github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
5 807 коммитов 1 541 ветка 130 Теги 483 MiB
Граф коммитов

266 Коммитов

Автор SHA1 Сообщение Дата
Anders Schack-Mulligen 06e48ca19f Java: Update test. 2019-01-08 11:57:54 +01:00
Anders Schack-Mulligen 9530eb6cdb Java: Switch to built-in gcd. 2019-01-08 10:07:51 +01:00
Anders Schack-Mulligen 203c9fb9d8 Java: Restrict attention to integral types in IntMultToLong. 2019-01-07 14:27:52 +01:00
Anders Schack-Mulligen e0d3be7dbc Java: Add .qlpath to the test dir. 2019-01-07 13:25:20 +01:00
Max Schaefer b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
yh-semmle 0e0ff565d5
Merge pull request #686 from aschackmull/java/rm-metrics-queries-xml 
Java: Remove `Metrics/queries.xml`
 2019-01-03 13:36:17 -05:00
Anders Schack-Mulligen d3f6362ba2 Java: Add missing override annotations. 2018-12-17 15:40:46 +01:00
Sebastian Bauersfeld c35fc82218 Remove a duplicated predicate. 2018-12-14 12:59:49 -05:00
Anders Schack-Mulligen 7656936cad Java: Remove Metrics/queries.xml 2018-12-13 17:43:26 +00:00
Aditya Sharad f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Sebastian Bauersfeld 6c756c5e6a Rename ConfigLine to ConfigPair. Make ConfigFiles.ql a library, as intended 2018-12-10 14:08:27 -05:00
Anders Schack-Mulligen bfc7fb7c8a Java: Change alert location for ConstantLoopCondition. 2018-12-10 12:37:11 +00:00
Sebastian Bauersfeld 3379e71e01 Add ConfigFiles library for working with configuration files. 2018-12-07 15:11:54 -05:00
Anders Schack-Mulligen f09eb67af0 Java: Add org.apache.commons.lang3.StringUtils.isBlank as a nullguard. 2018-12-07 16:18:32 +01:00
yh-semmle bc78219653 Java: account for change to field annotation extraction 2018-12-06 23:06:14 -05:00
yh-semmle c2116f0d91
Merge pull request #560 from aschackmull/java/normalize-parentheses 
Java: Normalize parentheses.
 2018-12-06 12:38:26 -05:00
yh-semmle 00779c518c
Merge pull request #611 from aschackmull/java/usessl-fp-fix 
Java: Fix FP in `UseSSL.ql`.
 2018-12-04 19:31:53 -05:00
Anders Schack-Mulligen d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
Anders Schack-Mulligen e836fa7512 Java: Update metadata. 2018-12-04 10:12:56 +01:00
Anders Schack-Mulligen ae44b90456 Java: Normalize parentheses. 2018-11-28 15:01:25 +01:00
Anders Schack-Mulligen e2dd0ea083 Java: Add 2 double-checked-locking queries. 2018-11-28 13:52:34 +01:00
Aditya Sharad c20b688a3f Merge master into next. 2018-11-23 16:36:31 +00:00
Anders Schack-Mulligen a0d8888224
Merge pull request #531 from yh-semmle/java/deprecate-vcs 
Java: deprecate queries that use `VCS.qll`
 2018-11-23 11:59:17 +01:00
Sebastian Bauersfeld 4eabca6dde Update java schema to accommodate for key-value configuration files. 2018-11-22 19:08:43 -05:00
yh-semmle 1b84fceb3c Java: deprecate queries that use `VCS.qll` 2018-11-22 16:21:44 -05:00
Pavel Avgustinov 16ec9f1aa4 Merge remote-tracking branch 'origin/next' into bump/master-next 2018-11-19 10:37:07 +00:00
Anders Schack-Mulligen deb61d6f29 Java: Update test output. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 5e03b6f681 Java: Convert security queries to path-problems. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen 437b2c1503 Java: Cosmetic changes and missing overrides. 2018-11-16 13:48:50 +01:00
yh-semmle 50a905d54a
Merge pull request #459 from aschackmull/java/inherit-fix 
Java: Fix inheritance relation for co-/contra-variant subtypes.
 2018-11-14 10:53:41 -05:00
Aditya Sharad f0715b09e1 Merge master into next. 2018-11-14 10:06:27 +00:00
Arthur Baars 969c2796a0
Merge pull request #457 from adityasharad/merge/1.18-master-131118 
Merge rc/1.18 into master.
 2018-11-13 22:25:03 +01:00
Felicity Chapman fe15159756 Update for feedback 2018-11-13 16:34:06 +00:00
Anders Schack-Mulligen fe8dfeec0d Java: Add some this-qualifiers. 2018-11-13 14:58:25 +01:00
Anders Schack-Mulligen 411891c303 Java: Don't inherit methods from co-/contra-variant supertypes. 2018-11-13 14:56:22 +01:00
Max Schaefer 96989a1fd6
Merge pull request #427 from adityasharad/eclipse/remove-plugin-metadata 
Eclipse plugins: Remove plugin metadata.
 2018-11-13 13:12:49 +00:00
Aditya Sharad bc06831d01 Merge rc/1.18 into master. 2018-11-13 10:55:08 +00:00
Felicity Chapman fa8fd0513c Update qhelp for queries with CWE tags 2018-11-12 18:00:17 +00:00
Aditya Sharad 271628c280 Version: Bump to 1.18.3 dev. 2018-11-12 14:55:26 +00:00
Jonas Jensen 1500237009 Merge remote-tracking branch 'upstream/master' into mergeback-20181112 2018-11-12 13:24:27 +01:00
Tom Hvitved 40def8d364
Merge pull request #418 from dave-bartolomeo/dave/FormatConfig 
Allow mixed whitespace in certain test and external directories
 2018-11-12 09:43:39 +01:00
Aditya Sharad 761e5efd60 Merge master into next. 
JavaScript semantic conflicts fixed by referring to the `LegacyLanguage` enum.
C++ conflicts fixed by accepting Qltest output.
 2018-11-09 18:49:35 +00:00
Anders Schack-Mulligen f6941af86c Java: Move the LGTM query suites to the public repo. 2018-11-09 13:48:49 +01:00
Anders Schack-Mulligen 46bebc898a Java: Add test. 2018-11-09 13:36:05 +01:00
Anders Schack-Mulligen 6f791bb530 Java: Account for extraction of calls to <obinit>. 2018-11-09 13:36:05 +01:00
Dave Bartolomeo a141f4c81a Allow mixed whitespace in C#, C++, and Java test sources 2018-11-08 11:06:42 -08:00
yh-semmle 49fbc410a1
Merge pull request #414 from aschackmull/java/unreachable-ssa 
Java: Don't construct nonsense SSA for unreachable code.
 2018-11-07 18:30:46 -05:00
Aditya Sharad ed49c623f1 Version: Bump to 1.18.2 release. 2018-11-07 14:36:40 +00:00
Aditya Sharad 194042348a Eclipse plugins: Remove plugin metadata. 
This is only needed to build QL for Eclipse, and will be moved into the internal Semmle repository.
 2018-11-07 11:01:05 +00:00
Anders Schack-Mulligen 92f265844b Java: Fix mixed tabs/spaces in qhelp examples. 2018-11-07 09:02:41 +01:00
Anders Schack-Mulligen fa3fa33c51 Java: Don't construct nonsense SSA for unreachable code. 2018-11-06 16:43:08 +01:00
Anders Schack-Mulligen 2004445817
Merge pull request #409 from yh-semmle/java/move-tests 
Java: move/tweak some tests
 2018-11-06 16:38:03 +01:00
Aditya Sharad 553c2f5d34 Merge master into next. 
As of 2846d80f1c.
 2018-11-06 11:52:51 +00:00
yh-semmle 64a50c522d Java: tweak a test 2018-11-05 12:10:08 -05:00
yh-semmle c0fcf7fc9b Java: move a few more tests 2018-11-05 12:08:43 -05:00
yh-semmle f3fbc8a153 Java: move a few tests 2018-11-05 12:08:42 -05:00
Aditya Sharad 3483245870 Merge rc/1.18 into master. 
As of 3291a30bf4.
 2018-11-02 09:54:50 +00:00
Aditya Sharad 3291a30bf4 Version: Bump to 1.18.2 dev. 2018-11-01 18:46:56 +00:00
Anders Schack-Mulligen 41c89475fe Java: Rerun autoformat. 2018-11-01 17:01:12 +01:00
Aditya Sharad b896899f4c Merge master into next. 
master as of dc3c5a684c
Version numbers resolved in favour of `next`.
C++ expected output file updated to accept test output.
 2018-10-31 10:47:31 +00:00
Anders Schack-Mulligen c3f71c2d42 Java: Change main ZipSlip location to the source. 2018-10-31 11:38:28 +01:00
Anders Schack-Mulligen 36f41a3e16 Java: Fix performance issue, and add Path.resolve as taint step. 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen 4953e4923a Java: Add test for sanitization using toAbsolutePath(). 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen bf6b7c4734 Java: Add ZipSlip query. 2018-10-31 11:38:27 +01:00
Aditya Sharad 256b829201 Merge rc/1.18 into master. 2018-10-30 11:21:50 +00:00
Aditya Sharad 5e7b7818df Version: Bump to 1.18.1 release. 2018-10-29 18:02:58 +00:00
semmle-qlci 7b84f5b1fd
Merge pull request #372 from aschackmull/java/rangeanalysis-array-phinodes 
Approved by yh-semmle
 2018-10-29 13:02:58 +00:00
semmle-qlci c2e7627f61
Merge pull request #351 from nystrom/master 
Approved by pavgust
 2018-10-26 19:09:02 +01:00
Anders Schack-Mulligen 3d81328c41 Java: Improve array length bounds on array phi nodes that may be null. 2018-10-26 11:18:31 +02:00
Anders Schack-Mulligen 4227cdb423 Java: Tweak query description. 2018-10-26 10:50:06 +02:00
semmle-qlci cbc2d9e257
Merge pull request #361 from aschackmull/java/springweb-servlet-sources 
Approved by yh-semmle
 2018-10-26 02:06:11 +01:00
semmle-qlci 905911014d
Merge pull request #358 from aschackmull/java/sql-sinks 
Approved by yh-semmle
 2018-10-26 01:42:37 +01:00
Aditya Sharad 56ee5ff99a Merge master into next. 
`master` up to and including cfe0b8803a.
 2018-10-25 15:32:47 +01:00
Anders Schack-Mulligen 42e659c645 Java: Minor fixups. 2018-10-25 14:30:40 +02:00
Anders Schack-Mulligen 8a27c09447 Java: Add .expected file. 2018-10-25 14:12:50 +02:00
Anders Schack-Mulligen 8fe1634fcc Java: Add test. 2018-10-25 13:00:15 +02:00
Anders Schack-Mulligen 1188e18837 Java: Whitelist Cookie::getName for HTTP response splitting. 2018-10-25 12:02:33 +02:00
Nate Nystrom 33ba814551 fixed mixed tabs and spaces 2018-10-24 17:37:18 +02:00
Nate Nystrom d228bd0b13 Fixed compilation error 2018-10-24 15:50:00 +02:00
Nate Nystrom 4ebfb019d8 ref to NumberFormatException.ql 2018-10-24 15:49:25 +02:00
Nate Nystrom 8228b46223 test case for NumberFormatException 2018-10-24 15:48:56 +02:00
Nate Nystrom d04fde7157 Fixed compilation error. 2018-10-24 15:27:23 +02:00
Anders Schack-Mulligen 1d716ae461 Java: Add remote user input sources for Spring servlets. 2018-10-24 15:00:15 +02:00
Anders Schack-Mulligen 263de5219a Java: Add additional SQL injection sinks. 2018-10-24 13:58:21 +02:00
Nate Nystrom e174ca6ed8 Query for uncaught NumberFormatException 2018-10-23 19:03:15 +02:00
semmle-qlci c78f3f8edf
Merge pull request #336 from aschackmull/java/dataflow-cleanup 
Approved by yh-semmle
 2018-10-20 03:43:49 +01:00
semmle-qlci 465a55f8ac
Merge pull request #333 from aschackmull/java/useless-comp-concurrent 
Approved by yh-semmle
 2018-10-20 01:37:13 +01:00
Anders Schack-Mulligen 6f11849fef Java: Add test. 2018-10-19 15:02:52 +02:00
Anders Schack-Mulligen 0b46ffa7d7 Java/CPP: Sync files. 2018-10-18 15:10:23 +02:00
Anders Schack-Mulligen bf58b6c9ab Java: Remove self-ref tracking; improve AccessPath.toString on numbers. 2018-10-18 15:05:04 +02:00
Anders Schack-Mulligen 187918396c Java: Autoformat the last 5 files (RangeAnalysis). 2018-10-18 10:03:08 +02:00
Anders Schack-Mulligen 0c37ea876d Java: Fix FPs for concurrent modification checks. 2018-10-18 09:44:26 +02:00
semmle-qlci 3af91d5d0a
Merge pull request #301 from aschackmull/java/modulus-analysis 
Approved by yh-semmle
 2018-10-18 08:24:32 +01:00
Anders Schack-Mulligen 3dc9071a44 Java: Add missing word in deprecation comments. 2018-10-17 15:59:52 +02:00
Tom Hvitved 58a0815033 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-17 2018-10-17 13:24:37 +02:00
Anders Schack-Mulligen 26009065af Java: Fix regression. 2018-10-16 11:29:15 +02:00
semmle-qlci a8be7f2434
Merge pull request #312 from aschackmull/java/autoformat-libs 
Approved by yh-semmle
 2018-10-12 20:02:52 +01:00
semmle-qlci 9ec52a43ee
Merge pull request #308 from aschackmull/java/autoformat-queries 
Approved by yh-semmle
 2018-10-12 17:43:02 +01:00
Anders Schack-Mulligen 22c986af77 Java: Autoformat. 2018-10-12 13:44:55 +02:00
Anders Schack-Mulligen 11279d4c83 Java: Autoformat Overflow.qll and add comment about imprecise float. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 0f5a3d3bb7 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 2f0b983335 Java: Autoformat most of semmle.code.java. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen bc7ea93608 Java: Adjust some comment positions and break some lines. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 5502db4c74 Java: Autoformat most of semmle.code.java.dataflow. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen f341aa79a3 Java/C: Sync dataflow copies. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 3cdcbf0129 Java: Autoformat DataFlowImpl.qll and DataFlowImplCommon.qll. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 815c245f44 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen bf63139c16 Java: Autoformat semmle.code.java.controlflow. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 291fb11c48 Java: Autoformat semmle.code.java.dispatch. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 89828b8284 Java: Autoformat semmle.code.java.metrics. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 9ebc294ee2 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen f3d65c0ef9 Java: Autoformat semmle.code.java.deadcode. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 9009a50227 Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen e781990960 Java: Autoformat semmle.code.java.security. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen c6c6e4319d Java: Undo autoformat bug. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen ade293407b Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 24f30999a4 Java: Autoformat semmle.code.java.frameworks. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 482733569a Java: Adjust comment style. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 67d1c72e64 Java: Autoformat libs outside semmle.code.java. 2018-10-12 13:40:32 +02:00
Anders Schack-Mulligen 03c80c18d6 Java: Update location in .expected file. 2018-10-12 10:08:24 +02:00
semmle-qlci 44fd18c4a9
Merge pull request #309 from aschackmull/java/fix-some-lib-qldoc 
Approved by yh-semmle
 2018-10-11 21:35:33 +01:00
Tom Hvitved b29b314f4e Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-11 2018-10-11 14:36:44 +02:00
Anders Schack-Mulligen 73f1beecfd Java: Fix likely bug in ExposeRepresentation and re-autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 6a8a27201e Java: Autoformat ExposeRepresentation, revealing likely bug. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 236c79b561 Java: Adjust comment position and re-autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen c16f0df823 Java: Autoformat 1. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen e291b5ec2b Java: Break line and re-autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 62e942bb8b Java: Autoformat 1. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 62ef811169 Java: Autoformat. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen 766b07ba59 Java: Adjust comment style. 2018-10-11 11:31:38 +02:00
Anders Schack-Mulligen dd5a8f0c14 Java: Autoformat most queries. 2018-10-11 11:31:37 +02:00
Anders Schack-Mulligen ca8ca55828 Java: Deprecate ParityAnalysis. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen 5c53249612 Java: Add ModulusAnalysis. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen e7b0d399d1 Java: Refactor parts of RangeAnalysis needed for ModulusAnalysis. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen a78a0b52ec Java: Add test. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen 8659bedbd9 Java: Extract Bound class to its own file. 2018-10-11 11:26:17 +02:00
Anders Schack-Mulligen 6dfbb72fc8 Java: Add constant array lengths to ConstantIntegerExpr. 2018-10-11 11:26:16 +02:00
Anders Schack-Mulligen fc359b75d3 Java: Add qldoc to a few libraries. 2018-10-11 11:05:39 +02:00
yh-semmle 26b630f700 Java: clarify help for `java/unreachable-catch-clause` 2018-10-09 21:15:51 -04:00
yh-semmle 001b9f8b56 Java: account for generic exceptions in `java/unreachable-catch-clause` 2018-10-09 21:15:45 -04:00
yh-semmle 7962530789 Java: add `.project` file in `test` directory 2018-10-08 20:25:43 -04:00
Tom Hvitved 49644bfb47 Merge remote-tracking branch 'upstream/master' into mergeback-2018-10-08 2018-10-08 11:48:56 +02:00
semmle-qlci 03f2d8f605
Merge pull request #247 from aschackmull/java/dispatchflow-typepruning 
Approved by yh-semmle
 2018-10-04 18:22:44 +01:00
Anders Schack-Mulligen 1c2807e5e7 Java: Add missing private annotations. 2018-10-04 17:33:10 +02:00
Aditya Sharad 337defdf3d Merge master into next. 2018-10-01 17:39:27 +01:00
Aditya Sharad 0882eb7bb3 Merge rc/1.18 into master. 2018-10-01 12:08:16 +01:00
Aditya Sharad 1c71a856e1 Version: Bump to 1.18.1 dev. 2018-09-28 16:39:44 +01:00
Anders Schack-Mulligen 839168570e Java: Reorder predicates. 2018-09-28 14:25:11 +02:00
Anders Schack-Mulligen 34fdfe47ca Java: Prune nodes in DispatchFlow based on their types. 2018-09-28 14:21:04 +02:00
Anders Schack-Mulligen b3dbb44e3a Java: Improve performance of TypeFlow. 2018-09-27 15:39:26 +02:00