github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
48 342 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

48342 Коммитов

Автор SHA1 Сообщение Дата
Tom Hvitved 51f11f19cc
Merge pull request #11576 from ethanwilloner/main 
csharp: URI should be Uri in Owin.qll library.
 2022-12-07 09:34:51 +01:00
Alvaro Muñoz 49eedde58a
Merge branch 'main' into new_sudo_like_argument 2022-12-07 09:31:17 +01:00
Asger F afe7872838
Merge pull request #11565 from asgerf/js/rephined-variable-in-access-path 
JS: handle rephined variable in access path
 2022-12-07 09:26:38 +01:00
Michael Nebel c1c0432c00
Merge pull request #11144 from michaelnebel/csharp/qualifiedname 
C#: Deprecate hasQualifiedName/1 and prepare for deprecating getQualifiedName/0.
 2022-12-07 09:16:38 +01:00
Ed Minnix b6a59f0885 Java: Add support and tests for implicitly exported activity aliases 2022-12-06 23:11:48 -05:00
Ed Minnix 1472335c2e Abbreviated change note in changelog entry for activity-alias 2022-12-06 23:11:48 -05:00
Ed Minnix 2255b0d96a Modify `getAndroidComponentXmlElement` to handle activity-alias 
Since aliases have both the `name` and `targetActivity` attributes, we
should check all identifying attributes in order to add
`<activity-alias>` elements as dataflow sources.
 2022-12-06 23:11:48 -05:00
Ed Minnix 4620db0fe9 Activity alias: formatting changes suggested by Actions 2022-12-06 23:11:48 -05:00
Ed Minnix ec6c421f91 Added change notes for AndroidManifest.qll 2022-12-06 23:11:48 -05:00
Ed Minnix f4dbd41036 Test files for Activity Alias 2022-12-06 23:11:48 -05:00
Ed Minnix 4df926e148 Add method for finding aliases to `AndroidActivityXmlElement` 2022-12-06 23:11:48 -05:00
Ed Minnix b4f08f8b91 Add support for Android Manifest `<activity-alias>` element 2022-12-06 23:11:48 -05:00
Ed Minnix 4c270fca91 Add generalized identifier resolution for AndroidManifest 
Since more than one attribute can hold an identifier, refactor
identifier resolution into a separate method.
 2022-12-06 23:11:47 -05:00
Ed Minnix cf3e5a0abe Add class for XML Attributes meant to hold an identifier in AndroidManifest 
Some Android component attributes hold an identifier (e.g.
`android:name` and `android:targetActivity` for `<activity-alias>`).
 2022-12-06 23:11:47 -05:00
Tiferet Gazit 1a9dd48a88
Merge pull request #11551 from github/tiferet/endpoint-characteristics-test 
ATM: Test for contradictory endpoint characteristics
 2022-12-06 18:36:41 -08:00
retanoj 8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
tiferet cf29cde2e8 Apply suggestions from code review 2022-12-06 18:05:04 -08:00
Chris Smowton 522a549d61 Improve debug logging when the external decl extractor handles an IrFile 2022-12-06 20:39:14 +00:00
Chris Smowton d2e7797485 Rename to writeStubTrapFile 2022-12-06 20:39:03 +00:00
Ed Minnix 1c81f8d8d5 Apply suggestion from docs review 2022-12-06 15:32:54 -05:00
Chris Smowton 00f323c8bd Fix: extract directly exposed fields with `static` modifier 2022-12-06 20:32:10 +00:00
Chris Smowton 5d43c431c0
Merge pull request #11504 from owen-mc/fix-small-error 
Fix `mayHaveSideEffects` for `ReturnStmt`
 2022-12-06 20:15:07 +00:00
Chris Smowton c68ac460c9 Accept test changes: again this is a raw class extracted just for its signature. 2022-12-06 18:38:33 +00:00
Chris Smowton d37a10e4f1 Accept test changes: methods no longer appearing to be `final` 
This is actually a bug, which we should follow up on subsequently.
 2022-12-06 18:38:31 +00:00
Chris Smowton 59eb81b50a Accept test changes: a raw class getting extracted solely for use in a signature 
We could revert this by allowing useType to avoid triggering class-instance extraction when used just for its signature result
 2022-12-06 18:35:04 +00:00
Chris Smowton f5579d59f8 Accept test changes: classes no longer getting multiple locations 2022-12-06 18:35:04 +00:00
Chris Smowton 9f722a7e12 Disable java_and_kotlin inconsistency test; accept changes 
This was testing that a signature inconsistency occurs, but this now manifests as a db inconsistency which can't be used as a test expectation because specific tuple numbers are liable to change with the environment.
 2022-12-06 18:35:04 +00:00
Chris Smowton f2fded6486 Accept jvmstatic-annotation changes 
These occur because the Companion field is odd, being extracted from source but not having an associated FieldDeclaration, leading to PrintAst enumerating the node differently depending on whether it has a source-file location or not but in either case choosing not to show it.
 2022-12-06 18:35:04 +00:00
Chris Smowton 5e023bf619 Remove no-longer-applicable diagnostic matches 
These resulted from the Java compiler exploring NotNull and other Kotlin-emitted annotations, which it no longer does because it finds a .class trap file already present and truncates its class-graph walk
 2022-12-06 18:35:04 +00:00
Chris Smowton 82f3c2f6d5 Mark the Companion field as static 2022-12-06 18:35:04 +00:00
Chris Smowton d9dc8e38f9 Fix binary names for classes declared from source 
Only top-level non-class declarations need the IrFile's expected class name inserting
 2022-12-06 18:35:04 +00:00
Chris Smowton 910a1f872d Adjust opt-in required to use string-manipulation functions in Kotlin <= 1.5 2022-12-06 18:35:04 +00:00
Chris Smowton 540a2a623e Don't create stub trap files for anonymous or local classes, or unexpected kinds of top-level declaration 2022-12-06 18:35:04 +00:00
Chris Smowton 08e3431107 Also stub class files relating to file classes and top-level declarations 2022-12-06 18:35:04 +00:00
Chris Smowton 748637c2d8 Tidy and use version 0 for classes extracted from source 2022-12-06 18:35:03 +00:00
Chris Smowton e34d72aee9 Kotlin: stub trap .class files when extracting a class from Kotlin source 2022-12-06 18:35:03 +00:00
Ethan Willoner 64f58061b7
Rename 2022-12-05-owin-uri-fix.md. to 2022-12-05-owin-uri-fix.md 2022-12-06 09:13:28 -08:00
Ethan Willoner 574d6d6119
Fix comment. 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-12-06 09:10:22 -08:00
Jeroen Ketema b5147bbfb0
C++: Deprecate `DefaultTaintTracking` and `TaintTrackingImpl` 2022-12-06 17:45:16 +01:00
Owen Mansel-Chan 4789431d6e
Add change note 2022-12-06 16:25:50 +00:00
Owen Mansel-Chan d588ee375b
Fix `mayHaveSideEffects` for `ReturnStmt` 
The previous code only worked when the return statement
only has one returned expression.
 2022-12-06 15:07:45 +00:00
Mathias Vorreiter Pedersen 2c500142c7
Merge pull request #11435 from jketema/rewrite-tainted-path 
C++: Rewrite `cpp/path-injection` to not use `DefaultTaintTracking`
 2022-12-06 14:54:57 +00:00
retanoj b0c86d8e51 change string match to regex match 2022-12-06 21:50:09 +08:00
Michael Nebel 8e4190d84a
Merge pull request #11516 from michaelnebel/java/externalflowcleanup 
Java: Cleanup imports of `ExternalFlow`
 2022-12-06 14:26:39 +01:00
Anders Schack-Mulligen b579e2e7ed
Merge pull request #11493 from aschackmull/java/scc-equivrel 
Java: Replace ad-hoc SCC reduction with union-find.
 2022-12-06 14:02:46 +01:00
Michael Nebel 27efb0d843 C#: Rename -> for . 2022-12-06 13:53:50 +01:00
Erik Krogh Kristensen be168901d6
Merge pull request #11085 from dbartol/dbartol/ql-for-ql-latest 
Use latest released bundle for QL-for-QL
 2022-12-06 12:43:53 +01:00
retanoj 2bbd37f9ab change code snippet to `or` condition 2022-12-06 19:27:29 +08:00
Michael Nebel 29ccac8e93 C#: Address review comments. 2022-12-06 12:05:48 +01:00
Mathias Vorreiter Pedersen 3eea3b2f45
Merge pull request #11446 from atorralba/atorralba/swift/path-injection 
Swift: Add path injection query
 2022-12-06 11:03:26 +00:00