github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
6 373 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

315 Коммитов

Автор SHA1 Сообщение Дата
Anders Schack-Mulligen 9a367d9293 Java: JumpStmt.getTarget, Stmt.getEnclosingStmt, SwitchExpr.getAResult. 2019-04-30 10:59:05 -04:00
yh-semmle 61324f0bb0 Java 12: enhanced QLDoc for preview features 2019-04-30 10:59:05 -04:00
yh-semmle d4e013b297 Java 12: deprecate QL constructs for new preview feature (switch exprs) 2019-04-30 10:59:04 -04:00
yh-semmle 38705038a8 Java 12: add QL for switch expressions, etc 2019-04-30 10:59:04 -04:00
yh-semmle 6ac1ee5fad Java 12: add switch expressions to dbscheme 2019-04-30 10:59:04 -04:00
yh-semmle 4ede686283 Java: refactor `ConstCase` and `DefaultCase` in preparation for Java 12 2019-04-30 10:59:03 -04:00
Tom Hvitved 29e59e6d1e Address review comments 2019-04-29 20:19:31 +02:00
Sebastian Bauersfeld 2f200d7517 Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources. 2019-04-17 18:02:00 -04:00
Tom Hvitved 18ced249ab Java: Generalize data-flow library in preparation for C# adoption 2019-04-10 13:05:31 +02:00
Anders Schack-Mulligen dec31a3dd6 Java: Use range analysis in IntMultToLong. 2019-04-05 10:42:23 +02:00
Anders Schack-Mulligen d144ea2f1c Java: Exclude slf4j calls in PrintLnArray as it supports array formatting. 2019-04-04 11:09:41 +02:00
yh-semmle b226cb64cd
Merge pull request #1189 from aschackmull/java/preconditions 
Java: Support precondition calls as guards (ODASA-7796).
 2019-04-03 21:36:08 -04:00
Felicity Chapman ffeb61c698 Fix typo in query description 2019-04-03 10:46:48 +01:00
Anders Schack-Mulligen b1e364b56a Java: Support precondition calls as guards. 2019-04-02 10:58:46 +02:00
Pavel Avgustinov c26b655956
Merge pull request #1022 from yh-semmle/java/dead-code-override 
Java: respect override annotations in `java/unused-parameter`
 2019-03-01 19:11:46 +00:00
yh-semmle a4beb03e15 Java: respect override annotations in `java/unused-parameter` 2019-02-20 15:27:35 -05:00
yh-semmle 64b2d331ae Java: add test for Guice framework support 2019-02-15 20:01:08 -05:00
yh-semmle b0d9c80ccc Java: add taint steps for Protobuf framework 2019-02-15 20:01:07 -05:00
yh-semmle fc4aa16905 Java: add remote user input for Apache Thrift framework 2019-02-15 20:01:07 -05:00
yh-semmle 751bbbf583 Java: add remote user input for Struts 2 `ActionSupport` 2019-02-15 20:01:06 -05:00
yh-semmle a436369846 Java: add remote user input and taint step for Guice framework 2019-02-15 20:01:06 -05:00
Anders Schack-Mulligen 25469637db Java: Autoformat qls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen 63a4dd09ad Java: Autoformat qlls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen 52ad816074
Merge pull request #904 from rneatherway/zipslip-fix 
Java: Add a flow step for `Path::toFile` in ZipSlip
 2019-02-11 13:08:38 +01:00
Robin Neatherway 409733838b Java: Add a flow step for `Path::toFile` in ZipSlip 2019-02-11 10:33:44 +00:00
Henning Makholm b8a03464bf Fix false positives in java/unused parameter 
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
 2019-02-07 21:14:36 +01:00
yh-semmle 3e8f7a740c
Merge pull request #838 from aschackmull/java/taint-collections 
Java: Add additional taint steps through collections.
 2019-02-05 09:59:24 -05:00
Anders Schack-Mulligen fe7add77d2 Java: Account for the repo move in NonSecurityTestClass. 2019-02-05 14:31:40 +01:00
james 7cc1442ecb Update link text 2019-01-30 09:44:07 +00:00
james 81137aa7b4 update links to locations in .ql files 2019-01-30 08:02:02 +00:00
james 9d1a050f35 update links to locations in .qll files 2019-01-30 08:01:49 +00:00
Anders Schack-Mulligen a29f615da0 Java: Add additional taint steps through collections. 2019-01-28 14:34:09 +01:00
semmle-qlci 65b64c7c05
Merge pull request #645 from sb-semmle/configuration-file-library 
Approved by yh-semmle
 2019-01-26 02:06:16 +00:00
Sebastian Bauersfeld f56fb6d774 Address review comments. 2019-01-24 16:09:06 -05:00
Sebastian Bauersfeld 170acd539c Add tests for ConfigFiles library. 2019-01-23 19:35:20 -05:00
Sebastian Bauersfeld 1727a0cd1f Address review comments. 2019-01-23 18:01:35 -05:00
yh-semmle 23e94c23e3
Merge pull request #786 from aschackmull/java/double-checked-locking 
Java: Fix FP in DoubleCheckedLocking.ql
 2019-01-22 17:39:54 -05:00
Anders Schack-Mulligen 15e18013c8 Java: Fix qhelp. 2019-01-18 11:47:43 +01:00
Anders Schack-Mulligen d8fe21be7e Java: Update qhelp as per review. 2019-01-18 11:42:34 +01:00
Anders Schack-Mulligen 17b4276699 Java: Fix bug in qltest and query for immutable types. 2019-01-18 11:37:38 +01:00
Henning Makholm fda08181c1 fix ODASA-6859 2019-01-18 00:08:36 +01:00
Henning Makholm 26b6581bdb test example for ODASA-6859 2019-01-17 23:30:39 +01:00
Anders Schack-Mulligen 944c082a8d Java: Fix FP in DoubleCheckedLocking.ql 2019-01-17 16:38:25 +01:00
yh-semmle b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow 
Java: Remove old dataflow library.
 2019-01-08 14:59:27 -05:00
yh-semmle d4f2a07a77
Merge pull request #732 from aschackmull/java/conditional-bypass-precision 
Java: Reduce precision of java/user-controlled-bypass.
 2019-01-08 14:58:58 -05:00
yh-semmle b0364e3592
Merge pull request #729 from aschackmull/java/intmulttolong 
Java: Restrict attention to integral types in IntMultToLong.
 2019-01-08 14:40:22 -05:00
yh-semmle a09394da1b
Merge pull request #730 from aschackmull/java/gcd 
Java: Switch to built-in gcd.
 2019-01-08 14:38:05 -05:00
Anders Schack-Mulligen 51f5198404 Java: Remove old dataflow library. 2019-01-08 13:52:24 +01:00
Anders Schack-Mulligen ab44e5603c Java: Reduce precision of java/user-controlled-bypass. 2019-01-08 13:07:34 +01:00
Anders Schack-Mulligen 06e48ca19f Java: Update test. 2019-01-08 11:57:54 +01:00
Anders Schack-Mulligen 9530eb6cdb Java: Switch to built-in gcd. 2019-01-08 10:07:51 +01:00
Anders Schack-Mulligen 203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Anders Schack-Mulligen e0d3be7dbc Java: Add .qlpath to the test dir. 2019-01-07 13:25:20 +01:00
Max Schaefer b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
yh-semmle 0e0ff565d5
Merge pull request #686 from aschackmull/java/rm-metrics-queries-xml 
Java: Remove `Metrics/queries.xml`
 2019-01-03 13:36:17 -05:00
Anders Schack-Mulligen d3f6362ba2 Java: Add missing override annotations. 2018-12-17 15:40:46 +01:00
Sebastian Bauersfeld c35fc82218 Remove a duplicated predicate. 2018-12-14 12:59:49 -05:00
Anders Schack-Mulligen 7656936cad Java: Remove Metrics/queries.xml 2018-12-13 17:43:26 +00:00
Aditya Sharad f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Sebastian Bauersfeld 6c756c5e6a Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended 2018-12-10 14:08:27 -05:00
Anders Schack-Mulligen bfc7fb7c8a Java: Change alert location for ConstantLoopCondition. 2018-12-10 12:37:11 +00:00
Sebastian Bauersfeld 3379e71e01 Add ConfigFiles library for working with configuration files. 2018-12-07 15:11:54 -05:00
Anders Schack-Mulligen f09eb67af0 Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard. 2018-12-07 16:18:32 +01:00
yh-semmle bc78219653 Java: account for change to field annotation extraction 2018-12-06 23:06:14 -05:00
yh-semmle c2116f0d91
Merge pull request #560 from aschackmull/java/normalize-parentheses 
Java: Normalize parentheses.
 2018-12-06 12:38:26 -05:00
yh-semmle 00779c518c
Merge pull request #611 from aschackmull/java/usessl-fp-fix 
Java: Fix FP in `UseSSL.ql`.
 2018-12-04 19:31:53 -05:00
Anders Schack-Mulligen d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
Anders Schack-Mulligen e836fa7512 Java: Update metadata. 2018-12-04 10:12:56 +01:00
Anders Schack-Mulligen ae44b90456 Java: Normalize parentheses. 2018-11-28 15:01:25 +01:00
Anders Schack-Mulligen e2dd0ea083 Java: Add 2 double-checked-locking queries. 2018-11-28 13:52:34 +01:00
Aditya Sharad c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Anders Schack-Mulligen a0d8888224
Merge pull request #531 from yh-semmle/java/deprecate-vcs 
Java: deprecate queries that use `VCS.qll`
 2018-11-23 11:59:17 +01:00
Sebastian Bauersfeld 4eabca6dde Update java schema to accommodate for key-value configuration files. 2018-11-22 19:08:43 -05:00
yh-semmle 1b84fceb3c Java: deprecate queries that use `VCS.qll` 2018-11-22 16:21:44 -05:00
Pavel Avgustinov 16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Anders Schack-Mulligen deb61d6f29 Java: Update test output. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 5e03b6f681 Java: Convert security queries to path-problems. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 437b2c1503 Java: Cosmetic changes and missing overrides. 2018-11-16 13:48:50 +01:00
yh-semmle 50a905d54a
Merge pull request #459 from aschackmull/java/inherit-fix 
Java: Fix inheritance relation for co-/contra-variant subtypes.
 2018-11-14 10:53:41 -05:00
Aditya Sharad f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Arthur Baars 969c2796a0
Merge pull request #457 from adityasharad/merge/1.18-master-131118 
Merge rc/1.18 into master.
 2018-11-13 22:25:03 +01:00
Felicity Chapman fe15159756 Update for feedback 2018-11-13 16:34:06 +00:00
Anders Schack-Mulligen fe8dfeec0d Java: Add some this-qualifiers. 2018-11-13 14:58:25 +01:00
Anders Schack-Mulligen 411891c303 Java: Don't inherit methods from co-/contra-variant supertypes. 2018-11-13 14:56:22 +01:00
Max Schaefer 96989a1fd6
Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata 
Eclipse plugins: Remove plugin metadata.
 2018-11-13 13:12:49 +00:00
Aditya Sharad bc06831d01 Merge rc/1.18 into master. 2018-11-13 10:55:08 +00:00
Felicity Chapman fa8fd0513c Update qhelp for queries with CWE tags 2018-11-12 18:00:17 +00:00
Aditya Sharad 271628c280 Version: Bump to 1.18.3 dev. 2018-11-12 14:55:26 +00:00
Jonas Jensen 1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Tom Hvitved 40def8d364
Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
Aditya Sharad 761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Anders Schack-Mulligen f6941af86c Java: Move the LGTM query suites to the public repo. 2018-11-09 13:48:49 +01:00
Anders Schack-Mulligen 46bebc898a Java: Add test. 2018-11-09 13:36:05 +01:00
Anders Schack-Mulligen 6f791bb530 Java: Account for extraction of calls to <obinit>. 2018-11-09 13:36:05 +01:00
Dave Bartolomeo a141f4c81a Allow mixed whitespace in C#, C++, and Java test sources 2018-11-08 11:06:42 -08:00
yh-semmle 49fbc410a1
Merge pull request #414 from aschackmull/java/unreachable-ssa 
Java: Don't construct nonsense SSA for unreachable code.
 2018-11-07 18:30:46 -05:00
Aditya Sharad ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Aditya Sharad 194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Anders Schack-Mulligen 92f265844b Java: Fix mixed tabs/spaces in qhelp examples. 2018-11-07 09:02:41 +01:00
Anders Schack-Mulligen fa3fa33c51 Java: Don't construct nonsense SSA for unreachable code. 2018-11-06 16:43:08 +01:00
Anders Schack-Mulligen 2004445817
Merge pull request #409 from yh-semmle/java/move-tests 
Java: move/tweak some tests
 2018-11-06 16:38:03 +01:00
Aditya Sharad 553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
yh-semmle 64a50c522d Java: tweak a test 2018-11-05 12:10:08 -05:00
yh-semmle c0fcf7fc9b Java: move a few more tests 2018-11-05 12:08:43 -05:00
yh-semmle f3fbc8a153 Java: move a few tests 2018-11-05 12:08:42 -05:00
Aditya Sharad 3483245870 Merge rc/1.18 into master. 
As of 3291a30bf4.
 2018-11-02 09:54:50 +00:00
Aditya Sharad 3291a30bf4 Version: Bump to 1.18.2 dev. 2018-11-01 18:46:56 +00:00
Anders Schack-Mulligen 41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00
Aditya Sharad b896899f4c Merge master into next. 
master as of dc3c5a684c
Version numbers resolved in favour of `next`.
C++ expected output file updated to accept test output.
 2018-10-31 10:47:31 +00:00
Anders Schack-Mulligen c3f71c2d42 Java: Change main ZipSlip location to the source. 2018-10-31 11:38:28 +01:00
Anders Schack-Mulligen 36f41a3e16 Java: Fix performance issue, and add Path.resolve as taint step. 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen 4953e4923a Java: Add test for sanitization using toAbsolutePath(). 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen bf6b7c4734 Java: Add ZipSlip query. 2018-10-31 11:38:27 +01:00
Aditya Sharad 256b829201 Merge rc/1.18 into master. 2018-10-30 11:21:50 +00:00
Aditya Sharad 5e7b7818df Version: Bump to 1.18.1 release. 2018-10-29 18:02:58 +00:00
semmle-qlci 7b84f5b1fd
Merge pull request #372 from aschackmull/java/rangeanalysis-array-phinodes 
Approved by yh-semmle
 2018-10-29 13:02:58 +00:00
semmle-qlci c2e7627f61
Merge pull request #351 from nystrom/master 
Approved by pavgust
 2018-10-26 19:09:02 +01:00
Anders Schack-Mulligen 3d81328c41 Java: Improve array length bounds on array phi nodes that may be null. 2018-10-26 11:18:31 +02:00
Anders Schack-Mulligen 4227cdb423 Java: Tweak query description. 2018-10-26 10:50:06 +02:00
semmle-qlci cbc2d9e257
Merge pull request #361 from aschackmull/java/springweb-servlet-sources 
Approved by yh-semmle
 2018-10-26 02:06:11 +01:00
semmle-qlci 905911014d
Merge pull request #358 from aschackmull/java/sql-sinks 
Approved by yh-semmle
 2018-10-26 01:42:37 +01:00
Aditya Sharad 56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Anders Schack-Mulligen 42e659c645 Java: Minor fixups. 2018-10-25 14:30:40 +02:00
Anders Schack-Mulligen 8a27c09447 Java: Add .expected file. 2018-10-25 14:12:50 +02:00
Anders Schack-Mulligen 8fe1634fcc Java: Add test. 2018-10-25 13:00:15 +02:00
Anders Schack-Mulligen 1188e18837 Java: Whitelist Cookie::getName for HTTP response splitting. 2018-10-25 12:02:33 +02:00
Nate Nystrom 33ba814551 fixed mixed tabs and spaces 2018-10-24 17:37:18 +02:00
Nate Nystrom d228bd0b13 Fixed compilation error 2018-10-24 15:50:00 +02:00
Nate Nystrom 4ebfb019d8 ref to NumberFormatException.ql 2018-10-24 15:49:25 +02:00
Nate Nystrom 8228b46223 test case for NumberFormatException 2018-10-24 15:48:56 +02:00
Nate Nystrom d04fde7157 Fixed compilation error. 2018-10-24 15:27:23 +02:00
Anders Schack-Mulligen 1d716ae461 Java: Add remote user input sources for Spring servlets. 2018-10-24 15:00:15 +02:00
Anders Schack-Mulligen 263de5219a Java: Add additional SQL injection sinks. 2018-10-24 13:58:21 +02:00
Nate Nystrom e174ca6ed8 Query for uncaught NumberFormatException 2018-10-23 19:03:15 +02:00
semmle-qlci c78f3f8edf
Merge pull request #336 from aschackmull/java/dataflow-cleanup 
Approved by yh-semmle
 2018-10-20 03:43:49 +01:00
semmle-qlci 465a55f8ac
Merge pull request #333 from aschackmull/java/useless-comp-concurrent 
Approved by yh-semmle
 2018-10-20 01:37:13 +01:00
Anders Schack-Mulligen 6f11849fef Java: Add test. 2018-10-19 15:02:52 +02:00
Anders Schack-Mulligen 0b46ffa7d7 Java/CPP: Sync files. 2018-10-18 15:10:23 +02:00
Anders Schack-Mulligen bf58b6c9ab Java: Remove self-ref tracking; improve AccessPath.toString on numbers. 2018-10-18 15:05:04 +02:00
Anders Schack-Mulligen 187918396c Java: Autoformat the last 5 files (RangeAnalysis). 2018-10-18 10:03:08 +02:00
Anders Schack-Mulligen 0c37ea876d Java: Fix FPs for concurrent modification checks. 2018-10-18 09:44:26 +02:00
semmle-qlci 3af91d5d0a
Merge pull request #301 from aschackmull/java/modulus-analysis 
Approved by yh-semmle
 2018-10-18 08:24:32 +01:00
Anders Schack-Mulligen 3dc9071a44 Java: Add missing word in deprecation comments. 2018-10-17 15:59:52 +02:00
Tom Hvitved 58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
Anders Schack-Mulligen 26009065af Java: Fix regression. 2018-10-16 11:29:15 +02:00
semmle-qlci a8be7f2434
Merge pull request #312 from aschackmull/java/autoformat-libs 
Approved by yh-semmle
 2018-10-12 20:02:52 +01:00
semmle-qlci 9ec52a43ee
Merge pull request #308 from aschackmull/java/autoformat-queries 
Approved by yh-semmle
 2018-10-12 17:43:02 +01:00
Anders Schack-Mulligen 22c986af77 Java: Autoformat. 2018-10-12 13:44:55 +02:00
Anders Schack-Mulligen 11279d4c83 Java: Autoformat Overflow.qll and add comment about imprecise float. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 0f5a3d3bb7 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00