hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,981 Commits 1,672 Branches 157 Tags
e33d78674565b64f9ef4ab2001b49bfd5b29b3c0
Commit Graph

7235 Commits

Author SHA1 Message Date
luchua-bc
e33d786745 Add test cases and reduce FPs 2022-09-23 12:31:16 +00:00
luchua-bc
251f67dcf3 Use the new CSV model 2022-09-23 12:31:16 +00:00
luchua-bc
b3572747f0 Simplify test case and minor update to the query 2022-09-23 12:31:15 +00:00
luchua-bc
311c9e4719 Query to detect unsafe resource loading in Java Spring applications 2022-09-23 12:31:15 +00:00
Tom Hvitved
8b424d181a Merge pull request #10505 from hvitved/dataflow/viable-impl-in-ctx-consistency 
Data flow: Guard against `viableImplInCallContext` not being a subset of `viableCallable`
 2022-09-23 10:38:48 +02:00
Dave Bartolomeo
cee0e8e137 Merge pull request #10532 from github/henrymercer/3.7-mergeback 
Final mergeback from `rc/3.7`
 2022-09-22 13:42:59 -04:00
Tom Hvitved
ad6b870f94 Data flow: Sync files 2022-09-22 15:01:33 +02:00
Erik Krogh Kristensen
6e6880bbe4 Merge pull request #10486 from erik-krogh/java-unqueryable 
Java: Delete some unused code
 2022-09-22 14:21:39 +02:00
erik-krogh
a8929b6400 deprecate RegExpFlags::getFlags instead of deleting it 2022-09-22 13:43:42 +02:00
erik-krogh
b61bd56d70 un-deprecate guardControls_v2 2022-09-22 13:42:50 +02:00
Tom Hvitved
f0f4fe7286 Merge pull request #10444 from hvitved/ruby/stmt-sequence-post-update 
Ruby: Add post-update nodes for compound arguments
 2022-09-22 13:18:51 +02:00
Henry Mercer
f8f99af8b7 Bump the minor version of packs we regularly release 2022-09-22 12:14:19 +01:00
Chris Smowton
c2656dd55f Kotlin: Tolerate kotlinc versions like 1.7.20-Beta 2022-09-22 10:23:29 +01:00
Andrew Eisenberg
99e8cb78b0 Merge pull request #10496 from aeisenberg/aeisenberg/merge-rc3.7-into-main 
Aeisenberg/merge rc3.7 into main
 2022-09-21 08:09:47 -07:00
Tamás Vajk
82c3e53694 Merge pull request #10473 from tamasvajk/kotlin-suspend 
Kotlin: Extract `suspend` functions
 2022-09-21 14:22:44 +02:00
Ian Lynagh
46a23e107b Merge pull request #10495 from igfoo/igfoo/traplocker 
Kotlin: Tidy up TrapLocker
 2022-09-21 13:05:58 +01:00
Ian Lynagh
aaa3fc0b5c Merge pull request #10353 from tamasvajk/kotlin-fix-not-implemented 
Kotlin: Catch exception thrown by kotlinc
 2022-09-21 13:05:41 +01:00
Tom Hvitved
db8b6ac69a Data flow: Sync files 2022-09-21 11:02:24 +02:00
github-actions[bot]
84159317ee Add changed framework coverage reports 2022-09-21 00:22:14 +00:00
Andrew Eisenberg
58e4861b45 Merge branch 'main' into rc/3.7 2022-09-20 12:43:20 -07:00
Ian Lynagh
6e249dad7f Kotlin: TrapLocker: Pass the TRAP file to be opened 
We already know what it is, as we've just locked it.
 2022-09-20 15:12:58 +01:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Ian Lynagh
2731740c67 Kotlin: TrapLocker: Remove unused isNonSourceTrapFile 2022-09-20 15:07:35 +01:00
Chris Smowton
f826342112 Merge pull request #6246 from Marcono1234/marcono1234/annotation-improvements 
Java: Improve and add predicates and classes for annotations
 2022-09-20 11:48:29 +01:00
erik-krogh
70eced62b6 delete unused predicate that couldn't be imported from outside the folder 2022-09-20 12:40:39 +02:00
erik-krogh
8eefa4c1b0 deprecate internal predicate that was never used 2022-09-20 12:39:41 +02:00
erik-krogh
bec381a1dc remove unused predicate from NfaUtilsSpecific.qll 2022-09-20 12:38:34 +02:00
Tony Torralba
4af29e6abf Update java/ql/src/Security/CWE/CWE-094/TemplateInjection.qhelp 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:40 +02:00
Tony Torralba
4997f36f05 Apply suggestions from code review 
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
 2022-09-20 11:48:18 +02:00
Chris Smowton
6b9d546eaf Merge pull request #10457 from github/smowton/fix/java-really-unique-fixedHasLocation 
Java: really return a unique location for non-source entities
 2022-09-20 10:46:45 +01:00
Chris Smowton
14fa6d4487 Avoid deprecated Annotation.getAValue 2022-09-20 10:15:23 +01:00
Michael Nebel
eefe457c4b Merge pull request #10238 from michaelnebel/csharp/theoremsforfree 
C#: Theorems for Free - Model generation
 2022-09-20 09:30:10 +02:00
Tamas Vajk
9a6b17df0e Kotlin: Add async-await dataflow test case 2022-09-19 13:38:48 +02:00
Tamas Vajk
85d883c647 Kotlin: add test to show suspend function inconsistency between source and bytecode extraction 2022-09-19 13:38:43 +02:00
Tamas Vajk
a6e44ed1cf Kotlin: extract suspend modifier and handle suspend SAM conversions 2022-09-19 13:36:28 +02:00
Tamas Vajk
3e58605e8e Kotlin: Add tests with suspend functions 2022-09-19 13:28:20 +02:00
Tamas Vajk
aae8f393fe Kotlin: Adjust test to reduce overhead of listing modifiers of lambdas 2022-09-19 13:22:00 +02:00
Chris Smowton
3fa1f17b83 Java: really return a unique location for non-source entities 
This was always supposed to pick one of several candidate non-source locations (usually for a generic type instantiation), but since `getFile().toString()` just produces the basename of the class file actually the results would almost always tie and all of the candidate locations would be returned. Use the full class file path as a tiebreaker instead.
 2022-09-16 18:23:31 +01:00
Chris Smowton
0ab5d466f6 Update test expectations now that the Java extractor's nested annotation handling has been fixed 2022-09-16 15:50:54 +01:00
Anders Schack-Mulligen
1945f185ed Apply suggestions from code review 
Autoformat
 2022-09-16 15:49:16 +01:00
Marcono1234
c8b922937b Java: Extend AnnotationType.isATargetType documentation 2022-09-16 15:49:16 +01:00
Marcono1234
37b18914ac Java: Add annotation tests 2022-09-16 15:49:16 +01:00
Marcono1234
8c9bdeb3be Java: Address Annotation review comments and add change note 2022-09-16 15:49:16 +01:00
Marcono1234
659a3a7925 Java: Deprecate RetentionAnnotation.getRetentionPolicyExpression() 2022-09-16 15:49:16 +01:00
Marcono1234
90a9364b00 Java: Rename Annotation.getAnArrayValue with index 
As mentioned by smowton during review, the predicate only has a single result
due to being restricted by the index and therefore its name should not start
with "getA...".

Also remove deprecated `getAValue(string, int)` because it never existed on
the `main` branch.
 2022-09-16 15:49:16 +01:00
Marcono1234
4ef2d156c4 Java: Deprecate error-prone and rarely used annotation predicates 2022-09-16 15:49:16 +01:00
Marcono1234
e3c1b96830 Java: Fix incorrect annotation handling for SpringControllerRequestMappingGetMethod 2022-09-16 15:49:16 +01:00
Marcono1234
998aa95eae Java: Add convenience array value Annotation predicates 2022-09-16 15:49:16 +01:00
Marcono1234
47e38952d1 Java: Improve Annotation.getAnAssociatedAnnotation 
As suggested by smowton during review.
 2022-09-16 15:49:16 +01:00
Marcono1234
fd5fdd89d9 Java: Rename Annotation.getAValue predicates for array values 
Predicate name could lead to confusion with non-array predicate getAValue()
 2022-09-16 15:49:16 +01:00