hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,672 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

8654 Commits

Author SHA1 Message Date
Jami Cogswell
e9e5f92603 Java: update notModeled for negative numbers 2022-12-07 21:46:52 -05:00
retanoj
0edfc6e01e greedy matching 2022-12-08 09:23:24 +08:00
Jami Cogswell
aa7e6d7811 Java: add negative numbers 2022-12-07 17:17:35 -05:00
Ian Lynagh
6267da44ae Kotlin: Improve diagnostic limit message 
The message saying that the limit was exceeded is now given at the same
severity as the original message.
 2022-12-07 18:33:35 +00:00
Ian Lynagh
e6c3bcec63 Java/Kotlin: Update the diagnostic severity documentation 2022-12-07 17:14:51 +00:00
Chris Smowton
9f9a51685b Merge pull request #11510 from smowton/smowton/fix/kotlin-populate-source-class-files 
Kotlin: stub trap .class files when extracting a class from Kotlin source
 2022-12-07 14:33:42 +00:00
Edward Minnix III
170c9af9e8 Merge pull request #11238 from egregius313/egregius313/webview-setjavascriptenabled 
Java: Query for detecting enabling Javascript in Android WebSettings
 2022-12-07 09:31:58 -05:00
retanoj
9cfeaeb18e Merge branch 'main' into MybatisSqli 2022-12-07 21:19:08 +08:00
Jami
5e694b5983 Merge pull request #11192 from jcogs33/jcogs33/share-key-sizes 
Share encryption key sizes between Java and Python
 2022-12-07 08:08:24 -05:00
Chris Smowton
c526020fd4 Note TODO re: re-enabling suspend function Java interop testing 2022-12-07 11:51:48 +00:00
Chris Smowton
ecbb96ffc1 Remove no-longer-needed diagnostic expectations 2022-12-07 11:50:41 +00:00
Tony Torralba
cabce5fb36 Merge pull request #11549 from mbaluda/mbaluda/insecure-cookie 
Java: Support interprocedural setting of cookie security
 2022-12-07 12:14:46 +01:00
Tony Torralba
321a2f5a73 Merge pull request #11550 from atorralba/atorralba/kotlin/adapt-path-sanitizer 
Kotlin: Adapt PathSanitizer
 2022-12-07 12:08:00 +01:00
Anders Schack-Mulligen
f17f19c821 Java: Switch to qualified imports. 2022-12-07 11:41:32 +01:00
Tony Torralba
6dcc0cc188 Further simplification 2022-12-07 10:50:23 +01:00
Tony Torralba
ccd465d669 Update java/ql/lib/semmle/code/java/security/PathSanitizer.qll 2022-12-07 10:38:33 +01:00
Tony Torralba
2f622ad72c Refactor by introducing helper predicates 2022-12-07 10:31:54 +01:00
Tony Torralba
85b2642a5e Extraction discrepancy fixed in kotlinc 1.7.21 2022-12-07 09:57:31 +01:00
Ed Minnix
b6a59f0885 Java: Add support and tests for implicitly exported activity aliases 2022-12-06 23:11:48 -05:00
Ed Minnix
1472335c2e Abbreviated change note in changelog entry for activity-alias 2022-12-06 23:11:48 -05:00
Ed Minnix
2255b0d96a Modify getAndroidComponentXmlElement to handle activity-alias 
Since aliases have both the `name` and `targetActivity` attributes, we
should check all identifying attributes in order to add
`<activity-alias>` elements as dataflow sources.
 2022-12-06 23:11:48 -05:00
Ed Minnix
4620db0fe9 Activity alias: formatting changes suggested by Actions 2022-12-06 23:11:48 -05:00
Ed Minnix
ec6c421f91 Added change notes for AndroidManifest.qll 2022-12-06 23:11:48 -05:00
Ed Minnix
f4dbd41036 Test files for Activity Alias 2022-12-06 23:11:48 -05:00
Ed Minnix
4df926e148 Add method for finding aliases to AndroidActivityXmlElement 2022-12-06 23:11:48 -05:00
Ed Minnix
b4f08f8b91 Add support for Android Manifest <activity-alias> element 2022-12-06 23:11:48 -05:00
Ed Minnix
4c270fca91 Add generalized identifier resolution for AndroidManifest 
Since more than one attribute can hold an identifier, refactor
identifier resolution into a separate method.
 2022-12-06 23:11:47 -05:00
Ed Minnix
cf3e5a0abe Add class for XML Attributes meant to hold an identifier in AndroidManifest 
Some Android component attributes hold an identifier (e.g.
`android:name` and `android:targetActivity` for `<activity-alias>`).
 2022-12-06 23:11:47 -05:00
Jami Cogswell
b82f9b1911 Java: add draft of generated vs manual MaD metrics query 2022-12-06 22:15:19 -05:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
Chris Smowton
522a549d61 Improve debug logging when the external decl extractor handles an IrFile 2022-12-06 20:39:14 +00:00
Chris Smowton
d2e7797485 Rename to writeStubTrapFile 2022-12-06 20:39:03 +00:00
Ed Minnix
1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Chris Smowton
00f323c8bd Fix: extract directly exposed fields with static modifier 2022-12-06 20:32:10 +00:00
Chris Smowton
c68ac460c9 Accept test changes: again this is a raw class extracted just for its signature. 2022-12-06 18:38:33 +00:00
Chris Smowton
d37a10e4f1 Accept test changes: methods no longer appearing to be final 
This is actually a bug, which we should follow up on subsequently.
 2022-12-06 18:38:31 +00:00
Chris Smowton
59eb81b50a Accept test changes: a raw class getting extracted solely for use in a signature 
We could revert this by allowing useType to avoid triggering class-instance extraction when used just for its signature result
 2022-12-06 18:35:04 +00:00
Chris Smowton
f5579d59f8 Accept test changes: classes no longer getting multiple locations 2022-12-06 18:35:04 +00:00
Chris Smowton
9f722a7e12 Disable java_and_kotlin inconsistency test; accept changes 
This was testing that a signature inconsistency occurs, but this now manifests as a db inconsistency which can't be used as a test expectation because specific tuple numbers are liable to change with the environment.
 2022-12-06 18:35:04 +00:00
Chris Smowton
f2fded6486 Accept jvmstatic-annotation changes 
These occur because the Companion field is odd, being extracted from source but not having an associated FieldDeclaration, leading to PrintAst enumerating the node differently depending on whether it has a source-file location or not but in either case choosing not to show it.
 2022-12-06 18:35:04 +00:00
Chris Smowton
5e023bf619 Remove no-longer-applicable diagnostic matches 
These resulted from the Java compiler exploring NotNull and other Kotlin-emitted annotations, which it no longer does because it finds a .class trap file already present and truncates its class-graph walk
 2022-12-06 18:35:04 +00:00
Chris Smowton
82f3c2f6d5 Mark the Companion field as static 2022-12-06 18:35:04 +00:00
Chris Smowton
d9dc8e38f9 Fix binary names for classes declared from source 
Only top-level non-class declarations need the IrFile's expected class name inserting
 2022-12-06 18:35:04 +00:00
Chris Smowton
910a1f872d Adjust opt-in required to use string-manipulation functions in Kotlin <= 1.5 2022-12-06 18:35:04 +00:00
Chris Smowton
540a2a623e Don't create stub trap files for anonymous or local classes, or unexpected kinds of top-level declaration 2022-12-06 18:35:04 +00:00
Chris Smowton
08e3431107 Also stub class files relating to file classes and top-level declarations 2022-12-06 18:35:04 +00:00
Chris Smowton
748637c2d8 Tidy and use version 0 for classes extracted from source 2022-12-06 18:35:03 +00:00
Chris Smowton
e34d72aee9 Kotlin: stub trap .class files when extracting a class from Kotlin source 2022-12-06 18:35:03 +00:00
retanoj
b0c86d8e51 change string match to regex match 2022-12-06 21:50:09 +08:00
Michael Nebel
8e4190d84a Merge pull request #11516 from michaelnebel/java/externalflowcleanup 
Java: Cleanup imports of `ExternalFlow`
 2022-12-06 14:26:39 +01:00