github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
6 587 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

341 Коммитов

Автор SHA1 Сообщение Дата
Pavel Avgustinov 16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Anders Schack-Mulligen deb61d6f29 Java: Update test output. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 5e03b6f681 Java: Convert security queries to path-problems. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 437b2c1503 Java: Cosmetic changes and missing overrides. 2018-11-16 13:48:50 +01:00
yh-semmle 50a905d54a
Merge pull request #459 from aschackmull/java/inherit-fix 
Java: Fix inheritance relation for co-/contra-variant subtypes.
 2018-11-14 10:53:41 -05:00
Aditya Sharad f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Arthur Baars 969c2796a0
Merge pull request #457 from adityasharad/merge/1.18-master-131118 
Merge rc/1.18 into master.
 2018-11-13 22:25:03 +01:00
Felicity Chapman fe15159756 Update for feedback 2018-11-13 16:34:06 +00:00
Anders Schack-Mulligen fe8dfeec0d Java: Add some this-qualifiers. 2018-11-13 14:58:25 +01:00
Anders Schack-Mulligen 411891c303 Java: Don't inherit methods from co-/contra-variant supertypes. 2018-11-13 14:56:22 +01:00
Max Schaefer 96989a1fd6
Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata 
Eclipse plugins: Remove plugin metadata.
 2018-11-13 13:12:49 +00:00
Aditya Sharad bc06831d01 Merge rc/1.18 into master. 2018-11-13 10:55:08 +00:00
Felicity Chapman fa8fd0513c Update qhelp for queries with CWE tags 2018-11-12 18:00:17 +00:00
Aditya Sharad 271628c280 Version: Bump to 1.18.3 dev. 2018-11-12 14:55:26 +00:00
Jonas Jensen 1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Tom Hvitved 40def8d364
Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
Aditya Sharad 761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Anders Schack-Mulligen f6941af86c Java: Move the LGTM query suites to the public repo. 2018-11-09 13:48:49 +01:00
Anders Schack-Mulligen 46bebc898a Java: Add test. 2018-11-09 13:36:05 +01:00
Anders Schack-Mulligen 6f791bb530 Java: Account for extraction of calls to <obinit>. 2018-11-09 13:36:05 +01:00
Dave Bartolomeo a141f4c81a Allow mixed whitespace in C#, C++, and Java test sources 2018-11-08 11:06:42 -08:00
yh-semmle 49fbc410a1
Merge pull request #414 from aschackmull/java/unreachable-ssa 
Java: Don't construct nonsense SSA for unreachable code.
 2018-11-07 18:30:46 -05:00
Aditya Sharad ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Aditya Sharad 194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Anders Schack-Mulligen 92f265844b Java: Fix mixed tabs/spaces in qhelp examples. 2018-11-07 09:02:41 +01:00
Anders Schack-Mulligen fa3fa33c51 Java: Don't construct nonsense SSA for unreachable code. 2018-11-06 16:43:08 +01:00
Anders Schack-Mulligen 2004445817
Merge pull request #409 from yh-semmle/java/move-tests 
Java: move/tweak some tests
 2018-11-06 16:38:03 +01:00
Aditya Sharad 553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
yh-semmle 64a50c522d Java: tweak a test 2018-11-05 12:10:08 -05:00
yh-semmle c0fcf7fc9b Java: move a few more tests 2018-11-05 12:08:43 -05:00
yh-semmle f3fbc8a153 Java: move a few tests 2018-11-05 12:08:42 -05:00
Aditya Sharad 3483245870 Merge rc/1.18 into master. 
As of 3291a30bf4.
 2018-11-02 09:54:50 +00:00
Aditya Sharad 3291a30bf4 Version: Bump to 1.18.2 dev. 2018-11-01 18:46:56 +00:00
Anders Schack-Mulligen 41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00
Aditya Sharad b896899f4c Merge master into next. 
master as of dc3c5a684c
Version numbers resolved in favour of `next`.
C++ expected output file updated to accept test output.
 2018-10-31 10:47:31 +00:00
Anders Schack-Mulligen c3f71c2d42 Java: Change main ZipSlip location to the source. 2018-10-31 11:38:28 +01:00
Anders Schack-Mulligen 36f41a3e16 Java: Fix performance issue, and add Path.resolve as taint step. 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen 4953e4923a Java: Add test for sanitization using toAbsolutePath(). 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen bf6b7c4734 Java: Add ZipSlip query. 2018-10-31 11:38:27 +01:00
Aditya Sharad 256b829201 Merge rc/1.18 into master. 2018-10-30 11:21:50 +00:00
Aditya Sharad 5e7b7818df Version: Bump to 1.18.1 release. 2018-10-29 18:02:58 +00:00
semmle-qlci 7b84f5b1fd
Merge pull request #372 from aschackmull/java/rangeanalysis-array-phinodes 
Approved by yh-semmle
 2018-10-29 13:02:58 +00:00
semmle-qlci c2e7627f61
Merge pull request #351 from nystrom/master 
Approved by pavgust
 2018-10-26 19:09:02 +01:00
Anders Schack-Mulligen 3d81328c41 Java: Improve array length bounds on array phi nodes that may be null. 2018-10-26 11:18:31 +02:00
Anders Schack-Mulligen 4227cdb423 Java: Tweak query description. 2018-10-26 10:50:06 +02:00
semmle-qlci cbc2d9e257
Merge pull request #361 from aschackmull/java/springweb-servlet-sources 
Approved by yh-semmle
 2018-10-26 02:06:11 +01:00
semmle-qlci 905911014d
Merge pull request #358 from aschackmull/java/sql-sinks 
Approved by yh-semmle
 2018-10-26 01:42:37 +01:00
Aditya Sharad 56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Anders Schack-Mulligen 42e659c645 Java: Minor fixups. 2018-10-25 14:30:40 +02:00
Anders Schack-Mulligen 8a27c09447 Java: Add .expected file. 2018-10-25 14:12:50 +02:00
Anders Schack-Mulligen 8fe1634fcc Java: Add test. 2018-10-25 13:00:15 +02:00
Anders Schack-Mulligen 1188e18837 Java: Whitelist Cookie::getName for HTTP response splitting. 2018-10-25 12:02:33 +02:00
Nate Nystrom 33ba814551 fixed mixed tabs and spaces 2018-10-24 17:37:18 +02:00
Nate Nystrom d228bd0b13 Fixed compilation error 2018-10-24 15:50:00 +02:00
Nate Nystrom 4ebfb019d8 ref to NumberFormatException.ql 2018-10-24 15:49:25 +02:00
Nate Nystrom 8228b46223 test case for NumberFormatException 2018-10-24 15:48:56 +02:00
Nate Nystrom d04fde7157 Fixed compilation error. 2018-10-24 15:27:23 +02:00
Anders Schack-Mulligen 1d716ae461 Java: Add remote user input sources for Spring servlets. 2018-10-24 15:00:15 +02:00
Anders Schack-Mulligen 263de5219a Java: Add additional SQL injection sinks. 2018-10-24 13:58:21 +02:00
Nate Nystrom e174ca6ed8 Query for uncaught NumberFormatException 2018-10-23 19:03:15 +02:00
semmle-qlci c78f3f8edf
Merge pull request #336 from aschackmull/java/dataflow-cleanup 
Approved by yh-semmle
 2018-10-20 03:43:49 +01:00
semmle-qlci 465a55f8ac
Merge pull request #333 from aschackmull/java/useless-comp-concurrent 
Approved by yh-semmle
 2018-10-20 01:37:13 +01:00
Anders Schack-Mulligen 6f11849fef Java: Add test. 2018-10-19 15:02:52 +02:00
Anders Schack-Mulligen 0b46ffa7d7 Java/CPP: Sync files. 2018-10-18 15:10:23 +02:00
Anders Schack-Mulligen bf58b6c9ab Java: Remove self-ref tracking; improve AccessPath.toString on numbers. 2018-10-18 15:05:04 +02:00
Anders Schack-Mulligen 187918396c Java: Autoformat the last 5 files (RangeAnalysis). 2018-10-18 10:03:08 +02:00
Anders Schack-Mulligen 0c37ea876d Java: Fix FPs for concurrent modification checks. 2018-10-18 09:44:26 +02:00
semmle-qlci 3af91d5d0a
Merge pull request #301 from aschackmull/java/modulus-analysis 
Approved by yh-semmle
 2018-10-18 08:24:32 +01:00
Anders Schack-Mulligen 3dc9071a44 Java: Add missing word in deprecation comments. 2018-10-17 15:59:52 +02:00
Tom Hvitved 58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
Anders Schack-Mulligen 26009065af Java: Fix regression. 2018-10-16 11:29:15 +02:00
semmle-qlci a8be7f2434
Merge pull request #312 from aschackmull/java/autoformat-libs 
Approved by yh-semmle
 2018-10-12 20:02:52 +01:00
semmle-qlci 9ec52a43ee
Merge pull request #308 from aschackmull/java/autoformat-queries 
Approved by yh-semmle
 2018-10-12 17:43:02 +01:00
Anders Schack-Mulligen 22c986af77 Java: Autoformat. 2018-10-12 13:44:55 +02:00
Anders Schack-Mulligen 11279d4c83 Java: Autoformat Overflow.qll and add comment about imprecise float. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 0f5a3d3bb7 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 2f0b983335 Java: Autoformat most of semmle.code.java. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen bc7ea93608 Java: Adjust some comment positions and break some lines. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 5502db4c74 Java: Autoformat most of semmle.code.java.dataflow. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen f341aa79a3 Java/C: Sync dataflow copies. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 3cdcbf0129 Java: Autoformat DataFlowImpl.qll and DataFlowImplCommon.qll. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 815c245f44 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen bf63139c16 Java: Autoformat semmle.code.java.controlflow. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 291fb11c48 Java: Autoformat semmle.code.java.dispatch. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 89828b8284 Java: Autoformat semmle.code.java.metrics. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 9ebc294ee2 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen f3d65c0ef9 Java: Autoformat semmle.code.java.deadcode. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 9009a50227 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen e781990960 Java: Autoformat semmle.code.java.security. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen c6c6e4319d Java: Undo autoformat bug. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen ade293407b Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 24f30999a4 Java: Autoformat semmle.code.java.frameworks. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 482733569a Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 67d1c72e64 Java: Autoformat libs outside semmle.code.java. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 03c80c18d6 Java: Update location in .expected file. 2018-10-12 10:08:24 +02:00
semmle-qlci 44fd18c4a9
Merge pull request #309 from aschackmull/java/fix-some-lib-qldoc 
Approved by yh-semmle
 2018-10-11 21:35:33 +01:00
Tom Hvitved b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Anders Schack-Mulligen 73f1beecfd Java: Fix likely bug in ExposeRepresentation and re-autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 6a8a27201e Java: Autoformat ExposeRepresentation, revealing likely bug. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 236c79b561 Java: Adjust comment position and re-autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen c16f0df823 Java: Autoformat 1. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen e291b5ec2b Java: Break line and re-autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 62e942bb8b Java: Autoformat 1. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 62ef811169 Java: Autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 766b07ba59 Java: Adjust comment style. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen dd5a8f0c14 Java: Autoformat most queries. 2018-10-11 11:31:37 +02:00
Anders Schack-Mulligen ca8ca55828 Java: Deprecate ParityAnalysis. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen 5c53249612 Java: Add ModulusAnalysis. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen e7b0d399d1 Java: Refactor parts of RangeAnalysis needed for ModulusAnalysis. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen a78a0b52ec Java: Add test. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen 8659bedbd9 Java: Extract Bound class to its own file. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen 6dfbb72fc8 Java: Add constant array lengths to ConstantIntegerExpr. 2018-10-11 11:26:16 +02:00
Anders Schack-Mulligen fc359b75d3 Java: Add qldoc to a few libraries. 2018-10-11 11:05:39 +02:00
yh-semmle 26b630f700 Java: clarify help for `java/unreachable-catch-clause` 2018-10-09 21:15:51 -04:00
yh-semmle 001b9f8b56 Java: account for generic exceptions in `java/unreachable-catch-clause` 2018-10-09 21:15:45 -04:00
yh-semmle 7962530789 Java: add `.project` file in `test` directory 2018-10-08 20:25:43 -04:00
Tom Hvitved 49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
semmle-qlci 03f2d8f605
Merge pull request #247 from aschackmull/java/dispatchflow-typepruning 
Approved by yh-semmle
 2018-10-04 18:22:44 +01:00
Anders Schack-Mulligen 1c2807e5e7 Java: Add missing private annotations. 2018-10-04 17:33:10 +02:00
Aditya Sharad 337defdf3d Merge master into next. 2018-10-01 17:39:27 +01:00
Aditya Sharad 0882eb7bb3 Merge rc/1.18 into master. 2018-10-01 12:08:16 +01:00
Aditya Sharad 1c71a856e1 Version: Bump to 1.18.1 dev. 2018-09-28 16:39:44 +01:00
Anders Schack-Mulligen 839168570e Java: Reorder predicates. 2018-09-28 14:25:11 +02:00
Anders Schack-Mulligen 34fdfe47ca Java: Prune nodes in DispatchFlow based on their types. 2018-09-28 14:21:04 +02:00
Anders Schack-Mulligen b3dbb44e3a Java: Improve performance of TypeFlow. 2018-09-27 15:39:26 +02:00
Aditya Sharad 51697f077c Version: Bump to 1.18.0 release. 2018-09-26 18:18:20 +01:00
Anders Schack-Mulligen 9198f5b9bd CPP/CSharp/Java/Javascript: Use concat in XMLParent.allCharactersString(). 2018-09-26 15:47:21 +02:00
Aditya Sharad 75680dbfef
Merge branch 'next' into qlucie/master 2018-09-26 12:08:33 +01:00
Dave Bartolomeo 1f36f5552f Normalize all text files to LF 
Use `* text=auto eol=lf`
 2018-09-23 16:24:31 -07:00
Dave Bartolomeo 26abf5d4a2 Force LF for basically everything. 2018-09-23 16:24:31 -07:00
semmle-qlci d281558fb1
Merge pull request #218 from yh-semmle/java/query-severities 
Approved by aschackmull
 2018-09-21 16:59:03 +01:00
yh-semmle 7d69c84453 Java: tweak some query metadata 
The severity of four queries is reduced to `warning`.
 2018-09-19 11:04:21 -04:00
Jonas Jensen 9886e4a056 Merge remote-tracking branch 'upstream/master' into merge-master-next-20180913 2018-09-13 20:28:17 +02:00
Anders Schack-Mulligen b9acdf573a Java: Update qltest. 2018-09-13 10:18:09 +02:00
Aditya Sharad 767045b55d Merge rc/1.18 into next. 2018-09-12 14:59:54 +01:00
Anders Schack-Mulligen 1bbc67b57c Java: Autoformat query. 2018-09-12 10:14:41 +02:00
Anders Schack-Mulligen ccbd8aaebc Java: Improve alert message of IntMultToLong. 2018-09-12 10:13:57 +02:00
Anders Schack-Mulligen 4473ccdd5e Java: Add Mockito.verify to MockitoMockMethod. 2018-09-10 11:20:27 +02:00
Aditya Sharad ab2bec743a Revert "Version: Bump to 1.19.0 dev." 
The version bump should now go into the `next` branch rather than `master`.
This reverts commit 2363f49e3a.
 2018-09-04 16:01:09 +01:00
Aditya Sharad 2363f49e3a Version: Bump to 1.19.0 dev. 
This keeps the QL for Eclipse language plugins in sync with internal `master`.
 2018-09-03 16:41:28 +01:00
Pavel Avgustinov 846c9d5860 Migrate Java code to separate QL repo. 2018-08-30 10:48:05 +01:00