hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

8768 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Ian Lynagh
a0636ff843 Merge pull request #9545 from igfoo/igfoo/type_cycles 
Java: Fix RefType.getAStrictAncestor() in the presence of type hierarchy cycles
 2022-07-12 14:28:54 +01:00
Ian Lynagh
d0bf424b19 Merge pull request #9806 from igfoo/igfoo/useType 
Kotlin: Extract an ErrorType if we fail to correctly extract a type
 2022-07-12 13:45:04 +01:00
Ian Lynagh
1bcb17b760 Update java/ql/lib/change-notes/2022-07-12-errortype.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-12 12:16:24 +01:00
Ian Lynagh
2edeeaac0e Merge pull request #9801 from igfoo/igfoo/psi 
Kotlin: We can't extract comments for < 1.5.20
 2022-07-12 11:01:30 +01:00
Ian Lynagh
965f5a980a Java/Kotlin: Add changenote for ErrorType 2022-07-12 10:58:16 +01:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Ian Lynagh
960d1dba8a Kotlin: We can't etract comments for < 1.5.20 
We were making our own PsiSourceManager, but that didn't know about any
IrFile -> PsiFile mappings.
 2022-07-11 19:36:43 +01:00
Ian Lynagh
4c68624b00 Kotlin: Pass a FileLogger to Psi2Ir 2022-07-11 19:17:21 +01:00
Ian Lynagh
b9072a3594 Kotlin: Share a Psi2Ir instance 2022-07-11 18:57:43 +01:00
Ian Lynagh
28a8999b74 Java: Add an upgrade script 2022-07-11 12:09:48 +01:00
Ian Lynagh
aa07600f5a Java: Update stats 2022-07-11 12:09:48 +01:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Raul Garcia
f5c6b45014 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:11 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
Shyam Mehta
39f885413f Change log 2022-07-01 11:34:56 -04:00
Ian Lynagh
1730ec22d9 Kotlin: Extract an ErrorType if we fail to correctly extract a type 2022-07-01 16:33:43 +01:00
smehta23
391dd5b38d Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:55:58 -04:00
smehta23
ebe48ec30a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:53:43 -04:00
smehta23
48e16e52b5 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:52:41 -04:00
Shyam Mehta
1a41d4c379 Add CVE number 2022-07-01 10:51:33 -04:00
Chris Smowton
b499ba5aa8 Kotlin: don't extract private setters of external classes 
Previously these would get extracted unlike other private methods even if the class was a standard library or other external class. This could cause inconsistencies because if we also compiled the class from source we could end up deciding different names for the property's setter: setXyz$private when seen from source, and setXyz without a
suffix when seen as an external .class file. Avoiding extracting these functions from the external perspective both restores consistency with other kinds of method and avoids these consistency problems.
 2022-07-01 15:44:17 +01:00
Shyam Mehta
300a14c35c Add ESAPI reference 2022-07-01 10:43:59 -04:00
smehta23
209a21655a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:40:38 -04:00
smehta23
c6f2f61bfb Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:39:46 -04:00
Chris Smowton
4c6a9772af Merge pull request #9768 from smowton/smowton/fix/internal-method-name-mangling 
Kotlin: Mangle names of internal functions to match JVM symbols
 2022-07-01 14:33:32 +01:00
Chris Smowton
14aef792e0 Accept test changes 2022-07-01 10:35:17 +01:00
Chris Smowton
df78b7e54b Merge pull request #9755 from smowton/smowton/feature/implement-jvmstatic-annotation 
Kotlin: support JvmStatic annotation
 2022-07-01 10:14:08 +01:00
Chris Smowton
b9eec13466 Accept integration test changes 2022-06-30 22:21:04 +01:00
Chris Smowton
dd93062101 Kotlin: Mangle names of internal functions to match JVM symbols 2022-06-30 21:56:25 +01:00
Ian Lynagh
144c0d63b1 Merge pull request #9766 from igfoo/igfoo/extension 
Kotlin: Fix a label
 2022-06-30 21:16:26 +01:00
Ian Lynagh
b373af47d1 Kotlin: Fix a label 
We want the .javaResult.id of a TypeResults.
 2022-06-30 16:59:18 +01:00
Chris Smowton
570e418b22 Fix ordering PrintAst nodes 2022-06-30 16:07:32 +01:00
Chris Smowton
ec95cbace4 PrintAst: Tie-break multiple class members created at the same source location 
Otherwise Kotlin introducing a getter, setter and field declaration based on the same property tied in the sort order, and so could be output in different orders on different machines.
 2022-06-30 15:29:56 +01:00
Chris Smowton
0d0d240fd4 Accept test changes re: new compiler-generated nodes 2022-06-30 15:29:20 +01:00
Ian Lynagh
83fd9c3b3e Merge pull request #9763 from igfoo/igfoo/foreach 
Kotlin: Replace a map call with forEach
 2022-06-30 15:02:57 +01:00
Ian Lynagh
0e56e50d18 Kotlin: Replace a map call with forEach 2022-06-30 13:50:22 +01:00
Chris Smowton
8214c3b78e Add AST dump for JvmStatic annotation test 2022-06-30 13:11:43 +01:00
Chris Smowton
98761041f1 Prevent labelling proxies of default getters and setters as themselves default getters and setters 2022-06-30 13:11:00 +01:00
Chris Smowton
bf581b971c Rename willExtract properties to shouldExtract 2022-06-30 12:51:09 +01:00
Chris Smowton
5a47e1dd95 Annotate generated static proxy methods as compiler-generated 2022-06-30 12:48:11 +01:00
Chris Smowton
466cf7573b Autoformat 2022-06-30 12:42:39 +01:00
Chris Smowton
b4124ac553 Add test 2022-06-30 12:42:39 +01:00
Chris Smowton
bfdb21d551 Kotlin: support JvmStatic annotation 
This makes non-companion object methods into static methods, and for companion objects introduces static proxy methods that call the companion instance method.

Note this doesn't quite implement what kotlinc does, since it will also eliminate getters and setters by promoting an object field into a static field, but our translation is simpler and only differs in private members' details.
 2022-06-30 12:42:38 +01:00
Chris Smowton
ab52a020fa Add test 2022-06-30 10:22:56 +01:00
Chris Smowton
8e5bbea9f9 Use map...firstOrNull not firstNotNullOfOrNull 
The latter was introduced in Kotlin 1.5, so we can't use it in all supported versions.
 2022-06-30 10:15:44 +01:00