hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,255 Commits 1,672 Branches 157 Tags
bbce52535a84e38ffd8fc1036fbcdf7a758c935e
Commit Graph

8325 Commits

Author SHA1 Message Date
Tamas Vajk
0a484aadf1 Improve code quality based on PR review 2022-06-03 11:17:13 +02:00
Tamas Vajk
ba5cf5b1b2 Kotlin: Fix fake raw type symbols used by the Parcelize plugin 2022-06-03 11:17:13 +02:00
Chris Smowton
70c74bfcc0 Merge pull request #9418 from smowton/smowton/admin/test-java-kotlin-map-entries 
Kotlin: add test for Java and Kotlin both extending Map.Entry
 2022-06-02 15:52:59 +01:00
Chris Smowton
3d63cec1e8 Autoformat 2022-06-02 14:45:28 +01:00
Chris Smowton
ebb52adba6 Kotlin: add test for Java and Kotlin both extending Map.Entry 2022-06-02 13:30:39 +01:00
Chris Smowton
8b1605a617 Merge pull request #9405 from smowton/smowton/fix/restore-wildcard-types 
Kotlin: Introduce / restore implied wildcard types
 2022-06-02 13:26:11 +01:00
Anders Schack-Mulligen
4e6e595b3a Java: Add qldoc. 2022-06-02 13:30:27 +02:00
Chris Smowton
efc534abe7 Add implied wildcards when extracting type parameter bounds 
kotlinc seems to always insert wildcards where type parameter variance implies them, and ignores @JvmSuppressWildcards at least in 1.6.20.
 2022-06-02 11:37:15 +01:00
Anders Schack-Mulligen
9f42ca8d14 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-02 12:00:37 +02:00
Anders Schack-Mulligen
002c456989 Update java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-06-02 12:00:09 +02:00
Chris Smowton
c1592cb1dc Accept test changes 2022-06-02 10:31:35 +01:00
Chris Smowton
910bb51094 Extract WildcardTypeAccesses 
Their absence became more noticeable now that more implicit wildcards are being produced.
 2022-06-02 10:31:08 +01:00
Tamás Vajk
d7b06aa2ba Merge pull request #9401 from tamasvajk/kotlin-cleanup 
Kotlin: Reuse `codeQlWithHasQuestionMark`
 2022-06-02 10:24:17 +02:00
github-actions[bot]
ab4b7d8509 Add changed framework coverage reports 2022-06-02 00:18:51 +00:00
Chris Smowton
dc7d07ff46 Extract correct implied wildcards for Java classes and @JvmSuppressWildcards-annotated entities 
For Java classes this means following the structure of the underlying Java type to determine where the wildcard was really present and where the Java signature ruled it out. The annotation tracking simply means looking for @JvmSuppressWildcards on any surrounding class or function to turn off wildcard introduction by default.
 2022-06-01 20:00:22 +01:00
Chris Smowton
37fce6ace9 Restore implicit wildcard types 
The Kotlin compiler represents types like List<out CharSequence> internally as List<CharSequence> due to the fact that List's type parameter is covariant, and similarly Comparable<in CharSequence> where Comparable's type parameter is contravariant. However it restores use-site variance when emitting class files, so we must do the same thing for
compatability with Java code.

Note this is a partial solution because it will also add wildcards to Java .class files that *could* have a variance / wildcard but don't -- for example, a Java method could really take an invariant Comparable<CharSequence>, which is only achievable in Kotlin via the @JvmSuppressWildcards annotation. We also don't yet support
@JvmSuppressWildcards given on a surrounding class or function.
 2022-06-01 19:58:40 +01:00
Ian Lynagh
e0d9317889 Merge pull request #9389 from igfoo/igfoo/function_loc_override 
Kotlin: Remove extractFunction's location override
 2022-06-01 11:46:22 +01:00
Ian Lynagh
703ced3fe9 Merge pull request #9390 from igfoo/igfoo/valueparam 
Kotlin: extractValueParameter: Simplify typeSubstitution logic
 2022-06-01 11:46:05 +01:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Michael Nebel
9cc10e4511 Merge pull request #9257 from michaelnebel/java/mad-commons-io-sha 
Java: Update commons-io SHA for model regeneration and update models.
 2022-06-01 09:46:30 +02:00
Ian Lynagh
6be4afcf36 Kotlin: extractValueParameter: Simplify typeSubstitution logic 
The type substitution is now done in the wrapper, so the worker doesn't
need to be passed typeSubstitution.
 2022-05-31 19:23:54 +01:00
Ian Lynagh
21d69ae819 Kotlin: Remove extractFunction's location override 
It wasn't being used.
 2022-05-31 17:43:25 +01:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Tamás Vajk
7f5dcfaf0f Merge pull request #9379 from tamasvajk/kotlin-android-specific-return-types 
Kotlin: Change return type of Android specific `ConcurrentHashMap.keySet`
 2022-05-31 14:00:36 +02:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Anders Schack-Mulligen
9212886767 Merge pull request #9286 from aschackmull/java/perf-customnullguard 
Java: Improve customNullGuard performance.
 2022-05-31 11:36:01 +02:00
Anders Schack-Mulligen
e016feeb5c ReDoS: Improve performance in ExponentialBackTracking.qll. 2022-05-31 11:04:03 +02:00
Tamas Vajk
90fdd7eaf9 Kotlin: Reuse codeQlWithHasQuestionMark 2022-05-31 08:47:25 +02:00
Tamas Vajk
89ffefd45e Kotlin: Change return type of Android specific ConcurrentHashMap.keySet 2022-05-30 23:45:38 +02:00
Chris Smowton
1708719fdf Merge pull request #9343 from smowton/smowton/fix/align-kotlin-java-generic-types 
Kotlin: extract methods defined on collections types with their Java signatures
 2022-05-30 17:52:58 +01:00
Michael Nebel
61151d8980 Java: Update workflows and scripts usages to only generate summaries and sinks. 2022-05-30 13:53:44 +02:00
Michael Nebel
72dd1a6ec9 Java: Generate models without sources. 2022-05-30 13:40:14 +02:00
Michael Nebel
a0ae8b3a97 Merge pull request #9361 from michaelnebel/java/capturemodels-metadata 
Java: Update capture models meta data.
 2022-05-30 13:22:09 +02:00
Chris Smowton
49d9d8e7d6 Remove unused imports 2022-05-30 09:59:11 +01:00
Michael Nebel
815dff338d Java: Update capture models meta data. 2022-05-30 09:44:39 +02:00
Michael Nebel
6a4a4cbbe4 Java: Re-generate commons-io models. 2022-05-30 08:16:58 +02:00
Michael Nebel
48da8dde6f Java: Do not derive new write-file sinks. 2022-05-30 08:16:58 +02:00
Michael Nebel
ad4d8304ed Java: Update hand written summary for writeLines as the generated one will be ignored. 2022-05-30 08:16:58 +02:00
Michael Nebel
7e5dd7a065 Java: Manually prefix kind column with generated. 2022-05-30 08:16:58 +02:00
Michael Nebel
0f33c3188c Java: Re-arrange import pattern for generated models. 2022-05-30 08:16:58 +02:00
Michael Nebel
71bcae068e Java: Avoid generating new regex-use sinks. 2022-05-30 08:16:58 +02:00
Chris Smowton
6ea87cd718 Accept test changes 2022-05-27 22:05:57 +01:00
Chris Smowton
9ea139566d Disambiguate the names and trap labels of backing fields of extension properties 2022-05-27 16:27:48 +01:00
Chris Smowton
9c62b349ec Autoformat 2022-05-27 13:36:55 +01:00
Chris Smowton
a204c742d8 Associate certain companion object fields with the parent class 
Specifically `const`, `lateinit` and `@JvmField` properties get a static field which belongs to the containing class not the companion object, such that Java can address them via the containing class name rather than have to navigate a companion object pointer.
 2022-05-27 11:52:39 +01:00
Chris Smowton
a0d5d414b4 Kotlin: extract methods defined on collections types with their Java signatures 
Collection, List and Map all define various methods which are either made more generic in Kotlin (e.g. `remove(Object) -> remove(E)`, `containsAll(Collection<?>) -> containsAll(Collection<E>)`), or are made invariant (e.g. `addAll(Collection<? extends E>) -> addAll(Collection<E>)`). This substitutes the types back to their Java signatures,
thereby avoiding differing trap labels and duplicated methods for these types and their descendents.
 2022-05-27 11:51:46 +01:00
Chris Smowton
1f2248c1c8 Warn if jar file path not in expected form 2022-05-26 11:59:23 +01:00
Chris Smowton
3bd581a052 Kotlin: use the same mtimes as Java 
Previously Kotlin's use of IntelliJ's VirtualFile interface meant we got the containing JAR file's mtime, not that of the individual file entry.
 2022-05-26 11:59:23 +01:00
Tom Hvitved
bcdef98392 Data flow: Sync files 2022-05-25 14:39:37 +02:00