hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,054 Commits 1,672 Branches 157 Tags
cde93a39cd576ed1b907e7d4356a6bd3a4ce480a
Commit Graph

8219 Commits

Author SHA1 Message Date
Jami Cogswell
cde93a39cd Java: add isParameterless predicate to Constructor class 2022-12-09 15:51:40 -05:00
Jami Cogswell
f48cc9f40e Java: remove previous uses of isUninteresting 2022-12-08 16:56:43 -05:00
Jami Cogswell
29046e7960 Java: update ExternalApi characteristic predicate to include not isUninteresting 2022-12-08 12:31:46 -05:00
Chris Smowton
85ee4e6ca1 Merge pull request #11578 from retanoj/MybatisSqli 
Java: Add MyBatis Sql Injection no @Param case
 2022-12-08 13:53:44 +00:00
Chris Smowton
0d2474bd55 Autoformat 2022-12-08 11:30:53 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
retanoj
0edfc6e01e greedy matching 2022-12-08 09:23:24 +08:00
Chris Smowton
9f9a51685b Merge pull request #11510 from smowton/smowton/fix/kotlin-populate-source-class-files 
Kotlin: stub trap .class files when extracting a class from Kotlin source
 2022-12-07 14:33:42 +00:00
Edward Minnix III
170c9af9e8 Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled 
Java: Query for detecting enabling Javascript in Android WebSettings
 2022-12-07 09:31:58 -05:00
retanoj
9cfeaeb18e Merge branch 'main' into MybatisSqli 2022-12-07 21:19:08 +08:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Chris Smowton
c526020fd4 Note TODO re: re-enabling suspend function Java interop testing 2022-12-07 11:51:48 +00:00
Chris Smowton
ecbb96ffc1 Remove no-longer-needed diagnostic expectations 2022-12-07 11:50:41 +00:00
Tony Torralba
cabce5fb36 Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie 
Java: Support interprocedural setting of cookie security
 2022-12-07 12:14:46 +01:00
Tony Torralba
321a2f5a73 Merge pull request #11550 from atorralba/atorralba/kotlin/adapt-path-sanitizer 
Kotlin: Adapt PathSanitizer
 2022-12-07 12:08:00 +01:00
Tony Torralba
6dcc0cc188 Further simplification 2022-12-07 10:50:23 +01:00
Tony Torralba
ccd465d669 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-12-07 10:38:33 +01:00
Tony Torralba
2f622ad72c Refactor by introducing helper predicates 2022-12-07 10:31:54 +01:00
Tony Torralba
85b2642a5e Extraction discrepancy fixed in kotlinc 1.7.21 2022-12-07 09:57:31 +01:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
Chris Smowton
522a549d61 Improve debug logging when the external decl extractor handles an IrFile 2022-12-06 20:39:14 +00:00
Chris Smowton
d2e7797485 Rename to writeStubTrapFile 2022-12-06 20:39:03 +00:00
Ed Minnix
1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Chris Smowton
00f323c8bd Fix: extract directly exposed fields with static modifier 2022-12-06 20:32:10 +00:00
Chris Smowton
c68ac460c9 Accept test changes: again this is a raw class extracted just for its signature. 2022-12-06 18:38:33 +00:00
Chris Smowton
d37a10e4f1 Accept test changes: methods no longer appearing to be final 
This is actually a bug, which we should follow up on subsequently.
 2022-12-06 18:38:31 +00:00
Chris Smowton
59eb81b50a Accept test changes: a raw class getting extracted solely for use in a signature 
We could revert this by allowing useType to avoid triggering class-instance extraction when used just for its signature result
 2022-12-06 18:35:04 +00:00
Chris Smowton
f5579d59f8 Accept test changes: classes no longer getting multiple locations 2022-12-06 18:35:04 +00:00
Chris Smowton
9f722a7e12 Disable java_and_kotlin inconsistency test; accept changes 
This was testing that a signature inconsistency occurs, but this now manifests as a db inconsistency which can't be used as a test expectation because specific tuple numbers are liable to change with the environment.
 2022-12-06 18:35:04 +00:00
Chris Smowton
f2fded6486 Accept jvmstatic-annotation changes 
These occur because the Companion field is odd, being extracted from source but not having an associated FieldDeclaration, leading to PrintAst enumerating the node differently depending on whether it has a source-file location or not but in either case choosing not to show it.
 2022-12-06 18:35:04 +00:00
Chris Smowton
5e023bf619 Remove no-longer-applicable diagnostic matches 
These resulted from the Java compiler exploring NotNull and other Kotlin-emitted annotations, which it no longer does because it finds a .class trap file already present and truncates its class-graph walk
 2022-12-06 18:35:04 +00:00
Chris Smowton
82f3c2f6d5 Mark the Companion field as static 2022-12-06 18:35:04 +00:00
Chris Smowton
d9dc8e38f9 Fix binary names for classes declared from source 
Only top-level non-class declarations need the IrFile's expected class name inserting
 2022-12-06 18:35:04 +00:00
Chris Smowton
910a1f872d Adjust opt-in required to use string-manipulation functions in Kotlin <= 1.5 2022-12-06 18:35:04 +00:00
Chris Smowton
540a2a623e Don't create stub trap files for anonymous or local classes, or unexpected kinds of top-level declaration 2022-12-06 18:35:04 +00:00
Chris Smowton
08e3431107 Also stub class files relating to file classes and top-level declarations 2022-12-06 18:35:04 +00:00
Chris Smowton
748637c2d8 Tidy and use version 0 for classes extracted from source 2022-12-06 18:35:03 +00:00
Chris Smowton
e34d72aee9 Kotlin: stub trap .class files when extracting a class from Kotlin source 2022-12-06 18:35:03 +00:00
retanoj
b0c86d8e51 change string match to regex match 2022-12-06 21:50:09 +08:00
Michael Nebel
8e4190d84a Merge pull request #11516 from michaelnebel/java/externalflowcleanup 
Java: Cleanup imports of `ExternalFlow`
 2022-12-06 14:26:39 +01:00
Anders Schack-Mulligen
b579e2e7ed Merge pull request #11493 from aschackmull/java/scc-equivrel 
Java: Replace ad-hoc SCC reduction with union-find.
 2022-12-06 14:02:46 +01:00
retanoj
2bbd37f9ab change code snippet to or condition 2022-12-06 19:27:29 +08:00
retanoj
de652e1e27 expected 2022-12-06 18:09:48 +08:00
Chris Smowton
3b5b121aeb Merge pull request #11553 from smowton/smowton/fix/kotlin-synthetic-noarg-constructor 
Kotlin: Extract a no-arg constuctor whenever a Kotlin class has default values for all parameters
 2022-12-06 10:07:31 +00:00
retanoj
fb8559f03a tiny fix function name 2022-12-06 18:03:00 +08:00
retanoj
82d0551215 Merge branch 'main' into MybatisSqli 2022-12-06 17:19:30 +08:00
retanoj
d2140eb4b1 MyBatisAnnotationSqlInjection no @Param case 2022-12-06 17:07:49 +08:00
Tom Hvitved
b5e2e1e469 Merge pull request #11564 from hvitved/dataflow/parameter-position-consistency-checks 
Data flow: Add consistency checks for parameter positions
 2022-12-06 09:33:36 +01:00
Michael Nebel
cd5c0bec33 Merge pull request #11527 from michaelnebel/java/regeneratemodels 
Java/C#: Delete old model generator scripts and update Java model re-generator script.
 2022-12-06 09:24:13 +01:00
Chris Smowton
407e4cdd07 Don't create a default constructor for annotations, or classes that explicitly declare a no-arg constructor. 2022-12-05 16:17:51 +00:00