hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

12735 Commits

Author SHA1 Message Date
Owen Mansel-Chan
6280ed2a6b Merge pull request #13555 from am0o0/amammad-java-bombs 
Java: Decompression Bombs
 2024-07-31 14:55:28 +01:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
Jami
4fb29c4473 Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks 2024-07-31 08:15:07 -04:00
Jami
05b0a3f41c Merge pull request #17093 from jcogs33/jcogs33/java/provenance-postprocess-qltest-remaining-lib-tests 
Java: Add support for post-process provenance pretty-printing in `.ql` library-tests
 2024-07-31 08:11:15 -04:00
Owen Mansel-Chan
8901b1fd14 Merge pull request #17100 from owen-mc/java/sensitive-log/ignore-tokenizer 
Java: whitelist variable names containing "tokenizer" for `java/sensitive-log`
 2024-07-31 12:16:03 +01:00
Owen Mansel-Chan
59e22f6cd9 Merge pull request #17101 from owen-mc/java/dead-ref-types-junit-4-5 
Java: Fix FPs in `java/unused-reference-type` for JUnit 4-style tests
 2024-07-31 11:11:35 +01:00
am0o0
d560c1ea0f fix formatting 2024-07-31 11:08:06 +02:00
am0o0
9110df6e80 Merge branch 'amammad-java-JWT' of https://github.com/am0o0/codeql into amammad-java-JWT 2024-07-31 11:04:24 +02:00
am0o0
c6814fcf47 merge duplicate module into a module file 2024-07-31 11:04:03 +02:00
am0o0
701e3d7e53 add same query but with local source support to comply with the CVE-2021-37580 2024-07-31 10:58:22 +02:00
Edward Minnix III
bae0ea5599 Merge pull request #17042 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-07-30 20:04:23 -04:00
Jami Cogswell
2db07bdbf3 Java: add missing models to experimental expected files 2024-07-30 12:13:18 -04:00
am0o0
40eef25133 use more specefic Classes instead of Call 2024-07-30 18:07:03 +02:00
am0o0
591b1b4f07 use $ SPURIOUS: instead of "this test gives a FP" 2024-07-30 17:53:23 +02:00
Owen Mansel-Chan
1cb5f35c56 Add change note 2024-07-30 16:29:38 +01:00
Owen Mansel-Chan
cd0af0fc57 Ignore types with methods which have annotations 
The motivation is test classes in JUnit 4 and 5 are currently FPs for this. They have methods with `@Test`, so this should fix the FPs.
 2024-07-30 16:29:35 +01:00
Owen Mansel-Chan
050dcb1370 Add some tests for java/unused-reference-type 2024-07-30 16:29:11 +01:00
Jami
2c8f3a58b3 Merge branch 'main' into jcogs33/java/provenance-postprocess-qltest 2024-07-30 10:53:52 -04:00
Owen Mansel-Chan
44b6309e07 Add change note 2024-07-30 15:44:00 +01:00
Owen Mansel-Chan
e259b25428 Add "tokenizer" to sensitive variable name FPs 2024-07-30 15:38:32 +01:00
Owen Mansel-Chan
0704946324 Factor out matching sensitive variable name FPs 2024-07-30 15:37:54 +01:00
Owen Mansel-Chan
bdff0fdcc5 Add test for "tokenizer" 2024-07-30 15:37:46 +01:00
Owen Mansel-Chan
0d71072f94 Make test more compact 2024-07-30 15:36:59 +01:00
Arthur Baars
0d469536ae Merge pull request #17065 from github/aibaars/proxy-tests 
Java: integration tests with proxy server
 2024-07-30 15:53:45 +02:00
Anders Schack-Mulligen
5073f4f7dd Merge pull request #17096 from aschackmull/java/pp-experimental-models 
Java: Pretty-print experimental models for qltest.
 2024-07-30 13:31:15 +02:00
am0o0
9662950405 add comments for FPs 2024-07-30 13:24:46 +02:00
Chris Smowton
8f52b2cd95 Fix link 2024-07-30 12:23:38 +01:00
Chris Smowton
a781522ca0 Copyedit documentation 2024-07-30 12:19:16 +01:00
Anders Schack-Mulligen
da5250d3a7 Java: Pretty-print experimental models for qltest. 2024-07-30 11:43:44 +02:00
github-actions[bot]
d39609254c Add changed framework coverage reports 2024-07-30 00:18:23 +00:00
am0o0
4dc1a10f71 update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk 2024-07-29 18:10:04 +02:00
Jami Cogswell
e226da4f04 Java: use post-process provenance pretty-printing in .ql library-tests 2024-07-29 11:46:28 -04:00
RobbingDaHood
1cb58922a2 Minor changes to formulations for java/error-message-exposure 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-07-29 16:48:15 +02:00
Ian Lynagh
1530037eae Merge pull request #17071 from igfoo/igfoo/dep_env 
Java/Kotlin: Remove support for deprecated SOURCE_ARCHIVE and TRAP_FOLDER
 2024-07-29 14:55:50 +01:00
Jami Cogswell
bab89c46b6 Java: use post-process provenance pretty-printing in library-tests 2024-07-28 18:13:58 -04:00
Jami Cogswell
0a382bf0cf Java: use post-process provenance pretty-printing in experimental/query-tests 2024-07-28 18:13:20 -04:00
Jami Cogswell
c70d39539e Java: use post-process provenance pretty-printing in query-tests 2024-07-28 18:12:17 -04:00
am0o0
c8749ff82e Merge branch 'amammad-java-bombs' of https://github.com/am0o0/codeql into amammad-java-bombs 2024-07-28 12:15:23 +02:00
am0o0
209fa1a10a update tests 2024-07-28 12:15:07 +02:00
am0o0
0593eaad52 we don't need ConstructorCall for ZipFile anymore since we have a more accurate sink for this 2024-07-28 12:12:07 +02:00
am0o0
cc752113af we don't need TypeInputStreamConstructorArgumentSink anymore 2024-07-28 12:09:52 +02:00
am0o0
7689db7d42 change apache commons sink 2024-07-28 12:09:33 +02:00
am0o0
1b97804f45 update tests 2024-07-28 11:45:48 +02:00
Am
96c142bf0a Merge branch 'main' into amammad-java-JWT 2024-07-28 13:03:23 +03:30
am0o0
6538a06f29 update tests 2024-07-28 11:30:59 +02:00
am0o0
b5e7716579 remove flow states, remove string as sources 2024-07-28 11:26:18 +02:00
am0o0
46ddddc8cf Merge tag 'codeql-cli/v2.18.1' into amammad-java-JWT 
Compatible with CodeQL CLI 2.18.1
 2024-07-28 11:23:20 +02:00
am0o0
85b02b1399 use MethodCall instead of MethodAccess, change query id 2024-07-28 10:42:44 +02:00
am0o0
494f0b709e Merge branch 'main' into amammad-java-JWT 2024-07-28 10:37:26 +02:00
am0o0
14cf47b906 comply with PascalCase/camelCase, remove redundant import 2024-07-28 10:28:28 +02:00