hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,688 Commits 1,671 Branches 157 Tags
codeql-cli-2.22.0
Commit Graph

4115 Commits

Author SHA1 Message Date
Owen Mansel-Chan
5c7588822d Fix test output 2025-03-14 11:44:00 +00:00
Tamas Vajk
2538ba82cc Revert message 2025-03-14 11:36:13 +01:00
Tamas Vajk
17aa3fc428 Add compliant/non-compliant comments back to the test file 2025-03-14 11:36:11 +01:00
Tamas Vajk
3d4fcefe70 Do not accept empty default methods 2025-03-14 11:36:09 +01:00
Tamas Vajk
6512ed9429 Adjust alert message 2025-03-14 11:36:07 +01:00
Tamas Vajk
349f48982a Make query more accepting 2025-03-14 11:36:06 +01:00
Tamas Vajk
4bf26afca0 Add more test cases 2025-03-14 11:36:05 +01:00
Tamas Vajk
614bee9e20 Use inline test expectations 2025-03-14 11:36:04 +01:00
Tamas Vajk
f7f8b47f12 Java: Add initial version of empty method query 2025-03-14 11:36:03 +01:00
Owen Mansel-Chan
a8e993c942 Fix FP for always-locked fields 2025-03-13 15:03:32 +00:00
Owen Mansel-Chan
dc2cbf7402 Add tests for always-locked fields 2025-03-13 15:02:26 +00:00
Owen Mansel-Chan
aed51644ba Convert to inline expectations test 2025-03-13 12:55:02 +00:00
Jami Cogswell
e17486a9d8 Java: rename springframework stubs directory from 5.3.8 to 5.8.x 2025-03-11 15:20:58 -04:00
Jami
ea9b0462bf Merge pull request #18793 from jcogs33/jcogs33/java/spring-boot-actuators-promo 
Java: Promote Spring Boot Actuators query from experimental
 2025-03-11 14:42:14 -04:00
Jami Cogswell
76433a31f7 Java: generalize sanitizer and add tests 2025-03-10 18:56:01 -04:00
Jami Cogswell
94080a6e47 Java: initial tests 2025-03-10 18:55:54 -04:00
Owen Mansel-Chan
f2947f7066 Fix indentation 2025-03-05 14:13:53 +00:00
Lukas Abfalterer
b4c75d832c Merge branch 'main' into cwe-925 2025-03-05 14:15:07 +01:00
Lukas Abfalterer
41e9a837e5 Fix naming 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-03-05 12:50:54 +01:00
Lukas Abfalterer
c9b75afc2a Fix QLL and add change notes with tests 2025-03-05 10:23:35 +01:00
Jami Cogswell
82062e2847 Java: update test 2025-03-04 11:15:00 -05:00
Jami Cogswell
fbf7513f37 Java: handle lock state check stored in variable 2025-03-02 17:01:18 -05:00
Chris Smowton
1577b40b45 Accept test changes 2025-02-28 11:23:07 +00:00
Jonas Jensen
2edc9af1e0 Merge pull request #18848 from jbj/StaticInitializationVector-postprocess 
Java: StaticInitializationVector with postprocess
 2025-02-25 12:44:16 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
f65a5b9a66 Java: add test for qhelp good example 2025-02-24 18:27:45 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Jami Cogswell
5e5bc2afe9 Java: remove experimental files 2025-02-24 18:24:19 -05:00
Jami Cogswell
089a491d5a Java: fix tests; update for non-experimental directory 2025-02-24 18:24:17 -05:00
Jami Cogswell
2ce5920c5e Java: copy out of experimental 2025-02-24 18:24:12 -05:00
Jonas Jensen
11a0a9f8af Java: StaticInitializationVector with postprocess 
Use the new `postprocess` feature for the test of
`StaticInitializationVector.ql`. This makes it easier to modify and test
this query for diff-informed operation.
 2025-02-24 13:33:02 +01:00
Chris Smowton
32e4c741cc Merge pull request #18554 from smowton/smowton/admin/test-gbk-xml-extraction 
Java: Add tests for XML and Java extraction with GBK charset
 2025-02-21 17:27:32 +00:00
Anders Schack-Mulligen
1c616d10d4 Merge pull request #18819 from aschackmull/ssa/refactor-phiread3 
Ssa: Refactor shared SSA in preparation for eliminating phi-read definitions
 2025-02-21 08:56:38 +01:00
Chris Smowton
9162ce7d73 Add test for extraction of a Java file with a non-UTF-8 charset 2025-02-20 12:31:36 +00:00
Anders Schack-Mulligen
291ea6f6eb Java: Move SSA data flow test and extend it to cover phi-read input edges. 2025-02-19 16:17:22 +01:00
Jami
d94dc5aa40 Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer 
Java: `File` constructor path sanitizer
 2025-02-18 08:00:32 -05:00
Jami Cogswell
61a184c1d7 Java: update more tests 2025-02-14 16:08:06 -05:00
Jami Cogswell
2bb6a3914b Java: update tests 2025-02-14 15:16:08 -05:00
Jami Cogswell
c0ebeb9c7b Java: use AdditionalTaintStep 2025-02-14 13:52:43 -05:00
Jami
2a8cc00284 Merge pull request #18288 from jcogs33/jcogs33/csrf-unprotected-request-type 
Java: add CSRF query
 2025-02-11 15:32:56 -05:00
Tom Hvitved
75137a0f4c Java: Adopt shared SSA library 2025-02-11 10:06:43 +01:00
Jami Cogswell
e8724ab220 Java: sanitize constructor call instead and update test cases 2025-02-05 15:46:10 -05:00
Jami Cogswell
59d454771d Java: add FileConstructorSanitizer and tests 2025-02-04 17:51:23 -05:00
Jami Cogswell
530103e2d9 Java: narrow query 
remove PUT and DELETE from StaplerCsrfUnprotectedMethod

remove OPTIONS and TRACE from SpringCsrfUnprotectedMethod
 2025-01-30 10:14:31 -05:00
Jami Cogswell
d4114f66c2 Java: more name-based heuristic tests to test regex 2025-01-30 10:14:16 -05:00