hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,649 Commits 1,673 Branches 157 Tags
ed9502fd0be9cc017fe11cf13595462d16c664bf
Commit Graph

218 Commits

Author SHA1 Message Date
erik-krogh
e3e8f3d7c4 Java: delete various outdated deprecations 2023-10-09 09:14:54 +02:00
Ian Lynagh
a2659eecfb Merge pull request #14018 from igfoo/igfoo/extractor_information_kotlin1 
Kotlin: Write usesK2 ("uses Kotlin 2") information to the database
 2023-09-04 13:38:23 +01:00
Anders Starcke Henriksen
361ae1747e Merge branch 'main' into starcke/automodel-pack 2023-08-30 09:25:28 +02:00
Jean Helie
41726f52a2 Merge pull request #13954 from github/kaeluka/add-provenance-to-metadata 
Java: Automodel: Add Candidates for Regression Testing
 2023-08-29 14:33:02 +01:00
Jean Helie
de76c0749a Java: Automodel Framework Mode: Add Candidates for Regression Testing 2023-08-29 09:53:55 +01:00
Ian Lynagh
deaf912cb8 Kotlin: Add an integration test for extractor information 2023-08-22 16:39:18 +01:00
Michael Nebel
5623ccf4a0 Java: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable. 2023-08-21 09:59:00 +02:00
Stephan Brandauer
808dc3e8d3 Java: Automodel framework mode: track exact ai- provenance in alreadyAiModeled meta data property 2023-08-16 09:25:03 +02:00
Stephan Brandauer
bc55afcee7 Java: Automodel framework mode: use new interface 2023-08-14 13:17:55 +02:00
Stephan Brandauer
551b34e3be Java: Automodel application mode: include candidates that are useful for regression testing 2023-08-14 11:46:40 +02:00
Stephan Brandauer
1a95a34441 Java: automodel: use the call for call context, rather than the argument 2023-08-14 09:54:44 +02:00
Stephan Brandauer
4107758c8a Java: automodel extraction: add strings to query selection 2023-08-14 09:49:50 +02:00
Stephan Brandauer
a9906f6f7b Java: fix - add extra $@ 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-08-11 09:15:09 +02:00
Stephan Brandauer
e927470961 Merge branch 'main' into kaeluka/java-automodel-variadic-args 2023-08-09 09:02:32 +02:00
Anders Starcke Henriksen
3918e57ffe Take filter pack into account. 2023-08-08 15:10:12 +02:00
Anders Starcke Henriksen
8d34ab6d18 Merge branch 'main' into starcke/automodel-pack 2023-08-08 15:02:33 +02:00
Stephan Brandauer
3433437034 Java: automodel application mode: only extract the first argument corresponding to a varargs array 2023-08-07 14:15:17 +02:00
Stephan Brandauer
e1a5eba61b Java: automodel application mode: refactor varargs endpoint class to rely on normal argument node for nicer extracted examples 2023-08-07 12:18:52 +02:00
Stephan Brandauer
650ff8db87 Java: automodel comments 2023-08-07 12:18:51 +02:00
Stephan Brandauer
0781cb78e8 Java: automodel application mode: add isVarargsArray metadata value 2023-08-07 12:18:51 +02:00
Stephan Brandauer
5abf7769a7 Java: automodel application mode: use endpoint class like in framework mode 2023-08-07 12:18:51 +02:00
Anders Starcke Henriksen
e2abd3ff13 Create separate automodel pack. 2023-08-03 13:55:15 +02:00
Anders Starcke Henriksen
131ae1aae9 Fix name in predicate. 2023-08-03 09:53:40 +02:00
Anders Starcke Henriksen
1c425a5602 Change from package to endpoint. 2023-08-03 09:50:23 +02:00
Anders Starcke Henriksen
9b8d7df370 Add option to filter automodel queries by package. 2023-08-03 09:50:23 +02:00
Anders Schack-Mulligen
7bc8bf616f Merge pull request #13863 from aschackmull/dataflow/pack4 
Dataflow: Move the shared library to a properly shared qlpack.
 2023-08-02 14:19:49 +02:00
Anders Schack-Mulligen
405a3a73d1 Java: Remove irrelevant import. 2023-08-01 14:31:30 +02:00
Stephan Brandauer
621c05dc4b Java: format 2023-08-01 09:19:03 +02:00
Stephan Brandauer
058236877e Java: Drive-by: fix oversight in #13823 
In PR #13823, we had rewritten the endpoints that are being considered for framework mode. We used to use `DataFlow::ParameterNode` as endpoints.
However, `ParameterNode`s do not exist for the implicit `this` parameter; they also do not exist for bodiless interface-methods.

In PR #13823, we forgot to model that `this` only exists for non-static methods and to only consider parameters that we have source code for.
 2023-08-01 09:18:58 +02:00
Stephan Brandauer
37b6b46dbf Java: update extraction query tests after merging PR #13747 2023-08-01 09:18:57 +02:00
Stephan Brandauer
8bf960bd44 Java: fix QL-for-QL alert 2023-07-28 14:28:47 +02:00
Stephan Brandauer
021eedfdf1 Java: format 2023-07-28 14:26:34 +02:00
Stephan Brandauer
82fd0e45aa Java: support Argument[this] in NotAModelApiParameter 2023-07-28 14:04:53 +02:00
Stephan Brandauer
a9d2f43538 Java: use a newtype for framework mode candidates 2023-07-28 13:51:25 +02:00
Stephan Brandauer
8ed773b240 Java: Framework mode extraction now uses a custom class for endpoints, so we can support both Argument[this] and interface-method parameters 2023-07-28 12:56:39 +02:00
Stephan Brandauer
09c64e8fee Java: Support Argument[this] in framework mode metadata extraction 2023-07-28 12:55:26 +02:00
Stephan Brandauer
08f5774d13 Java: Automodel extraction fix for application mode 2023-07-25 17:11:07 +02:00
Stephan Brandauer
698b8d3c5c Java: Automodel extraction fix; previously, we treated endpoints that were marked as sinks, as well as summary-neutrals as 'erroneous' 2023-07-25 16:52:27 +02:00
Stephan Brandauer
2582b084f6 Merge pull request #13747 from github/tausbn/exclude-qualifier-argument-for-existing-models 
Java: Exclude qualifier argument for existing models
 2023-07-24 16:26:33 +02:00
Stephan Brandauer
13027a1094 Java: review suggestions from @atorralba 2023-07-24 14:09:10 +02:00
Stephan Brandauer
2f2f507a5d Java: drive-by change: remove obsolete custom queries from application mode characteristics 2023-07-24 13:55:53 +02:00
Stephan Brandauer
79da723878 Java: only assume that _manual_ MaD sinks have been fully modeled 2023-07-21 10:43:07 +02:00
Stephan Brandauer
5575fc65aa Merge pull request #13636 from github/tausbn/add-sink-alert-metrics-query 
Java: Add metric queries for counting sinks coming from models
 2023-07-19 13:12:32 +02:00
Taus
6b425f1395 Java: Revert definition of isNeutral 
Reverts the change made in
daf2743143

With the change in the aforementioned commit, we were extracting candidates for endpoints that
had a neutral _summary_ model. These are bad candidates, as they have already been triaged.
 2023-07-14 14:45:22 +02:00
Taus
6793bc6c6b Java: Exclude qualifier argument for existing models 
Excludes candadites for `Argument[this]` where we already have a model that covers a
different argument of the containing call.
 2023-07-14 14:26:21 +02:00
Taus
895e829eb1 Java: Add QLDoc for query predicates 2023-07-14 14:22:10 +02:00
Taus
c4487673e8 Java: Swap input and ext 2023-07-14 14:21:59 +02:00
Taus
49194a2af7 Java: Limit the number of samples extracted in application mode 
Uses the same trick as for the negative examples, this time with a limit of 7
candidates for each endpoint signature.

As this duplicates some of the logic used in another query, it may be worthwhile
to consider extracting this into a shared parameterized module.
 2023-07-12 15:13:10 +02:00
Taus
f666260cd8 Java: Add meta query for metrics gathering 
Exposes the same information as the existing queries through two query
predicates instead. This makes the downstream data gathering a bit more
convenient to implement.
 2023-07-06 16:59:15 +02:00
Taus
36c6c7235c Java: Move instance counting logic into utility library 2023-07-06 16:59:15 +02:00