github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 807 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

266 Коммитов

Автор SHA1 Сообщение Дата
Anders Schack-Mulligen 6ecf46ce85 Java: Add CFG edges for switch expressions. 2019-04-30 10:59:05 -04:00
Anders Schack-Mulligen 9a367d9293 Java: JumpStmt.getTarget, Stmt.getEnclosingStmt, SwitchExpr.getAResult. 2019-04-30 10:59:05 -04:00
yh-semmle 61324f0bb0 Java 12: enhanced QLDoc for preview features 2019-04-30 10:59:05 -04:00
yh-semmle d4e013b297 Java 12: deprecate QL constructs for new preview feature (switch exprs) 2019-04-30 10:59:04 -04:00
yh-semmle 38705038a8 Java 12: add QL for switch expressions, etc 2019-04-30 10:59:04 -04:00
yh-semmle 6ac1ee5fad Java 12: add switch expressions to dbscheme 2019-04-30 10:59:04 -04:00
yh-semmle 4ede686283 Java: refactor `ConstCase` and `DefaultCase` in preparation for Java 12 2019-04-30 10:59:03 -04:00
Tom Hvitved 29e59e6d1e Address review comments 2019-04-29 20:19:31 +02:00
Sebastian Bauersfeld 2f200d7517 Parameters annotated with Spring's @RequestBody and @PathVariable are remote input sources. 2019-04-17 18:02:00 -04:00
Tom Hvitved 18ced249ab Java: Generalize data-flow library in preparation for C# adoption 2019-04-10 13:05:31 +02:00
Anders Schack-Mulligen dec31a3dd6 Java: Use range analysis in IntMultToLong. 2019-04-05 10:42:23 +02:00
Anders Schack-Mulligen d144ea2f1c Java: Exclude slf4j calls in PrintLnArray as it supports array formatting. 2019-04-04 11:09:41 +02:00
yh-semmle b226cb64cd
Merge pull request #1189 from aschackmull/java/preconditions 
Java: Support precondition calls as guards (ODASA-7796).
 2019-04-03 21:36:08 -04:00
Felicity Chapman ffeb61c698 Fix typo in query description 2019-04-03 10:46:48 +01:00
Anders Schack-Mulligen b1e364b56a Java: Support precondition calls as guards. 2019-04-02 10:58:46 +02:00
Pavel Avgustinov c26b655956
Merge pull request #1022 from yh-semmle/java/dead-code-override 
Java: respect override annotations in `java/unused-parameter`
 2019-03-01 19:11:46 +00:00
yh-semmle a4beb03e15 Java: respect override annotations in `java/unused-parameter` 2019-02-20 15:27:35 -05:00
yh-semmle 64b2d331ae Java: add test for Guice framework support 2019-02-15 20:01:08 -05:00
yh-semmle b0d9c80ccc Java: add taint steps for Protobuf framework 2019-02-15 20:01:07 -05:00
yh-semmle fc4aa16905 Java: add remote user input for Apache Thrift framework 2019-02-15 20:01:07 -05:00
yh-semmle 751bbbf583 Java: add remote user input for Struts 2 `ActionSupport` 2019-02-15 20:01:06 -05:00
yh-semmle a436369846 Java: add remote user input and taint step for Guice framework 2019-02-15 20:01:06 -05:00
Anders Schack-Mulligen 25469637db Java: Autoformat qls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen 63a4dd09ad Java: Autoformat qlls. 2019-02-12 14:38:08 +01:00
Anders Schack-Mulligen 52ad816074
Merge pull request #904 from rneatherway/zipslip-fix 
Java: Add a flow step for `Path::toFile` in ZipSlip
 2019-02-11 13:08:38 +01:00
Robin Neatherway 409733838b Java: Add a flow step for `Path::toFile` in ZipSlip 2019-02-11 10:33:44 +00:00
Henning Makholm b8a03464bf Fix false positives in java/unused parameter 
Methods that are mentioned in a member reference expression should count
as rootdefs for the unused parameter query. Such methods have to match
the functional interface of the reference expression, so it is to be
expected that they will sometimes have to declare parameters that they
don't actually use.
 2019-02-07 21:14:36 +01:00
yh-semmle 3e8f7a740c
Merge pull request #838 from aschackmull/java/taint-collections 
Java: Add additional taint steps through collections.
 2019-02-05 09:59:24 -05:00
Anders Schack-Mulligen fe7add77d2 Java: Account for the repo move in NonSecurityTestClass. 2019-02-05 14:31:40 +01:00
james 7cc1442ecb Update link text 2019-01-30 09:44:07 +00:00
james 81137aa7b4 update links to locations in .ql files 2019-01-30 08:02:02 +00:00
james 9d1a050f35 update links to locations in .qll files 2019-01-30 08:01:49 +00:00
Anders Schack-Mulligen a29f615da0 Java: Add additional taint steps through collections. 2019-01-28 14:34:09 +01:00
semmle-qlci 65b64c7c05
Merge pull request #645 from sb-semmle/configuration-file-library 
Approved by yh-semmle
 2019-01-26 02:06:16 +00:00
Sebastian Bauersfeld f56fb6d774 Address review comments. 2019-01-24 16:09:06 -05:00
Sebastian Bauersfeld 170acd539c Add tests for ConfigFiles library. 2019-01-23 19:35:20 -05:00
Sebastian Bauersfeld 1727a0cd1f Address review comments. 2019-01-23 18:01:35 -05:00
yh-semmle 23e94c23e3
Merge pull request #786 from aschackmull/java/double-checked-locking 
Java: Fix FP in DoubleCheckedLocking.ql
 2019-01-22 17:39:54 -05:00
Anders Schack-Mulligen 15e18013c8 Java: Fix qhelp. 2019-01-18 11:47:43 +01:00
Anders Schack-Mulligen d8fe21be7e Java: Update qhelp as per review. 2019-01-18 11:42:34 +01:00
Anders Schack-Mulligen 17b4276699 Java: Fix bug in qltest and query for immutable types. 2019-01-18 11:37:38 +01:00
Henning Makholm fda08181c1 fix ODASA-6859 2019-01-18 00:08:36 +01:00
Henning Makholm 26b6581bdb test example for ODASA-6859 2019-01-17 23:30:39 +01:00
Anders Schack-Mulligen 944c082a8d Java: Fix FP in DoubleCheckedLocking.ql 2019-01-17 16:38:25 +01:00
yh-semmle b8f53b5c6a
Merge pull request #733 from aschackmull/java/remove-old-dataflow 
Java: Remove old dataflow library.
 2019-01-08 14:59:27 -05:00
yh-semmle d4f2a07a77
Merge pull request #732 from aschackmull/java/conditional-bypass-precision 
Java: Reduce precision of java/user-controlled-bypass.
 2019-01-08 14:58:58 -05:00
yh-semmle b0364e3592
Merge pull request #729 from aschackmull/java/intmulttolong 
Java: Restrict attention to integral types in IntMultToLong.
 2019-01-08 14:40:22 -05:00
yh-semmle a09394da1b
Merge pull request #730 from aschackmull/java/gcd 
Java: Switch to built-in gcd.
 2019-01-08 14:38:05 -05:00
Anders Schack-Mulligen 51f5198404 Java: Remove old dataflow library. 2019-01-08 13:52:24 +01:00
Anders Schack-Mulligen ab44e5603c Java: Reduce precision of java/user-controlled-bypass. 2019-01-08 13:07:34 +01:00
Anders Schack-Mulligen 06e48ca19f Java: Update test. 2019-01-08 11:57:54 +01:00
Anders Schack-Mulligen 9530eb6cdb Java: Switch to built-in gcd. 2019-01-08 10:07:51 +01:00
Anders Schack-Mulligen 203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Anders Schack-Mulligen e0d3be7dbc Java: Add .qlpath to the test dir. 2019-01-07 13:25:20 +01:00
Max Schaefer b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
yh-semmle 0e0ff565d5
Merge pull request #686 from aschackmull/java/rm-metrics-queries-xml 
Java: Remove `Metrics/queries.xml`
 2019-01-03 13:36:17 -05:00
Anders Schack-Mulligen d3f6362ba2 Java: Add missing override annotations. 2018-12-17 15:40:46 +01:00
Sebastian Bauersfeld c35fc82218 Remove a duplicated predicate. 2018-12-14 12:59:49 -05:00
Anders Schack-Mulligen 7656936cad Java: Remove Metrics/queries.xml 2018-12-13 17:43:26 +00:00
Aditya Sharad f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Sebastian Bauersfeld 6c756c5e6a Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended 2018-12-10 14:08:27 -05:00
Anders Schack-Mulligen bfc7fb7c8a Java: Change alert location for ConstantLoopCondition. 2018-12-10 12:37:11 +00:00
Sebastian Bauersfeld 3379e71e01 Add ConfigFiles library for working with configuration files. 2018-12-07 15:11:54 -05:00
Anders Schack-Mulligen f09eb67af0 Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard. 2018-12-07 16:18:32 +01:00
yh-semmle bc78219653 Java: account for change to field annotation extraction 2018-12-06 23:06:14 -05:00
yh-semmle c2116f0d91
Merge pull request #560 from aschackmull/java/normalize-parentheses 
Java: Normalize parentheses.
 2018-12-06 12:38:26 -05:00
yh-semmle 00779c518c
Merge pull request #611 from aschackmull/java/usessl-fp-fix 
Java: Fix FP in `UseSSL.ql`.
 2018-12-04 19:31:53 -05:00
Anders Schack-Mulligen d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
Anders Schack-Mulligen e836fa7512 Java: Update metadata. 2018-12-04 10:12:56 +01:00
Anders Schack-Mulligen ae44b90456 Java: Normalize parentheses. 2018-11-28 15:01:25 +01:00
Anders Schack-Mulligen e2dd0ea083 Java: Add 2 double-checked-locking queries. 2018-11-28 13:52:34 +01:00
Aditya Sharad c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Anders Schack-Mulligen a0d8888224
Merge pull request #531 from yh-semmle/java/deprecate-vcs 
Java: deprecate queries that use `VCS.qll`
 2018-11-23 11:59:17 +01:00
Sebastian Bauersfeld 4eabca6dde Update java schema to accommodate for key-value configuration files. 2018-11-22 19:08:43 -05:00
yh-semmle 1b84fceb3c Java: deprecate queries that use `VCS.qll` 2018-11-22 16:21:44 -05:00
Pavel Avgustinov 16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Anders Schack-Mulligen deb61d6f29 Java: Update test output. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 5e03b6f681 Java: Convert security queries to path-problems. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 437b2c1503 Java: Cosmetic changes and missing overrides. 2018-11-16 13:48:50 +01:00
yh-semmle 50a905d54a
Merge pull request #459 from aschackmull/java/inherit-fix 
Java: Fix inheritance relation for co-/contra-variant subtypes.
 2018-11-14 10:53:41 -05:00
Aditya Sharad f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Arthur Baars 969c2796a0
Merge pull request #457 from adityasharad/merge/1.18-master-131118 
Merge rc/1.18 into master.
 2018-11-13 22:25:03 +01:00
Felicity Chapman fe15159756 Update for feedback 2018-11-13 16:34:06 +00:00
Anders Schack-Mulligen fe8dfeec0d Java: Add some this-qualifiers. 2018-11-13 14:58:25 +01:00
Anders Schack-Mulligen 411891c303 Java: Don't inherit methods from co-/contra-variant supertypes. 2018-11-13 14:56:22 +01:00
Max Schaefer 96989a1fd6
Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata 
Eclipse plugins: Remove plugin metadata.
 2018-11-13 13:12:49 +00:00
Aditya Sharad bc06831d01 Merge rc/1.18 into master. 2018-11-13 10:55:08 +00:00
Felicity Chapman fa8fd0513c Update qhelp for queries with CWE tags 2018-11-12 18:00:17 +00:00
Aditya Sharad 271628c280 Version: Bump to 1.18.3 dev. 2018-11-12 14:55:26 +00:00
Jonas Jensen 1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Tom Hvitved 40def8d364
Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
Aditya Sharad 761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Anders Schack-Mulligen f6941af86c Java: Move the LGTM query suites to the public repo. 2018-11-09 13:48:49 +01:00
Anders Schack-Mulligen 46bebc898a Java: Add test. 2018-11-09 13:36:05 +01:00
Anders Schack-Mulligen 6f791bb530 Java: Account for extraction of calls to <obinit>. 2018-11-09 13:36:05 +01:00
Dave Bartolomeo a141f4c81a Allow mixed whitespace in C#, C++, and Java test sources 2018-11-08 11:06:42 -08:00
yh-semmle 49fbc410a1
Merge pull request #414 from aschackmull/java/unreachable-ssa 
Java: Don't construct nonsense SSA for unreachable code.
 2018-11-07 18:30:46 -05:00
Aditya Sharad ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Aditya Sharad 194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Anders Schack-Mulligen 92f265844b Java: Fix mixed tabs/spaces in qhelp examples. 2018-11-07 09:02:41 +01:00