804 Commits

Author	SHA1	Message	Date
luchua-bc	eccd97c7b7	Query to detect unsafe getResource calls in Java EE applications	2022-04-09 01:14:15 +00:00
Anders Schack-Mulligen	4eaec3953a	Merge pull request #8694 from aschackmull/dataflow/cleanup-unused ... Dataflow: Cleanup unused column	2022-04-07 15:16:27 +02:00
Anders Schack-Mulligen	c0f48b6c14	Merge pull request #8681 from JLLeitschuh/fix/JLL/os_check_bugs ... Java: Fix Local Temp File/Dir Incorrect Guard Logic	2022-04-07 14:00:13 +02:00
Anders Schack-Mulligen	7beed570f2	Dataflow: Sync.	2022-04-07 13:53:48 +02:00
Anders Schack-Mulligen	876a9f80ce	Dataflow: remove unused column.	2022-04-07 13:53:27 +02:00
Erik Krogh Kristensen	ef9b6a11a6	Merge pull request #8679 from erik-krogh/getUrl ... Java: rename existing getUrl predicate to getRepositoryUrl	2022-04-07 10:01:14 +02:00
Michael Nebel	72d4c97463	Merge pull request #8628 from michaelnebel/csharp/generatedkind ... C#: Introduce generated flag as a part of the kind column for flow summaries	2022-04-07 08:43:30 +02:00
Jonathan Leitschuh	2753521650	Java: Fix Local Temp File/Dir Incorrect Guard Logic ... Resolves https://github.com/github/codeql/pull/8032#discussion_r841723906	2022-04-06 12:16:09 -04:00
Erik Krogh Kristensen	563d0d6532	rename existing getUrl predicate to getRepositoryUrl	2022-04-06 15:32:33 +02:00
Anders Schack-Mulligen	879b8a1200	Merge pull request #8676 from pwntester/java_hotspots_mods ... Make security-related TaintTracking Configuration public	2022-04-06 14:40:14 +02:00
Tom Hvitved	4099d1318f	Data flow: Tweak two join-orders ... Before ``` [2022-04-06 13:19:29] (96s) Tuple counts for DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff/2@i14#aa10f2wi after 4.4s: 10681 ~0% {2} r1 = SCAN DataFlowImpl2::Stage1::revFlow#7ad53399#fff#prev_delta OUTPUT In.0, In.2 'config' 982 ~1% {3} r2 = JOIN r1 WITH DataFlowImpl2::readSet#7ad53399#ffff_2301#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.1 'config', Rhs.2 83691528 ~2% {3} r3 = JOIN r2 WITH DataFlowPublic::ContentSet::getAReadContent#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.1 'config', Lhs.2, Rhs.1 'c' 83581763 ~2% {3} r4 = r3 AND NOT DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff#prev(Lhs.2 'c', Lhs.0 'config') 83581763 ~0% {3} r5 = SCAN r4 OUTPUT In.2 'c', In.0 'config', In.1 0 ~0% {3} r6 = JOIN r5 WITH DataFlowImpl2::Stage1::fwdFlowConsCand#7ad53399#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1 'config', Lhs.0 'c' 0 ~0% {2} r7 = JOIN r6 WITH DataFlowImpl2::Stage1::fwdFlow#7ad53399#2#fff_02#join_rhs ON FIRST 2 OUTPUT Lhs.2 'c', Lhs.1 'config' return r7 ``` After ``` [2022-04-06 13:44:38] (6s) Tuple counts for DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff/2@i14#5abbf2wn after 6ms: 10681 ~0% {2} r1 = SCAN DataFlowImpl2::Stage1::revFlow#7ad53399#fff#prev_delta OUTPUT In.0, In.2 'config' 982 ~1% {3} r2 = JOIN r1 WITH DataFlowImpl2::readSet#7ad53399#ffff_2301#join_rhs ON FIRST 2 OUTPUT Rhs.3, Lhs.1 'config', Rhs.2 109765 ~0% {3} r3 = JOIN r2 WITH DataFlowImpl2::Stage1::fwdFlowConsCandSet#7ad53399#fff#reorder_0_2_1 ON FIRST 2 OUTPUT Lhs.1 'config', Lhs.2, Rhs.2 'c' 0 ~0% {3} r4 = r3 AND NOT DataFlowImpl2::Stage1::revFlowConsCand#7ad53399#ff#prev(Lhs.2 'c', Lhs.0 'config') 0 ~0% {3} r5 = SCAN r4 OUTPUT In.1, In.0 'config', In.2 'c' 0 ~0% {2} r6 = JOIN r5 WITH DataFlowImpl2::Stage1::fwdFlow#7ad53399#2#fff_02#join_rhs ON FIRST 2 OUTPUT Lhs.2 'c', Lhs.1 'config' return r6 ```	2022-04-06 13:52:30 +02:00
Anders Schack-Mulligen	bbb6d08071	Merge pull request #8661 from Marcono1234/marcono1234/getMethod-public-only ... Java: Fix reflection predicate for `getMethod` having non-public method result	2022-04-06 12:03:14 +02:00
Alvaro Muñoz Sanchez	9ccd0e564b	Add QLDocs	2022-04-06 12:00:41 +02:00
Anders Schack-Mulligen	d0b5b99e74	Merge pull request #8611 from github/smowton/doc/switch-expr-accessors ... Java: make SwitchCase.getRuleExpression/Statement more consistent	2022-04-06 11:16:40 +02:00
Alvaro Muñoz Sanchez	19b8d51c0b	Update CommandLineQuery ... Make TaintTracking configuration public	2022-04-06 10:58:56 +02:00
Alvaro Muñoz Sanchez	abaa71e2c5	Update Sql Injection queries ... move java/ql/src/Security/CWE/CWE-089/SqlInjectionLib.qll -> java/ql/lib/semmle/code/java/security/SqlInjectionQuery.qll	2022-04-06 10:57:14 +02:00
Michael Nebel	2562910b94	C#: Update Csv validation to allow sources and sink kinds to be prefixed with generated.	2022-04-05 14:25:34 +02:00
Michael Nebel	0374f84c05	Java: Make support for generated as a part of kind.	2022-04-05 14:25:34 +02:00
Michael Nebel	784327c183	Java/Ruby: Hardcode generated flag to false.	2022-04-05 08:55:12 +02:00
Michael Nebel	de76df3988	C#: Only use generated summaries, if no handwritten model exist for a particular dataflow callable.	2022-04-05 08:55:12 +02:00
Michael Nebel	3fe941aae2	C#: Add missing empty ext column in generated summaries.	2022-04-04 15:58:35 +02:00
Marcono1234	6dd14a6cb3	Java: Fix reflection predicate for getMethod having non-public method result	2022-04-04 15:10:49 +02:00
Tom Hvitved	b91858e7cf	Java: Implement ContentSet	2022-04-04 13:51:44 +02:00
Tom Hvitved	c4fbc618a9	Data flow: Sync files	2022-04-04 13:51:44 +02:00
Chris Smowton	28fa49dcd6	dataflow -> data-flow	2022-04-01 13:22:58 +01:00
Tony Torralba	cc9b16beff	Fix wrong models of spring-web	2022-04-01 12:37:30 +02:00
Tony Torralba	3747aec144	Improve models of spring-beans	2022-04-01 12:37:22 +02:00
Chris Smowton	3b0bd3bc0f	Improve wording	2022-04-01 11:31:31 +01:00
Chris Smowton	99026a6071	Improve wording of isAdditionalFlow/TaintStep qldoc	2022-04-01 11:07:27 +01:00
Chris Smowton	9309a652df	Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions ... [Java]: Add precondition support for testing library asserts	2022-03-31 22:30:09 +01:00
Chris Smowton	2829770003	Autoformat and fix typo	2022-03-31 14:11:09 +01:00
Chris Smowton	c2d461bcee	Format	2022-03-31 12:19:53 +01:00
Chris Smowton	0d9c353c37	Represent switch statement and switch expression results alike	2022-03-31 12:19:11 +01:00
Chris Smowton	96bf754f01	Accept intrigus suggested doc clarifications ... Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2022-03-31 12:09:45 +01:00
Anders Schack-Mulligen	f28da00ec4	Java: Fix qldoc as followup to https://github.com/github/codeql/pull/8323	2022-03-31 12:50:36 +02:00
Chris Smowton	19cd97e426	Java: Clarify the meaning of getRuleExpression/Statement	2022-03-30 17:58:11 +01:00
Marcono1234	a93b4ed0f2	Java: Make JumpStmt a proper superclass	2022-03-30 00:30:27 +02:00
Chris Smowton	005a020f04	Merge pull request #8508 from igfoo/igfoo/error_elements ... Java: Add ErrorExpr, ErrorStmt	2022-03-24 10:39:14 +00:00
Jonathan Leitschuh	bd87be636a	Refactor to conditionCheckArgument deprecate old method	2022-03-22 11:56:43 -04:00
Michael Nebel	1d45996001	Merge pull request #8466 from michaelnebel/csharp/refactor-aspartial ... C#: Refactor asPartial to allow re-use.	2022-03-22 10:54:54 +01:00
Jonathan Leitschuh	b3ee1bd313	Refactor Preconditions and add Tests	2022-03-21 11:20:05 -04:00
Jonathan Leitschuh	1d0275344d	[Java]: Add precondition support for testing library asserts	2022-03-18 20:39:24 -04:00
Chris Smowton	767453520e	Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os ... Java: Add Guard Classes for checking OS & unify System Property Access	2022-03-18 11:20:36 +00:00
Tom Hvitved	79ea2a3a9c	Data flow: Sync files	2022-03-17 14:03:58 +01:00
Michael Nebel	4a68b74aa3	C#: Re-use the asPartialModel for DataFlowPrivate in tests.	2022-03-16 17:02:00 +01:00
Jeroen Ketema	7a9a9d833a	Merge pull request #8435 from jketema/all-the-barriers ... Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard	2022-03-16 15:50:19 +01:00
Tony Torralba	8790df7a34	Style fixes	2022-03-16 15:11:04 +01:00
Ian Lynagh	2116e6d120	Java: Add ErrorExpr, ErrorStmt	2022-03-15 17:30:19 +00:00
Jonathan Leitschuh	09cc8ee09e	Add tests for StandardSystemProperty	2022-03-15 12:37:42 -04:00
jorgectf	ed198709b4	Refactor MyBatisAbstractSQLMethodsStep ... Set output to `Argument[-1]` instead of `ReturnValue` to be able to get rid of `MyBatisAbstractSQLAnonymousClassStep`. Thanks @pwntester!	2022-03-15 13:46:06 +01:00