hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
42,653 Commits 1,672 Branches 157 Tags
e66d2dddb68edb10fb25eb0f09b8bf94ad35c617
Commit Graph

6899 Commits

Author SHA1 Message Date
Tamas Vajk
e66d2dddb6 Fix review findings 2022-09-01 14:07:27 +02:00
Tamas Vajk
3513bb8eed Kotlin: Change Modifiable::isPublic to not cover Kotlin internal members 2022-08-30 14:37:27 +02:00
Tamas Vajk
d9086e6328 Kotlin: Add test case for internal member accessed from java 2022-08-30 14:26:12 +02:00
Ian Lynagh
f5d43b80ed Merge pull request #10193 from igfoo/igfoo/extractClassSupertypes 
Kotlin: Small simplification
 2022-08-30 11:52:02 +01:00
Ian Lynagh
f118b39844 Merge pull request #10192 from igfoo/igfoo/array 
Kotlin: Remove another cast
 2022-08-30 11:51:48 +01:00
Ian Lynagh
a5893f38c5 Merge pull request #10189 from igfoo/igfoo/substituteTypeAndArguments 
Kotlin: Remove a cast from substituteTypeAndArguments
 2022-08-30 11:51:39 +01:00
Ian Lynagh
d6bdc8c711 Merge pull request #10178 from igfoo/igfoo/AnyDbType 
Kotlin: Add AnyDbType
 2022-08-30 11:51:25 +01:00
Tony Torralba
1f83c5833b Merge pull request #10092 from zbazztian/zbazztian/string.replace-taint 
Java: Add additional taint steps for java.lang.String methods
 2022-08-30 12:24:37 +02:00
Erik Krogh Kristensen
8f0b999c31 Merge pull request #10207 from erik-krogh/fixRank 
fix performance issue in the ReDoS query
 2022-08-30 10:17:11 +02:00
Erik Krogh Kristensen
c2679d8632 Merge pull request #10213 from erik-krogh/wayToLargeRange 
put a limit on the length of the equivalent range in overly-large-range
 2022-08-30 09:28:16 +02:00
github-actions[bot]
f2e37d25b3 Add changed framework coverage reports 2022-08-30 00:21:28 +00:00
erik-krogh
f47b097d7c put a limit on the length of the equivalent range 2022-08-29 21:03:52 +02:00
Anders Schack-Mulligen
e26a7fc4f3 Merge pull request #10173 from zbazztian/spring-crudrepository 
Java: Add data flow model for Spring's CrudRepository.save() method
 2022-08-29 15:00:07 +02:00
erik-krogh
77949cbeb3 add context to the rankState predicate in ExponentialBackTracking.qll 2022-08-29 13:42:05 +02:00
Anders Schack-Mulligen
6e7dcfcc6e Merge pull request #10097 from aschackmull/java/unification 
Java: Improve virtual dispatch via better unification check and deduplicate code with parameterised module
 2022-08-29 13:28:04 +02:00
Anders Schack-Mulligen
adfd474fee Java: Move file. 2022-08-29 11:50:54 +02:00
Ian Lynagh
4cd7bf2ebb Kotlin: Small simplification 
Also removes a cast
 2022-08-26 16:28:10 +01:00
Ian Lynagh
d2a5281d94 Kotlin: Remove another cast 2022-08-26 15:59:26 +01:00
Ian Lynagh
131632e7c1 Kotlin: Remove a cast from substituteTypeAndArguments 
It looks like it was safe, but it was hard to see why, and may
become unsafe following future kotlinc changes.
 2022-08-26 13:06:05 +01:00
Anders Schack-Mulligen
3e5155d1a1 Java: Address review comments. 2022-08-26 11:45:01 +02:00
Erik Krogh Kristensen
c02387a25a Merge pull request #10153 from erik-krogh/more-acronyms 
more renamings of acronyms to camelCase
 2022-08-26 10:52:17 +02:00
Tamás Vajk
4f5c06fed7 Merge pull request #10169 from tamasvajk/kotlin-array-iterator 
Kotlin: fix array iterator extraction
 2022-08-26 08:33:52 +02:00
erik-krogh
ebb1106d9d add missing qldoc 2022-08-25 20:52:30 +02:00
erik-krogh
cc7a9ef97a rename more acronyms 2022-08-25 20:52:27 +02:00
Ian Lynagh
5be8e45d09 Kotlin: Add AnyDbType 
All DbType* types extend it, and `Label`s require their argument to be a
subtype of it.
 2022-08-25 16:40:27 +01:00
Erik Krogh Kristensen
06afe9c0f4 Merge pull request #9816 from erik-krogh/msgConsis 
Make alert messages consistent across languages
 2022-08-25 15:20:01 +02:00
Ian Lynagh
2e2621adad Merge pull request #10154 from igfoo/igfoo/findSubType 
Kotlin: Implement and use fun <T,reified S: T> Iterable<T>.findSubType
 2022-08-25 12:57:46 +01:00
Sebastian Bauersfeld
130e1892f4 Address review comments. 2022-08-25 18:49:38 +07:00
Sebastian Bauersfeld
207aebc581 Change wording of change note. 2022-08-25 18:47:36 +07:00
Sebastian Bauersfeld
36b5e5f61a Java: Add change notes. 2022-08-25 17:58:24 +07:00
Sebastian Bauersfeld
a486a89cee Java: Taint flow through org.springframework.data.repository.CrudRepository.save(). 2022-08-25 17:58:24 +07:00
Erik Krogh Kristensen
ba1ad00d2a Merge pull request #10062 from erik-krogh/redosPrefix 
JS: use the shared regular expression libraries in `js/case-sensitive-middleware-path`
 2022-08-25 12:57:16 +02:00
erik-krogh
c7aa58252a change "does not seem to check" to "does not check" in unchecked-cast-in-equals queries 2022-08-25 12:31:58 +02:00
Ian Lynagh
12eab3d7f0 Kotlin: Specialise findSubType to IrDeclaration 
We only use it on that type, and this makes the uses a bit quieter.
 2022-08-25 10:11:19 +01:00
Ian Lynagh
b0ae12850d Merge pull request #10160 from igfoo/igfoo/more-not-null-exprs 
Kotlin: Remove the last not-null-expressions
 2022-08-25 10:05:53 +01:00
Ian Lynagh
bf6d9f8c23 Merge pull request #10161 from igfoo/igfoo/exec 
Make a load of files non-executable
 2022-08-25 10:05:39 +01:00
Tamas Vajk
15305fd9bb Kotlin: Fix iterator extraction of IntArray, BooleanArray, ... 2022-08-25 11:05:17 +02:00
Tamas Vajk
7196fdd475 Kotlin: fix array iterator extraction to work outside of for loops 2022-08-25 09:23:34 +02:00
Tamas Vajk
af2614be84 Kotlin: Add array iterator tests 2022-08-25 09:17:50 +02:00
Ian Lynagh
3fcfd32eb1 Make *.ql non-executable 2022-08-24 16:55:11 +01:00
Ian Lynagh
237b3670b4 Make *.xml non-executable 2022-08-24 16:53:48 +01:00
Ian Lynagh
bb73767042 Make *.java non-executable 2022-08-24 16:38:03 +01:00
Ian Lynagh
5f8d8cdf40 Make *.dbscheme non-executable 2022-08-24 16:37:26 +01:00
Ian Lynagh
501a9b3c6b Make *.qll non-executable 2022-08-24 16:36:15 +01:00
Jami
b3e88f8234 Merge pull request #9983 from jcogs33/android-implicit-export 
Java: query to detect implicitly exported Android components
 2022-08-24 10:52:50 -04:00
Ian Lynagh
b485706fde Kotlin: Remove the last not-null-expressions 2022-08-24 14:39:03 +01:00
Ian Lynagh
e4f66b8aa7 Kotlin: Refactor writeUpdateInPlaceExpr 
In tryExtractArrayUpdate we need to know if writeUpdateInPlaceExpr will
succeed before we start writing any TRAP.
 2022-08-24 14:31:10 +01:00
erik-krogh
1c0f2251e2 Merge branch 'main' into msgConsis 2022-08-24 14:38:57 +02:00
Ian Lynagh
31e1230c64 Kotlin: Remove another not-null-expr 2022-08-24 12:51:15 +01:00
Ian Lynagh
20ac15d549 Merge pull request #10152 from igfoo/igfoo/not-null-exprs 
Kotlin: Remove more not-null expressions
 2022-08-24 12:18:45 +01:00