hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,671 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4250 Commits

Author SHA1 Message Date
Napalys Klicius
50c7160819 Java: port java/mocking-all-non-private-methods-means-unit-test-is-too-big query 2025-08-11 13:43:36 +02:00
Napalys Klicius
4df613ce37 Java: Improved java/jvm-exit query to remove FP's. 2025-08-11 09:24:01 +02:00
Napalys Klicius
d41a5e3a25 Java: Added basic test cases for java/jvm-exit 2025-08-11 09:24:01 +02:00
Anders Schack-Mulligen
d9cfe14729 Java: Accept qltest change. 2025-08-07 14:51:49 +02:00
Anders Schack-Mulligen
f90b6ab005 Guards: Add support for wrappers that may throw exceptions. 2025-08-07 14:51:48 +02:00
Anders Schack-Mulligen
0c31a80f3c Guards: Generalise wrapper guards. 2025-08-07 14:51:47 +02:00
Anders Schack-Mulligen
23aac0ac51 Java: document nullness false negative as qltest 2025-08-05 13:49:51 +02:00
Jami Cogswell
c9692a6d10 Java: fix test failures cause by alert msg change 2025-07-19 13:27:09 -04:00
Jami Cogswell
7250265c1f Java: consider all endpoints except for health and info as sensitive to align with Spring docs 2025-07-18 17:50:18 -04:00
Jami Cogswell
685f68d9d3 Java: support 'management.endpoints.web.expose' property 2025-07-18 17:50:17 -04:00
Jami Cogswell
70d51504a7 Java: rename to align with 'java/spring-boot-exposed-actuators' query 2025-07-18 17:50:12 -04:00
Jami Cogswell
ea35fbbe3b Java: support version 3.x 2025-07-18 17:50:07 -04:00
Jami Cogswell
0d2a4222fd Java: add related location to alert message 2025-07-17 19:22:18 -04:00
Jami Cogswell
2bfc4b4ee2 Java: fix test case for version 1.4 
Need the existence of an ApplicationProperties File, not an ApplicationProperties ConfigPair
 2025-07-17 19:22:15 -04:00
Jami Cogswell
3823186dc6 Java: split tests by versions 
splitting is required to properly test each scenario
 2025-07-17 19:22:13 -04:00
Jami Cogswell
ed8da5e151 Java: convert tests to inline expectations 2025-07-17 19:22:08 -04:00
Jami Cogswell
fc930d9184 Java: update tests for non-experimental directory 2025-07-17 19:22:06 -04:00
Jami Cogswell
0dbddbdf0f Java: remove experimental files 2025-07-17 19:22:03 -04:00
Jami Cogswell
a39cb40177 Java: copy out of experimental 2025-07-17 19:22:01 -04:00
Nora Dimitrijević
b33058c967 [TEST] Java: SensitiveCommunication: convert to qlref 2025-07-17 18:59:05 +02:00
Nora Dimitrijević
44bb5e7220 [TEST] Java: ConditionalBypass: convert to qlref 2025-07-17 18:59:03 +02:00
Nora Dimitrijević
6134518d60 [TEST] Java: SensitiveLogInfo: convert to qlref 2025-07-17 18:59:01 +02:00
Nora Dimitrijević
94386f0550 [TEST] Java: TrustBoundaryViolations: convert test to qlref 2025-07-17 18:58:59 +02:00
Nora Dimitrijević
49e03b4dfd [TEST] Java: UnsafeCertTrust: convert test to qlref 2025-07-17 18:58:56 +02:00
Nora Dimitrijević
7aced48443 [TEST] Java: LogInjection: convert test to qlref 2025-07-17 18:58:54 +02:00
Nora Dimitrijević
5c2cf79785 [TEST] Java: CWE-020/ExternalAPI: new test based on qhelp 2025-07-17 18:58:52 +02:00
Anders Schack-Mulligen
1485d7072d Merge pull request #19885 from aschackmull/java/annotated-exit-cfg 
Java: Add AnnotatedExitNodes to the CFG.
 2025-07-17 15:02:24 +02:00
Anders Schack-Mulligen
e7a6259bd7 Java: Accept test changes. 2025-07-17 11:21:26 +02:00
Owen Mansel-Chan
805e31fdb9 Update test expectations 2025-07-16 15:25:45 +01:00
Owen Mansel-Chan
fdd1e3fefe Use MaD models for unsafe deserialization sinks when possible 
Many of the unsafe deserialization sinks have to stay defined in QL
because they have custom logic that cannot be expressed in MaD models.
 2025-07-16 14:42:07 +01:00
Owen Mansel-Chan
8e4bd1a102 Add sink for ObjectInput.readObject to make test pass 2025-07-11 11:05:38 +01:00
Owen Mansel-Chan
34fae324a0 Add test for ObjectInput.readObject 2025-07-11 11:03:47 +01:00
Tamás Vajk
1351f57d2b Merge pull request #19998 from tamasvajk/quality/label-in-switch 
Java: Add query to detect non-case labels in switch statements
 2025-07-10 14:13:38 +02:00
Tamas Vajk
5f7d746266 Java: Add query to detect non-case labels in switch statements 2025-07-08 14:53:39 +02:00
Tamas Vajk
09a2aeead6 Java: Add query to detect special characters in string literals 2025-07-08 13:28:18 +02:00
Tamas Vajk
813ce7d3f8 Rename query 2025-07-08 11:28:12 +02:00
Tamas Vajk
82fe647a40 Improve alert message 2025-07-08 11:28:11 +02:00
Tamas Vajk
a2d4f58af7 Use inline test expectations 2025-07-08 11:28:10 +02:00
Tamas Vajk
2cd0c64e41 Improve query quality 2025-07-08 11:28:09 +02:00
Tamas Vajk
e0cb1792bd Java: Add 'Useless serialization member in record class' query 2025-07-08 11:28:09 +02:00
Tom Hvitved
6fdec47e83 Java: Use MaD in log injection test 2025-07-08 10:25:58 +02:00
Jami Cogswell
87ab4d0160 Java: remove java/run-method-called-on-java-lang-thread-directly 
using existing query java/call-to-thread-run instead
 2025-06-29 22:42:31 -04:00
Jami Cogswell
12e7bbbae8 Java: update existing tests to services tests 2025-06-29 22:41:47 -04:00
Jami Cogswell
1172f82a4b Java: update existing tests to inline expectations 2025-06-29 22:21:41 -04:00
Jami Cogswell
7a2023b863 Java: move original files 2025-06-29 22:13:49 -04:00
Nora Dimitrijević
e0b3a2c5f9 Java: convert ArbitraryApkInstallation test to .qlref 2025-06-26 13:22:05 +02:00
Tamás Vajk
ae36f94d5e Merge pull request #19844 from tamasvajk/tamasvajk/threadpoolexecutor 
Java: Add `java/javautilconcurrentscheduledthreadpoolexecutor` query for zero thread pool size
 2025-06-26 12:36:09 +02:00
Anders Schack-Mulligen
326f2b0498 Java: Accept qltest change showing FP removal. 2025-06-26 11:03:39 +02:00
Anders Schack-Mulligen
1d4c8197ec Java: Fix assert CFG by properly tagging the false successor. 2025-06-26 10:18:14 +02:00
Anders Schack-Mulligen
4645856f09 Java: document FP 2025-06-26 07:17:36 +02:00