hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 20:56:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,669 Commits 1,673 Branches 157 Tags
bcfe4ece6f5cf99e61e2abb05e62b48871dbb2bd
Commit Graph

1711 Commits

Author SHA1 Message Date
Chris Smowton
5e28e5a170 Merge pull request #10909 from smowton/smowton/fix/kotlin-varargs-dataflow 
Kotlin: Fix varargs dataflow, and varargs default handling
 2022-10-21 13:32:34 +01:00
Chris Smowton
1fe9e8457f Kotlin: Fix varargs dataflow, and varargs default handling 
Dataflow requires accounting for the fact that the varargs parameter isn't necessarily last in the parameter list in a couple more places. Default handling just requires that if the only null parameter is the varargs argument, and it has no default value, then no $default method is required-- the caller is expected to simply pass nothing (at QL
/ source level) or an empty array (at JVM level).
 2022-10-21 11:14:41 +01:00
github-actions[bot]
be7693283b Post-release preparation for codeql-cli-2.11.2 2022-10-21 08:07:17 +00:00
github-actions[bot]
9a0848bbc4 Release preparation for version 2.11.2 2022-10-20 11:05:19 +00:00
Chris Smowton
e868cdf91b Merge pull request #9876 from smowton/smowton/feature/interface-forwarding 
Kotlin: implement default interface forwarding
 2022-10-20 10:17:47 +01:00
Chris Smowton
c6b62c934b Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes 
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
 2022-10-19 16:48:28 +01:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Tamás Vajk
543e2f5aab Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers 
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
 2022-10-18 09:10:57 +02:00
Chris Smowton
b4c4a26e22 Element.hasChildElement: associate local classes specialisations with their unspecialised containing function 2022-10-17 18:43:12 +01:00
Chris Smowton
b763c406b6 hasChildElement: include method -> local class edges 2022-10-17 18:38:13 +01:00
Chris Smowton
e8a35983ee Implement Kotlin default interface method forwarding 
Kotlin's implementation of defaults depends on the -Xjvm-default setting (or the @JvmDefault deprecated annotation, not implemented here): by default, actual interface class files don't use default method, and any class that would inherit one instead implements the interface calling a static method defined on TheInterface$DefaultImpls. With
-Xjvm-default=all or =all-compatibility, real interface default methods are emitted, with the latter retaining the DefaultImpls methods so that other Kotlin can use it.

Here I adopt a hybrid solution: create a real default method implementation, but also emit a forwarding method like `@override int f(int x) { return super.TheInterface.f(x); }`, because the Java extractor will see `MyClass.f` in the emitted class file and try to dispatch directly to it. The only downside is that we emit a default interface
method body for a prototype that will appear to be `abstract` to the Java extractor and which it will extract as such. I work around this by tolerating the combination `default abstract` in QL. The alternative would be to fully mimic the DefaultImpls approach, giving 100% fidelity to kotlinc's strategy and therefore no clash with the Java
extractor's view of the world.
 2022-10-17 18:38:13 +01:00
Chris Smowton
8553266aae Allow specialised instances of anonymous classes 2022-10-17 11:27:05 +01:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00
Anders Schack-Mulligen
5ce4483a8e Merge pull request #10795 from aschackmull/java/synth-callable 
Java: Add support for synthetic callables with flow summaries and model Stream.collect
 2022-10-14 10:58:14 +02:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Anders Schack-Mulligen
ad8f0fc1dd Java: Address review comments. 2022-10-13 14:55:55 +02:00
Anders Schack-Mulligen
2848909450 Dataflow: Add support for synthetic global fields in MaD. 2022-10-13 14:18:13 +02:00
Anders Schack-Mulligen
51dfb319f5 Java: autoformat 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
ac3379657d Java: qldoc fix and changenote. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
8c7b6d6f20 Java: Add support for synthetic callables with flow summaries and model Stream.collect. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
036724ce8d Dataflow: Sync. 2022-10-13 11:03:30 +02:00
Anders Schack-Mulligen
c4915b27e7 Dataflow: Add additional annotation. 2022-10-13 11:03:08 +02:00
Tamás Vajk
6c781b5b1a Merge pull request #10789 from tamasvajk/kotlin-useless-params 
Kotlin: reduce FPs in useless parameter check for Kotlin code
 2022-10-13 09:40:54 +02:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b spelling: pattern 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
370da943dc spelling: abcdefghijklmnopqrstuvwxyz 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Tamas Vajk
0d6da9ca7f Exclude serialization constructors from useless parameters check 2022-10-12 12:58:28 +02:00
Tamas Vajk
955336fb22 Kotlin: exclude generated code from useless parameter check 2022-10-12 12:42:56 +02:00
Chris Smowton
3b49594c20 Kotlin: Add Callable.getKotlinParameterDefaultsProxy 2022-10-12 11:29:55 +01:00
Tamas Vajk
41a54f2a98 Add change note 2022-10-11 16:40:08 +02:00
Tamas Vajk
524dac551b Add upgrade and downgrade folders 2022-10-11 16:40:08 +02:00
Tamas Vajk
9eea6d4193 Kotlin: Extract type parameter modifiers (reified, in, out) 2022-10-11 16:40:07 +02:00
Tamás Vajk
8523d21f8c Merge pull request #10696 from tamasvajk/kotlin-lateinit 
Kotlin: Extract `lateinit` modifier
 2022-10-11 15:03:10 +02:00
Tom Hvitved
d6df69d481 Merge pull request #10754 from hvitved/dataflow/non-hidden-succ-fast-tc 
Data flow: Improve `fastTC` bound in `PathNodeImpl::getANonHiddenSuccessor`
 2022-10-11 11:12:58 +02:00
Tamás Vajk
70b8224a8b Merge pull request #10723 from tamasvajk/kotlin-generated-files 
Kotlin: Recognize generated files
 2022-10-10 16:24:42 +02:00
Tom Hvitved
ffb2b1c15e Data flow: Sync files 2022-10-10 15:39:13 +02:00
Tamas Vajk
544e2e4107 Remove path based generated file classification 2022-10-10 14:42:15 +02:00
Tom Hvitved
296ec94a2a Data flow: Sync files 2022-10-09 19:48:45 +02:00
Jami
bb0f2f7d36 Merge pull request #10368 from jcogs33/android-deeplink-analysis 
Java: Android deeplink analysis
 2022-10-07 14:32:05 -04:00
Dave Bartolomeo
5ee7986649 Merge pull request #10736 from github/post-release-prep/codeql-cli-2.11.1 
Post-release preparation for codeql-cli-2.11.1
 2022-10-07 14:23:31 -04:00
github-actions[bot]
b8ef9e0ddc Post-release preparation for codeql-cli-2.11.1 2022-10-07 15:59:45 +00:00
Tamas Vajk
f51c13f0c1 Kotlin: Recognize generated files 2022-10-07 09:32:00 +02:00
github-actions[bot]
a02dcdc5e1 Release preparation for version 2.11.1 2022-10-07 02:20:28 +00:00
Tony Torralba
ceae5eef28 Revert "Decouple from #10177" 
This reverts commit 7b34b10cee.
 2022-10-06 16:30:23 +02:00
Tony Torralba
21a0c446b4 Update java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-10-06 16:28:17 +02:00
Tony Torralba
7b34b10cee Decouple from #10177 2022-10-06 16:28:17 +02:00