hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,558 Commits 1,672 Branches 157 Tags
e868cdf91bfa524e81b1465e5e03b47a0831967d
Commit Graph

1473 Commits

Author SHA1 Message Date
Chris Smowton
e868cdf91b Merge pull request #9876 from smowton/smowton/feature/interface-forwarding 
Kotlin: implement default interface forwarding
 2022-10-20 10:17:47 +01:00
Chris Smowton
c6b62c934b Merge pull request #10853 from smowton/smowton/fix/specialised-anon-classes 
Kotlin: extract called private methods of specialised types, and specialised instances of anonymous types
 2022-10-19 16:48:28 +01:00
Tony Torralba
fd8f8cb930 Merge pull request #10223 from atorralba/atorralba/unsafe-content-resolver 
Java: New Android query to detect unsafe content URI resolution
 2022-10-19 11:22:04 +02:00
Tamás Vajk
543e2f5aab Merge pull request #10678 from tamasvajk/kotlin-type-param-modifiers 
Kotlin: Extract type parameter modifiers (`reified`, `in`, `out`)
 2022-10-18 09:10:57 +02:00
Chris Smowton
b4c4a26e22 Element.hasChildElement: associate local classes specialisations with their unspecialised containing function 2022-10-17 18:43:12 +01:00
Chris Smowton
b763c406b6 hasChildElement: include method -> local class edges 2022-10-17 18:38:13 +01:00
Chris Smowton
e8a35983ee Implement Kotlin default interface method forwarding 
Kotlin's implementation of defaults depends on the -Xjvm-default setting (or the @JvmDefault deprecated annotation, not implemented here): by default, actual interface class files don't use default method, and any class that would inherit one instead implements the interface calling a static method defined on TheInterface$DefaultImpls. With
-Xjvm-default=all or =all-compatibility, real interface default methods are emitted, with the latter retaining the DefaultImpls methods so that other Kotlin can use it.

Here I adopt a hybrid solution: create a real default method implementation, but also emit a forwarding method like `@override int f(int x) { return super.TheInterface.f(x); }`, because the Java extractor will see `MyClass.f` in the emitted class file and try to dispatch directly to it. The only downside is that we emit a default interface
method body for a prototype that will appear to be `abstract` to the Java extractor and which it will extract as such. I work around this by tolerating the combination `default abstract` in QL. The alternative would be to fully mimic the DefaultImpls approach, giving 100% fidelity to kotlinc's strategy and therefore no clash with the Java
extractor's view of the world.
 2022-10-17 18:38:13 +01:00
Chris Smowton
8553266aae Allow specialised instances of anonymous classes 2022-10-17 11:27:05 +01:00
Anders Schack-Mulligen
6ef5fac239 Merge pull request #10814 from aschackmull/dataflow/synth-global 
Dataflow: Add support for synthetic global fields in MaD.
 2022-10-17 08:34:26 +02:00
Anders Schack-Mulligen
5ce4483a8e Merge pull request #10795 from aschackmull/java/synth-callable 
Java: Add support for synthetic callables with flow summaries and model Stream.collect
 2022-10-14 10:58:14 +02:00
Josh Soref
45d1e3f9b2 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Josh Soref
52a3e3c2fd spelling: heuristic 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Anders Schack-Mulligen
ad8f0fc1dd Java: Address review comments. 2022-10-13 14:55:55 +02:00
Anders Schack-Mulligen
2848909450 Dataflow: Add support for synthetic global fields in MaD. 2022-10-13 14:18:13 +02:00
Anders Schack-Mulligen
51dfb319f5 Java: autoformat 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
ac3379657d Java: qldoc fix and changenote. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
8c7b6d6f20 Java: Add support for synthetic callables with flow summaries and model Stream.collect. 2022-10-13 11:17:44 +02:00
Anders Schack-Mulligen
036724ce8d Dataflow: Sync. 2022-10-13 11:03:30 +02:00
Anders Schack-Mulligen
c4915b27e7 Dataflow: Add additional annotation. 2022-10-13 11:03:08 +02:00
Tamás Vajk
6c781b5b1a Merge pull request #10789 from tamasvajk/kotlin-useless-params 
Kotlin: reduce FPs in useless parameter check for Kotlin code
 2022-10-13 09:40:54 +02:00
Erik Krogh Kristensen
10aab81f42 Merge pull request #10799 from jsoref/spelling-nfautils 
ReDoS: Spelling nfautils
 2022-10-12 23:09:06 +02:00
Josh Soref
09c8a98761 spelling: representation 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:26 -04:00
Josh Soref
bb1ce8973a spelling: repeatable 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
adb8860b9b spelling: pattern 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:20:24 -04:00
Josh Soref
370da943dc spelling: abcdefghijklmnopqrstuvwxyz 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-12 15:02:00 -04:00
Edward Minnix III
ce740b47ae Merge pull request #10637 from egregius313/egregius313/android-misconfigured-contentprovider 
Android ContentProvider Incomplete Permissions
 2022-10-12 09:41:03 -04:00
Tamas Vajk
0d6da9ca7f Exclude serialization constructors from useless parameters check 2022-10-12 12:58:28 +02:00
Tamas Vajk
955336fb22 Kotlin: exclude generated code from useless parameter check 2022-10-12 12:42:56 +02:00
Chris Smowton
3b49594c20 Kotlin: Add Callable.getKotlinParameterDefaultsProxy 2022-10-12 11:29:55 +01:00
Tamas Vajk
9eea6d4193 Kotlin: Extract type parameter modifiers (reified, in, out) 2022-10-11 16:40:07 +02:00
Tamás Vajk
8523d21f8c Merge pull request #10696 from tamasvajk/kotlin-lateinit 
Kotlin: Extract `lateinit` modifier
 2022-10-11 15:03:10 +02:00
Tom Hvitved
d6df69d481 Merge pull request #10754 from hvitved/dataflow/non-hidden-succ-fast-tc 
Data flow: Improve `fastTC` bound in `PathNodeImpl::getANonHiddenSuccessor`
 2022-10-11 11:12:58 +02:00
Tamás Vajk
70b8224a8b Merge pull request #10723 from tamasvajk/kotlin-generated-files 
Kotlin: Recognize generated files
 2022-10-10 16:24:42 +02:00
Tom Hvitved
ffb2b1c15e Data flow: Sync files 2022-10-10 15:39:13 +02:00
Tamas Vajk
544e2e4107 Remove path based generated file classification 2022-10-10 14:42:15 +02:00
Tom Hvitved
296ec94a2a Data flow: Sync files 2022-10-09 19:48:45 +02:00
Jami
bb0f2f7d36 Merge pull request #10368 from jcogs33/android-deeplink-analysis 
Java: Android deeplink analysis
 2022-10-07 14:32:05 -04:00
Tamas Vajk
f51c13f0c1 Kotlin: Recognize generated files 2022-10-07 09:32:00 +02:00
Tony Torralba
ceae5eef28 Revert "Decouple from #10177" 
This reverts commit 7b34b10cee.
 2022-10-06 16:30:23 +02:00
Tony Torralba
21a0c446b4 Update java/ql/lib/semmle/code/java/security/UnsafeContentUriResolution.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-10-06 16:28:17 +02:00
Tony Torralba
7b34b10cee Decouple from #10177 2022-10-06 16:28:17 +02:00
Tony Torralba
4a18892da9 Second query version 
Remove sinks flowing to write operations requirement
 2022-10-06 16:28:17 +02:00
Chris Smowton
34a0a0d080 Implement $default method synthesis 
This adds methods that fill in default parameters whenever a constructor or method uses default parameter values. I use as similar an approach to the real Kotlin compiler as possible both because this produces the desirable dataflow, and because it should merge cleanly with the same class file seen by the Java extractor, which will see and
extract the signatures of the default methods.
 2022-10-06 12:38:55 +01:00
Anders Schack-Mulligen
5b67ba2939 Merge pull request #10177 from atorralba/atorralba/path-sanitizer 
Java: Promote `PathSanitizer.qll` from experimental
 2022-10-06 10:29:33 +02:00
Anders Schack-Mulligen
cbeff4efc8 Merge pull request #10693 from atorralba/atorralba/fix-guard-bad-magic 
Java: Fixes bad magic in `Guard::guardControls_v3`
 2022-10-06 10:14:48 +02:00
Tom Hvitved
0beea9fd1a Fix typos 2022-10-05 15:54:52 +02:00
Tamas Vajk
082544e88c Kotlin: Extract lateinit modifier 2022-10-05 15:25:49 +02:00
Tom Hvitved
6f518c1996 Data flow: Sync files 2022-10-05 12:58:29 +02:00
Tony Torralba
527425b397 Fixes bad magic in Guard::guardControls_v3 2022-10-05 12:35:33 +02:00
Anders Schack-Mulligen
6db0db431f Java: Add pruning for local taint flow. 2022-10-05 12:02:05 +02:00