hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

5184 Commits

Author SHA1 Message Date
Jonathan Leitschuh
f341234edb Apply suggestions from code review 
Co-Authored-By: Felicity Chapman <felicitymay@github.com>
Co-Authored-By: yo-h <55373593+yo-h@users.noreply.github.com>
 2019-12-09 19:17:23 -05:00
Henning Makholm
baacc6f66b Java tests: add queries.xml 
The `queries.xml` file defines which extractor the `codeql test` runner will use
to extract databases for the tests. In the future one will be able to write this
information in `qlpack.yml`, but we can't do that immediately because the
_existing_ CodeQL tooling would  refuse to parse  a `qlpack.yml` that has
the new field in it.
 2019-12-07 02:38:02 +01:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Jonas Jensen
57917bec17 Merge pull request #2480 from hvitved/dataflow/performance-tweaks 
Data flow: Various performance tweaks
 2019-12-03 18:44:11 +01:00
Henning Makholm
95c26a51af remove java test EmptyInterface 
This is a test of an internal query for the Semmle repository. It cannot
run against the public QL repository alone, and therefore should not be
tested here.

https://git.semmle.com/Semmle/code/pull/35690 adds the test back to the
internal repo.
 2019-12-02 15:29:42 +01:00
Tom Hvitved
b3990c5a1d Data flow: Revert reordering changes in flowStore and flowRead 2019-12-02 14:25:59 +01:00
Tom Hvitved
5baa133e6c Data flow: Sync files 2019-12-02 13:41:17 +01:00
Jonas Jensen
5b24b1efc3 Merge remote-tracking branch 'upstream/rc/1.23' into mergeback-20191202 
Conflicts solved:
	javascript/extractor/src/com/semmle/js/extractor/Main.java
	javascript/ql/test/query-tests/Statements/UseOfReturnlessFunction/tst.js
 2019-12-02 09:57:34 +01:00
Anders Schack-Mulligen
333d0a69d2 Java/C++/C#: Bugfix for field flow through reverse read. 2019-11-29 09:38:24 +01:00
Anders Schack-Mulligen
2c3a6d7359 Java: Allow explicit zero multiplication in java/evaluation-to-constant. 2019-11-27 11:49:43 +01:00
Anders Schack-Mulligen
3d0e3aa1fd Java: Fix a number of performance issues when toString is cached. 2019-11-27 09:06:15 +01:00
yo-h
8a8b795696 Merge pull request #2447 from aschackmull/java/cache-perf 
Java: Improve performance by normalizing import order to reduce cache invalidation.
 2019-11-26 16:26:53 -05:00
Anders Schack-Mulligen
deb6a6e5c6 Java: Improve performance by normalizing import order to reduce cache invalidation. 2019-11-26 17:20:01 +01:00
Anders Schack-Mulligen
18e1708036 Merge pull request #2412 from Cornelius-Riemenschneider/nullness-corr-cond 
Java: Nullness library: track instanceof expressions in correlated conditions
 2019-11-26 10:33:34 +01:00
Cornelius Riemenschneider
37f162106a Fix formatting of file. 2019-11-25 17:04:38 +01:00
Cornelius Riemenschneider
3368169df8 Address review. 2019-11-25 14:54:50 +01:00
Tom Hvitved
a26efdf4c1 Java/C++/C#: Rename DataFlowErasedType back to DataFlowType 2019-11-25 11:43:58 +01:00
Cornelius Riemenschneider
0e7a08201f Address review by Anders. 2019-11-22 12:19:06 +01:00
Jonathan Leitschuh
21193bd780 Java: Use of HTTP/FTP to download/upload Maven artifacts 
This adds a security alert for the use of HTTP or FTP to download or upload
artifacts using Maven.
 2019-11-21 13:35:29 -05:00
Cornelius Riemenschneider
5d4b6c3a8c Nullness: Track correlated conditions of equality tests of variables. 2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider
92f32a12d8 Add tests for nullness tracking by comparing variables. 2019-11-21 19:23:39 +01:00
Cornelius Riemenschneider
3e5324e772 More precise Nullness tracking by taking correlated instanceof expressions into account. 
Fixes #2238.
 2019-11-21 18:38:27 +01:00
Cornelius Riemenschneider
d8aae1c126 Add tests to track nullness by instanceof checks. 2019-11-21 18:38:27 +01:00
Tom Hvitved
acc7d5298d Data flow: Sync files 2019-11-20 14:10:02 +01:00
Tom Hvitved
6c0dbcfca2 Java/C++: Add DataFlowErasedType aliases 2019-11-20 14:09:53 +01:00
yh-semmle
de65f023d6 Merge pull request #2167 from aschackmull/java/dataflow-out-of-arg-refactor 
Java/C++/C#: Refactor dataflow to simplify return flow.
 2019-11-15 11:10:06 -05:00
Anders Schack-Mulligen
81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Anders Schack-Mulligen
106b8cfbca Java/C++/C#: Fix bad magic and bad join-order. 2019-11-14 13:17:17 +01:00
Anders Schack-Mulligen
6a2edce040 Merge pull request #2205 from rneatherway/java/hamcrest-nullness 
Java: Respect Hamcrest assertThat(X, notNullValue())
 2019-11-14 13:09:56 +01:00
Dave Bartolomeo
e89ecc19e3 Merge pull request #2302 from max-schaefer/test-qlpacks 
Add `qlpack.yml` files for test folders.
 2019-11-13 12:21:19 -07:00
yh-semmle
429c307832 Merge pull request #2304 from aschackmull/java/rangeanalysis-integral-fix 
Java: Fix range analysis bug in integral inequality bounds.
 2019-11-12 16:33:12 -05:00
Anders Schack-Mulligen
7619275c8b Java: Fix range analysis bug in integral inequality bounds. 2019-11-12 17:28:40 +01:00
Anders Schack-Mulligen
8cd6b51763 Java: Add ConditionalExpr to overflow candidate pattern. 2019-11-12 17:27:18 +01:00
Max Schaefer
5b2e32b051 Add qlpack.yml files for test folders. 2019-11-12 15:03:02 +00:00
Anders Schack-Mulligen
e6d0a2eca5 Merge pull request #2215 from yh-semmle/java-remove-obsolete-queries 
Java: remove some obsolete metric queries
 2019-11-12 10:14:55 +01:00
Anders Schack-Mulligen
b0fecbce28 Merge pull request #2230 from yh-semmle/java-move-cwe502-lib 
Java: move `UnsafeDeserialization.qll` to standard library location
 2019-11-11 10:44:52 +01:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Robin Neatherway
7850d67a78 Remove TODO comment 
I've checked Hamcrest versions 1.3, 2.0, 2.1 and 2.2
 2019-11-06 17:47:02 +00:00
yh-semmle
e232f538e9 Java 13: update test options 2019-11-02 16:09:32 -04:00
yh-semmle
e8a65101bc Java 13: add db stats for @yieldstmt 2019-11-02 16:09:32 -04:00
yh-semmle
de0869c216 Java 13: remove superfluous disjunct in JumpStmt.getAPotentialTarget() 2019-11-02 16:09:31 -04:00
yh-semmle
8fb4dbe092 Java 13: account for changes to switch expressions 2019-11-02 16:09:31 -04:00
yh-semmle
9f37237b4a Java 13: add stmt kind @yieldstmt to dbscheme 2019-11-02 16:09:31 -04:00
Robin Neatherway
d3016e5b98 Run autoformatter 2019-10-31 11:21:57 +00:00
yh-semmle
8620b0513e Java: move UnsafeDeserialization.qll to standard library location 2019-10-30 11:18:36 -04:00
Robin Neatherway
96f9a01355 Correct minor compilation errors in test code 2019-10-29 17:52:13 +00:00
Robin Neatherway
84202ff2e1 Java: Respect Hamcrest assertThat(X, notNullValue()) 2019-10-29 17:52:13 +00:00
Anders Schack-Mulligen
d0842fc35d Java/C++/C#: Minor refactor following review comment. 2019-10-28 16:31:22 +01:00
Anders Schack-Mulligen
0ffcf9ce64 Merge pull request #2192 from JLLeitschuh/feature/JLL/http_response_splitting_netty 
Add CWE-113 check for io.netty.handler.codec.http.DefaultHttpHeaders
 2019-10-28 15:01:20 +01:00
Anders Schack-Mulligen
379ef1d2f9 Java: Fix bad magic and join-order. 2019-10-28 10:40:06 +01:00