hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-06 07:36:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
36,678 Commits 1,703 Branches 162 Tags
fbae0f5053af41f90564bba87dac069a78463e2e
Commit Graph

36678 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tamas Vajk
fbae0f5053 Revert dataflow changes, extract actual iterator function 2022-05-12 22:37:06 +01:00
Tamas Vajk
538e05995a Fix dataflow for kotlin.Array.iterator() 2022-05-12 22:37:03 +01:00
Tamas Vajk
776322bac2 Add foreach dataflow tests 2022-05-12 22:36:28 +01:00
Chris Smowton
7e17074b41 Allow arithmetic functions not mapping to Java equivalents 2022-05-12 22:36:28 +01:00
Chris Smowton
b1849f5f0a Expand error message 2022-05-12 22:36:28 +01:00
Chris Smowton
22e48ca39a Accept test changes 2022-05-12 22:36:28 +01:00
Chris Smowton
16af811b69 Allow imprecise matching for Kotlin -> Java method translation 
This allows the particular case of Collection.toArray(IntFunction<T>) to match, since both Java and Kotlin functions take an IntFunction<T> but they use different function-local type variables.

This would also allow toArray(Array<T>) to work similarly.
 2022-05-12 22:36:28 +01:00
Chris Smowton
77056c9bff Add test expectations 2022-05-12 22:36:28 +01:00
Chris Smowton
71d2e7be3e Don't replace own callables, and use a more exact replacement-finding test 2022-05-12 22:36:28 +01:00
Chris Smowton
ce87a89009 Replace Map and similar functions with their Java cousins 
This didn't appear to be necessary because the Kotlin and Java versions of Map (for example) are designed to be compatible, but in certain cases their functions have the same erasure but not the same type (e.g. Map.getOrDefault(K, V) vs. Map.getOrDefault(Object, V).

These have different erasures which was leading to callable-binding inconsistencies.
 2022-05-12 22:36:28 +01:00
Tamas Vajk
fa0bd0366c Fix extension property labels 2022-05-12 22:36:28 +01:00
Tamas Vajk
25fce5f6bb Identify data classes during extraction 2022-05-12 22:36:28 +01:00
Chris Smowton
1e78f2893c Add test for special method getters 2022-05-12 22:36:28 +01:00
Chris Smowton
134f88fe8e Accept test results 2022-05-12 22:36:27 +01:00
Chris Smowton
12e3401ae0 Map special getters onto their correct JVM names 
These include Collection.size() for example, which has a Kotlin property called `size` but whose getter is not named `getSize()`.

These would normally be accounted for using `@JvmName`, but some core methods are lowered by a special compiler pass instead.
 2022-05-12 22:36:27 +01:00
Chris Smowton
cb6941d212 Account for JVM type equivalency when recognising unspecialised types 
(As before, these are not really unspecialised, they are instantiated by their own type parameters, but this replicates the behaviour of the Java extractor)
 2022-05-12 22:36:27 +01:00
Mathias Vorreiter Pedersen
39551fd84d Merge pull request #9114 from geoffw0/xxe7 
C++: Repair support for createLSParser in the CWE-611 XXE query.
 2022-05-12 15:47:53 +01:00
Jeroen Ketema
941485d66f Merge pull request #9130 from jketema/cpp17-init 
C++: Handle C++17 if and switch initializers
 2022-05-12 16:37:44 +02:00
Anders Schack-Mulligen
8c8440a58a Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Geoffrey White
df30d2286c Merge branch 'main' into xxe7 2022-05-12 14:35:16 +01:00
Jeroen Ketema
723f3b09fe C++: Address review comments 2022-05-12 15:09:06 +02:00
Erik Krogh Kristensen
762f7bf7fe Merge pull request #9115 from erik-krogh/fileAndFolder 
JS: resolve main module when there is a folder with the same name as the main file
 2022-05-12 14:55:28 +02:00
Jeroen Ketema
72823e9576 Apply suggestions from code review 
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
 2022-05-12 14:54:43 +02:00
Taus
e8b7262712 Merge pull request #9133 from tausbn/devcontainer-install-test-extension-dependencies 
Devcontainer: Install test dependencies
 2022-05-12 14:51:18 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Erik Krogh Kristensen
4bef451156 Merge pull request #9021 from erik-krogh/actions 
JS: promote `js/actions/injection` out of experimental
 2022-05-12 14:38:38 +02:00
Taus
12b34bcf04 Devcontainer: Install test dependencies 
These _should_ get installed automatically if missing, by in my
experience this can be a bit flaky. Installing theme here should make
this a bit more robust.
 2022-05-12 12:17:04 +00:00
Rasmus Wriedt Larsen
7cd51d6147 Merge pull request #9126 from RasmusWL/moduleimport-with-dots 
Python: Fully disallow `API::moduleImport` of module with dots
 2022-05-12 14:16:25 +02:00
AlexDenisov
dd900e622c Merge pull request #9107 from redsun82/swift-arena 
Swift: `TrapOutput`
 2022-05-12 14:09:18 +02:00
Rasmus Wriedt Larsen
795adf0566 Python: Fix API::moduleImport("foo.bar") 2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen
3844c5b5c0 Python: Add change-note 2022-05-12 13:32:59 +02:00
Rasmus Wriedt Larsen
f8253f5fef Python: Fully disallow API::moduleImport of module with dots 
Inspired by discussion about this for MaD in
https://github.com/github/codeql/pull/8883#discussion_r865858084
 2022-05-12 13:30:26 +02:00
Rasmus Wriedt Larsen
597a8414d9 Python: Add test of API::moduleImport with dots 
This is currently semi-works -- the import is allowed, but doesn't
always work when used :|
 2022-05-12 13:29:16 +02:00
Nick Rolfe
234a36ff61 Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Erik Krogh Kristensen
fef4455ccc apply suggestion from doc review 
Co-authored-by: Steve Guntrip <12534592+stevecat@users.noreply.github.com>
 2022-05-12 13:28:45 +02:00
Jeroen Ketema
e23e5e5b12 C++: Add change notes for C++17 if and switch initializers 2022-05-12 12:56:50 +02:00
Jeroen Ketema
894380d701 C++: Update stats file 2022-05-12 12:56:50 +02:00
Jeroen Ketema
97bba115da C++: Add upgrade and downgrade script 2022-05-12 12:56:50 +02:00
Jeroen Ketema
71c019e126 C++: Handle C++17 switch initializers 2022-05-12 12:56:50 +02:00
Jeroen Ketema
ebbd9c5b90 C++: Handle C++17 if initializers 2022-05-12 12:56:50 +02:00
Tom Hvitved
0a7892797e Merge pull request #8938 from hvitved/ruby/with-without-mad-tokens 
Ruby: Introduce `With(out)Element` MaD input tokens
 2022-05-12 11:49:51 +02:00
Nick Rolfe
12a43b6fae C++: fix another use of AnalysedString 2022-05-12 10:38:13 +01:00
Harry Maclean
e8972b814f Merge pull request #8635 from hmac/hmac/io-popen 
Ruby: Model IO.popen
 2022-05-12 21:17:55 +12:00
Nick Rolfe
a86b5a1586 C++: fix changenote formatting 2022-05-12 09:26:30 +01:00
Anders Schack-Mulligen
e0c74d4390 Merge pull request #9124 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-05-12 09:06:07 +02:00
Anders Schack-Mulligen
fad7d9ae72 Merge pull request #9120 from igfoo/igfoo/fixes 
Kotlin: Fix some alerts
 2022-05-12 08:29:34 +02:00
Erik Krogh Kristensen
b1e8b3332c resolve main module when there is a folder with the same name as the main file 2022-05-12 08:20:30 +02:00
Erik Krogh Kristensen
6014614a31 Merge pull request #9103 from erik-krogh/nextParam 
JS: add support for typed NextJS route-handlers
 2022-05-12 08:18:26 +02:00
github-actions[bot]
acaf4517c0 Add changed framework coverage reports 2022-05-12 00:17:30 +00:00
Chris Smowton
85dc1090fe Merge pull request #9116 from smowton/smowton/feature/accept-conditional-cookie-security 
Java: tolerate `cookie.setSecure(request.isSecure())`
 2022-05-11 21:29:14 +01:00