michael Nebel
bddd22f522 Sync files and make language specific adjustments. 2023-07-03 14:36:07 +02:00
Michael Nebel
c18f4b1604 Sync files and make language specific rename. 2023-07-03 14:36:06 +02:00
Taus
6f24d939f6 Java: Also select query id 2023-07-01 15:04:06 +02:00
Ian Lynagh
fcf003ceb5 Revert "Kotlin: Remove a use of ObsoleteDescriptorBasedAPI" 
This reverts commit a50d804ad7.
 2023-06-30 19:32:37 +01:00
Chuan-kai Lin
ce464a7d69 Remove pragma[assume_small_delta] 2023-06-30 11:09:29 -07:00
Taus
dca227389d Java: Add metric queries for counting sinks coming from models 
Adds two queries for gathering metrics on the number of alerts (for a selection of queries)
that arise from models with the `ai-generated` provenance.
 2023-06-30 15:07:13 +02:00
github-actions[bot]
668aaa2dc8 Post-release preparation for codeql-cli-2.13.5 2023-06-30 08:51:48 +00:00
github-actions[bot]
cf83baeead Add changed framework coverage reports 2023-06-30 00:17:47 +00:00
Tony Torralba
b2e8167407 Merge pull request #13587 from github/koesie10/update-java-external-api-name 
Java: Fix external API name for nested types
 2023-06-29 13:23:20 +02:00
Koen Vlaswinkel
6806b8750d Java: Use getSourceDeclaration to handle generic types 2023-06-29 11:49:16 +02:00
github-actions[bot]
9d7987f822 Release preparation for version 2.13.5 2023-06-29 09:26:18 +00:00
Paul Hodgkinson
bfbb77a796 Merge branch 'main' into java/experimental/command-injection 2023-06-29 09:51:14 +01:00
aegilops
8dbb0a51c0 Rewrote tests to work 2023-06-29 09:47:03 +01:00
aegilops
01798f63f8 Switched to new dataflow and added a test (but it doesn't produce results yet) 2023-06-28 17:14:39 +01:00
jorgectf
9d8ae5039a Add models for javax.portlet 2023-06-28 17:53:56 +02:00
Ian Lynagh
641f186afc Merge pull request #13600 from igfoo/igfoo/fake_fun 
Kotlin: Remove a use of ObsoleteDescriptorBasedAPI
 2023-06-28 15:50:27 +01:00
Ian Lynagh
a50d804ad7 Kotlin: Remove a use of ObsoleteDescriptorBasedAPI 
This isn't supported in Kotlin 2 mode, but removing this code doesn't
affect any tests.
 2023-06-28 13:48:43 +01:00
Kasper Svendsen
7c59f5ac18 Merge pull request #13578 from kaspersv/kaspersv/java-remaining-implicit-this 
Java: Enable implicit this warnings for remaining packs
 2023-06-28 14:27:24 +02:00
Koen Vlaswinkel
51af03d2bc Java: Add tests for names of nested classes 2023-06-28 09:52:25 +02:00
github-actions[bot]
0749af79d7 Add changed framework coverage reports 2023-06-28 00:18:40 +00:00
Ian Lynagh
4adecf0d15 Merge pull request #13586 from igfoo/igfoo/diag-limit 
Kotlin: Remove an out-of-date comment
 2023-06-27 15:41:47 +01:00
Ian Lynagh
b0d2ca5df4 Merge pull request #13568 from igfoo/igfoo/android_lint 
Java: Tweak some android tests
 2023-06-27 15:41:37 +01:00
Ian Lynagh
4415c364ac Merge pull request #13542 from igfoo/igfoo/modality_final 
Kotlin: Remove an expected-no-getter exception
 2023-06-27 15:41:27 +01:00
Koen Vlaswinkel
fcb2f1082c Java: Fix external API name for nested types 
This fixes the name of reported external APIs for nested types.
The `toString()` method of `getSourceDeclaration()` would report the
name of a type, but not the name of the enclosing type. This results
in missing information in the `UnsupportedExternalAPIs.ql` query.

For example, previously it would report:

```
org.zapodot.junit.db.Builder#build()
```

However, the `Builder` class does not exist in the package and is only
a nested type within `EmbeddedDatabaseRule`. The correct name should be:

```
org.zapodot.junit.db.EmbeddedDatabaseRule$Builder#build()
```

This name also matches the format of MaD.
 2023-06-27 15:23:55 +02:00
Ian Lynagh
d588f52262 Kotlin: Remove an out-of-date comment 2023-06-27 13:33:52 +01:00
Tony Torralba
a7c2a25cac Merge pull request #12879 from atorralba/atorralba/java/command-injection-mad-sinks 
Java: Convert all command injection sinks to MaD format
 2023-06-27 14:06:45 +02:00
Tony Torralba
6e20bd04e9 Merge pull request #13539 from atorralba/atorralba/java/url-to-string-model 
Java: Add URL.toString summary
 2023-06-27 14:05:47 +02:00
Kasper Svendsen
7fcdefbe70 Java: Enable implicit this warnings for remaining packs 2023-06-27 11:54:20 +02:00
Tony Torralba
3c3b53001f Merge pull request #13550 from jorgectf/jorgectf/lang2-models 
Java: Add models for `org.apache.commons.lang`
 2023-06-27 11:20:59 +02:00
Tony Torralba
a17c812118 Merge pull request #13358 from jorgectf/jorgectf/deserialization-lookahead 
Java: Model `SerialKiller`
 2023-06-27 09:20:50 +02:00
Ian Lynagh
8a43fc81ee Java: Tweak some android tests 
They were all failing for me like:

[autobuild] /home/ian/code/dev/target/codeql-java-integration-tests/ql/java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/project/src/main/AndroidManifest.xml:5: Error: Main must extend android.app.Activity [Instantiatable]
[autobuild]         <activity android:name="Main" android:exported="true">
[autobuild]                                 ~~~~
[autobuild]    Explanation for issues of type "Instantiatable":
[autobuild]    Activities, services, broadcast receivers etc. registered in the manifest
[autobuild]    file (or for custom views, in a layout file) must be "instantiatable" by
[autobuild]    the system, which means that the class must be public, it must have an
[autobuild]    empty public constructor, and if it's an inner class, it must be a static
[autobuild]    inner class.

I'm not sure why it works on CI but not locally, but either way this
works around the issue.
 2023-06-26 15:52:52 +01:00
Ian Lynagh
65dee80b36 Merge pull request #13547 from igfoo/igfoo/dead-code 
Kotlin: Build: Remove some dead code
 2023-06-26 11:50:50 +01:00
Tony Torralba
55280e523a Update java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll 2023-06-26 11:14:31 +02:00