hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 14:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
47,992 Commits 1,673 Branches 157 Tags
d684dbdf5cc541ce839cdbaff826cbd7fab3ea39
Commit Graph

7227 Commits

Author SHA1 Message Date
Chris Smowton
9f9a51685b Merge pull request #11510 from smowton/smowton/fix/kotlin-populate-source-class-files 
Kotlin: stub trap .class files when extracting a class from Kotlin source
 2022-12-07 14:33:42 +00:00
Edward Minnix III
170c9af9e8 Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled 
Java: Query for detecting enabling Javascript in Android WebSettings
 2022-12-07 09:31:58 -05:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Chris Smowton
c526020fd4 Note TODO re: re-enabling suspend function Java interop testing 2022-12-07 11:51:48 +00:00
Chris Smowton
ecbb96ffc1 Remove no-longer-needed diagnostic expectations 2022-12-07 11:50:41 +00:00
Tony Torralba
cabce5fb36 Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie 
Java: Support interprocedural setting of cookie security
 2022-12-07 12:14:46 +01:00
Tony Torralba
321a2f5a73 Merge pull request #11550 from atorralba/atorralba/kotlin/adapt-path-sanitizer 
Kotlin: Adapt PathSanitizer
 2022-12-07 12:08:00 +01:00
Tony Torralba
6dcc0cc188 Further simplification 2022-12-07 10:50:23 +01:00
Tony Torralba
ccd465d669 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-12-07 10:38:33 +01:00
Tony Torralba
2f622ad72c Refactor by introducing helper predicates 2022-12-07 10:31:54 +01:00
Tony Torralba
85b2642a5e Extraction discrepancy fixed in kotlinc 1.7.21 2022-12-07 09:57:31 +01:00
Ed Minnix
1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Chris Smowton
c68ac460c9 Accept test changes: again this is a raw class extracted just for its signature. 2022-12-06 18:38:33 +00:00
Chris Smowton
d37a10e4f1 Accept test changes: methods no longer appearing to be final 
This is actually a bug, which we should follow up on subsequently.
 2022-12-06 18:38:31 +00:00
Chris Smowton
59eb81b50a Accept test changes: a raw class getting extracted solely for use in a signature 
We could revert this by allowing useType to avoid triggering class-instance extraction when used just for its signature result
 2022-12-06 18:35:04 +00:00
Chris Smowton
f5579d59f8 Accept test changes: classes no longer getting multiple locations 2022-12-06 18:35:04 +00:00
Chris Smowton
9f722a7e12 Disable java_and_kotlin inconsistency test; accept changes 
This was testing that a signature inconsistency occurs, but this now manifests as a db inconsistency which can't be used as a test expectation because specific tuple numbers are liable to change with the environment.
 2022-12-06 18:35:04 +00:00
Chris Smowton
f2fded6486 Accept jvmstatic-annotation changes 
These occur because the Companion field is odd, being extracted from source but not having an associated FieldDeclaration, leading to PrintAst enumerating the node differently depending on whether it has a source-file location or not but in either case choosing not to show it.
 2022-12-06 18:35:04 +00:00
Chris Smowton
5e023bf619 Remove no-longer-applicable diagnostic matches 
These resulted from the Java compiler exploring NotNull and other Kotlin-emitted annotations, which it no longer does because it finds a .class trap file already present and truncates its class-graph walk
 2022-12-06 18:35:04 +00:00
Michael Nebel
8e4190d84a Merge pull request #11516 from michaelnebel/java/externalflowcleanup 
Java: Cleanup imports of `ExternalFlow`
 2022-12-06 14:26:39 +01:00
Anders Schack-Mulligen
b579e2e7ed Merge pull request #11493 from aschackmull/java/scc-equivrel 
Java: Replace ad-hoc SCC reduction with union-find.
 2022-12-06 14:02:46 +01:00
Chris Smowton
3b5b121aeb Merge pull request #11553 from smowton/smowton/fix/kotlin-synthetic-noarg-constructor 
Kotlin: Extract a no-arg constuctor whenever a Kotlin class has default values for all parameters
 2022-12-06 10:07:31 +00:00
Tom Hvitved
b5e2e1e469 Merge pull request #11564 from hvitved/dataflow/parameter-position-consistency-checks 
Data flow: Add consistency checks for parameter positions
 2022-12-06 09:33:36 +01:00
Michael Nebel
cd5c0bec33 Merge pull request #11527 from michaelnebel/java/regeneratemodels 
Java/C#: Delete old model generator scripts and update Java model re-generator script.
 2022-12-06 09:24:13 +01:00
Chris Smowton
407e4cdd07 Don't create a default constructor for annotations, or classes that explicitly declare a no-arg constructor. 2022-12-05 16:17:51 +00:00
Chris Smowton
8897f5bccc Merge pull request #11552 from smowton/smowton/fix/kotlin-toplevel-internal-names 
Kotlin: Don't add name mangling to top-level internal functions
 2022-12-05 15:36:52 +00:00
Michael Nebel
fca249a62e Java: Address review comments. 2022-12-05 14:44:52 +01:00
Tony Torralba
8422df1c43 Add change note 2022-12-05 13:35:54 +01:00
Tom Hvitved
52f3a48638 Data flow: Sync files 2022-12-05 12:57:27 +01:00
Mauro Baluda
7c4b76b08b Update InsecureCookie.ql 2022-12-05 12:55:53 +01:00
Tom Hvitved
faca4b5b56 Merge pull request #11461 from hvitved/ruby/unique-hash-splat-param 
Ruby: At most one hash-splat `ParameterNode` per callable
 2022-12-05 11:53:28 +01:00
Tony Torralba
47d61e0b4d Add test for File.startsWith 2022-12-05 11:52:50 +01:00
Tony Torralba
71a6b09bad Minor syntax change in tests 2022-12-05 11:52:02 +01:00
Michael Nebel
a9ba964be4 Java: Update the Java model re-generate script. 2022-12-05 11:39:44 +01:00
Michael Nebel
243b94b54a Java/C#: Delete old model generator scripts and rename the new ones. 2022-12-05 11:39:44 +01:00
Mauro Baluda
16d7dc0853 Restrict DF configuration 2022-12-05 11:02:19 +01:00
Tony Torralba
8fb5c37ba8 Add change note 2022-12-05 11:00:57 +01:00
Tony Torralba
995b7327fe Add missing QLDoc 2022-12-05 11:00:57 +01:00
Tony Torralba
21b51b48eb Adapt PathSanitizer to Kotlin 2022-12-05 11:00:57 +01:00
Michael Nebel
6e486d4347 Re-arrange imports. 2022-12-05 09:49:38 +01:00
Michael Nebel
5c8ef15d6f Java: Add bi-directional imports of some abstract class extensions. 2022-12-05 09:49:38 +01:00
Michael Nebel
65f242cabe Java: Delete import of framework related files in ExternalFlow. 2022-12-05 09:49:38 +01:00
Michael Nebel
4c7cdc6245 Java: Remove unneeded imports of ExternalFlow.qll. 2022-12-05 09:49:38 +01:00
Chris Smowton
ff4baf096f Don't add name mangling to top-level internal functions 
Turns out kotlinc only adds this sort of name mangling to class member functions
 2022-12-02 20:16:19 +00:00
Chris Smowton
1c0494ec53 Extract a no-arg constuctor whenever a Kotlin class has default values for all parameters 2022-12-02 20:07:43 +00:00
Jami
edfcc0cd6d Merge pull request #11487 from jcogs33/jcogs33/supportedexternalapis-telemetry-query 
Java/C#: add SupportedExternalApis telemetry query
 2022-12-02 13:27:51 -05:00
Mauro Baluda
04f1fe523a Update Test.java 2022-12-02 18:01:10 +01:00
Mauro Baluda
f3f8f35069 Update InsecureCookie.ql 
Support interprocedural setting of cookie security
 2022-12-02 17:37:23 +01:00
Edward Minnix III
55090ecb65 Java: Typos and minor fixes 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2022-12-02 09:17:41 -05:00
Michael Nebel
bb716ddb80 Merge pull request #11499 from michaelnebel/java/kotlinstd 
Kotlin: Migrate standard library models to data extensions.
 2022-12-02 14:44:50 +01:00