hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,673 Branches 157 Tags
dc517a758e104ce6a91c4f1bcff04548558afe63
Commit Graph

5628 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
dc517a758e Autoformat 2022-06-23 14:44:40 +02:00
Anders Schack-Mulligen
4a317a25d3 Dataflow: Sync. 2022-06-23 14:34:52 +02:00
Anders Schack-Mulligen
c27290563a Dataflow: Perf fix, avoid node scans. 2022-06-23 14:34:05 +02:00
Chris Smowton
00b4070866 Merge pull request #9659 from smowton/smowton/admin/invert-java-log-injection-query 
Java: Report log-injection at the source rather than the sink
 2022-06-22 14:27:50 +01:00
Chris Smowton
44cf260762 Merge pull request #9571 from smowton/smowton/fix/array-variance-lowering 
Kotlin: Implement array type variance lowering
 2022-06-22 13:38:21 +01:00
Chris Smowton
1f9f6d7c33 Java: Report log-injection at the source rather than the sink 
This should remove the problem of excessive grouping of different alerts that share a sink location, often due to wrapper functions that form the ultimate sink of all logging calls in a given codebase.
 2022-06-22 13:05:20 +01:00
Tony Torralba
cc354caa1f Merge pull request #9319 from atorralba/atorralba/add-editable-valueof-step 
Kotlin: Add taint step for String.valueOf(Editable)
 2022-06-22 13:50:30 +02:00
Tamás Vajk
c0e115700d Merge pull request #9647 from tamasvajk/kotlin-when-branch-encl-stmt 
Kotlin: Fix enclosing statement of `when` branches
 2022-06-22 13:18:56 +02:00
Ian Lynagh
c7a6b1e9a7 Merge pull request #9640 from igfoo/igfoo/vis 
Kotlin/Java: Add the beginnings of a "visibility" consistency query
 2022-06-22 11:34:15 +01:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Michael Nebel
24ba5cc06e Merge pull request #9025 from michaelnebel/csharp/generatedrefactor 
C#: Provenance column in Models as Data CSV format.
 2022-06-22 10:34:31 +02:00
Tamas Vajk
a50e062b3c Kotlin: Fix enclosing statement of when branches 2022-06-22 09:10:27 +02:00
Tamas Vajk
640026d387 Kotlin: add enclosing statement test 2022-06-22 09:09:57 +02:00
Michael Nebel
2b892bc000 Merge pull request #9553 from michaelnebel/csharp/narrowtelemetry 
C#/Java: Only display 1k most relevant results for ExternalApi telemetry queries.
 2022-06-22 07:35:56 +02:00
Ian Lynagh
52b229052d Kotlin/Java: Add the beginnings of a "visibility" consistency query 2022-06-21 17:24:37 +01:00
Anders Schack-Mulligen
f8f9b7d3b4 Apply suggestions from code review 2022-06-21 14:11:36 +02:00
Edoardo Pirovano
70dbd92e25 Bump minor version of all regularly released packs 2022-06-21 11:22:58 +01:00
Edoardo Pirovano
ad02b85efa Merge branch main into rc/3.6 2022-06-21 11:15:25 +01:00
Anders Schack-Mulligen
a4796e1542 Add change notes. 2022-06-21 11:17:47 +02:00
Michael Nebel
b4457de58c C#/Java: Fix typo in the QL doc comment. 2022-06-20 16:26:07 +02:00
Michael Nebel
b6ccaf14f6 Java: Update Log4J models with provenance information. 2022-06-20 16:20:02 +02:00
Michael Nebel
733fc16902 Java: Update ThreadResourceAbuse specific models with provenance information. 2022-06-20 16:20:02 +02:00
Michael Nebel
0d4321666a Java: Update fragment injection sinkmodels. 2022-06-20 16:20:02 +02:00
Michael Nebel
2cfeffcc17 Java: Update model generator tests with provenance column. 2022-06-20 16:20:02 +02:00
Michael Nebel
e851b03c6f Java: Add source and sink kind model validation. 2022-06-20 16:20:02 +02:00
Michael Nebel
8e7e6c4c6f Java: Update FlowTestCase generator with provenance wildcard. 2022-06-20 16:20:02 +02:00
Michael Nebel
2e46e93f36 Java: Update java models with provenance column information. 2022-06-20 16:20:02 +02:00
Michael Nebel
4622b69c5d Java: Update flow summary impl and external flow to support provenance and include testing in Csv model validation. 2022-06-20 16:20:02 +02:00
Michael Nebel
649757c27f Java/Ruby: Sync files. 2022-06-20 16:20:01 +02:00
Michael Nebel
d219ac385b Update java/ql/src/Telemetry/ExternalLibraryUsage.ql 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-06-20 16:15:06 +02:00
Tony Torralba
b373c435f6 Fix test expectations 2022-06-20 13:16:45 +02:00
Tony Torralba
78fcdd22db Change test class name 2022-06-20 12:07:32 +02:00
Tony Torralba
3b60a1c3bc Add change note 2022-06-20 12:07:31 +02:00
Tony Torralba
2b2fa6e15b Add taint step for String.valueOf(Editable) 
Kotlin inlines expr.toString() as String.valueOf(expr) when expr is nullable
 2022-06-20 12:07:31 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Rasmus Wriedt Larsen
b65a10d1ef Inline Expectation Tests: sync 2022-06-17 17:38:19 +02:00
Chris Smowton
92b8c0f864 Merge pull request #9563 from smowton/smowton/fix/name-trap-files-after-jvmnames 
Kotlin: Name trap files after jvmnames
 2022-06-17 12:32:28 +01:00
Anders Schack-Mulligen
99343c4606 Merge pull request #9582 from igfoo/igfoo/tidy 
Java: Remove some redundant string concatenations, and a double space
 2022-06-17 09:02:05 +02:00
Ian Lynagh
5ba672f035 NonSerializableField: Accept test output changes 2022-06-16 17:34:56 +01:00
Ian Lynagh
e7bc2ca423 Java: Remove some redundant string concatenations 2022-06-16 16:38:17 +01:00
Ian Lynagh
13ddc4a988 Java: Remove a double space from an alert message 2022-06-16 16:35:09 +01:00
Anders Schack-Mulligen
6518a01ded Dataflow: Sync. 2022-06-16 11:25:28 +02:00
Anders Schack-Mulligen
33deff9bae Java: Deprecate BarrierGuard class. 2022-06-16 11:25:28 +02:00
Ian Lynagh
5280cf4e91 CaptureSinkModels.ql: Fix typo 2022-06-15 20:19:15 +01:00
Chris Smowton
2d57d3aa78 Implement array type variance lowering 
Kotlin permits introducing a `? extends ...` wildcard against an Array even though the class is final, so long as its argument itself can be extended (i.e. isn't final or is another array type satisfying this condition).

Contravariant arrays get lowered to Object[], and are subject to automatic `extends` wildcard introduction, unless their element type was already Any.
 2022-06-15 18:36:56 +01:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
Chris Smowton
90e8d4e1de Name trap files after jvmnames 
This should lead to better Java/Kotlin correspondence since the Java extractor will naturally name trap files for JVM names, and avoids a specific bug (tested) where MapsKt.iterator's two overloads (one taking `Map` and one `MutableMap`) are JvmName'd differently since their Java-lowered signatures would be identical. Without this change only
one of the iterator overloads would get extracted leaving the other one a dangling reference.
 2022-06-15 11:55:58 +01:00
Chris Smowton
483281e00f Merge pull request #9554 from smowton/smowton/fix/rename-removeat 
Kotlin: Add more Kotlin <-> Java special method name mappings
 2022-06-15 10:44:26 +01:00
Michael Nebel
9175421fa2 C#/Java: Update some QL Doc comments to comply with the standard and remove some redundant imports. 2022-06-15 11:32:54 +02:00
Michael Nebel
f810858ae4 Java: Manual rewrite of the ExternalLibraryUsage query to limit the number of returned results. 2022-06-15 11:10:05 +02:00