hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
56,251 Commits 1,671 Branches 157 Tags
cf83baeead28fe5cb13fae12aafda4118d77ebe5
Commit Graph

9976 Commits

Author SHA1 Message Date
github-actions[bot]
cf83baeead Add changed framework coverage reports 2023-06-30 00:17:47 +00:00
Tony Torralba
b2e8167407 Merge pull request #13587 from github/koesie10/update-java-external-api-name 
Java: Fix external API name for nested types
 2023-06-29 13:23:20 +02:00
Koen Vlaswinkel
6806b8750d Java: Use getSourceDeclaration to handle generic types 2023-06-29 11:49:16 +02:00
jorgectf
9d8ae5039a Add models for javax.portlet 2023-06-28 17:53:56 +02:00
Ian Lynagh
641f186afc Merge pull request #13600 from igfoo/igfoo/fake_fun 
Kotlin: Remove a use of ObsoleteDescriptorBasedAPI
 2023-06-28 15:50:27 +01:00
Ian Lynagh
a50d804ad7 Kotlin: Remove a use of ObsoleteDescriptorBasedAPI 
This isn't supported in Kotlin 2 mode, but removing this code doesn't
affect any tests.
 2023-06-28 13:48:43 +01:00
Kasper Svendsen
7c59f5ac18 Merge pull request #13578 from kaspersv/kaspersv/java-remaining-implicit-this 
Java: Enable implicit this warnings for remaining packs
 2023-06-28 14:27:24 +02:00
Koen Vlaswinkel
51af03d2bc Java: Add tests for names of nested classes 2023-06-28 09:52:25 +02:00
github-actions[bot]
0749af79d7 Add changed framework coverage reports 2023-06-28 00:18:40 +00:00
Ian Lynagh
4adecf0d15 Merge pull request #13586 from igfoo/igfoo/diag-limit 
Kotlin: Remove an out-of-date comment
 2023-06-27 15:41:47 +01:00
Ian Lynagh
b0d2ca5df4 Merge pull request #13568 from igfoo/igfoo/android_lint 
Java: Tweak some android tests
 2023-06-27 15:41:37 +01:00
Ian Lynagh
4415c364ac Merge pull request #13542 from igfoo/igfoo/modality_final 
Kotlin: Remove an expected-no-getter exception
 2023-06-27 15:41:27 +01:00
Koen Vlaswinkel
fcb2f1082c Java: Fix external API name for nested types 
This fixes the name of reported external APIs for nested types.
The `toString()` method of `getSourceDeclaration()` would report the
name of a type, but not the name of the enclosing type. This results
in missing information in the `UnsupportedExternalAPIs.ql` query.

For example, previously it would report:

```
org.zapodot.junit.db.Builder#build()
```

However, the `Builder` class does not exist in the package and is only
a nested type within `EmbeddedDatabaseRule`. The correct name should be:

```
org.zapodot.junit.db.EmbeddedDatabaseRule$Builder#build()
```

This name also matches the format of MaD.
 2023-06-27 15:23:55 +02:00
Ian Lynagh
d588f52262 Kotlin: Remove an out-of-date comment 2023-06-27 13:33:52 +01:00
Tony Torralba
a7c2a25cac Merge pull request #12879 from atorralba/atorralba/java/command-injection-mad-sinks 
Java: Convert all command injection sinks to MaD format
 2023-06-27 14:06:45 +02:00
Tony Torralba
6e20bd04e9 Merge pull request #13539 from atorralba/atorralba/java/url-to-string-model 
Java: Add URL.toString summary
 2023-06-27 14:05:47 +02:00
Kasper Svendsen
7fcdefbe70 Java: Enable implicit this warnings for remaining packs 2023-06-27 11:54:20 +02:00
Tony Torralba
3c3b53001f Merge pull request #13550 from jorgectf/jorgectf/lang2-models 
Java: Add models for `org.apache.commons.lang`
 2023-06-27 11:20:59 +02:00
Tony Torralba
a17c812118 Merge pull request #13358 from jorgectf/jorgectf/deserialization-lookahead 
Java: Model `SerialKiller`
 2023-06-27 09:20:50 +02:00
Ian Lynagh
8a43fc81ee Java: Tweak some android tests 
They were all failing for me like:

[autobuild] /home/ian/code/dev/target/codeql-java-integration-tests/ql/java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/project/src/main/AndroidManifest.xml:5: Error: Main must extend android.app.Activity [Instantiatable]
[autobuild]         <activity android:name="Main" android:exported="true">
[autobuild]                                 ~~~~
[autobuild]    Explanation for issues of type "Instantiatable":
[autobuild]    Activities, services, broadcast receivers etc. registered in the manifest
[autobuild]    file (or for custom views, in a layout file) must be "instantiatable" by
[autobuild]    the system, which means that the class must be public, it must have an
[autobuild]    empty public constructor, and if it's an inner class, it must be a static
[autobuild]    inner class.

I'm not sure why it works on CI but not locally, but either way this
works around the issue.
 2023-06-26 15:52:52 +01:00
Ian Lynagh
65dee80b36 Merge pull request #13547 from igfoo/igfoo/dead-code 
Kotlin: Build: Remove some dead code
 2023-06-26 11:50:50 +01:00
Tony Torralba
55280e523a Update java/ql/lib/semmle/code/java/security/UnsafeDeserializationQuery.qll 2023-06-26 11:14:31 +02:00
jorgectf
2dc4f23dbb Add models for org.apache.commons.lang 2023-06-23 19:34:21 +02:00
Jorge
7d0b880bf7 Merge branch 'main' into jorgectf/deserialization-lookahead 2023-06-23 18:24:39 +02:00
jorgectf
b6e4ba6f9d Add SerialKiller model 2023-06-23 18:19:43 +02:00
Ian Lynagh
5da377b46a Kotlin: Build: Remove some dead code 2023-06-23 13:51:35 +01:00
Ian Lynagh
0d05f50aaa Kotlin: Remove an expected-no-getter exception 
We're not sure why it was necessary.
 2023-06-22 18:12:13 +01:00
Tony Torralba
d07e2862f9 Java: Add URL.toString summary 
This adds coverage for CVE-2023-35149.
 2023-06-22 17:39:30 +02:00
Ian Lynagh
7efbd8828b Merge pull request #13526 from igfoo/igfoo/diagwriter 
Kotlin: Define DiagnosticTrapWriter, for type safety
 2023-06-22 12:39:48 +01:00
Ian Lynagh
bfd0a19d85 Kotlin: Define DiagnosticTrapWriter, for type safety 
In some cases, we were writing diagnostics to TRAP files where they
shouldn't be written. Such TRAP files don't define #compilation, so TRAP
import gave errors.

Now we use DiagnosticTrapWriter to get the type system to check that we
are writing diagnostics to the right place.
 2023-06-21 18:38:27 +01:00
Henry Mercer
5afdaf8fe1 Merge pull request #13525 from github/rc/3.10 
Merge `rc/3.10` back to `main`
 2023-06-21 17:13:36 +01:00
Ian Lynagh
18a5c48c79 Merge pull request #13508 from igfoo/igfoo/rc_kot 
Kotlin: Backport some Kotlin 1.9 fixes to the rc/3.10 branch
 2023-06-21 15:26:41 +01:00
Jami
5259a6ecfc Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation 
Shared: share MaD kind validation across languages
 2023-06-20 11:56:12 -04:00
Owen Mansel-Chan
d7c97f8759 Merge pull request #13455 from owen-mc/dataflow/add-flowCheckNodeSpecific 
Dataflow: add language-specific hook for breaking up big step relation
 2023-06-20 13:24:26 +01:00
github-actions[bot]
18b678e69e Post-release preparation for codeql-cli-2.13.4 2023-06-20 10:20:05 +00:00
Ian Lynagh
293f90333d Kotlin: Avoid another cause of ConcurrentModificationException with 1.9 2023-06-20 10:59:24 +01:00
Ian Lynagh
0076d8aac1 Java: Add up/downgrade scripts 2023-06-20 10:59:13 +01:00
Ian Lynagh
81142f51fb Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES 
Generated by Kotlin 1.9 for some of our tests.
 2023-06-20 10:59:04 +01:00
github-actions[bot]
6da5ec8196 Add changed framework coverage reports 2023-06-20 00:15:43 +00:00
Jeroen Ketema
9c774ac97f Merge pull request #13426 from jketema/inline-3 
Update inline flow tests to use parameterized module
 2023-06-19 17:39:29 +02:00
Jean Helie
423336310c Merge pull request #13480 from github/jhelie/clean-up-mad-kinds-use 
Java: clean up mad kinds use
 2023-06-19 16:21:20 +02:00
Tony Torralba
c62689022e Merge pull request #13256 from atorralba/atorralba/java/stapler-models 
Java: Model the Stapler framework
 2023-06-19 15:27:19 +02:00
Tony Torralba
00fe8adc09 Fix name clash 2023-06-19 15:04:33 +02:00
Tony Torralba
5cb451b040 Merge pull request #13475 from atorralba/atorralba/many/zipslip-docs-update 
C#/Go/Java/JS/Python/Ruby: Update the description and qhelp of the Zipslip query
 2023-06-19 14:33:44 +02:00
Ian Lynagh
64e591a823 Merge pull request #13482 from igfoo/igfoo/conc 
Kotlin: Avoid another cause of ConcurrentModificationException with 1.9
 2023-06-19 12:57:25 +01:00
Ian Lynagh
ec73f28d09 Merge pull request #13479 from igfoo/igfoo/ENUM_ENTRIES 
Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES
 2023-06-19 12:57:10 +01:00
Ian Lynagh
ca5bc6f224 Java: Add up/downgrade scripts 2023-06-19 10:36:29 +01:00
Ian Lynagh
1f538cced3 Kotlin: Handle IrSyntheticBodyKind.ENUM_ENTRIES 
Generated by Kotlin 1.9 for some of our tests.
 2023-06-19 10:36:29 +01:00
Jeroen Ketema
bc42308bd3 Java: fix formatting 2023-06-19 10:31:49 +02:00
Jeroen Ketema
6a84e6cbfd Add the merged PathGraph to all copies of the InlineFlowTest library 2023-06-19 10:28:10 +02:00