Skip to content

Experiment: Test overlay[caller] QL-for-QL warning #19592

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
kaspersv wants to merge 12 commits into from

Mark predicate inline to test QL-for-QL query

cd8823e
Select commit
Loading
Failed to load commit list.
Closed

Experiment: Test overlay[caller] QL-for-QL warning #19592

Mark predicate inline to test QL-for-QL query
cd8823e
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / CodeQL failed May 28, 2025 in 3s

5 configurations not found

Warning: Code scanning may not have found all the alerts introduced by this pull request, because 5 configurations present on refs/heads/main were not found:

Actions workflow (rust-analysis.yml)

  • ❓  .github/workflows/rust-analysis.yml:analyze/language:rust

Actions workflow (csv-coverage-metrics.yml)

  • ❓  .github/workflows/csv-coverage-metrics.yml:publish-csharp
  • ❓  .github/workflows/csv-coverage-metrics.yml:publish-java

Actions workflow (codeql-analysis.yml)

  • ❓  .github/workflows/codeql-analysis.yml:CodeQL-Build

Actions workflow (cpp-swift-analysis.yml)

  • ❓  .github/workflows/cpp-swift-analysis.yml:CodeQL-Build

New alerts in code changed by this pull request

  • 3 errors
  • 170 warnings
  • 7 notes

Alerts not introduced by this pull request might have been detected because the code changes were too large.

See annotations below for details.

View all branch alerts.

Annotations

Check warning on line 221 in java/ql/lib/semmle/code/java/regex/regex.qll

See this annotation in the file changed.

Code scanning / CodeQL

Candidate predicate not marked as `nomagic`

Candidate predicate to [charSetStart](1) is not marked as nomagic.

Check warning on line 227 in java/ql/lib/semmle/code/java/regex/regex.qll

See this annotation in the file changed.

Code scanning / CodeQL

Candidate predicate not marked as `nomagic`

Candidate predicate to [charSetEnd](1) is not marked as nomagic.

Check warning on line 884 in java/ql/lib/semmle/code/java/regex/regex.qll

See this annotation in the file changed.

Code scanning / CodeQL

Missing QLDoc for parameter

The QLDoc has no documentation for pos, but the QLDoc mentions sourceEscapingChar

Check warning on line 106 in java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll

See this annotation in the file changed.

Code scanning / CodeQL

Suggest using non-extending subtype relationships.

Consider defining this class as non-extending subtype of [UrlOpenSink](1).

Check warning on line 8 in java/ql/lib/semmle/code/java/security/ArbitraryApkInstallation.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.FlowSinks](1).

Check warning on line 7 in java/ql/lib/semmle/code/java/security/ControlledString.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.security.Validation](1).

Check warning on line 23 in java/ql/lib/semmle/code/java/security/ControlledString.qll

See this annotation in the file changed.

Code scanning / CodeQL

Predicate QLDoc style.

The QLDoc for a predicate without a result should start with 'Holds'.

Check warning on line 283 in java/ql/lib/semmle/code/java/security/Encryption.qll

See this annotation in the file changed.

Code scanning / CodeQL

Class QLDoc style.

The QLDoc for a class should start with 'A', 'An', or 'The'.

Check warning on line 8 in java/ql/lib/semmle/code/java/security/ExternalAPIs.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.FlowSources](1).

Check warning on line 91 in java/ql/lib/semmle/code/java/security/FileWritable.qll

See this annotation in the file changed.

Code scanning / CodeQL

Missing QLDoc for parameter

The QLDoc has no documentation for setWorldWritable, but the QLDoc mentions setWorldWritableExpr

Check warning on line 4 in java/ql/lib/semmle/code/java/security/HttpsUrls.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.TaintTracking](1).

Check warning on line 12 in java/ql/lib/semmle/code/java/security/HttpsUrls.qll

See this annotation in the file changed.

Code scanning / CodeQL

Class QLDoc style.

The QLDoc for a class should start with 'A', 'An', or 'The'.

Check warning on line 4 in java/ql/lib/semmle/code/java/security/InformationLeak.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.security.XSS](1).

Check warning on line 4 in java/ql/lib/semmle/code/java/security/InsecureBasicAuth.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.TaintTracking](1).

Check warning on line 4 in java/ql/lib/semmle/code/java/security/InsecureTrustManager.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.security.SecurityFlag](1).

Check warning on line 5 in java/ql/lib/semmle/code/java/security/InsufficientKeySizeQuery.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.security.InsufficientKeySize](1).

Check warning on line 8 in java/ql/lib/semmle/code/java/security/IntentUriPermissionManipulation.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.TaintTracking](1).

Check warning on line 7 in java/ql/lib/semmle/code/java/security/JndiInjection.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.FlowSinks](1).

Check warning on line 12 in java/ql/lib/semmle/code/java/security/ListOfConstantsSanitizer.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dispatch.VirtualDispatch](1).

Check warning on line 12 in java/ql/lib/semmle/code/java/security/Mail.qll

See this annotation in the file changed.

Code scanning / CodeQL

Predicate QLDoc style.

The QLDoc for a predicate without a result should start with 'Holds'.

Check warning on line 8 in java/ql/lib/semmle/code/java/security/OgnlInjection.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.FlowSinks](1).

Check warning on line 71 in java/ql/lib/semmle/code/java/security/OgnlInjection.qll

See this annotation in the file changed.

Code scanning / CodeQL

Predicates starting with "get" or "as" should return a value

This predicate starts with 'get' but does not return a value.

Check warning on line 9 in java/ql/lib/semmle/code/java/security/QueryInjection.qll

See this annotation in the file changed.

Code scanning / CodeQL

Redundant import

Redundant import, the module is already imported inside [semmle.code.java.dataflow.FlowSinks](1).

Check warning on line 7 in java/ql/lib/semmle/code/java/security/RelativePaths.qll

See this annotation in the file changed.

Code scanning / CodeQL

Predicate QLDoc style.

The QLDoc for a predicate without a result should start with 'Holds'.

Check warning on line 21 in java/ql/lib/semmle/code/java/security/RelativePaths.qll

See this annotation in the file changed.

Code scanning / CodeQL

Predicate QLDoc style.

The QLDoc for a predicate without a result should start with 'Holds'.