hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-30 20:28:15 +02:00
Code Issues Packages Projects Releases Wiki Activity
46,310 Commits 1,724 Branches 164 Tags
b99a1d2cd9924b7261a205eb82ecbcfb1ae2b160
Commit Graph

1508 Commits

Author SHA1 Message Date
Jami Cogswell
b99a1d2cd9 update sink and tests 2022-11-08 15:29:33 -05:00
Jami Cogswell
695d6f0e4e move files to regexp directory 2022-11-08 15:29:33 -05:00
Jami Cogswell
5402001362 remove original sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
be548c13e1 switch sink to use csv models 2022-11-08 15:29:33 -05:00
Jami Cogswell
5dcd3b2c0f clean up files 2022-11-08 15:29:33 -05:00
Jami Cogswell
32f7348d30 update help file 2022-11-08 15:29:33 -05:00
Jami Cogswell
eb30e8fe9e move Pattern.quote and Pattern.LITERAL models to Regex.qll 2022-11-08 15:29:33 -05:00
Jami Cogswell
81ad10bab5 update sink names 2022-11-08 15:29:33 -05:00
Jami Cogswell
5b089bbb9c split sanitizer into three 2022-11-08 15:29:33 -05:00
Jami Cogswell
91491d9a7b refactor into more classes; add more test cases; add LITERAL sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
50d638d1b6 create RegexInjection.qll file 2022-11-08 15:29:33 -05:00
Jami Cogswell
f6f26fe6c5 refactor code; add change note 2022-11-08 15:29:33 -05:00
Jami Cogswell
037a05cd66 add classes for Pattern, Matcher, and RegExUtils 2022-11-08 15:29:33 -05:00
Jami Cogswell
6545cff0ef add Pattern.quote sanitizer 2022-11-08 15:29:33 -05:00
Jami Cogswell
833c5edf06 move to .qll file and switch to InlineExpectations tests 2022-11-08 15:29:32 -05:00
Tony Torralba
ef967b6a21 Merge pull request #10890 from atorralba/atorralba/android-startactivities-summaries 
Java: Add flow summaries for startActivities
 2022-11-07 18:06:30 +01:00
Erik Krogh Kristensen
d67235b3c1 Merge pull request #11071 from erik-krogh/fixCanon 
ReDoS: fix canonicalization in NfaUtils
 2022-11-07 14:10:50 +01:00
Tamás Vajk
830be92f1d Merge pull request #11089 from tamasvajk/kotlin-enum-ctor-call 
Kotlin: Extract missing arguments of enum constructor calls
 2022-11-07 12:55:27 +01:00
Tamas Vajk
4e8d8a4de1 Add compilerGeneratedReason for enum constructor call arguments 2022-11-07 10:07:05 +01:00
Anders Schack-Mulligen
a1dba82360 Dataflow: Sync. 2022-11-04 12:41:55 +01:00
Anders Schack-Mulligen
828d187198 Dataflow: Fix a couple of join-orders. 2022-11-04 12:41:55 +01:00
Tom Hvitved
587e6739d9 Merge pull request #11060 from hvitved/dataflow/path-node-reach-charpred 
Data flow: Restrict public `PathNode`s to those that may reach a sink
 2022-11-04 10:17:09 +01:00
Anders Schack-Mulligen
331b8c0144 Merge pull request #10904 from aschackmull/java/joinorders 
Java: Fix some join-orders.
 2022-11-04 09:24:31 +01:00
Tom Hvitved
d3488da0c2 Data flow: Sync files 2022-11-03 15:52:30 +01:00
erik-krogh
c15f63ce62 sync files 2022-11-01 21:35:27 +01:00
Tamas Vajk
9cc7a30a75 Kotlin: do not report on unused object extension parameters 2022-10-26 15:06:51 +02:00
Tamas Vajk
eaa04b72f1 Apply code review findings 2022-10-25 13:49:54 +02:00
Tamas Vajk
78c23c2657 Kotlin: Exclude constructs in serialization constructors from java/evaluation-to-constant 2022-10-25 13:49:54 +02:00
Chris Smowton
b9f4856d47 Merge pull request #10876 from smowton/smowton/feature/kotlin-default-method-auto-mad 
Java models-as-data: infer Kotlin $default models from that of its parent function
 2022-10-25 11:58:54 +01:00
Chris Smowton
7a0bded2ac Kotlin: support argument-range specifications for $default methods 2022-10-24 19:31:03 +01:00
Chris Smowton
1fe9e8457f Kotlin: Fix varargs dataflow, and varargs default handling 
Dataflow requires accounting for the fact that the varargs parameter isn't necessarily last in the parameter list in a couple more places. Default handling just requires that if the only null parameter is the varargs argument, and it has no default value, then no $default method is required-- the caller is expected to simply pass nothing (at QL
/ source level) or an empty array (at JVM level).
 2022-10-21 11:14:41 +01:00
Anders Schack-Mulligen
9ebcaf80e7 Java: Fix some join-orders. 2022-10-20 14:23:36 +02:00
Chris Smowton
e868cdf91b Merge pull request #9876 from smowton/smowton/feature/interface-forwarding 
Kotlin: implement default interface forwarding
 2022-10-20 10:17:47 +01:00
Chris Smowton
c6b62c934b Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes 
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
 2022-10-19 16:48:28 +01:00
Tony Torralba
0678b06a9b Apply review suggestions 2022-10-19 16:58:43 +02:00
Tony Torralba
429bd5fbd8 Add flow summaries for startActivities 
Uses SyntheticCallables and SyntheticGlobals to pair each startActivities call to getIntent calls in the components targeted by the intent(s).
 2022-10-19 16:25:04 +02:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Chris Smowton
b148e3168f Java models-as-data: infer Kotlin $default models from that of its parent function 2022-10-18 18:17:08 +01:00
Tamás Vajk
543e2f5aab Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers 
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
 2022-10-18 09:10:57 +02:00
Chris Smowton
b4c4a26e22 Element.hasChildElement: associate local classes specialisations with their unspecialised containing function 2022-10-17 18:43:12 +01:00
Chris Smowton
b763c406b6 hasChildElement: include method -> local class edges 2022-10-17 18:38:13 +01:00
Chris Smowton
e8a35983ee Implement Kotlin default interface method forwarding 
Kotlin's implementation of defaults depends on the -Xjvm-default setting (or the @JvmDefault deprecated annotation, not implemented here): by default, actual interface class files don't use default method, and any class that would inherit one instead implements the interface calling a static method defined on TheInterface$DefaultImpls. With
-Xjvm-default=all or =all-compatibility, real interface default methods are emitted, with the latter retaining the DefaultImpls methods so that other Kotlin can use it.

Here I adopt a hybrid solution: create a real default method implementation, but also emit a forwarding method like `@override int f(int x) { return super.TheInterface.f(x); }`, because the Java extractor will see `MyClass.f` in the emitted class file and try to dispatch directly to it. The only downside is that we emit a default interface
method body for a prototype that will appear to be `abstract` to the Java extractor and which it will extract as such. I work around this by tolerating the combination `default abstract` in QL. The alternative would be to fully mimic the DefaultImpls approach, giving 100% fidelity to kotlinc's strategy and therefore no clash with the Java
extractor's view of the world.
 2022-10-17 18:38:13 +01:00
Chris Smowton
8553266aae Allow specialised instances of anonymous classes 2022-10-17 11:27:05 +01:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00
Anders Schack-Mulligen
5ce4483a8e Merge pull request #10795 from aschackmull/java/synth-callable 
Java: Add support for synthetic callables with flow summaries and model Stream.collect
 2022-10-14 10:58:14 +02:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Anders Schack-Mulligen
ad8f0fc1dd Java: Address review comments. 2022-10-13 14:55:55 +02:00
Anders Schack-Mulligen
2848909450 Dataflow: Add support for synthetic global fields in MaD. 2022-10-13 14:18:13 +02:00
Anders Schack-Mulligen
51dfb319f5 Java: autoformat 2022-10-13 11:17:44 +02:00