github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
6 587 коммитов 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

341 Коммитов

Автор SHA1 Сообщение Дата
Anders Schack-Mulligen 9ebeac25ad
Merge pull request #1329 from hvitved/dataflow/performance 
Data flow: performance improvements
 2019-05-20 14:27:03 +02:00
Tom Hvitved bc00877ff2 Data flow: Add `nomagic` to `storeCand()` 2019-05-20 12:05:20 +02:00
Tom Hvitved 360c7a1ac5 Address review comments 2019-05-20 09:59:17 +02:00
yh-semmle 6468721f76
Merge pull request #1324 from aschackmull/java/switchexpr-nullness 
Java: Add SwitchExpr to Nullness::dereference.
 2019-05-19 22:24:27 -04:00
yh-semmle e5f4d475d0
Merge pull request #1320 from aschackmull/java/guardslogic-perf 
Java: Fix join-order for GuardsLogic::conditionalAssign.
 2019-05-19 22:23:18 -04:00
Tom Hvitved 02ca09aa43 Data flow: performance improvements 2019-05-16 07:35:10 +02:00
Anders Schack-Mulligen 531d30f048 Java: Add SwitchExpr to Nullness::dereference. 2019-05-15 13:20:55 +02:00
Anders Schack-Mulligen 3eb3cd345d Java: Update qldoc and add callsImpl convenience wrapper. 2019-05-14 16:31:56 +02:00
Anders Schack-Mulligen f9e4512f32 Java: Update polyCalls to use virtual dispatch. 2019-05-14 15:36:12 +02:00
Anders Schack-Mulligen b71acd2ff9 Java: Deprecate RemoteUserInput 2019-05-14 12:33:36 +02:00
Anders Schack-Mulligen 14cad57960 Java: Improve joinorder for GuardsLogic::conditionalAssign. 2019-05-14 11:28:18 +02:00
Anders Schack-Mulligen ebb63c8141 Java: Refactor Guard.controls in terms of dominating edges. 2019-05-13 16:35:30 +02:00
Max Schaefer 79e01a2de5
Merge pull request #1305 from aschackmull/java/abstract-flowsources 
Java: Introduce an abstract class RemoteFlowSource to ease customization.
 2019-05-10 11:42:15 +01:00
Anders Schack-Mulligen 66813a91ef Java: Postpone deprecation to separate PR. 2019-05-09 13:40:25 +02:00
Jonas Jensen 639d715d03
Merge pull request #1226 from hvitved/dataflow/prepare-for-csharp 
Generalize data-flow library in preparation for C# adoption
 2019-05-06 14:42:46 +02:00
Anders Schack-Mulligen f367427fb8 Java: Deprecate RemoteUserInput. 2019-05-06 13:43:58 +02:00
Anders Schack-Mulligen 10a6362357 Java: Introduce an abstract class RemoteFlowSource to ease customization. 2019-05-03 15:48:22 +02:00
Tom Hvitved d9bf0a670e Data flow: Address review comments 2019-05-03 15:00:48 +02:00
Tom Hvitved b6206d7370 Data flow: Introduce `ReturnKind` 2019-05-02 20:30:50 +02:00
yh-semmle 3a988d0312 Java 12: revert addition of `deprecated` annotations for preview features 2019-04-30 10:59:08 -04:00
yh-semmle 6d59b4e049 Java 12: tweak queries to preserve behavior 
This accounts for the changes in af8faee1.
 2019-04-30 10:59:08 -04:00
yh-semmle de47f25141 Java 12: remove `deprecated` annotation from `Stmt::getEnclosingStmt` 2019-04-30 10:59:07 -04:00
yh-semmle 3f132f45d9 Java 12: add dbscheme stats for switch expressions 2019-04-30 10:59:07 -04:00
yh-semmle f22084e18a Java 12: add more QL `deprecated` annotations 2019-04-30 10:59:06 -04:00
Anders Schack-Mulligen 0a569f6c1a Java: Change TCs of Stmt.getParent to Stmt.getEnclosingStmt. 2019-04-30 10:59:06 -04:00
Anders Schack-Mulligen 6ecf46ce85 Java: Add CFG edges for switch expressions. 2019-04-30 10:59:05 -04:00
Anders Schack-Mulligen 9a367d9293 Java: JumpStmt.getTarget, Stmt.getEnclosingStmt, SwitchExpr.getAResult. 2019-04-30 10:59:05 -04:00
yh-semmle 61324f0bb0 Java 12: enhanced QLDoc for preview features 2019-04-30 10:59:05 -04:00
yh-semmle d4e013b297 Java 12: deprecate QL constructs for new preview feature (switch exprs) 2019-04-30 10:59:04 -04:00
yh-semmle 38705038a8 Java 12: add QL for switch expressions, etc 2019-04-30 10:59:04 -04:00
yh-semmle 6ac1ee5fad Java 12: add switch expressions to dbscheme 2019-04-30 10:59:04 -04:00
yh-semmle 4ede686283 Java: refactor `ConstCase` and `DefaultCase` in preparation for Java 12 2019-04-30 10:59:03 -04:00
Tom Hvitved 29e59e6d1e Address review comments 2019-04-29 20:19:31 +02:00
Sebastian Bauersfeld 2f200d7517 Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources. 2019-04-17 18:02:00 -04:00
Tom Hvitved 18ced249ab Java: Generalize data-flow library in preparation for C# adoption 2019-04-10 13:05:31 +02:00
Anders Schack-Mulligen dec31a3dd6 Java: Use range analysis in IntMultToLong. 2019-04-05 10:42:23 +02:00
Anders Schack-Mulligen d144ea2f1c Java: Exclude slf4j calls in PrintLnArray as it supports array formatting. 2019-04-04 11:09:41 +02:00
yh-semmle b226cb64cd
Merge pull request #1189 from aschackmull/java/preconditions 
Java: Support precondition calls as guards (ODASA-7796).
 2019-04-03 21:36:08 -04:00
Felicity Chapman ffeb61c698 Fix typo in query description 2019-04-03 10:46:48 +01:00
Anders Schack-Mulligen b1e364b56a Java: Support precondition calls as guards. 2019-04-02 10:58:46 +02:00
Pavel Avgustinov c26b655956
Merge pull request #1022 from yh-semmle/java/dead-code-override 
Java: respect override annotations in `java/unused-parameter`
 2019-03-01 19:11:46 +00:00
yh-semmle a4beb03e15 Java: respect override annotations in `java/unused-parameter` 2019-02-20 15:27:35 -05:00
yh-semmle 64b2d331ae Java: add test for Guice framework support 2019-02-15 20:01:08 -05:00
yh-semmle b0d9c80ccc Java: add taint steps for Protobuf framework 2019-02-15 20:01:07 -05:00
yh-semmle fc4aa16905 Java: add remote user input for Apache Thrift framework 2019-02-15 20:01:07 -05:00
yh-semmle 751bbbf583 Java: add remote user input for Struts 2 `ActionSupport` 2019-02-15 20:01:06 -05:00
yh-semmle a436369846 Java: add remote user input and taint step for Guice framework 2019-02-15 20:01:06 -05:00
Anders Schack-Mulligen 25469637db Java: Autoformat qls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen 63a4dd09ad Java: Autoformat qlls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen 52ad816074
Merge pull request #904 from rneatherway/zipslip-fix 
Java: Add a flow step for `Path::toFile` in ZipSlip
 2019-02-11 13:08:38 +01:00
Robin Neatherway 409733838b Java: Add a flow step for `Path::toFile` in ZipSlip 2019-02-11 10:33:44 +00:00
Henning Makholm b8a03464bf Fix false positives in java/unused parameter 
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
 2019-02-07 21:14:36 +01:00
yh-semmle 3e8f7a740c
Merge pull request #838 from aschackmull/java/taint-collections 
Java: Add additional taint steps through collections.
 2019-02-05 09:59:24 -05:00
Anders Schack-Mulligen fe7add77d2 Java: Account for the repo move in NonSecurityTestClass. 2019-02-05 14:31:40 +01:00
james 7cc1442ecb Update link text 2019-01-30 09:44:07 +00:00
james 81137aa7b4 update links to locations in .ql files 2019-01-30 08:02:02 +00:00
james 9d1a050f35 update links to locations in .qll files 2019-01-30 08:01:49 +00:00
Anders Schack-Mulligen a29f615da0 Java: Add additional taint steps through collections. 2019-01-28 14:34:09 +01:00
semmle-qlci 65b64c7c05
Merge pull request #645 from sb-semmle/configuration-file-library 
Approved by yh-semmle
 2019-01-26 02:06:16 +00:00
Sebastian Bauersfeld f56fb6d774 Address review comments. 2019-01-24 16:09:06 -05:00
Sebastian Bauersfeld 170acd539c Add tests for ConfigFiles library. 2019-01-23 19:35:20 -05:00
Sebastian Bauersfeld 1727a0cd1f Address review comments. 2019-01-23 18:01:35 -05:00
yh-semmle 23e94c23e3
Merge pull request #786 from aschackmull/java/double-checked-locking 
Java: Fix FP in DoubleCheckedLocking.ql
 2019-01-22 17:39:54 -05:00
Anders Schack-Mulligen 15e18013c8 Java: Fix qhelp. 2019-01-18 11:47:43 +01:00
Anders Schack-Mulligen d8fe21be7e Java: Update qhelp as per review. 2019-01-18 11:42:34 +01:00
Anders Schack-Mulligen 17b4276699 Java: Fix bug in qltest and query for immutable types. 2019-01-18 11:37:38 +01:00
Henning Makholm fda08181c1 fix ODASA-6859 2019-01-18 00:08:36 +01:00
Henning Makholm 26b6581bdb test example for ODASA-6859 2019-01-17 23:30:39 +01:00
Anders Schack-Mulligen 944c082a8d Java: Fix FP in DoubleCheckedLocking.ql 2019-01-17 16:38:25 +01:00
yh-semmle b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow 
Java: Remove old dataflow library.
 2019-01-08 14:59:27 -05:00
yh-semmle d4f2a07a77
Merge pull request #732 from aschackmull/java/conditional-bypass-precision 
Java: Reduce precision of java/user-controlled-bypass.
 2019-01-08 14:58:58 -05:00
yh-semmle b0364e3592
Merge pull request #729 from aschackmull/java/intmulttolong 
Java: Restrict attention to integral types in IntMultToLong.
 2019-01-08 14:40:22 -05:00
yh-semmle a09394da1b
Merge pull request #730 from aschackmull/java/gcd 
Java: Switch to built-in gcd.
 2019-01-08 14:38:05 -05:00
Anders Schack-Mulligen 51f5198404 Java: Remove old dataflow library. 2019-01-08 13:52:24 +01:00
Anders Schack-Mulligen ab44e5603c Java: Reduce precision of java/user-controlled-bypass. 2019-01-08 13:07:34 +01:00
Anders Schack-Mulligen 06e48ca19f Java: Update test. 2019-01-08 11:57:54 +01:00
Anders Schack-Mulligen 9530eb6cdb Java: Switch to built-in gcd. 2019-01-08 10:07:51 +01:00
Anders Schack-Mulligen 203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Anders Schack-Mulligen e0d3be7dbc Java: Add .qlpath to the test dir. 2019-01-07 13:25:20 +01:00
Max Schaefer b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
yh-semmle 0e0ff565d5
Merge pull request #686 from aschackmull/java/rm-metrics-queries-xml 
Java: Remove `Metrics/queries.xml`
 2019-01-03 13:36:17 -05:00
Anders Schack-Mulligen d3f6362ba2 Java: Add missing override annotations. 2018-12-17 15:40:46 +01:00
Sebastian Bauersfeld c35fc82218 Remove a duplicated predicate. 2018-12-14 12:59:49 -05:00
Anders Schack-Mulligen 7656936cad Java: Remove Metrics/queries.xml 2018-12-13 17:43:26 +00:00
Aditya Sharad f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Sebastian Bauersfeld 6c756c5e6a Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended 2018-12-10 14:08:27 -05:00
Anders Schack-Mulligen bfc7fb7c8a Java: Change alert location for ConstantLoopCondition. 2018-12-10 12:37:11 +00:00
Sebastian Bauersfeld 3379e71e01 Add ConfigFiles library for working with configuration files. 2018-12-07 15:11:54 -05:00
Anders Schack-Mulligen f09eb67af0 Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard. 2018-12-07 16:18:32 +01:00
yh-semmle bc78219653 Java: account for change to field annotation extraction 2018-12-06 23:06:14 -05:00
yh-semmle c2116f0d91
Merge pull request #560 from aschackmull/java/normalize-parentheses 
Java: Normalize parentheses.
 2018-12-06 12:38:26 -05:00
yh-semmle 00779c518c
Merge pull request #611 from aschackmull/java/usessl-fp-fix 
Java: Fix FP in `UseSSL.ql`.
 2018-12-04 19:31:53 -05:00
Anders Schack-Mulligen d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
Anders Schack-Mulligen e836fa7512 Java: Update metadata. 2018-12-04 10:12:56 +01:00
Anders Schack-Mulligen ae44b90456 Java: Normalize parentheses. 2018-11-28 15:01:25 +01:00
Anders Schack-Mulligen e2dd0ea083 Java: Add 2 double-checked-locking queries. 2018-11-28 13:52:34 +01:00
Aditya Sharad c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Anders Schack-Mulligen a0d8888224
Merge pull request #531 from yh-semmle/java/deprecate-vcs 
Java: deprecate queries that use `VCS.qll`
 2018-11-23 11:59:17 +01:00
Sebastian Bauersfeld 4eabca6dde Update java schema to accommodate for key-value configuration files. 2018-11-22 19:08:43 -05:00
yh-semmle 1b84fceb3c Java: deprecate queries that use `VCS.qll` 2018-11-22 16:21:44 -05:00
Pavel Avgustinov 16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Anders Schack-Mulligen deb61d6f29 Java: Update test output. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 5e03b6f681 Java: Convert security queries to path-problems. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 437b2c1503 Java: Cosmetic changes and missing overrides. 2018-11-16 13:48:50 +01:00
yh-semmle 50a905d54a
Merge pull request #459 from aschackmull/java/inherit-fix 
Java: Fix inheritance relation for co-/contra-variant subtypes.
 2018-11-14 10:53:41 -05:00
Aditya Sharad f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Arthur Baars 969c2796a0
Merge pull request #457 from adityasharad/merge/1.18-master-131118 
Merge rc/1.18 into master.
 2018-11-13 22:25:03 +01:00
Felicity Chapman fe15159756 Update for feedback 2018-11-13 16:34:06 +00:00
Anders Schack-Mulligen fe8dfeec0d Java: Add some this-qualifiers. 2018-11-13 14:58:25 +01:00
Anders Schack-Mulligen 411891c303 Java: Don't inherit methods from co-/contra-variant supertypes. 2018-11-13 14:56:22 +01:00
Max Schaefer 96989a1fd6
Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata 
Eclipse plugins: Remove plugin metadata.
 2018-11-13 13:12:49 +00:00
Aditya Sharad bc06831d01 Merge rc/1.18 into master. 2018-11-13 10:55:08 +00:00
Felicity Chapman fa8fd0513c Update qhelp for queries with CWE tags 2018-11-12 18:00:17 +00:00
Aditya Sharad 271628c280 Version: Bump to 1.18.3 dev. 2018-11-12 14:55:26 +00:00
Jonas Jensen 1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Tom Hvitved 40def8d364
Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
Aditya Sharad 761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Anders Schack-Mulligen f6941af86c Java: Move the LGTM query suites to the public repo. 2018-11-09 13:48:49 +01:00
Anders Schack-Mulligen 46bebc898a Java: Add test. 2018-11-09 13:36:05 +01:00
Anders Schack-Mulligen 6f791bb530 Java: Account for extraction of calls to <obinit>. 2018-11-09 13:36:05 +01:00
Dave Bartolomeo a141f4c81a Allow mixed whitespace in C#, C++, and Java test sources 2018-11-08 11:06:42 -08:00
yh-semmle 49fbc410a1
Merge pull request #414 from aschackmull/java/unreachable-ssa 
Java: Don't construct nonsense SSA for unreachable code.
 2018-11-07 18:30:46 -05:00
Aditya Sharad ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Aditya Sharad 194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Anders Schack-Mulligen 92f265844b Java: Fix mixed tabs/spaces in qhelp examples. 2018-11-07 09:02:41 +01:00
Anders Schack-Mulligen fa3fa33c51 Java: Don't construct nonsense SSA for unreachable code. 2018-11-06 16:43:08 +01:00
Anders Schack-Mulligen 2004445817
Merge pull request #409 from yh-semmle/java/move-tests 
Java: move/tweak some tests
 2018-11-06 16:38:03 +01:00
Aditya Sharad 553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
yh-semmle 64a50c522d Java: tweak a test 2018-11-05 12:10:08 -05:00
yh-semmle c0fcf7fc9b Java: move a few more tests 2018-11-05 12:08:43 -05:00
yh-semmle f3fbc8a153 Java: move a few tests 2018-11-05 12:08:42 -05:00
Aditya Sharad 3483245870 Merge rc/1.18 into master. 
As of 3291a30bf4.
 2018-11-02 09:54:50 +00:00
Aditya Sharad 3291a30bf4 Version: Bump to 1.18.2 dev. 2018-11-01 18:46:56 +00:00
Anders Schack-Mulligen 41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00
Aditya Sharad b896899f4c Merge master into next. 
master as of dc3c5a684c
Version numbers resolved in favour of `next`.
C++ expected output file updated to accept test output.
 2018-10-31 10:47:31 +00:00
Anders Schack-Mulligen c3f71c2d42 Java: Change main ZipSlip location to the source. 2018-10-31 11:38:28 +01:00
Anders Schack-Mulligen 36f41a3e16 Java: Fix performance issue, and add Path.resolve as taint step. 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen 4953e4923a Java: Add test for sanitization using toAbsolutePath(). 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen bf6b7c4734 Java: Add ZipSlip query. 2018-10-31 11:38:27 +01:00
Aditya Sharad 256b829201 Merge rc/1.18 into master. 2018-10-30 11:21:50 +00:00
Aditya Sharad 5e7b7818df Version: Bump to 1.18.1 release. 2018-10-29 18:02:58 +00:00
semmle-qlci 7b84f5b1fd
Merge pull request #372 from aschackmull/java/rangeanalysis-array-phinodes 
Approved by yh-semmle
 2018-10-29 13:02:58 +00:00
semmle-qlci c2e7627f61
Merge pull request #351 from nystrom/master 
Approved by pavgust
 2018-10-26 19:09:02 +01:00
Anders Schack-Mulligen 3d81328c41 Java: Improve array length bounds on array phi nodes that may be null. 2018-10-26 11:18:31 +02:00
Anders Schack-Mulligen 4227cdb423 Java: Tweak query description. 2018-10-26 10:50:06 +02:00
semmle-qlci cbc2d9e257
Merge pull request #361 from aschackmull/java/springweb-servlet-sources 
Approved by yh-semmle
 2018-10-26 02:06:11 +01:00
semmle-qlci 905911014d
Merge pull request #358 from aschackmull/java/sql-sinks 
Approved by yh-semmle
 2018-10-26 01:42:37 +01:00
Aditya Sharad 56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Anders Schack-Mulligen 42e659c645 Java: Minor fixups. 2018-10-25 14:30:40 +02:00
Anders Schack-Mulligen 8a27c09447 Java: Add .expected file. 2018-10-25 14:12:50 +02:00