hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,097 Commits 1,672 Branches 157 Tags
ce5509a080339f9f23ddfe5920a53f249ccca7b6
Commit Graph

8232 Commits

Author SHA1 Message Date
Tamas Vajk
ce5509a080 Kotlin: Adjust MaD argument shifting for $default method 2022-12-09 10:29:52 +01:00
Tamas Vajk
243c311b3d Accept unit test changes 2022-12-09 10:29:52 +01:00
Tamas Vajk
81c35c8b27 Adjust PathSanitizer to use fixed $default extension method functionality 2022-12-09 10:29:52 +01:00
Tamas Vajk
f646938d91 Revert "Kotlin: Adjust ExtensionReceiverAccess.toString to not return hard coded this value" 
This reverts commit 9649a8f64aa47d860d3ce2d005a939df75ee0e41.
 2022-12-09 10:29:52 +01:00
Tamas Vajk
ac5219fc7a Kotlin: Adjust ExtensionReceiverAccess.toString to not return hard coded this value 2022-12-09 10:29:52 +01:00
Tamas Vajk
d93dce0fa9 Kotlin: Fix extension and dispatch parameter order in $default functions 2022-12-09 10:29:51 +01:00
Tamas Vajk
6457e059f5 Kotlin: Fix extraction of $default extension functions 2022-12-09 10:26:44 +01:00
Tamas Vajk
43f23801f5 Kotlin: Add test for extension $default functions 2022-12-09 10:26:44 +01:00
Chris Smowton
cddb5c5e2d Merge pull request #11616 from smowton/smowton/fix/callable-modality-abstraction 
Kotlin: extract callable modality
 2022-12-09 08:07:57 +00:00
Chris Smowton
1d209d1bcd Accept modifiers test changes 2022-12-08 22:52:40 +00:00
Henry Mercer
d196704a2d Merge pull request #11574 from github/henrymercer/check-query-ids 
Add a PR check to ensure query IDs are unique
 2022-12-08 15:31:26 +00:00
Chris Smowton
d0a2c1c9b6 Accept test changes 2022-12-08 14:44:43 +00:00
Chris Smowton
a79126268c Override modality when needed 
In particular when generating an implementation based on an abstract prototype, the result is final, and an interface forwarder is open / Java's default modality.
 2022-12-08 14:39:57 +00:00
Chris Smowton
85ee4e6ca1 Merge pull request #11578 from retanoj/MybatisSqli 
Java: Add MyBatis Sql Injection no @Param case
 2022-12-08 13:53:44 +00:00
Henry Mercer
3036b15af2 Merge branch 'main' into henrymercer/check-query-ids 2022-12-08 13:05:46 +00:00
Chris Smowton
045e3a2cf3 Kotlin: extract callable modality 2022-12-08 12:22:50 +00:00
Chris Smowton
0d2474bd55 Autoformat 2022-12-08 11:30:53 +00:00
Chris Smowton
49bc524fd0 Merge remote-tracking branch 'origin/rc/3.8' into smowton/admin/merge-rc38-into-main 2022-12-08 11:12:30 +00:00
retanoj
0edfc6e01e greedy matching 2022-12-08 09:23:24 +08:00
Chris Smowton
9f9a51685b Merge pull request #11510 from smowton/smowton/fix/kotlin-populate-source-class-files 
Kotlin: stub trap .class files when extracting a class from Kotlin source
 2022-12-07 14:33:42 +00:00
Edward Minnix III
170c9af9e8 Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled 
Java: Query for detecting enabling Javascript in Android WebSettings
 2022-12-07 09:31:58 -05:00
retanoj
9cfeaeb18e Merge branch 'main' into MybatisSqli 2022-12-07 21:19:08 +08:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Chris Smowton
c526020fd4 Note TODO re: re-enabling suspend function Java interop testing 2022-12-07 11:51:48 +00:00
Chris Smowton
ecbb96ffc1 Remove no-longer-needed diagnostic expectations 2022-12-07 11:50:41 +00:00
Tony Torralba
cabce5fb36 Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie 
Java: Support interprocedural setting of cookie security
 2022-12-07 12:14:46 +01:00
Tony Torralba
321a2f5a73 Merge pull request #11550 from atorralba/atorralba/kotlin/adapt-path-sanitizer 
Kotlin: Adapt PathSanitizer
 2022-12-07 12:08:00 +01:00
Tony Torralba
6dcc0cc188 Further simplification 2022-12-07 10:50:23 +01:00
Tony Torralba
ccd465d669 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-12-07 10:38:33 +01:00
Tony Torralba
2f622ad72c Refactor by introducing helper predicates 2022-12-07 10:31:54 +01:00
Tony Torralba
85b2642a5e Extraction discrepancy fixed in kotlinc 1.7.21 2022-12-07 09:57:31 +01:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
Chris Smowton
522a549d61 Improve debug logging when the external decl extractor handles an IrFile 2022-12-06 20:39:14 +00:00
Chris Smowton
d2e7797485 Rename to writeStubTrapFile 2022-12-06 20:39:03 +00:00
Ed Minnix
1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Chris Smowton
00f323c8bd Fix: extract directly exposed fields with static modifier 2022-12-06 20:32:10 +00:00
Chris Smowton
c68ac460c9 Accept test changes: again this is a raw class extracted just for its signature. 2022-12-06 18:38:33 +00:00
Chris Smowton
d37a10e4f1 Accept test changes: methods no longer appearing to be final 
This is actually a bug, which we should follow up on subsequently.
 2022-12-06 18:38:31 +00:00
Chris Smowton
59eb81b50a Accept test changes: a raw class getting extracted solely for use in a signature 
We could revert this by allowing useType to avoid triggering class-instance extraction when used just for its signature result
 2022-12-06 18:35:04 +00:00
Chris Smowton
f5579d59f8 Accept test changes: classes no longer getting multiple locations 2022-12-06 18:35:04 +00:00
Chris Smowton
9f722a7e12 Disable java_and_kotlin inconsistency test; accept changes 
This was testing that a signature inconsistency occurs, but this now manifests as a db inconsistency which can't be used as a test expectation because specific tuple numbers are liable to change with the environment.
 2022-12-06 18:35:04 +00:00
Chris Smowton
f2fded6486 Accept jvmstatic-annotation changes 
These occur because the Companion field is odd, being extracted from source but not having an associated FieldDeclaration, leading to PrintAst enumerating the node differently depending on whether it has a source-file location or not but in either case choosing not to show it.
 2022-12-06 18:35:04 +00:00
Chris Smowton
5e023bf619 Remove no-longer-applicable diagnostic matches 
These resulted from the Java compiler exploring NotNull and other Kotlin-emitted annotations, which it no longer does because it finds a .class trap file already present and truncates its class-graph walk
 2022-12-06 18:35:04 +00:00
Chris Smowton
82f3c2f6d5 Mark the Companion field as static 2022-12-06 18:35:04 +00:00
Chris Smowton
d9dc8e38f9 Fix binary names for classes declared from source 
Only top-level non-class declarations need the IrFile's expected class name inserting
 2022-12-06 18:35:04 +00:00
Chris Smowton
910a1f872d Adjust opt-in required to use string-manipulation functions in Kotlin <= 1.5 2022-12-06 18:35:04 +00:00
Chris Smowton
540a2a623e Don't create stub trap files for anonymous or local classes, or unexpected kinds of top-level declaration 2022-12-06 18:35:04 +00:00
Chris Smowton
08e3431107 Also stub class files relating to file classes and top-level declarations 2022-12-06 18:35:04 +00:00
Chris Smowton
748637c2d8 Tidy and use version 0 for classes extracted from source 2022-12-06 18:35:03 +00:00
Chris Smowton
e34d72aee9 Kotlin: stub trap .class files when extracting a class from Kotlin source 2022-12-06 18:35:03 +00:00