hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

1079 Commits

Author SHA1 Message Date
Tony Torralba
6aa9726223 org.apache.tools.ant tests 2023-03-14 17:20:31 +01:00
Tony Torralba
db9e305a56 org.apache.commons.jelly tests 2023-03-14 17:04:14 +01:00
Tony Torralba
31667b4478 org.apache.commons.io tests 2023-03-14 12:50:09 +01:00
Tony Torralba
3db95f3ac9 javax.xml.transform.stream tests 2023-03-14 12:28:04 +01:00
Tony Torralba
d54abddab1 java.nio.file tests 2023-03-14 12:22:56 +01:00
Tony Torralba
452b9d11db java.net tests 2023-03-14 11:43:23 +01:00
Edward Minnix III
de1ecf943e Merge pull request #11915 from egregius313/egregius313/arbitrary-apk-installation 
Java: Arbitrary APK installation
 2023-03-14 06:23:51 -04:00
Tony Torralba
cad5cd4037 java.io tests 2023-03-14 11:21:33 +01:00
Tony Torralba
705691b096 Merge pull request #12446 from github/java/update-mad-decls-after-triage-2023-03-08T14-51-59 
Java: Update MaD Declarations after Triage
 2023-03-13 14:07:59 +01:00
Anders Schack-Mulligen
da273269cb Java: Refactor PolynomialReDoS.ql 2023-03-13 11:27:14 +01:00
Tony Torralba
e834f9302e Fix Apache Commons HTTP Client and SQL Injection tests 2023-03-13 09:36:53 +01:00
Ed Minnix
b6eeac5bc8 Update names to new naming convention 2023-03-10 15:13:58 -05:00
Tony Torralba
f07f0888aa Fix tests 2023-03-10 12:35:13 +01:00
Tony Torralba
8065714ebe Add tests 2023-03-10 12:35:13 +01:00
Ed Minnix
da43a61506 Convert dataflow configuration to using new module-configuration 2023-03-08 19:19:00 -05:00
Ed Minnix
eeb9a88c3a Renamed test file to follow camel casing convention 2023-03-08 13:56:25 -05:00
Ed Minnix
f680a2ecbf Update test java file to support InlineExpectationsTest 2023-03-08 13:50:02 -05:00
Ed Minnix
bfd430b446 Remove qlref tests 2023-03-08 13:21:31 -05:00
Ed Minnix
5fb5f1b23b Begin InlineExpectationsTest 2023-03-08 12:14:45 -05:00
Ed Minnix
8fcf00b73d Test improvements 2023-03-08 12:12:10 -05:00
Ed Minnix
d3d712fbff Remove Url#parse as a source 2023-03-08 12:12:10 -05:00
Ed Minnix
5f4e8e3e6a Add test cases relating to intents with the ACTION_INSTALL_PACKAGE action 2023-03-08 12:12:10 -05:00
Ed Minnix
01b20b3a26 Added external storage test case 2023-03-08 12:12:10 -05:00
Ed Minnix
c448481bf7 Added test expectations 2023-03-08 12:12:10 -05:00
Ed Minnix
618b608962 Arbitrary APK Installation MVP 2023-03-08 12:12:10 -05:00
Anders Schack-Mulligen
e7f85673e9 Java: Fix tests and make modules private 2023-03-08 13:35:25 +01:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Tony Torralba
59bd1e5ab1 Merge pull request #12228 from github/java/mad-decls-triage-request-2276 
Java: Update MaD sink decls after triage
 2023-03-01 17:08:38 +01:00
Tony Torralba
0439eb640d Add tests 2023-03-01 09:49:28 +01:00
Ed Minnix
06a1368e7c Additional test cases 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
Anders Schack-Mulligen
46d6f5af7e Java: Update some tests. 2023-02-21 13:14:35 +01:00
Tom Hvitved
0bceefc930 Java: Update test expectations 2023-02-17 15:20:21 +01:00
Chad Bentz
2f576a4fe9 test both arguments of getConnection 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-02-15 18:26:56 -05:00
Chad Bentz
b0c8992eef Adding CWE-798 MSSQL Tests 2023-02-13 19:44:02 -05:00
Chad Bentz
cfe169a4f9 Adding MSSQL to SensitiveAPI 2023-02-13 19:42:28 -05:00
Anders Schack-Mulligen
2d6d8aaa74 Java: Account for additional constants in ArrayIndexOutOfBounds query. 2023-02-03 16:16:39 +01:00
Joe Farebrother
97b2e852c9 Merge pull request #11713 from joefarebrother/sensitive-result-receiver 
Java: Add query for leaking sensitive data through a ResultReceiver
 2023-02-01 16:34:17 +00:00
Edward Minnix III
4c018759c8 Merge pull request #11283 from egregius313/egregius313/webview-setAllowContentAccess 
Java: Android WebView Content Access Query
 2023-01-17 11:02:47 -05:00
Jami
babdee36aa Merge pull request #11779 from jcogs33/jcogs33/model-more-top-jdk-apis 
Java: model top JDK APIs
 2023-01-17 10:20:32 -05:00
Joe Farebrother
639c42c9e9 Fix qhelp errors and ql-for-ql errors 2023-01-12 11:44:39 +00:00
Joe Farebrother
7e7b5b4488 Improve test case 2023-01-12 11:44:39 +00:00
Joe Farebrother
de565f9ccc Add test and fix a bug 2023-01-12 11:44:39 +00:00
Jami Cogswell
fd593fd4f0 Java: undo changes to tests that were affected by numeric-flow summary models 2023-01-11 22:34:19 -05:00
Tony Torralba
32471d326e Java: Remove omittable exists variables 2023-01-10 13:37:19 +01:00
Ed Minnix
909b1d70d9 Rename files to say "Allow" instead of "Permit" 2023-01-09 10:11:03 -05:00
Ed Minnix
c723df3ca7 Fix alert message in expected file 2023-01-09 10:08:19 -05:00
Chris Smowton
45c732a6f9 Java: improve naming and description of SqlUnescaped.ql 
Since the main thing it's objecting to is concatenation not lack of escaping (in particular it doesn't look for escaping sanitizers), rename and re-describe it accordingly.
 2023-01-09 10:56:13 +00:00
Ed Minnix
28ad9d00fb Merge both setAllowContentAccess queries into one query 
Previously, the query to detect whether or not access to `content://`
links was done using two queries.

Now they can be merged into one query
 2023-01-03 15:17:07 -05:00
Ed Minnix
68392aa8d8 Fix test expectations 2022-12-31 15:25:25 -05:00