hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

1270 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
da273269cb Java: Refactor PolynomialReDoS.ql 2023-03-13 11:27:14 +01:00
Tony Torralba
e834f9302e Fix Apache Commons HTTP Client and SQL Injection tests 2023-03-13 09:36:53 +01:00
Ed Minnix
b6eeac5bc8 Update names to new naming convention 2023-03-10 15:13:58 -05:00
Tony Torralba
f07f0888aa Fix tests 2023-03-10 12:35:13 +01:00
Tony Torralba
8065714ebe Add tests 2023-03-10 12:35:13 +01:00
Ed Minnix
da43a61506 Convert dataflow configuration to using new module-configuration 2023-03-08 19:19:00 -05:00
Ed Minnix
eeb9a88c3a Renamed test file to follow camel casing convention 2023-03-08 13:56:25 -05:00
Ed Minnix
f680a2ecbf Update test java file to support InlineExpectationsTest 2023-03-08 13:50:02 -05:00
Ed Minnix
bfd430b446 Remove qlref tests 2023-03-08 13:21:31 -05:00
Ed Minnix
5fb5f1b23b Begin InlineExpectationsTest 2023-03-08 12:14:45 -05:00
Ed Minnix
8fcf00b73d Test improvements 2023-03-08 12:12:10 -05:00
Ed Minnix
d3d712fbff Remove Url#parse as a source 2023-03-08 12:12:10 -05:00
Ed Minnix
5f4e8e3e6a Add test cases relating to intents with the ACTION_INSTALL_PACKAGE action 2023-03-08 12:12:10 -05:00
Ed Minnix
01b20b3a26 Added external storage test case 2023-03-08 12:12:10 -05:00
Ed Minnix
c448481bf7 Added test expectations 2023-03-08 12:12:10 -05:00
Ed Minnix
618b608962 Arbitrary APK Installation MVP 2023-03-08 12:12:10 -05:00
Anders Schack-Mulligen
e7f85673e9 Java: Fix tests and make modules private 2023-03-08 13:35:25 +01:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Tony Torralba
0439eb640d Add tests 2023-03-01 09:49:28 +01:00
Ed Minnix
06a1368e7c Additional test cases 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
Anders Schack-Mulligen
46d6f5af7e Java: Update some tests. 2023-02-21 13:14:35 +01:00
Tom Hvitved
0bceefc930 Java: Update test expectations 2023-02-17 15:20:21 +01:00
Chad Bentz
2f576a4fe9 test both arguments of getConnection 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-02-15 18:26:56 -05:00
Chad Bentz
b0c8992eef Adding CWE-798 MSSQL Tests 2023-02-13 19:44:02 -05:00
Chad Bentz
cfe169a4f9 Adding MSSQL to SensitiveAPI 2023-02-13 19:42:28 -05:00
Anders Schack-Mulligen
2d6d8aaa74 Java: Account for additional constants in ArrayIndexOutOfBounds query. 2023-02-03 16:16:39 +01:00
Joe Farebrother
97b2e852c9 Merge pull request #11713 from joefarebrother/sensitive-result-receiver 
Java: Add query for leaking sensitive data through a ResultReceiver
 2023-02-01 16:34:17 +00:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Joe Farebrother
639c42c9e9 Fix qhelp errors and ql-for-ql errors 2023-01-12 11:44:39 +00:00
Joe Farebrother
7e7b5b4488 Improve test case 2023-01-12 11:44:39 +00:00
Joe Farebrother
de565f9ccc Add test and fix a bug 2023-01-12 11:44:39 +00:00
Jami Cogswell
fd593fd4f0 Java: undo changes to tests that were affected by numeric-flow summary models 2023-01-11 22:34:19 -05:00
Tony Torralba
32471d326e Java: Remove omittable exists variables 2023-01-10 13:37:19 +01:00
Ed Minnix
909b1d70d9 Rename files to say "Allow" instead of "Permit" 2023-01-09 10:11:03 -05:00
Ed Minnix
c723df3ca7 Fix alert message in expected file 2023-01-09 10:08:19 -05:00
Chris Smowton
45c732a6f9 Java: improve naming and description of SqlUnescaped.ql 
Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.
 2023-01-09 10:56:13 +00:00
Ed Minnix
28ad9d00fb Merge both setAllowContentAccess queries into one query 
Previously, the query to detect whether or not access to `content://`
links was done using two queries.

Now they can be merged into one query
 2023-01-03 15:17:07 -05:00
Ed Minnix
68392aa8d8 Fix test expectations 2022-12-31 15:25:25 -05:00
Ed Minnix
9ef319f659 Java: setAllowContentAccess query tests 2022-12-31 15:00:28 -05:00
Ed Minnix
7cc53126f3 Java: WebView setAllowContentAccess query test cases 2022-12-31 15:00:28 -05:00
Ed Minnix
a023726c03 Java: add Android stubs to options file for CWE-200 tests 2022-12-31 15:00:28 -05:00
Jami Cogswell
e6331dc2e6 Java: update test case affected by Long.parseLong summary model 2022-12-22 12:57:37 -05:00
Jami Cogswell
997219a280 Java: update test case affected by Class.isAssignableFrom neutral model 2022-12-22 12:54:02 -05:00
Edward Minnix III
b77923f6e6 Merge pull request #11767 from atorralba/atorralba/java/fix-pinning-tests 
Java: Small simplification in Missing Certificate Pinning tests
 2022-12-21 11:21:47 -05:00
Arthur Baars
98c5b81456 Merge pull request #11723 from aibaars/alert-suppression 
CodeQL alert suppression
 2022-12-21 10:59:57 +01:00
Tony Torralba
ab73d13d8b Small simplification 2022-12-21 09:58:13 +01:00
Jami
c9258effb6 Merge pull request #11572 from jcogs33/jcogs33/model-top-jdk-apis 
Java: model top 100 JDK APIs
 2022-12-20 09:13:53 -05:00