hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 23:26:51 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Paolo Tranquilli <redsun82@github.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This commit is contained in:
Tamás Vajk
2025-04-07 14:31:24 +02:00
committed by Tamas Vajk
parent d17d44125c
commit ffcf6d6e58
5 changed files with 462 additions and 464 deletions
Download Patch File Download Diff File Expand all files Collapse all files

246
java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected
View File

@@ -1,123 +1,123 @@
/ql/java/ql/src/Diagnostics/ExtractionErrors.ql
/ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
/ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
/ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
/ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
/ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
/ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
/ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
/ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
/ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
/ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
/ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
/ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
/ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
/ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
/ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
/ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
/ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
/ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
/ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
/ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
/ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
/ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
/ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
/ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
/ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
/ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
/ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
/ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
/ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
/ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
/ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
/ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
/ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
/ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
/ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
/ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
/ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
/ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
/ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
/ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
/ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
/ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
/ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
/ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
/ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
/ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
/ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
/ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
/ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
/ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
/ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
/ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
/ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
/ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
/ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
/ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
/ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
/ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
/ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
/ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
/ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
/ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
/ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
/ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
/ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
/ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
/ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
/ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
/ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
/ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
/ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
/ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
/ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
/ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
/ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
/ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
/ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
/ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
/ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
/ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
/ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
/ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
/ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
/ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
/ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
/ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
/ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
/ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
/ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
/ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
/ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
/ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
/ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
/ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
/ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
/ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
/ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
/ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
/ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
/ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
/ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
/ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
/ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
/ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
/ql/java/ql/src/Telemetry/ExtractorInformation.ql
/ql/java/ql/src/Telemetry/SupportedExternalApis.ql
/ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
/ql/java/ql/src/Telemetry/SupportedExternalSources.ql
/ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
/ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
ql/java/ql/src/Diagnostics/ExtractionErrors.ql
ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
ql/java/ql/src/Telemetry/ExtractorInformation.ql
ql/java/ql/src/Telemetry/SupportedExternalApis.ql
ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
ql/java/ql/src/Telemetry/SupportedExternalSources.ql
ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql