hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

4115 Commits

Author SHA1 Message Date
Tony Torralba
6e550d28af Update more test expectations 2024-01-26 15:13:07 +01:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Asger F
ee8e9a4e66 Shared: update test output 2024-01-26 11:14:23 +01:00
Asger F
ddbacc3d4a Shared: add test case for stateful outBarrier bug 2024-01-26 11:14:11 +01:00
Tony Torralba
282632c33b Add new snippets as tests 2024-01-25 15:11:11 +01:00
Joe Farebrother
0acb647e7d Fix tests and add notification sink kind to model verification 2024-01-23 09:51:41 +00:00
Joe Farebrother
d806fcae3d Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with) 2024-01-23 09:51:39 +00:00
Joe Farebrother
2ca164ce35 Generate androidx stubs and correct some models 2024-01-23 09:51:39 +00:00
Joe Farebrother
bafd65b1d2 Add tests to cover each modeled sink + some corrections to the models 2024-01-23 09:51:38 +00:00
Joe Farebrother
a1a2acd3ce Add additional test cases 2024-01-23 09:51:38 +00:00
Joe Farebrother
f9bb004618 Add sink models to notification builder setters 2024-01-23 09:51:38 +00:00
Joe Farebrother
cd19a91704 Add unit test 2024-01-23 09:51:37 +00:00
Joe Farebrother
3aa27148de Split existing tests under CWE-200 into separate folders 2024-01-23 09:51:37 +00:00
Tony Torralba
2246c969a3 Merge pull request #15244 from Marcono1234/marcono1234/regex-flags 
Java: Improve Regex flag parsing
 2024-01-16 08:25:49 +01:00
Michael Nebel
9becd0876f Merge pull request #15179 from michaelnebel/modelgenrespectmanual 
C#/Java: Increase precision of model generation.
 2024-01-12 15:12:21 +01:00
Michael Nebel
37a21ec548 Java: Address review comments. 2024-01-12 13:36:23 +01:00
Michael Nebel
74cdcab6d8 Java: Update expected test output. 2024-01-12 13:36:23 +01:00
Michael Nebel
03d4025b99 Java: Add a testcase where both a neutral summary and summary is being generated. 2024-01-12 13:36:23 +01:00
Owen Mansel-Chan
6945289afc Merge pull request #15246 from owen-mc/java/manual-neutral-overrides-generated 
C#/Java: Manual neutral summaries should block generated summaries
 2024-01-12 10:05:18 +00:00
Owen Mansel-Chan
2f01688319 Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation 
Java: improve models for some important JDK methods
 2024-01-11 12:47:37 +00:00
Owen Mansel-Chan
3767348dec Update test expectations 2024-01-10 22:25:08 +00:00
Owen Mansel-Chan
370a32da8b Test summary models and neutral models, manual and generated 2024-01-10 22:25:02 +00:00
Owen Mansel-Chan
9e2e01ff89 Update Top JDK APIs test expectation 2024-01-10 17:07:33 +00:00
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Marcono1234
3edfdc5ceb Java: Improve Regex flag parsing 
Fixes:
- Flag `d` not being recognized
- Syntax for disabling flags (`-`) not being recognized
- Non-capturing group with flags erroneously containing `:` as literal
 2024-01-06 04:15:09 +01:00
Edward Minnix III
d6d76fa4f1 Merge pull request #15183 from egregius313/egregius313/java/fix-weak-hashing-adddition 
Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`
 2023-12-22 11:38:55 -05:00
Tony Torralba
67f8bcce44 Merge pull request #14752 from masterofnow/LoadClassNoSignatureCheck 
Java: Insecure Loading of Class in Android App without Package Signature Checking
 2023-12-22 10:24:34 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Ed Minnix
6455e1893d Add more test cases 2023-12-21 22:48:08 -05:00
masterofnow
7162540faf Added options, .qhelp and .expected file for unit test. 2023-12-21 19:57:37 +08:00
masterofnow
25c818f425 Added unit test files. 2023-12-21 12:13:00 +08:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Tony Torralba
9446249e94 Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp 
Java: Fix FPs in Missing certificate pinning
 2023-12-18 09:37:18 +01:00
Ed Minnix
8826eaf1a3 Move test case to query tests 2023-12-15 11:09:08 -05:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Tony Torralba
66b54f03b7 Rename test 2023-12-13 11:15:27 +01:00
Tony Torralba
7bc907840c Fix tests 2023-12-13 11:15:27 +01:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Ed Minnix
7362158229 Fix test case 2023-12-11 11:18:40 -05:00
Ed Minnix
bbf99375c7 Alter cookie sinks to instead focus on creation of a cookie 2023-12-11 11:18:39 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00
Ed Minnix
b713efb711 Add ThreadLocalRandom.current as another source 2023-12-11 11:18:38 -05:00
Ed Minnix
1daa83bf46 Add test cases 2023-12-11 11:18:38 -05:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Jami
651653998c Merge pull request #14913 from jcogs33/jcogs33/unsafe-url-forward_path-inj-related_cve-2019-3799 
Java: add Spring models
 2023-12-04 10:18:50 -05:00