hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,255 Commits 1,672 Branches 157 Tags
bbce52535a84e38ffd8fc1036fbcdf7a758c935e
Commit Graph

8325 Commits

Author SHA1 Message Date
luchua-bc
b69eba9238 Add check for Spring redirect 2022-07-29 01:59:47 +00:00
github-actions[bot]
e8747d3176 Post-release preparation for codeql-cli-2.10.2 2022-07-28 20:00:09 +00:00
Chris Smowton
1737ed50ba Add test cases for wildcard lowering of array types 2022-07-28 15:52:00 +01:00
Chris Smowton
8cd2aeb65d Accept test changes 2022-07-28 15:52:00 +01:00
Chris Smowton
7475f84ea5 Fix type-parameter-out-of-scope test 2022-07-28 15:51:59 +01:00
Chris Smowton
e7f275382e Add test for Java wildcard substitution 2022-07-28 15:51:59 +01:00
Alex Ford
a8345e00fc Update java/ql/lib/change-notes/released/0.3.2.md 2022-07-28 14:58:38 +01:00
Alex Ford
258b58cd37 Update java/ql/lib/CHANGELOG.md 2022-07-28 14:58:34 +01:00
github-actions[bot]
212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
Tony Torralba
7ca955a0e6 Add support for XML InlineExpectationsTest 2022-07-27 17:23:10 +02:00
Anders Schack-Mulligen
70e6db3ce1 Merge pull request #9902 from aschackmull/java/junit5-assertnotnull 
Java: Add support for JUnit5 assertions in the nullness queries.
 2022-07-27 13:52:01 +02:00
Chris Smowton
9e7fc1731f Merge pull request #9898 from smowton/smowton/fix/kotlin-super-calls 
Kotlin: implement super-method calls
 2022-07-27 11:31:36 +01:00
Tony Torralba
e179126abb Merge pull request #9129 from atorralba/atorralba/get-underlying-expr 
Java: Add Expr::getUnderlyingExpr predicate
 2022-07-27 11:42:28 +02:00
Anders Schack-Mulligen
cc423af8f1 Java: Add support for JUnit5 assertions in the nullness queries. 2022-07-27 10:20:47 +02:00
github-actions[bot]
30accecd8a Add changed framework coverage reports 2022-07-27 00:19:16 +00:00
luchua-bc
1ce31ec32c Add sinks of servlet dispatcher and filter 2022-07-26 23:05:25 +00:00
Chris Smowton
5086841b46 Kotlin: implement super-method calls 
If we only look at the dispatch receiver, these show up like `this` references rather than `super` references, preventing flow through super-calls. The super-interface case requires properly noting that interface methods with a body get a `default` modifier in order to avoid QL discarding the method as a possible callee.
 2022-07-26 17:03:46 +01:00
Tony Torralba
33f5620782 Add more models 2022-07-26 11:06:11 +02:00
Tony Torralba
c56e0f7c0d Add change note 2022-07-26 10:50:34 +02:00
Tony Torralba
95db81658b Add CSV models for java.util.Scanner 2022-07-26 10:42:24 +02:00
Chris Smowton
3f6925e7be Merge pull request #9875 from smowton/smowton/fix/charat-naming 
Kotlin: Special-case String.charAt naming
 2022-07-25 16:10:13 +01:00
Chris Smowton
715b0b3fb8 Accept test changes 2022-07-25 15:17:14 +01:00
luchua-bc
962069ccff Add path check in a security context (redirect) 2022-07-22 23:10:52 +00:00
Chris Smowton
9593ceeda5 Kotlin: Special-case String.charAt naming 
In the Kotlin universe this is called `get` so that Kotlin programmers can use the `[]` operator on `String`s.
 2022-07-21 09:17:08 +01:00
Chris Smowton
0a351b73cb Underscore query: tolerate synthetic functions 2022-07-21 09:15:27 +01:00
Chris Smowton
1cbe26a54f Kotlin: fix for-loop iterators over primitive or wildcard types 
Array<*> can't be queried for an argument type, and IntArray doesn't have an argument at all; both were previously causing the extractor to fail to extract the whole file due to throwing an exception.
 2022-07-21 09:13:55 +01:00
luchua-bc
48f143e7d4 Query to detect regex dot bypass 2022-07-20 22:39:24 +00:00
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
smehta23
b7e522749f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-20 15:32:59 -04:00
Asger F
b9bdee6651 Merge branch 'main' into post-release-prep/codeql-cli-2.10.1 2022-07-19 16:24:35 +02:00
yo-h
d4443592eb Merge pull request #9776 from raulgarciamsft/azure-sdk-client-encryption-version 
New queries to detect unsafe client side encryption in Azure Storage
 2022-07-16 14:59:51 -04:00
Raul Garcia
eefa659503 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:23:59 -07:00
Raul Garcia
fe789c8aa9 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:22:18 -07:00
Chris Smowton
41ca791966 Implement is-underscore-parameter for old versions of Kotlin 2022-07-15 12:36:37 +01:00
Chris Smowton
d4b0163c4c Kotlin: Don't extract a name for a '_' parameter 
I can't reproduce the exact circumstances, but these sometimes get "<anonymous parameter X>" names and sometimes get "$noName_X" names. Whichever way, avoiding extracting a synthetic name seems safest; anyone finding the .class file and not reading the metadata indicating it came from a `_` will extract the binary name selected, or else QL will
invent a name.
 2022-07-14 16:36:26 +01:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen
85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
Jeroen Ketema
fe1f1bb79d Fix issues with change notes 2022-07-14 11:06:14 +02:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
github-actions[bot]
9a186ba5d2 Add changed framework coverage reports 2022-07-14 00:18:56 +00:00
Chris Smowton
a6970638cb Improve description 2022-07-13 20:27:10 +01:00
Chris Smowton
01cec0490b Abbreviate qhelp 2022-07-13 20:24:44 +01:00
Chris Smowton
f9da4a0456 Add change note 2022-07-13 14:11:31 +01:00
Chris Smowton
b1dd3c2d84 Model java.util.Properties.getProperty 2022-07-13 13:59:28 +01:00
Erik Krogh Kristensen
595875ff98 remove redundant not-equals check 2022-07-13 12:06:12 +02:00
Erik Krogh Kristensen
a4262f8d91 add some more references to the overly-large-range qhelp 2022-07-13 11:20:24 +02:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
Raul Garcia
a4adf06713 Addressing feedback for the qhelp file. 2022-07-12 13:51:12 -07:00
Ian Lynagh
83edb3b5e9 Kotlin: Remove the last uses of fakeLabel 2022-07-12 17:43:50 +01:00
Raul Garcia
64343e00f4 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:25 -07:00