hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,911 Commits 1,673 Branches 157 Tags
d285e19e775d53cc33ed22b1ac840e7fcbb72a70
Commit Graph

6388 Commits

Author SHA1 Message Date
Ian Lynagh
3934491dcc Kotlin: Refactor useFunction* 
They now work in a way more similar to other families of functions we
have.
 2022-06-23 19:19:47 +01:00
Ian Lynagh
ab19d8c3c3 Kotlin: Move useFunctionCommon 2022-06-23 17:59:28 +01:00
Ian Lynagh
bd8a8d00aa Kotlin: Make some more methods private 2022-06-23 16:44:06 +01:00
Chris Smowton
b5010337a4 Avoid extracting needless obinit methods where we're only extracting a class' outline. 2022-06-23 16:26:54 +01:00
Chris Smowton
3cf7f96298 Ensure <obinit>'s return type is void not Unit 2022-06-23 16:26:54 +01:00
Chris Smowton
af5230349b Kotlin: reintroduce obinit when we have multiple secondary constructors and no primary 
This avoids DB inconsistencies because complex initialisers are extracted to more than one function.
 2022-06-23 16:26:54 +01:00
Chris Smowton
1aae3c5f5e Fix whenexpr test 
Prior to Kotlin 1.7 the gratuitous `?` was ignored for typing purposes; now it yields a `String?`. We should make the test work everywhere by using a real nullable type.
 2022-06-23 15:34:40 +01:00
Chris Smowton
e64a8bc79a Use binary names not fqnames for uniquing IrDeclarations 
Otherwise we fall into the trap of confusing the two overloads of `MapsKt.iterator` which have differing jvmnames.
 2022-06-23 15:34:40 +01:00
Chris Smowton
57ea34d3ff Unique external classes/functions by fqname 
Previously we used the IrDeclaration itself, but in Kotlin 1.7 this can be ambiguous because we can get more than one copy of a class in different modules.
 2022-06-23 15:34:40 +01:00
Chris Smowton
8c57308661 Prevent extracting hidden functions 
I'm not sure how these looked in 1.6 and below yet, but in 1.7 they appear with visibility = public, but a descriptor field set to indicate they have a name clash with a 'real' function.
 2022-06-23 15:34:40 +01:00
Chris Smowton
2b2c384933 Kotlin: Move from 1.7.0-RC to 1.7.0 2022-06-23 15:34:40 +01:00
Chris Smowton
4899aabb05 Switch to using Kotlin 1.7 by default 2022-06-23 15:34:40 +01:00
Chris Smowton
45c85228bd Implement Kotlin 1.7 support 
- Implement getIrStubFromDescriptor for Kotlin 1.7
- Stop using ClassSymbol.signature, which is now only populated for classes built from Kotlin, and noteworthily is null for primitive and other internally-synthesised types.
 2022-06-23 15:34:40 +01:00
Ian Lynagh
3b2b884f09 Merge pull request #9683 from igfoo/igfoo/getDiagnosticLocation 
Kotlin: Remove unused function getDiagnosticLocation
 2022-06-23 14:09:00 +01:00
Anders Schack-Mulligen
dc517a758e Autoformat 2022-06-23 14:44:40 +02:00
Anders Schack-Mulligen
4a317a25d3 Dataflow: Sync. 2022-06-23 14:34:52 +02:00
Anders Schack-Mulligen
c27290563a Dataflow: Perf fix, avoid node scans. 2022-06-23 14:34:05 +02:00
Ian Lynagh
1713c416c0 Kotlin: Remove unused function getDiagnosticLocation 2022-06-23 13:07:09 +01:00
github-actions[bot]
a74051c658 Release preparation for version 2.10.0 2022-06-23 11:17:46 +00:00
Tamas Vajk
cf18a9a04b Fix bad join order in Shadowing::shadows 
Fixes the bad join order in `Shadowing::shadows`:
Tuple counts for Shadowing::shadows#f4fb89a3#ffff@c4b8a90j:
           182915  ~0%    {2} r1 = Variable::LocalVariableDecl::getCallable#dispred#f0820431#ff AND NOT Shadowing::shadows#f4fb89a3#ffff#antijoin_rhs(Lhs.0, Lhs.1)
           182915  ~0%    {3} r2 = JOIN r1 WITH localvars ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.2
           182915  ~3%    {4} r3 = JOIN r2 WITH Member::Member::getDeclaringType#dispred#f0820431#bf ON FIRST 1 OUTPUT Rhs.1, Lhs.1, Lhs.0, Lhs.2
           182833  ~0%    {4} r4 = JOIN r3 WITH classes ON FIRST 1 OUTPUT Lhs.1, Lhs.2, Lhs.3, Lhs.0
           182833  ~3%    {5} r5 = JOIN r4 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.2, Lhs.0, Lhs.1, Lhs.3, Rhs.1
        183352620  ~5%    {5} r6 = JOIN r5 WITH Member::Field::getType#dispred#f0820431#bf_10#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.3, Lhs.1, Lhs.2, Lhs.4
            40529  ~0%    {5} r7 = JOIN r6 WITH Member::Field::getDeclaringType#dispred#f0820431#fb ON FIRST 2 OUTPUT Lhs.0, Lhs.4, Lhs.2, Lhs.3, Lhs.1
              678  ~4%    {4} r8 = JOIN r7 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.3, Lhs.4, Lhs.0
              670  ~4%    {4} r9 = r8 AND NOT Member::Field::isStatic#dispred#f0820431#b(Lhs.3)
              670  ~3%    {4} r10 = SCAN r9 OUTPUT In.0, In.2, In.3, In.1
                          return r10

After the fix:
Tuple counts for Shadowing::shadows#f4fb89a3#ffff@95ca976v:
        182915  ~0%    {2} r1 = Variable::LocalVariableDecl::getCallable#dispred#f0820431#ff AND NOT Shadowing::shadows#f4fb89a3#ffff#antijoin_rhs(Lhs.0, Lhs.1)
        182915  ~0%    {3} r2 = JOIN r1 WITH localvars ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Rhs.2
        182915  ~0%    {4} r3 = JOIN r2 WITH Member::Member::getDeclaringType#dispred#f0820431#bf ON FIRST 1 OUTPUT Lhs.1, Lhs.0, Lhs.2, Rhs.1
        182915  ~7%    {5} r4 = JOIN r3 WITH Element::Element::getName#dispred#f0820431#ff ON FIRST 1 OUTPUT Lhs.3, Rhs.1, Lhs.2, Lhs.0, Lhs.1
           678  ~4%    {4} r5 = JOIN r4 WITH Shadowing::getField#f4fb89a3#ffff ON FIRST 3 OUTPUT Lhs.3, Lhs.4, Lhs.0, Rhs.3
           670  ~4%    {4} r6 = r5 AND NOT Member::Field::isStatic#dispred#f0820431#b(Lhs.3)
           670  ~3%    {4} r7 = SCAN r6 OUTPUT In.0, In.2, In.3, In.1
                       return r7
 2022-06-23 10:30:39 +02:00
Tamas Vajk
e65a046235 Fix test file after rebase 2022-06-23 09:51:48 +02:00
Tamas Vajk
579bfc22f3 Fix performance change in SecurityFlag 2022-06-23 08:46:33 +02:00
Tamas Vajk
79ec998636 Fix DB change compatibility to backwards 2022-06-23 08:45:11 +02:00
Tamas Vajk
7dad2f7fcb Fix DB upgrade properties 2022-06-23 08:45:11 +02:00
Tamas Vajk
074b90ea1a Add change note 2022-06-23 08:45:11 +02:00
Tamas Vajk
053ca2e940 Update DB stats file 2022-06-23 08:45:11 +02:00
Tamas Vajk
e03b48f293 Add DB upgrade folder 2022-06-23 08:45:11 +02:00
Tamas Vajk
dabc956dbf Unify loop break/continue statement handling between java and kotlin 2022-06-23 08:45:11 +02:00
Chris Smowton
46e6203493 Merge pull request #9626 from smowton/smowton/fix/dont-emit-synthetic-parameter-names 
Kotlin: don't emit synthetic parameter names
 2022-06-22 15:30:54 +01:00
Chris Smowton
00b4070866 Merge pull request #9659 from smowton/smowton/admin/invert-java-log-injection-query 
Java: Report log-injection at the source rather than the sink
 2022-06-22 14:27:50 +01:00
Chris Smowton
44cf260762 Merge pull request #9571 from smowton/smowton/fix/array-variance-lowering 
Kotlin: Implement array type variance lowering
 2022-06-22 13:38:21 +01:00
Chris Smowton
1f9f6d7c33 Java: Report log-injection at the source rather than the sink 
This should remove the problem of excessive grouping of different alerts that share a sink location, often due to wrapper functions that form the ultimate sink of all logging calls in a given codebase.
 2022-06-22 13:05:20 +01:00
Tony Torralba
cc354caa1f Merge pull request #9319 from atorralba/atorralba/add-editable-valueof-step 
Kotlin: Add taint step for String.valueOf(Editable)
 2022-06-22 13:50:30 +02:00
Tamás Vajk
c0e115700d Merge pull request #9647 from tamasvajk/kotlin-when-branch-encl-stmt 
Kotlin: Fix enclosing statement of `when` branches
 2022-06-22 13:18:56 +02:00
Ian Lynagh
c7a6b1e9a7 Merge pull request #9640 from igfoo/igfoo/vis 
Kotlin/Java: Add the beginnings of a "visibility" consistency query
 2022-06-22 11:34:15 +01:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
24ba5cc06e Merge pull request #9025 from michaelnebel/csharp/generatedrefactor 
C#: Provenance column in Models as Data CSV format.
 2022-06-22 10:34:31 +02:00
Tamas Vajk
a50e062b3c Kotlin: Fix enclosing statement of when branches 2022-06-22 09:10:27 +02:00
Tamas Vajk
640026d387 Kotlin: add enclosing statement test 2022-06-22 09:09:57 +02:00
Michael Nebel
2b892bc000 Merge pull request #9553 from michaelnebel/csharp/narrowtelemetry 
C#/Java: Only display 1k most relevant results for ExternalApi telemetry queries.
 2022-06-22 07:35:56 +02:00
Ian Lynagh
52b229052d Kotlin/Java: Add the beginnings of a "visibility" consistency query 2022-06-21 17:24:37 +01:00
Anders Schack-Mulligen
f8f9b7d3b4 Apply suggestions from code review 2022-06-21 14:11:36 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen
d7d409f125 Merge pull request #9565 from github/post-release-prep/codeql-cli-2.9.4 
Post-release preparation for codeql-cli-2.9.4
 2022-06-21 11:51:29 +02:00
Anders Schack-Mulligen
a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
Chris Smowton
4b825df60c Kotlin: don't emit synthetic parameter names 
The QL library already expects these to be missing in some cases and generates its own names when they are absent. Writing synthetic names to the database can produce inconsistencies if the true name is seen later.
 2022-06-20 19:19:35 +01:00
Ian Lynagh
875776d91d Merge pull request #9581 from igfoo/igfoo/redundant_cast 
Kotlin: Remove a redundant cast
 2022-06-20 17:28:49 +01:00
Michael Nebel
b4457de58c C#/Java: Fix typo in the QL doc comment. 2022-06-20 16:26:07 +02:00
Michael Nebel
b6ccaf14f6 Java: Update Log4J models with provenance information. 2022-06-20 16:20:02 +02:00