github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
47 581 коммит 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

7132 Коммитов

Автор SHA1 Сообщение Дата
Ian Lynagh 7eaef0cd3d
Merge pull request #11436 from igfoo/igfoo/NamingConventionsRefTypes 
Kotlin: Enable java/misnamed-type query
 2022-11-29 18:39:18 +00:00
Michael Nebel bc6f0c1622
Merge pull request #11243 from michaelnebel/java/dataextensions 
Java: Use data extensions for MaD models.
 2022-11-29 12:43:26 +01:00
Tom Hvitved f3dca95958
Merge pull request #11087 from hvitved/dataflow/summary-ctx 
Data flow: Add summary/return context to pruning stages 2-4
 2022-11-29 10:36:53 +01:00
Ian Lynagh 7863bc2c99 Kotlin: Accept test output 2022-11-28 12:14:36 +00:00
Michael Nebel d7e656a32a Java: Add change note. 2022-11-28 12:30:36 +01:00
Michael Nebel 43a63d6373 Java: Convert all models to data extensions in testcases. 2022-11-28 12:30:36 +01:00
Michael Nebel 74f02cf855 Java: Allow empty package name in model definitions. 2022-11-28 12:30:35 +01:00
Michael Nebel b96540c937 Java: Convert permissve-dot-regex-query to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel 91840c613e Java: Convert unsafe-url-forward to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel aed5ee4edc Java: Convert thread-resource-abuse to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel 07578f11d4 Java: Convert hardcoded-jwt-key models to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel ab12b6cc2b Java: Convert android-web-resource-response to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel 5c15ad412c Java: Convert log4j-injection to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel 665d40dc4b Java: Convert file-path-injection to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel b61f515af2 Jave: Make support for query specific models. 2022-11-28 12:30:35 +01:00
Michael Nebel 805430983c Java: Convert commons-io to data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel d7aafbfe64 Java: Add model generator script that emits data extensions. 2022-11-28 12:30:35 +01:00
Michael Nebel 9c93402b26 Java: Convert integration test to use data extensions instead of inlined models. 2022-11-28 12:30:35 +01:00
Michael Nebel 157a228088 Java: Add query packs with names to enable dependency resolution. 2022-11-28 12:30:35 +01:00
Michael Nebel 2d309bb8f8 Java: Include the library query pack to get the data extensions included. 2022-11-28 12:30:35 +01:00
Michael Nebel b3a3b676ba Java: Remove manual models from QL code. 2022-11-28 12:30:34 +01:00
Michael Nebel f4e1867d28 Java: Define extensible predicates to at least be empty. 2022-11-28 12:30:34 +01:00
Michael Nebel 0abeb831c7 Java: Move summaryModel predicate, which constructs a CSV row to the testcode where it is used. 2022-11-28 12:30:34 +01:00
Michael Nebel 663d091776 Java: Invert dependencies and use the extensible predicates. 2022-11-28 12:30:34 +01:00
Michael Nebel 9cb5ff1cdc Java: Add data extensions for all manual models. 2022-11-28 12:30:34 +01:00
Michael Nebel 8e25cac653 Java: Add extensible predicates. 2022-11-28 12:30:34 +01:00
Michael Nebel 7b6f202f23 Java: Renaming. 2022-11-28 12:30:34 +01:00
Michael Nebel 63e2206d16 Java: Prepare QL pack for data extensions. 2022-11-28 12:30:34 +01:00
Michael Nebel fc4b9827b9 Java: Add script for converting extensions. 2022-11-28 12:30:34 +01:00
Michael Nebel 9f7103c4fb Java: Add queries for extracting sources, sinks and summaries. 2022-11-28 12:30:34 +01:00
Michael Nebel a8ee878356 Java: Add bi-directional import of FragmentInjection. 2022-11-28 12:30:33 +01:00
Michael Nebel 663112576a Java: Update commons-io models. 2022-11-28 12:30:33 +01:00
Tom Hvitved cde05e1190 Data flow: Sync files 2022-11-28 12:11:38 +01:00
Michael Nebel 24e830f91d Java: Fix some minor bugs in the CSV printing of summaries for flow test generation. 2022-11-28 09:07:40 +01:00
Michael Nebel abe4d99e12 Java: Make some rudimentary tooling for testing the flow test case generator script. 2022-11-28 09:07:40 +01:00
Chris Smowton 0879f02db6 Adapt custom_plugin test to Kotlin 1.7.20 2022-11-25 17:54:53 +00:00
Ian Lynagh a423f5f695 Kotlin: Enable java/misnamed-type query 
We used to get alerts for the class around a local function, a lambda,
or a function reference, which we give name "". Now those are marked as
compiler-generated, and the query ignores compiler-generated types.
 2022-11-25 17:11:40 +00:00
Chris Smowton 180c3cee44 Accept integration test changes caused by variable location changes 2022-11-25 10:54:50 +00:00
Chris Smowton 32847c125a Accept more test changes due to variable locations changing 
There is also one non-location change: kotlin.Byte (and likely other primitives) now have real equals and toString overrides, which matches their native source and documentation; before they appeared to have fake overrides.
 2022-11-25 10:47:48 +00:00
Chris Smowton 8ec681e61c Kotlin: bump default CI version to 1.7.20 
A bunch of test expectations change because 7f531d8426 means that we now see (a) local variable declarations with source locations covering only their identifier, not the whole statement, and (b) more SYNTHETIC_OFFSET values for the parts of a destructuring assignment
or initialiser, which show up as file.kt:0:0:0:0 in DbLocation form.
 2022-11-25 10:19:26 +00:00
Alexander Eyers-Taylor 3c7f7511be
Merge pull request #11418 from alexet/alexet/mockito-class-rename 
Java: Add new Mockito runner class location.
 2022-11-24 17:49:31 +00:00
alexet e24e3bf13f Java: Add new Mockito runner class location. 2022-11-24 16:43:57 +00:00
Erik Krogh Kristensen 03737543d4
Merge pull request #11403 from erik-krogh/additional 
ReDoS: add missing additional keywords
 2022-11-24 15:53:51 +01:00
Tony Torralba adf905d838
Merge pull request #11368 from ka1n4t/main 
Java: Add binding between annotation and sink-param in MyBatis SQL Injection query
 2022-11-24 14:34:57 +01:00
Anders Schack-Mulligen f2897f5bfc
Merge pull request #11392 from aschackmull/java/adjust-mad-dispatch-priority 
Java: Adjust the prioritisation between MaD and source dispatch.
 2022-11-24 13:10:48 +01:00
Tony Torralba 4bbc1dc734 Update test expectations 2022-11-24 12:34:48 +01:00
Tony Torralba 17218fa663 Formatting 2022-11-24 11:14:16 +01:00
Tony Torralba 443d0f50c1
Apply suggestions from code review 2022-11-24 11:10:07 +01:00
Erik Krogh Kristensen 1eec067474
Merge pull request #11294 from erik-krogh/fileDoc 
QL: improve the "this block-comment should have been a QLDoc"-query
 2022-11-23 22:23:36 +01:00
erik-krogh 95f35196e4
add missing additional keywords 2022-11-23 20:45:51 +01:00