hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,672 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

8654 Commits

Author SHA1 Message Date
Chris Smowton
c149754c6b Fix java/iterator-remove-failure to handle calls to specialised generic functions 2022-09-14 22:17:19 +01:00
Chris Smowton
3bdccb38b6 Adapt inner-class-could-be-static query now that specialised methods are callable via an implicit this qualifier. 
Previously such a call always targeted the unbound method, so we checked for an inherited method that could be a specialisation thereof; now we expect it should be directly inherited.
 2022-09-14 22:17:19 +01:00
Chris Smowton
25b4d485b4 Java: Add test regarding the type of an implicit this expression 2022-09-14 22:17:19 +01:00
Ian Lynagh
8a5bc3b635 Kotlin: Don't use hasQuestionMark 
1.7.0 warns:
    'hasQuestionMark: Boolean' is deprecated. hasQuestionMark has
    ambiguous meaning. Use isNullable() or isMarkedNullable() instead
 2022-09-14 17:56:27 +01:00
Ian Lynagh
fce111bebe Kotlin: Compile with -Werror, and fix warnings 2022-09-14 16:42:57 +01:00
Ian Lynagh
8f2a718787 Kotlin: Remove an unused method 2022-09-14 16:31:11 +01:00
Tamás Vajk
e4a712c9d6 Merge pull request #10402 from tamasvajk/kotlin-comp-args 
Kotlin: Add integration test for compiler argument extraction
 2022-09-14 15:27:18 +02:00
Tamas Vajk
16836de02b Code quality improvment to simplify test QL 2022-09-14 15:15:06 +02:00
Ian Lynagh
b3b1efb1a1 Merge pull request #10414 from igfoo/igfoo/getQualifiedName 
Java: Tweak Member.getQualifiedName()
 2022-09-14 13:30:22 +01:00
Anders Schack-Mulligen
ba3ebeec2c Java: Remove low confidence dispatch for which we have a manual summary. 2022-09-14 13:39:31 +02:00
Anders Schack-Mulligen
d713910714 Merge pull request #10334 from aschackmull/java/uniontypeflow 
Java: Implement union type flow and replace ad-hoc variable tracking in dispatch
 2022-09-14 13:34:28 +02:00
Tamas Vajk
a68b61f50a Kotlin: adjust expected test results after fixing compiler argument interception 2022-09-14 13:15:29 +02:00
Tamas Vajk
6eccb5e99c Kotlin: Add integration test to show missing compiler arguments 2022-09-14 13:15:29 +02:00
Ian Lynagh
4ac0ecbc61 Java: Mark the getQualifiedName change as breaking 2022-09-14 12:10:50 +01:00
Ian Lynagh
d735b9e6f2 Java: Format QL 2022-09-14 11:56:13 +01:00
Ian Lynagh
fec6c35f21 Java: Accept test output for getQualifiedName change 2022-09-14 10:52:43 +01:00
Michael Nebel
c5949fad75 C#/Java: Rename to Typed based summary model generation. 2022-09-14 11:06:23 +02:00
Michael Nebel
2d57b7d56a Java: Sync files. 2022-09-14 11:06:23 +02:00
Michael Nebel
13a802e260 Java: Sync files and make adjusting changes. 2022-09-14 11:06:23 +02:00
Anders Schack-Mulligen
64e2f4164d Java: Add test for disjunctive type in call context. 2022-09-14 10:38:10 +02:00
Anders Schack-Mulligen
9f200633ca Java: convert test to inline expectation 2022-09-14 10:17:31 +02:00
Anders Schack-Mulligen
83e7bf71d7 Java: Adjust qldoc. 2022-09-14 10:16:09 +02:00
erik-krogh
252394666c sync files 2022-09-13 20:44:05 +02:00
Ian Lynagh
f807b801ce Merge pull request #10401 from igfoo/igfoo/throw 
Kotlin: Remove a throw statement
 2022-09-13 17:41:31 +01:00
Tony Torralba
4708052741 Merge pull request #10408 from giper45/patch-1 
Updated vulnerable XSS.java version
 2022-09-13 17:50:47 +02:00
Ian Lynagh
6a63b86f8a Java: Member.getQualifiedName() tweaked 
It now includes the qualified name of the declaring type.
 2022-09-13 16:05:51 +01:00
Ian Lynagh
fc445736b2 Java: Use hasQualifiedName rather than getQualifiedName in ExternalAPIs 
It's more efficient, as it doesn't require building intermediate
strings.
 2022-09-13 15:58:00 +01:00
Tony Torralba
ac46a38b9d Update java/ql/src/Security/CWE/CWE-079/XSS.java 2022-09-13 16:49:20 +02:00
Tony Torralba
2b027709e4 Update XSS qhelp 2022-09-13 16:39:48 +02:00
gx1
1c4488e7c8 Updated vulnerable XSS.java version 2022-09-13 15:58:25 +02:00
Tamas Vajk
2c757c714d Kotlin: Code quality improvements: refactor a cast 2022-09-13 15:44:54 +02:00
Ian Lynagh
2f8151d8d2 Kotlin: Remove a throw statement 
We have a way to carry on here, so we may as well do so
 2022-09-13 13:51:00 +01:00
Anders Schack-Mulligen
b8a1818422 Java: Fix test expectation. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
0e376b32d2 Java: extend typeflow tests to cover union types. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
d0f7052de2 Java: Support instanceof disjunction in union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
686e03e1cc Java: Fix perf issue. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
c8b93e0910 Java: Replace uses of deprecated variableTrack. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
a8eedce8ab Java: Replace ad-hoc variable tracking with union type flow in dispatch. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
6f06267892 Java: Implement union type flow. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
7692a9e2e7 Java: Minor TypeFlow tweaks. 2022-09-13 13:30:40 +02:00
Anders Schack-Mulligen
85d4742a01 Java: Add dispatch test showing lack of union types. 2022-09-13 13:30:40 +02:00
Sebastian Bauersfeld
f95663cdfb Java: Added change note. 2022-09-13 11:38:15 +07:00
Sebastian Bauersfeld
0468b3a361 Java: Track taint through constructor arguments of java.net.URI. 2022-09-13 11:35:04 +07:00
Tony Torralba
f412f433bf Add thymeleaf steps 2022-09-12 17:52:38 +02:00
Edward Minnix III
eadb8a3988 Merge pull request #10106 from egregius313/egregius313/android-backup-allowed 
Java: Query to detect Android backup allowed
 2022-09-12 11:14:03 -04:00
Tamás Vajk
4569b9585f Merge pull request #10313 from tamasvajk/kotlin-fix-vararg 
Kotlin: Fix `vararg` extraction outside of method call
 2022-09-12 15:54:50 +02:00
Tamás Vajk
ed772e54d1 Merge pull request #10328 from tamasvajk/kotlin-kfunction-fix 
Kotlin: fix `KFunctionX.invoke` extraction
 2022-09-12 15:54:33 +02:00
Erik Krogh Kristensen
818601b612 Merge pull request #10285 from erik-krogh/paramClass 
ReDoS: convert RelevantState to a class in the PrefixConstruction module
 2022-09-12 15:23:19 +02:00
Tony Torralba
79a32f1a3e Tainting the freemarker dataModel isn't exploitable 2022-09-12 14:22:06 +02:00
Tony Torralba
dd6257c757 Add security-severity 2022-09-12 11:59:01 +02:00