1138 Commits

Author	SHA1	Message	Date
Daniel Winther Petersen	1c1ba7734f	Now alerts about exposing exception.getMessage() in servlet responses are split out of java/stack-trace-exposure into its own alert java/error-message-exposure because this is a better fit.	2024-07-25 18:12:45 +02:00
Owen Mansel-Chan	ff8bb2b1f8	Merge pull request #16760 from owen-mc/java/reverse-dns-separate-threat-model-kind ... Java: make a separate threat model kind for reverse DNS sources	2024-07-23 10:08:52 +01:00
Ed Minnix	ad4bca9975	Fix provenance in tests	2024-07-18 18:18:24 -04:00
Anders Schack-Mulligen	94078e851c	Shared: Add support for provenance pretty-printing as a qltest postprocess step.	2024-07-18 15:34:30 +02:00
Jami	39f0288e09	Merge pull request #16964 from jcogs33/jcogs33/add-toByteArray-summaries ... Java: add `IOUtils.toByteArray` summaries	2024-07-16 17:03:30 -04:00
Owen Mansel-Chan	e2356d9820	Merge pull request #16914 from owen-mc/java/android-app-detection ... Java: Improve Android app detection	2024-07-16 21:52:43 +01:00
Jami Cogswell	f90df85722	Java: update provenance numbers in tests again	2024-07-16 11:55:46 -04:00
Jami	a73170df49	Merge branch 'main' into jcogs33/add-toByteArray-summaries	2024-07-16 10:46:36 -04:00
Anders Schack-Mulligen	37d78249e7	Java: Update provenance ids.	2024-07-16 11:11:54 +02:00
Anders Schack-Mulligen	b2f57b4b48	Java: Update expected output.	2024-07-16 11:11:53 +02:00
Jami Cogswell	8f6d4be256	Java: update tests	2024-07-15 14:33:40 -04:00
Jami Cogswell	6b497da15f	Java: fix line number changes in tests	2024-07-11 15:33:09 -04:00
Owen Mansel-Chan	e2a6358048	Update tests so they still work	2024-07-07 00:24:28 +01:00
Jami Cogswell	be565288f2	Java: update more test cases due to shifted alert provenance line numbers	2024-06-27 22:08:38 -04:00
Jami Cogswell	c73af7f789	Java: update some test cases due to shifted alert provenance line numbers	2024-06-27 21:07:35 -04:00
Owen Mansel-Chan	162245fb9a	Fix unrelated test using reverse DNS as source	2024-06-24 21:23:50 +01:00
Owen Mansel-Chan	9aa0c9f1f3	Fix test expectations	2024-06-14 15:55:30 +01:00
Owen Mansel-Chan	7a13c31021	Exclude loopback address from reverse DNS source	2024-06-14 14:05:01 +01:00
Owen Mansel-Chan	5973f3fadc	Add test for reverse DNS from loopback address	2024-06-14 14:04:47 +01:00
Owen Mansel-Chan	098b732937	Fix formatting of inline expectation test comment	2024-06-14 14:04:42 +01:00
Mauro Baluda	a464a8e48e	@mbaluda ... Update provenance in test expectations	2024-06-11 15:15:50 +02:00
Mauro Baluda	bb5ef3ccd9	Update provenance in test expectations	2024-06-10 19:57:37 +02:00
Anders Schack-Mulligen	4ec4da4c8c	Dataflow/Java: Add support for pretty-printed provenace in tests. Convert one test.	2024-06-07 11:45:13 +02:00
Tony Torralba	292395b80e	Update test expectations	2024-06-04 10:35:16 +02:00
Tony Torralba	f16dd8c010	Apply code review suggestions.	2024-06-04 10:35:11 +02:00
Tony Torralba	f84c2a842d	Java: Add more File-related sinks for path-injection	2024-06-04 10:35:07 +02:00
Mauro Baluda	e2479a7ce2	Disable csrf for ServerHttpSecurity	2024-05-30 23:08:57 +02:00
Anders Schack-Mulligen	15a7c3faeb	Java: Accept qltest .expected file changes.	2024-05-22 15:42:40 +02:00
Anders Schack-Mulligen	a650499a9c	Java: Accept qltest .expected file changes (interesting).	2024-05-22 15:42:12 +02:00
Anders Schack-Mulligen	a74cf6501a	Java: update qltest expected files.	2024-05-22 11:13:06 +02:00
Rasmus Wriedt Larsen	2451a6d3f6	Accept .expected changes	2024-05-21 14:47:42 +02:00
Michael Nebel	b1329fd806	Merge pull request #16362 from michaelnebel/java/removelocalqueries ... Java: Remove local query variants.	2024-05-16 14:34:04 +02:00
Max Schaefer	d406646414	Java: Add tests for comparison-with-wider-type.	2024-05-15 12:45:19 +01:00
Michael Nebel	5b89bd23c7	Java: Deprecate the content of SqlTaintedLocalQuery and remove the local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	d05c5e3d94	Java: Deprecate the content of NumericCastTaintedLocalQuery, remove the local query variant and update the non-local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	301a6cc191	Java: Deprecate the content of ImproperValidationOrArray and remove local query variants.	2024-05-01 13:07:21 +02:00
Michael Nebel	acd0fa4b7b	Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	85a4dd0325	Java: Deprecate the local content of CommandLineQuery and remove the exec tainted local query variant.	2024-05-01 13:07:20 +02:00
Michael Nebel	072f19008a	Java: Deprecate the content of ArithmeticTaintedLocalQuery and remove the arithmetic tainted local query variant.	2024-05-01 08:59:51 +02:00
Michael Nebel	b754706e44	Java: Update SupportedExternalApi expected test output.	2024-04-26 12:39:46 +02:00
Michael Nebel	06f987ad58	Java: Add test example of a supported sink defined in QL.	2024-04-26 12:39:46 +02:00
Anders Schack-Mulligen	f85ff9defc	Java: Update expected output (interesting).	2024-04-12 09:20:28 +02:00
Anders Schack-Mulligen	c2f5731e8d	Java: Update expected output (uninteresting).	2024-04-12 09:20:26 +02:00
Dave Bartolomeo	996f535f0b	Merge pull request #16103 from github/dbartol/javadoc-record ... Allow `@param` tags to apply to record parameters	2024-04-09 14:21:45 -04:00
Dave Bartolomeo	b9cfeaf614	Add test case	2024-04-09 12:41:32 -04:00
erik-krogh	8cb6598f50	fixing that I put a type on the wrong thing in the alert-message	2024-04-08 20:51:19 +02:00
erik-krogh	ca4f667053	add fallback if I can't easily determine the variable	2024-04-08 07:14:48 +02:00
erik-krogh	8b220cc1b3	also get the variable for array accesses	2024-04-08 07:14:48 +02:00
erik-krogh	795b767b6e	add link to the source variable in the alert-message for java/implicit-cast-in-compound-assignment	2024-04-08 07:14:48 +02:00
Owen Mansel-Chan	e10333bf2b	Merge pull request #14919 from github/java/jdk-model-autogeneration ... Java: add dataflow-generated models for JDK17	2024-04-04 21:12:55 +01:00