hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,671 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

7643 Commits

Author SHA1 Message Date
Jami
7f6efae7dc Merge pull request #12008 from jcogs33/jcogs33/update-queryproducer-package 
Java: update package for `QueryProducer` sinks
 2023-01-30 10:27:58 -05:00
Alexander Eyers-Taylor
89d835b9ec Merge pull request #11988 from github/alexet/force-java-11 
Use Java 11 for some integration tests
 2023-01-30 15:19:00 +00:00
Mathias Vorreiter Pedersen
95b15825f9 DataFlow: Sync identical files. 2023-01-27 16:24:31 +00:00
Jami Cogswell
85c228a0cd Java: remove old sinks 2023-01-27 10:40:17 -05:00
Jami Cogswell
a3fe8c0e93 Java: add change note 2023-01-27 10:35:16 -05:00
Jami Cogswell
9bf43483db Java: update package for QueryProducer sinks 2023-01-27 10:16:42 -05:00
alexet
1b0952c512 Use Java 11 for some integration tests 2023-01-27 13:51:44 +00:00
Chris Smowton
fea97a22c6 Merge pull request #11827 from smowton/smowton/admin/test-gradle-script-parsing 
Java: Add integration tests for Android projects
 2023-01-23 11:39:24 +00:00
Alex Ford
55550e7980 Merge pull request #11941 from alexrford/summary-component-tostring-syntheticglobal 
Add missing toString case for synthetic globals
 2023-01-23 10:00:00 +00:00
Michael Nebel
69a42d8b1f Merge pull request #11931 from michaelnebel/csharp/refactor 
Remove the Csv postfix of some predicate names.
 2023-01-23 09:09:48 +01:00
Chris Smowton
a2e7b83411 Add additional note to Android tests 2023-01-21 11:57:54 +00:00
Chris Smowton
81e59e9005 Force Gradle tests to run sequentially 
Otherwise starting multiple Gradle daemons in parallel can fail
 2023-01-21 11:57:53 +00:00
Chris Smowton
4197d7bd20 Android tests: use Java 11 under Actions 
Some runners still default to Java 8 (e.g. windows-2022 and macos-12), so we need to manually pull Java 11 in in such cases.
 2023-01-21 11:57:53 +00:00
Chris Smowton
b6df415fe8 Add Android and Kotlin build script tests 
This adds a single plain Gradle project that uses a modern Kotlin build script (i.e. settings.gradle.kts and no build.gradle.kts), plus basic Android samples exercising the possible permutations of: (old vs. new-style build script, Groovy vs. Kotlin build script, wrapper present vs. absent)

Old vs. new style tests our recognition of different cues that this is likely a Droid project and requires `gradle assemble` not `gradle testClasses` (the example given at https://developer.android.com/studio/build/#top-level changed style as of plugin version ~7.3.0).

Groovy vs. Kotlin build script language checks that the regexes recognising Android dependencies and versions work for both build script kinds.

Wrapper present vs. absent exercises the autobuilder logic that guesses an appropriate Gradle version and sets it up in the event the Gradle wrapper isn't provided.
 2023-01-21 11:57:53 +00:00
github-actions[bot]
b62cb6ba84 Post-release preparation for codeql-cli-2.12.1 2023-01-20 19:49:56 +00:00
Alex Ford
e4df1f5a6f Ruby: add missing toString case for synthetic globals 2023-01-20 13:31:43 +00:00
Jeroen Ketema
cddaa0c8fa Apply suggestions from code review 2023-01-20 14:10:27 +01:00
github-actions[bot]
005b3e4a47 Release preparation for version 2.12.1 2023-01-20 12:03:19 +00:00
Michael Nebel
dc223cb82e Sync files and make corresponding changes for other languages. 2023-01-19 15:14:06 +01:00
Rasmus Wriedt Larsen
e0ccb9306a Merge pull request #11908 from RasmusWL/dataflow-consistency-more-excludes 
DataFlow: Add `uniqueParameterNodePositionExclude`
 2023-01-18 10:44:51 +01:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Jami Cogswell
10f0975812 Java: remove models for System.[get|set]Property 2023-01-17 08:51:48 -05:00
Rasmus Wriedt Larsen
a0b1c2ea79 DataFlow: Add uniqueParameterNodePositionExclude 2023-01-17 14:05:22 +01:00
Rasmus Wriedt Larsen
2b0a5fd5d1 DataFlow: Add uniqueParameterNodeAtPositionExclude 2023-01-17 14:05:17 +01:00
Antoine Taillefer
660e6d7085 Fix partial path traversal Java example 
The Java recommendation example for the "Partial path traversal vulnerability from remote" query doesn't seem right to me. Indeed, the following statement doesn't compile, since `dir.getCanonicalPath()` returns a String:
```
dir.getCanonicalPath().toPath()
```
Maybe the author wanted to state `dir.getCanonicalFile().toPath()`, which would compile, but is useless compared to `dir.getCanonicalPath()`.

Moreover, `parent.getCanonicalFile().toPath()` or `parent.getCanonicalPath()` will **not** be slash-terminated, contrary to what the description says.
From what I can see (and test), the correct fix is to concatenate `File.separator` to the parent canonical path.
 2023-01-16 21:14:29 +01:00
jelaiw
cf7189bb28 Fix small typo in good/bad code sample. 2023-01-13 19:16:11 -06:00
Jami Cogswell
fb6725ddaa Java: add WithoutElement comment for clear methods 2023-01-13 13:20:45 -05:00
Jami Cogswell
a43f3cf95f Java: remove Supplier.get model 2023-01-12 17:09:13 -05:00
Jami Cogswell
f040ff2d8d Java: undo change to Function.apply test case 2023-01-12 17:01:58 -05:00
Jami Cogswell
c3a1d088ac Java: update change note 2023-01-12 16:32:52 -05:00
Jami Cogswell
a39b2aaaac Java: remove endsWith test case 2023-01-12 16:24:57 -05:00
Jami Cogswell
ffb267937a Java: add endsWith additionalTaintStep to ConditionalBypassFlowConfig 2023-01-12 16:24:05 -05:00
Michael Nebel
5c466f3319 Java: Sync files and update other relavant files related to the new naming of shift. 2023-01-12 19:06:29 +01:00
Chris Smowton
8aa2c23ba8 Merge pull request #11700 from JLLeitschuh/doc/JLL/improve-java-unsafe-deserialization-documentation 
[Java] Document fixes for deserialization vulnerabilities by framework
 2023-01-12 18:04:13 +00:00
Chris Smowton
09d8a50494 Spelling 2023-01-12 17:46:00 +00:00
Jami Cogswell
e0444449c8 Java: remove Function.apply model 2023-01-12 09:58:53 -05:00
Ian Lynagh
9ebe59d353 Merge pull request #11637 from igfoo/igfoo/kotlin-1.8 
Kotlin: Add 1.8 support
 2023-01-12 12:15:00 +00:00
Michael Nebel
18a815ca8b Merge pull request #11721 from michaelnebel/csharpjava/refactorprovenance 
C#/Java: Re-factor provenance related predicates.
 2023-01-12 10:50:31 +01:00
Jami Cogswell
fd593fd4f0 Java: undo changes to tests that were affected by numeric-flow summary models 2023-01-11 22:34:19 -05:00
Jami Cogswell
ce74c9d959 Java: Date models as neutral 2023-01-11 22:15:41 -05:00
Jami Cogswell
6bb865ad05 Java: make numeric flow models neutral 2023-01-11 18:04:43 -05:00
Jami Cogswell
0c7ffb0554 Java: update System.getProperty model 2023-01-11 12:04:22 -05:00
Pierre
c3116b3f0f Merge branch 'main' into turbo/experimental/combined 2023-01-11 18:02:55 +01:00
Jami Cogswell
2a99af0e6d Java: remove summary model for String.endsWith 2023-01-11 10:58:46 -05:00
Jami Cogswell
99ee6c95a1 Java: remove models for Consumer.accept and Collectors.toMap 2023-01-11 10:44:38 -05:00
Jami Cogswell
ac064ac2a7 Java: remove model for Collectors.joining 2023-01-11 10:30:49 -05:00
Michael Nebel
7e4f7a0c17 C#: Address review comments and sync files. 2023-01-11 16:29:24 +01:00
Michael Nebel
8112058a0a Java: Adapt TopJdpApi library to the re-factor. 2023-01-11 16:20:55 +01:00
Michael Nebel
6a047d6916 Java: Re-factor provenance related predicates for summarized callable. 2023-01-11 16:20:55 +01:00