hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

1267 Commits

Author SHA1 Message Date
Jami Cogswell
915e106ab3 Java: remove path-injection related models and tests for now 2024-03-13 16:28:40 -04:00
Jami Cogswell
35a083ae9e Java: update test cases to use inline expectations 2024-03-13 16:28:40 -04:00
Jami Cogswell
0d38a9625e Java: copy files from experimental 2024-03-13 16:28:39 -04:00
Erik Krogh Kristensen
863e3f79e5 Merge pull request #15731 from erik-krogh/java-url 
Java: More sanitizers for request-forgery
 2024-03-12 19:31:52 +01:00
Owen Mansel-Chan
279605b486 Merge pull request #15786 from owen-mc/java/sensitive-logging-query-exclude-null-in-variable-name 
Java: sensitive logging query exclude null in variable name
 2024-03-04 12:14:42 +00:00
Owen Mansel-Chan
19ac9e089a Add test 2024-03-03 21:03:41 +00:00
Owen Mansel-Chan
5399d88d15 Accept test change: slight change in gen vs man modelgen stats 2024-03-01 14:22:00 +00:00
Tony Torralba
47bf556223 Merge pull request #15709 from atorralba/atorralba/java/enable-widget-taint-steps 
Java: Re-enable Widget.qll flow steps
 2024-02-29 17:33:05 +01:00
erik-krogh
b4b5ae2a2c add some request-forgery sanitizers, inspired from C# 2024-02-27 10:05:26 +01:00
Tony Torralba
759b74791c Java: Re-enable Widget.qll flow steps 
The library Widget.qll was accidentally removed from the global context when its sources were migrated to models-as-data in #13136. This re-adds it so that its flow steps are enabled again.
 2024-02-23 13:07:35 +01:00
Joe Farebrother
9ad05fe51c Address reveiws - Add BAD example to doc, add doc example to tests and fix typo. 2024-02-16 12:00:51 +00:00
Joe Farebrother
2eb93b7a3b Add unit tests 2024-02-12 13:49:45 +00:00
Joe Farebrother
d8985f9f5b Move tests for local auth to a folder 2024-02-12 13:49:45 +00:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Tony Torralba
cf7091ae5f Merge branch 'main' into atorralba/java/open-redirect-sanitizer 2024-02-12 10:31:52 +01:00
Anders Schack-Mulligen
e9e445b2ba Java: Add empty provenance column to expected files. 2024-02-09 11:32:00 +01:00
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Tony Torralba
34f74869c8 Java: Add extension point and default sanitizer to Open Redirect query 2024-02-09 09:11:07 +01:00
Joe Farebrother
71852868ac Add case for androidx.biometric api 2024-02-02 17:19:20 +00:00
Joe Farebrother
5d1edd45c5 Add unit tests 2024-02-01 16:56:20 +00:00
Joe Farebrother
460ffc89b2 Add additional test cases 2024-01-29 22:43:28 +00:00
Joe Farebrother
aa78050933 Implement checks for elements hidden by their xml attributes 2024-01-29 16:25:38 +00:00
Joe Farebrother
6081f18089 Add unit tests + make some fixes 2024-01-29 16:25:37 +00:00
Joe Farebrother
031bd8bd0c Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif 
Java: Add query for exposure of sensitive information to android notifiactions
 2024-01-26 16:42:55 +00:00
Tony Torralba
6e550d28af Update more test expectations 2024-01-26 15:13:07 +01:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Tony Torralba
282632c33b Add new snippets as tests 2024-01-25 15:11:11 +01:00
Joe Farebrother
d806fcae3d Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with) 2024-01-23 09:51:39 +00:00
Joe Farebrother
2ca164ce35 Generate androidx stubs and correct some models 2024-01-23 09:51:39 +00:00
Joe Farebrother
bafd65b1d2 Add tests to cover each modeled sink + some corrections to the models 2024-01-23 09:51:38 +00:00
Joe Farebrother
a1a2acd3ce Add additional test cases 2024-01-23 09:51:38 +00:00
Joe Farebrother
f9bb004618 Add sink models to notification builder setters 2024-01-23 09:51:38 +00:00
Joe Farebrother
cd19a91704 Add unit test 2024-01-23 09:51:37 +00:00
Joe Farebrother
3aa27148de Split existing tests under CWE-200 into separate folders 2024-01-23 09:51:37 +00:00
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Ed Minnix
6455e1893d Add more test cases 2023-12-21 22:48:08 -05:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Ed Minnix
8826eaf1a3 Move test case to query tests 2023-12-15 11:09:08 -05:00
Tony Torralba
66b54f03b7 Rename test 2023-12-13 11:15:27 +01:00
Tony Torralba
7bc907840c Fix tests 2023-12-13 11:15:27 +01:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Ed Minnix
7362158229 Fix test case 2023-12-11 11:18:40 -05:00
Ed Minnix
bbf99375c7 Alter cookie sinks to instead focus on creation of a cookie 2023-12-11 11:18:39 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00