hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

1144 Commits

Author SHA1 Message Date
Joe Farebrother
031bd8bd0c Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif 
Java: Add query for exposure of sensitive information to android notifiactions
 2024-01-26 16:42:55 +00:00
Tony Torralba
6e550d28af Update more test expectations 2024-01-26 15:13:07 +01:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Tony Torralba
282632c33b Add new snippets as tests 2024-01-25 15:11:11 +01:00
Joe Farebrother
d806fcae3d Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with) 2024-01-23 09:51:39 +00:00
Joe Farebrother
2ca164ce35 Generate androidx stubs and correct some models 2024-01-23 09:51:39 +00:00
Joe Farebrother
bafd65b1d2 Add tests to cover each modeled sink + some corrections to the models 2024-01-23 09:51:38 +00:00
Joe Farebrother
a1a2acd3ce Add additional test cases 2024-01-23 09:51:38 +00:00
Joe Farebrother
f9bb004618 Add sink models to notification builder setters 2024-01-23 09:51:38 +00:00
Joe Farebrother
cd19a91704 Add unit test 2024-01-23 09:51:37 +00:00
Joe Farebrother
3aa27148de Split existing tests under CWE-200 into separate folders 2024-01-23 09:51:37 +00:00
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Ed Minnix
6455e1893d Add more test cases 2023-12-21 22:48:08 -05:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Ed Minnix
8826eaf1a3 Move test case to query tests 2023-12-15 11:09:08 -05:00
Tony Torralba
66b54f03b7 Rename test 2023-12-13 11:15:27 +01:00
Tony Torralba
7bc907840c Fix tests 2023-12-13 11:15:27 +01:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Ed Minnix
7362158229 Fix test case 2023-12-11 11:18:40 -05:00
Ed Minnix
bbf99375c7 Alter cookie sinks to instead focus on creation of a cookie 2023-12-11 11:18:39 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00
Ed Minnix
b713efb711 Add ThreadLocalRandom.current as another source 2023-12-11 11:18:38 -05:00
Ed Minnix
1daa83bf46 Add test cases 2023-12-11 11:18:38 -05:00
Chris Smowton
29fdd04eb0 Include switch and instanceof binding in Variable.getAnAssignedValue, and test via endsInQuote 2023-11-30 11:24:05 +00:00
Chris Smowton
de2b98f4a1 Fix hasNullCase 2023-11-30 11:24:02 +00:00
Chris Smowton
e94c5a772c Check nullness pass knows pattern case variables can't be null 2023-11-30 11:23:59 +00:00
Chris Smowton
6b9aed21df Nullness library: recognise switches with null checks 2023-11-30 11:23:58 +00:00
Max Schaefer
ca334021ad Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp 
Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.
 2023-11-16 14:09:55 +00:00
Max Schaefer
a5e7ef424e Revert "Add additional example." 
This reverts commit 947b094387.
 2023-11-16 11:54:16 +00:00
Max Schaefer
947b094387 Add additional example. 2023-11-16 10:06:19 +00:00
Max Schaefer
009d58034f Address suggestions from review. 2023-11-16 10:05:54 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
Tony Torralba
7af3d239ab Java: Add JMS sink to java/unsafe-deserialization 2023-10-26 16:46:19 +02:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Tony Torralba
4ecda9cccd Add consistency check exception 2023-10-17 10:18:19 +02:00
Tony Torralba
d08ee76b16 Java: Improve java/spring-disabled-csrf-protection 2023-10-16 16:01:14 +02:00
Anders Schack-Mulligen
8ee1f8ae69 Java: Add missing flow step for ThreadLocal.initialValue. 2023-09-22 13:33:45 +02:00
Anders Schack-Mulligen
7e04ac55b7 Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack 
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
 2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
yoff
4a37c2fc3a Merge pull request #13778 from geoffw0/javaparsemode 
Java: Understand multiple parse mode flags specified in a regular expression string
 2023-09-18 14:22:59 +02:00
Tony Torralba
b08e410f45 Merge pull request #14029 from atorralba/atorralba/apache-cxf-models 
Java: Add new Apache CXF models
 2023-09-18 10:54:05 +02:00
Geoffrey White
af3d8c88bb Java: Fix test comment. 2023-09-13 17:58:31 +01:00
Geoffrey White
8c3e778be6 Java: Port regex mode flag character fix from Python. 2023-09-13 17:50:52 +01:00
Anders Starcke Henriksen
361ae1747e Merge branch 'main' into starcke/automodel-pack 2023-08-30 09:25:28 +02:00