hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-12 05:01:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,729 Commits 1,690 Branches 160 Tags
d5827b5ccac199cc55b21f6e40d289ef22285a87
Commit Graph

12796 Commits

Author SHA1 Message Date
Anders Fugmann
d5827b5cca Kotlin: Support Kotlin 2.3.10 2026-02-06 14:54:08 +01:00
Anders Schack-Mulligen
29e01748b7 Merge pull request #21267 from aschackmull/java/rename-misc 
Java: Rename several AST predicates.
 2026-02-05 11:15:29 +01:00
Anders Schack-Mulligen
11003e685d Java: Fix qldoc 2026-02-05 10:37:19 +01:00
Anders Schack-Mulligen
32fe12a6dd Java: Delay deprecation a bit. 2026-02-05 08:51:27 +01:00
Anders Schack-Mulligen
2d02908e7f Java: Add change note. 2026-02-04 14:43:32 +01:00
Anders Schack-Mulligen
4fcf3fbff8 Java: Make loop classes extend LoopStmt and use getBody instead of getStmt. 2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen
6f40ac15b4 Java: Rename ReturnStmt.getResult to getExpr. 2026-02-04 14:43:31 +01:00
Anders Schack-Mulligen
36fa0a22f9 Java: Rename getTrueExpr/getFalseExpr on ConditionalExpr to getThen/getElse. 2026-02-04 13:38:11 +01:00
Anders Schack-Mulligen
5e6e64b2b7 Java: Rename UnaryExpr.getExpr to getOperand. 2026-02-04 10:50:49 +01:00
Anders Schack-Mulligen
2d61fc5309 Java: Add support for "View CFG". 2026-02-03 15:49:27 +01:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
Henry Mercer
5f1fd57f84 Fix formatting of Kotlin version ranges 2026-02-02 12:22:50 +00:00
Henry Mercer
38fcc61817 Fix formatting in Kotlin changelog 2026-02-02 12:10:15 +00:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Anders Peter Fugmann
78495035a6 Merge pull request #20965 from github/andersfugmann/kotlin_2.3.0-beta2 
Kotlin: Support Kotlin 2.3.0
 2026-01-30 11:37:19 +01:00
Owen Mansel-Chan
a35e7b27af Merge pull request #21226 from owen-mc/java/update-qhelp-unrelease-lock 
Java: Improve qhelp for `java/unreleased-lock` and add lock type exclusion
 2026-01-28 09:46:31 +00:00
Anders Fugmann
31867a56fb Kotlin: Accept test changes 
Accept test changes from Kotlin 2.3.0 update

Updates expected test outputs for kotlin2 library tests to match
actual compiler output. Changes include:
- Location adjustments for properties/methods (now point to identifiers)
- CastExpr -> ImplicitCastExpr for implicit type casts
- Removed duplicate BlockStmt entries in loop ASTs
- Super constructor call location changes

Note that in Kotlin 2.3.0 super constructor calls now have locations spanning
entire class declarations instead of the actual super call site.
 2026-01-28 10:11:21 +01:00
Anders Fugmann
86d9c349ec Kotlin: Accept test changes 2026-01-28 10:11:21 +01:00
Anders Fugmann
59fa01e386 Kotlin: Add bitwise 'and' operation expected by Kotlin 2.3 compiler to exist in the stdlib 2026-01-28 10:11:20 +01:00
Anders Fugmann
a6f8af0de5 Kotlin: Accept column location changes in tests 2026-01-28 10:11:20 +01:00
Anders Fugmann
f6f5b7e1e9 Kotlin: Accept test changes after rebasing to include changes from https://github.com/github/codeql/pull/21216 2026-01-28 10:11:19 +01:00
Anders Fugmann
275724000b Kotlin: Update kotlin serialization integration test to use Kotlin compiler 1.8.10 and accept test changes 2026-01-28 09:30:22 +01:00
Anders Fugmann
939f3e83aa Kotlin: Update kotlin compiler version in integration tests 2026-01-28 09:30:22 +01:00
Anders Fugmann
d69fe20d7d Kotlin: Bump upper bound for supported kotlin version in integration test 2026-01-28 09:30:22 +01:00
Anders Fugmann
6d60595d73 Kotlin: Add changenotes for Kotlin 2.3 support and removal of support for Kotlin 1.6 and 1.7 2026-01-28 09:30:21 +01:00
Anders Peter Fugmann
f4edff9452 Merge pull request #21216 from github/andersfugmann/kotlin_extractor_load_last 
Kotlin: Load kotlin extractor last
 2026-01-28 09:22:46 +01:00
Owen Mansel-Chan
a0c35516bd Add change note 2026-01-27 15:48:04 +00:00
Owen Mansel-Chan
42cbe0734e Specify what lock types are considered in qhelp 2026-01-27 15:39:03 +00:00
Owen Mansel-Chan
516b84b59a Add test for *Pool exclusion 2026-01-27 15:38:29 +00:00
Owen Mansel-Chan
4f1ad0ff5d Exclude *Pool classes from LockType 2026-01-27 15:38:06 +00:00
Mads Navntoft
b7125a009e Merge pull request #21221 from github/navntoft/struts 
Java: Add support for Struts 7.x package names
 2026-01-27 15:53:26 +01:00
Owen Mansel-Chan
97a0b9f0ca (trivial) Remove double spaces in qhelp 2026-01-27 14:40:23 +00:00
Mads Navntoft
ede05b54ea Java: Add change note for Struts 7.x package name support 2026-01-27 13:00:16 +01:00
Mads Navntoft
9a94d0474c Java: Add support for Struts 7.x package names 
Updates Struts library to recognize both legacy xwork2 and new struts2
packages:
- StrutsActions.qll: Add org.apache.struts2 alternatives for Action,
  Preparable, ActionSupport
- StrutsConventions.qll: Add org.apache.struts2.action.Action
  alternative

This maintains backward compatibility for analyzing Struts 2.x-6.x apps
while supporting Struts 7.x which renamed packages from
com.opensymphony.xwork2 to org.apache.struts2.
 2026-01-27 12:57:55 +01:00
Anders Fugmann
73850f1b56 Kotlin: Add changenote 2026-01-26 13:27:34 +01:00
Tom Hvitved
0f6bae0ae1 Add change notes 2026-01-26 12:40:22 +01:00
Tom Hvitved
7024b07dd2 Java: Adapt to changes in FlowSummaryImpl 
Missing manual models were added using the following code added to `FlowSummaryImpl.qll`:

```ql
    private predicate testsummaryElement(
      Input::SummarizedCallableBase c, string namespace, string type, boolean subtypes, string name,
      string signature, string ext, string originalInput, string originalOutput, string kind,
      string provenance, string model, boolean isExact
    ) {
      exists(string input, string output, Callable baseCallable |
        summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput,
          kind, provenance, model) and
        baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext, isExact) and
        (
          c.asCallable() = baseCallable and input = originalInput and output = originalOutput
          or
          correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalInput,
            input) and
          correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalOutput,
            output)
        )
      )
    }

    private predicate testsummaryElement2(
      string namespace, string type, boolean subtypes, string name, string signature, string ext,
      string originalInput, string originalOutput, string kind, string provenance, string model,
      string namespace2, string type2
    ) {
      exists(Input::SummarizedCallableBase c |
        testsummaryElement(c, namespace2, type2, _, _, _, ext, originalInput, originalOutput, kind,
          provenance, model, false) and
        testsummaryElement(c, namespace, type, subtypes, name, _, _, _, _, _, provenance, _, true) and
        signature = paramsString(c.asCallable()) and
        not testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance,
          _, true)
      )
    }

    private string getAMissingManualModel(string namespace2, string type2) {
      exists(
        string namespace, string type, boolean subtypes, string name, string signature, string ext,
        string originalInput, string originalOutput, string kind, string provenance, string model
      |
        testsummaryElement2(namespace, type, subtypes, name, signature, ext, originalInput,
          originalOutput, kind, provenance, model, namespace2, type2) and
        result =
          "- [\"" + namespace + "\", \"" + type + "\", True, \"" + name + "\", \"" + signature +
            "\", \"\", \"" + originalInput + "\", \"" + originalOutput + "\", \"" + kind + "\", \"" +
            provenance + "\"]"
      )
    }
```
 2026-01-26 12:40:15 +01:00
Michael B. Gale
f76211c64a Merge pull request #21136 from github/mbg/java/maven-plugin-repo-changenote 
Java: Add change note for plugin repo support
 2026-01-26 10:44:51 +00:00
github-actions[bot]
48475e66af Post-release preparation for codeql-cli-2.24.0 2026-01-19 15:49:08 +00:00
Nick Rolfe
783676566c Fix typo in changelog 2026-01-19 15:12:05 +00:00
github-actions[bot]
4142b9c4ce Release preparation for version 2.24.0 2026-01-19 14:49:14 +00:00
Owen Mansel-Chan
a5d9cb179a Merge pull request #20930 from owen-mc/java/spring-rest-template-request-forgery-sinks 
Java: add more Spring RestTemplate request forgery sinks
 2026-01-15 14:23:15 +00:00
Owen Mansel-Chan
97e0b4e9fd Use parameter name to only select correct overloads 2026-01-15 10:36:03 +00:00
Anders Schack-Mulligen
c632e8f188 Merge pull request #20448 from github/alexet/avoid-path-node-java 
Java: Eliminate pointless use of PathNodes over DataFlow::Node
 2026-01-15 10:55:09 +01:00
Mauro Baluda
f71b6c1bfd Improved models for Supplier arguments 2026-01-14 12:32:42 +01:00
Mauro Baluda
5cef0376a9 Update java/ql/test/query-tests/security/CWE-798/semmle/tests/HardcodedCouchBaseCredentials.java 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-01-14 11:50:52 +01:00
Mauro Baluda
9efefa6120 Fix test expectations 2026-01-13 22:46:42 +01:00
Mauro Baluda
29f23ee192 Fix extraction error 2026-01-13 22:33:01 +01:00
Mauro Baluda
4b7662f652 Merge branch 'main' into couchdb 2026-01-13 21:50:44 +01:00
Mauro Baluda
d335f039ef Improve model for CWE-089 2026-01-13 21:48:43 +01:00