hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.0
Commit Graph

4076 Commits

Author SHA1 Message Date
Chris Smowton
9c0bdbb20a Java: add a test exercising Spring component liveness detection 
The existing Spring stubs are expanded sufficiently to support the needed annotations and a few referenced classes and exceptions.
 2024-08-16 16:36:08 +01:00
am0o0
f4764378c9 update tests to contain the new source, delete query with local sources 2024-08-16 16:15:46 +02:00
Chris Smowton
f7d8c210e5 Merge pull request #17239 from smowton/smowton/admin/camel-test 
Java: add test for Apache Camel dead-code analysis
 2024-08-16 11:00:30 +01:00
Rasmus Wriedt Larsen
c3d8efc43d Merge branch 'main' into stdin3 2024-08-16 09:54:45 +02:00
Anders Schack-Mulligen
51c43a7440 Java: Accept expected changes. 2024-08-16 07:01:35 +02:00
Anders Schack-Mulligen
86708c9ff8 Dataflow: Fix missing subpaths due to type strengthening. 2024-08-15 18:57:10 +02:00
Chris Smowton
0b56bf98f3 Java: add test for Apache Camel dead-code analysis 
This exercises code that detects Camel entry-points and marks them as live.
 2024-08-15 17:26:38 +01:00
Anders Schack-Mulligen
e77c3dfda1 Java: Fix expected files following https://github.com/github/codeql/pull/17233 and https://github.com/github/codeql/pull/17224. 2024-08-15 15:45:37 +02:00
Rasmus Wriedt Larsen
fee38b3781 Java: Fixup test 2024-08-15 15:37:35 +02:00
Anders Schack-Mulligen
7d61d9282c Merge pull request #17233 from aschackmull/dataflow/match-summarylabel 
Dataflow: Fix missing join on summaryLabel.
 2024-08-15 14:55:38 +02:00
Anders Schack-Mulligen
6f23e8dcf3 Merge pull request #17224 from aschackmull/java/inlineflow-pathgraph 
Java: Add PathGraph to test output for default inline flow tests.
 2024-08-15 13:35:24 +02:00
Anders Schack-Mulligen
a85f8a2fbd Java/C#: Accept expected changes. 2024-08-15 13:24:31 +02:00
Michael Nebel
4b3cc5bd0e Merge pull request #17219 from michaelnebel/shared/neutralsourcesink 
C#/Java: Fix source- and sink callable provenance overlap.
 2024-08-15 11:02:18 +02:00
Anders Schack-Mulligen
fb1dfd4217 Java: Accept test changes. 2024-08-15 10:32:12 +02:00
Anders Schack-Mulligen
3cdc8d5eca Java: Add PathGraph to test output for default inline flow tests. 2024-08-15 10:17:31 +02:00
Anders Schack-Mulligen
79dec723b0 Dataflow: Add test highlighting missing subpath. 2024-08-14 13:30:13 +02:00
Michael Nebel
eaf4f5eeab C#/Java: Update model generation expected output. 2024-08-14 09:57:49 +02:00
Michael Nebel
046018fa25 Java: Add example of missing sink generation. 2024-08-14 09:50:34 +02:00
Tom Hvitved
aeabee3e34 Merge pull request #17179 from hvitved/shared/pretty-print-models 
Go/Java: Share more `PrettyPrintModels.ql` logic
 2024-08-13 14:15:40 +02:00
Tom Hvitved
f83df76928 Shared: Apply ShowProvenance in InlineFlowTest.qll 2024-08-13 13:34:43 +02:00
Tom Hvitved
d5a0df3f87 Go/Java: Share more PrettyPrintModels.ql logic 2024-08-13 12:48:22 +02:00
Michael Nebel
4a5c9f0ec4 Merge pull request #17007 from michaelnebel/shared/neutralimplementation 
C#/Java/Go: Neutrals are split into separate classes.
 2024-08-12 13:58:12 +02:00
Anders Schack-Mulligen
f28f42bcba Merge pull request #17049 from aschackmull/dataflow/bugfix-flowfeature-sinkctx 
Dataflow: Fix bug causing spurious flow for FeatureHasSinkCallContext
 2024-08-12 13:29:42 +02:00
Dave Bartolomeo
a6e2fbb241 Merge remote-tracking branch 'origin/main' into dbartol/provenance/qltest 2024-08-05 13:16:31 -04:00
Chris Smowton
95e504a5ff Merge branch 'main' into am0o0-java-PathInjection 2024-08-05 11:41:25 +01:00
am0o0
4169cfac9f use the current slf4j stubs instead of new one 2024-08-03 14:12:18 +02:00
Dave Bartolomeo
6596705811 Update test expectations after extension numbering fix 2024-08-02 16:55:02 -04:00
Anders Schack-Mulligen
4d023f14a6 Merge pull request #17075 from RobbingDaHood/17052-second-try-do-not-expose-error-message 
Java: 17052 Second try: do not expose error message
 2024-08-02 12:44:27 +02:00
am0o0
a645e01b4b delete wrong stubs 2024-08-02 01:03:47 +02:00
am0o0
d52826879b delete wrong stubs 2024-08-02 01:02:49 +02:00
am0o0
ee9f134828 update current springframework core stub and use this instead of creating a new stubs 2024-08-02 01:00:34 +02:00
am0o0
af43178602 move slf4j to a separate dir 2024-08-02 00:35:20 +02:00
am0o0
1551cf0093 move java/ql/test/experimental/stubs/org-springframework-6.1.4/org/reactivestreams into a separate dir 2024-08-02 00:06:02 +02:00
Anders Schack-Mulligen
377301a55a Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance 
Dataflow: Propagate provenance correctly for flow-through wrappers.
 2024-08-01 09:35:56 +02:00
Owen Mansel-Chan
6280ed2a6b Merge pull request #13555 from am0o0/amammad-java-bombs 
Java: Decompression Bombs
 2024-07-31 14:55:28 +01:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
Jami
05b0a3f41c Merge pull request #17093 from jcogs33/jcogs33/java/provenance-postprocess-qltest-remaining-lib-tests 
Java: Add support for post-process provenance pretty-printing in `.ql` library-tests
 2024-07-31 08:11:15 -04:00
Owen Mansel-Chan
8901b1fd14 Merge pull request #17100 from owen-mc/java/sensitive-log/ignore-tokenizer 
Java: whitelist variable names containing "tokenizer" for `java/sensitive-log`
 2024-07-31 12:16:03 +01:00
Owen Mansel-Chan
59e22f6cd9 Merge pull request #17101 from owen-mc/java/dead-ref-types-junit-4-5 
Java: Fix FPs in `java/unused-reference-type` for JUnit 4-style tests
 2024-07-31 11:11:35 +01:00
am0o0
701e3d7e53 add same query but with local source support to comply with the CVE-2021-37580 2024-07-31 10:58:22 +02:00
Jami Cogswell
2db07bdbf3 Java: add missing models to experimental expected files 2024-07-30 12:13:18 -04:00
am0o0
591b1b4f07 use $ SPURIOUS: instead of "this test gives a FP" 2024-07-30 17:53:23 +02:00
Owen Mansel-Chan
cd0af0fc57 Ignore types with methods which have annotations 
The motivation is test classes in JUnit 4 and 5 are currently FPs for this. They have methods with `@Test`, so this should fix the FPs.
 2024-07-30 16:29:35 +01:00
Owen Mansel-Chan
050dcb1370 Add some tests for java/unused-reference-type 2024-07-30 16:29:11 +01:00
Owen Mansel-Chan
e259b25428 Add "tokenizer" to sensitive variable name FPs 2024-07-30 15:38:32 +01:00
Owen Mansel-Chan
bdff0fdcc5 Add test for "tokenizer" 2024-07-30 15:37:46 +01:00
Owen Mansel-Chan
0d71072f94 Make test more compact 2024-07-30 15:36:59 +01:00
am0o0
9662950405 add comments for FPs 2024-07-30 13:24:46 +02:00
am0o0
4dc1a10f71 update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk 2024-07-29 18:10:04 +02:00
Jami Cogswell
e226da4f04 Java: use post-process provenance pretty-printing in .ql library-tests 2024-07-29 11:46:28 -04:00