codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Owen Mansel-Chan	050dcb1370	Add some tests for `java/unused-reference-type`	2024-07-30 16:29:11 +01:00
Owen Mansel-Chan	e259b25428	Add "tokenizer" to sensitive variable name FPs	2024-07-30 15:38:32 +01:00
Owen Mansel-Chan	bdff0fdcc5	Add test for "tokenizer"	2024-07-30 15:37:46 +01:00
Owen Mansel-Chan	0d71072f94	Make test more compact	2024-07-30 15:36:59 +01:00
Jami Cogswell	c70d39539e	Java: use post-process provenance pretty-printing in query-tests	2024-07-28 18:12:17 -04:00
Owen Mansel-Chan	c051d33cc7	Merge branch 'main' into dataflow/provenance-postprocess-qltest	2024-07-26 08:04:05 +01:00
Daniel Winther Petersen	1c1ba7734f	Now alerts about exposing `exception.getMessage()` in servlet responses are split out of `java/stack-trace-exposure` into its own alert `java/error-message-exposure` because this is a better fit.	2024-07-25 18:12:45 +02:00
Owen Mansel-Chan	ff8bb2b1f8	Merge pull request #16760 from owen-mc/java/reverse-dns-separate-threat-model-kind Java: make a separate threat model kind for reverse DNS sources	2024-07-23 10:08:52 +01:00
Ed Minnix	ad4bca9975	Fix provenance in tests	2024-07-18 18:18:24 -04:00
Anders Schack-Mulligen	94078e851c	Shared: Add support for provenance pretty-printing as a qltest postprocess step.	2024-07-18 15:34:30 +02:00
Jami	39f0288e09	Merge pull request #16964 from jcogs33/jcogs33/add-toByteArray-summaries Java: add `IOUtils.toByteArray` summaries	2024-07-16 17:03:30 -04:00
Owen Mansel-Chan	e2356d9820	Merge pull request #16914 from owen-mc/java/android-app-detection Java: Improve Android app detection	2024-07-16 21:52:43 +01:00
Jami Cogswell	f90df85722	Java: update provenance numbers in tests again	2024-07-16 11:55:46 -04:00
Jami	a73170df49	Merge branch 'main' into jcogs33/add-toByteArray-summaries	2024-07-16 10:46:36 -04:00
Anders Schack-Mulligen	37d78249e7	Java: Update provenance ids.	2024-07-16 11:11:54 +02:00
Anders Schack-Mulligen	b2f57b4b48	Java: Update expected output.	2024-07-16 11:11:53 +02:00
Jami Cogswell	8f6d4be256	Java: update tests	2024-07-15 14:33:40 -04:00
Jami Cogswell	6b497da15f	Java: fix line number changes in tests	2024-07-11 15:33:09 -04:00
Owen Mansel-Chan	e2a6358048	Update tests so they still work	2024-07-07 00:24:28 +01:00
Jami Cogswell	be565288f2	Java: update more test cases due to shifted alert provenance line numbers	2024-06-27 22:08:38 -04:00
Jami Cogswell	c73af7f789	Java: update some test cases due to shifted alert provenance line numbers	2024-06-27 21:07:35 -04:00
Owen Mansel-Chan	162245fb9a	Fix unrelated test using reverse DNS as source	2024-06-24 21:23:50 +01:00
Owen Mansel-Chan	9aa0c9f1f3	Fix test expectations	2024-06-14 15:55:30 +01:00
Owen Mansel-Chan	7a13c31021	Exclude loopback address from reverse DNS source	2024-06-14 14:05:01 +01:00
Owen Mansel-Chan	5973f3fadc	Add test for reverse DNS from loopback address	2024-06-14 14:04:47 +01:00
Owen Mansel-Chan	098b732937	Fix formatting of inline expectation test comment	2024-06-14 14:04:42 +01:00
Mauro Baluda	a464a8e48e	@mbaluda Update provenance in test expectations	2024-06-11 15:15:50 +02:00
Mauro Baluda	bb5ef3ccd9	Update provenance in test expectations	2024-06-10 19:57:37 +02:00
Anders Schack-Mulligen	4ec4da4c8c	Dataflow/Java: Add support for pretty-printed provenace in tests. Convert one test.	2024-06-07 11:45:13 +02:00
Tony Torralba	292395b80e	Update test expectations	2024-06-04 10:35:16 +02:00
Tony Torralba	f16dd8c010	Apply code review suggestions.	2024-06-04 10:35:11 +02:00
Tony Torralba	f84c2a842d	Java: Add more File-related sinks for path-injection	2024-06-04 10:35:07 +02:00
Mauro Baluda	e2479a7ce2	Disable csrf for ServerHttpSecurity	2024-05-30 23:08:57 +02:00
Anders Schack-Mulligen	15a7c3faeb	Java: Accept qltest .expected file changes.	2024-05-22 15:42:40 +02:00
Anders Schack-Mulligen	a650499a9c	Java: Accept qltest .expected file changes (interesting).	2024-05-22 15:42:12 +02:00
Anders Schack-Mulligen	a74cf6501a	Java: update qltest expected files.	2024-05-22 11:13:06 +02:00
Rasmus Wriedt Larsen	2451a6d3f6	Accept `.expected` changes	2024-05-21 14:47:42 +02:00
Michael Nebel	b1329fd806	Merge pull request #16362 from michaelnebel/java/removelocalqueries Java: Remove local query variants.	2024-05-16 14:34:04 +02:00
Max Schaefer	d406646414	Java: Add tests for `comparison-with-wider-type`.	2024-05-15 12:45:19 +01:00
Michael Nebel	5b89bd23c7	Java: Deprecate the content of SqlTaintedLocalQuery and remove the local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	d05c5e3d94	Java: Deprecate the content of NumericCastTaintedLocalQuery, remove the local query variant and update the non-local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	301a6cc191	Java: Deprecate the content of ImproperValidationOrArray and remove local query variants.	2024-05-01 13:07:21 +02:00
Michael Nebel	acd0fa4b7b	Java: Deprecate the content of ExternallyControlledFormatStringLocalQuery and remove the externally controlled format string local query variant.	2024-05-01 13:07:21 +02:00
Michael Nebel	85a4dd0325	Java: Deprecate the local content of CommandLineQuery and remove the exec tainted local query variant.	2024-05-01 13:07:20 +02:00
Michael Nebel	072f19008a	Java: Deprecate the content of ArithmeticTaintedLocalQuery and remove the arithmetic tainted local query variant.	2024-05-01 08:59:51 +02:00
Michael Nebel	b754706e44	Java: Update SupportedExternalApi expected test output.	2024-04-26 12:39:46 +02:00
Michael Nebel	06f987ad58	Java: Add test example of a supported sink defined in QL.	2024-04-26 12:39:46 +02:00
Anders Schack-Mulligen	f85ff9defc	Java: Update expected output (interesting).	2024-04-12 09:20:28 +02:00
Anders Schack-Mulligen	c2f5731e8d	Java: Update expected output (uninteresting).	2024-04-12 09:20:26 +02:00
Dave Bartolomeo	996f535f0b	Merge pull request #16103 from github/dbartol/javadoc-record Allow `@param` tags to apply to record parameters	2024-04-09 14:21:45 -04:00

1 2 3 4 5 ...

1144 Commits