hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
40,053 Commits 1,741 Branches 165 Tags
ebb52adba67a3a20171c368a9ab2492229ec7ce6
Commit Graph

40053 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
ebb52adba6 Kotlin: add test for Java and Kotlin both extending Map.Entry 2022-06-02 13:30:39 +01:00
Chris Smowton
efc534abe7 Add implied wildcards when extracting type parameter bounds 
kotlinc seems to always insert wildcards where type parameter variance implies them, and ignores @JvmSuppressWildcards at least in 1.6.20.
 2022-06-02 11:37:15 +01:00
Chris Smowton
c1592cb1dc Accept test changes 2022-06-02 10:31:35 +01:00
Chris Smowton
910bb51094 Extract WildcardTypeAccesses 
Their absence became more noticeable now that more implicit wildcards are being produced.
 2022-06-02 10:31:08 +01:00
Chris Smowton
dc7d07ff46 Extract correct implied wildcards for Java classes and @JvmSuppressWildcards-annotated entities 
For Java classes this means following the structure of the underlying Java type to determine where the wildcard was really present and where the Java signature ruled it out. The annotation tracking simply means looking for @JvmSuppressWildcards on any surrounding class or function to turn off wildcard introduction by default.
 2022-06-01 20:00:22 +01:00
Chris Smowton
37fce6ace9 Restore implicit wildcard types 
The Kotlin compiler represents types like List<out CharSequence> internally as List<CharSequence> due to the fact that List's type parameter is covariant, and similarly Comparable<in CharSequence> where Comparable's type parameter is contravariant. However it restores use-site variance when emitting class files, so we must do the same thing for
compatability with Java code.

Note this is a partial solution because it will also add wildcards to Java .class files that *could* have a variance / wildcard but don't -- for example, a Java method could really take an invariant Comparable<CharSequence>, which is only achievable in Kotlin via the @JvmSuppressWildcards annotation. We also don't yet support
@JvmSuppressWildcards given on a surrounding class or function.
 2022-06-01 19:58:40 +01:00
Erik Krogh Kristensen
4b2b6fae88 Merge pull request #9395 from asgerf/js/fix-type-confusion 
JS: Fix cartesian product in TypeConfusionThroughParameterTampering
 2022-06-01 16:28:17 +02:00
Mathias Vorreiter Pedersen
7d962ac62b Merge pull request #9397 from MathiasVP/use-autogenerated-parent-in-cfg-library 
Swift: Use the autogenerated `getParent`
 2022-06-01 14:45:43 +01:00
Mathias Vorreiter Pedersen
cb7be4f8ba Merge pull request #9398 from github/redsun82/swift-getparent 
Swift: simplify `GetImmediateParent.qll`
 2022-06-01 14:35:20 +01:00
Mathias Vorreiter Pedersen
eabb5c7137 Swift: Respond to PR comments. 2022-06-01 14:34:22 +01:00
Paolo Tranquilli
3414028b1b Swift: simplify GetImmediateParent.qll 2022-06-01 15:01:49 +02:00
Mathias Vorreiter Pedersen
db0498e38c Swift: Use the autogenerated 'getParent' predicate in the CFG library. 2022-06-01 13:49:12 +01:00
Mathias Vorreiter Pedersen
ecce7f1f10 Merge pull request #9380 from github/redsun82/swift-getparent 
Swift: generate `getParent` implementation
 2022-06-01 13:48:48 +01:00
Paolo Tranquilli
6b90b2b05f Swift: add children to IsPattern 2022-06-01 14:35:58 +02:00
Paolo Tranquilli
a4f97dd67a Swift: add comment about unique in getImmediateParent 2022-06-01 14:32:59 +02:00
Paolo Tranquilli
bc0a32c26e Swift: sort import list 
Also fix parent tests with updated `statements.swift` file.
 2022-06-01 14:32:59 +02:00
Paolo Tranquilli
3597efb728 Swift: rename to getImmediateParent and use hidden AST 2022-06-01 14:32:58 +02:00
Paolo Tranquilli
a894ba64c4 Swift: make test run in Python 3.8 2022-06-01 14:32:58 +02:00
Paolo Tranquilli
a86d0fc8a7 Swift: move getAChild to a separate module 2022-06-01 14:32:58 +02:00
Paolo Tranquilli
946e1f498a Swift: generate getParent implementation 
By explicitly marking children in the `schema.yml` file, an internal
`getAChild` predicate is implemented, that is in turn used in `AstNode`
to implement `getParent`.

This is yet to be used in the control flow library to replace the
hand-rolled implementation.

A further, more complex step is to use the same information to fully
generate the core implementation of `PrintAst` (including the
accessor string). This will be done later.

The `parent` tests use the same swift code as the extractor tests, and
this is currently enforced by `sync-files.py`. Notice that `qltest.sh`
had to be modified to deal with multiple files, which was not working
yet.
 2022-06-01 14:32:58 +02:00
Ian Lynagh
6f9e9e889b Merge pull request #9396 from igfoo/igfoo/labeler 
CI: Add Kotlin and Go to labeler.yml
 2022-06-01 13:30:22 +01:00
Ian Lynagh
ef4f09cf52 CI: Labeler: Don't label Kotlin for changenotes 
They get labeled as Java. Given we aren't labeling shared QLL changes,
it makes sense not to label shared changenotes either.
 2022-06-01 13:19:00 +01:00
Ian Lynagh
67c4850c61 CI: Add Kotlin and Go to labeler.yml 2022-06-01 12:01:08 +01:00
Ian Lynagh
e0d9317889 Merge pull request #9389 from igfoo/igfoo/function_loc_override 
Kotlin: Remove extractFunction's location override
 2022-06-01 11:46:22 +01:00
Ian Lynagh
703ced3fe9 Merge pull request #9390 from igfoo/igfoo/valueparam 
Kotlin: extractValueParameter: Simplify typeSubstitution logic
 2022-06-01 11:46:05 +01:00
Asger F
db0ac7b3b3 JS: Fix cartesian product in TypeConfusionThroughParameterTampering 2022-06-01 11:37:23 +02:00
Rasmus Wriedt Larsen
729cf79be7 Merge pull request #9351 from RasmusWL/django-file-read 
Python: Support `read` on Django file
 2022-06-01 10:45:26 +02:00
Anders Schack-Mulligen
9abd2259d3 Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Michael Nebel
9cc10e4511 Merge pull request #9257 from michaelnebel/java/mad-commons-io-sha 
Java: Update commons-io SHA for model regeneration and update models.
 2022-06-01 09:46:30 +02:00
Robert Marsh
42ec6350eb Merge pull request #9349 from MathiasVP/fix-inconsistent-cfg 
Swift: Fix three CFG inconsistencies
 2022-05-31 14:38:08 -04:00
Ian Lynagh
6be4afcf36 Kotlin: extractValueParameter: Simplify typeSubstitution logic 
The type substitution is now done in the wrapper, so the worker doesn't
need to be passed typeSubstitution.
 2022-05-31 19:23:54 +01:00
Ian Lynagh
21d69ae819 Kotlin: Remove extractFunction's location override 
It wasn't being used.
 2022-05-31 17:43:25 +01:00
Mathias Vorreiter Pedersen
e2ddfcd437 Merge pull request #9387 from github/geoffw0-patch-2 
Swift: Update readme
 2022-05-31 16:34:17 +01:00
Robert Marsh
bd095abea4 Merge pull request #9388 from MathiasVP/cfg-for-yield 
Swift: CFG for `yield`
 2022-05-31 11:22:21 -04:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
Mathias Vorreiter Pedersen
6386daf44c Merge branch 'main' into fix-inconsistent-cfg 2022-05-31 15:59:53 +01:00
Robert Marsh
78fd0385fc Merge pull request #9355 from MathiasVP/not-all-functions-throw 
Swift: Only construct exceptional edges for calls that may throw
 2022-05-31 10:56:31 -04:00
Mathias Vorreiter Pedersen
5f9d03f7c6 Swift: CFG for 'yield'. 2022-05-31 15:45:43 +01:00
Chris Smowton
9b7597bcdb Merge pull request #9377 from porcupineyhairs/goPam 
Golang : Add Query To Detect PAM Authorization Bugs
 2022-05-31 15:42:45 +01:00
Geoffrey White
f598b26b03 Merge pull request #9384 from MathiasVP/qlpacks-for-swift 
Swift: Add qlpacks
 2022-05-31 15:39:20 +01:00
Mathias Vorreiter Pedersen
547cecf143 Merge pull request #9385 from MathiasVP/swift-extract-yield-stmt 
Swift: Extract `yield` statements
 2022-05-31 15:33:35 +01:00
Mathias Vorreiter Pedersen
a175f49759 Merge pull request #3 from geoffw0/swiftsrc 
Swift: Add swift-security-and-quality, swift-security-extended packs.
 2022-05-31 15:02:33 +01:00
Mathias Vorreiter Pedersen
b5d229d4d8 Apply suggestions from code review 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2022-05-31 15:01:36 +01:00
Geoffrey White
01091ae1b9 Swift: Add codeql-suites. 2022-05-31 14:52:53 +01:00
Asger F
f70f769bb6 Merge pull request #9266 from asgerf/js/madman-prep 
JS: Some fixes to support proper analysis of d.ts files
 2022-05-31 15:43:40 +02:00
Mathias Vorreiter Pedersen
1d120486b4 Swift: Extract 'yield' statements. 2022-05-31 14:43:09 +01:00
Mathias Vorreiter Pedersen
9af31bab2a Swift: Add qlpacks. 2022-05-31 13:59:44 +01:00
Tamás Vajk
7f5dcfaf0f Merge pull request #9379 from tamasvajk/kotlin-android-specific-return-types 
Kotlin: Change return type of Android specific `ConcurrentHashMap.keySet`
 2022-05-31 14:00:36 +02:00
Chris Smowton
d4f9c75315 Remove dead code 2022-05-31 11:14:36 +01:00