hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

1271 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
a6fc41ec4b Java: Accept consistency failure. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
38eb3e4952 Java: Adjust expected output. 2024-11-26 13:25:44 +01:00
Anders Schack-Mulligen
2ff2d25784 Java: Cherry-pick test from https://github.com/github/codeql/pull/17051 2024-11-26 13:25:43 +01:00
Jami Cogswell
05b6700607 Java: add SHA384 to list of secure algorithms 2024-11-25 09:27:53 -05:00
Arthur Baars
c2b342f1a0 Merge pull request #18084 from github/aibaars/java-sha3 
Java: add SHA3 family to list of secure crypto algorithms
 2024-11-25 15:07:43 +01:00
Jami
f0045692a7 Merge pull request #17869 from jcogs33/jcogs33/improve-weak-crypto 
Java: Improve weak crypto query
 2024-11-24 12:04:00 -05:00
Arthur Baars
c6eaed343d Java: add SHA3 family to list of secure crypto algorithms 2024-11-22 19:03:00 +01:00
Arthur Baars
7f84cf6d72 Add test case 2024-11-22 19:02:11 +01:00
Tom Hvitved
95e9d013cc Update expected test output 2024-11-04 12:07:06 +01:00
Jami Cogswell
459d16824e Java: weak crypto: do not report weak hash algorithms 2024-11-03 18:22:06 -05:00
Tom Hvitved
e2b614d18a Java: Post-processing query for inline test expectations 2024-10-29 13:35:32 +01:00
Michael Nebel
caa08046b6 Java: Update expected test output. 2024-10-23 09:29:29 +02:00
Michael Nebel
dec2c61e5d Java: Update LdapInjection expected test output. 2024-10-21 15:19:46 +02:00
Michael Nebel
f537e04532 Java: Update LdapInjection expected test output. 2024-10-21 15:19:35 +02:00
Michael Nebel
ea14547643 Java: Update TopJdkApisTest expected output. 2024-10-21 15:19:31 +02:00
Michael Nebel
cbd9cc6dae Java: Update request forgery expected output. 2024-10-21 15:19:30 +02:00
Tom Hvitved
f287216060 Update expected test output 2024-09-24 14:21:38 +02:00
Tom Hvitved
ed9008a064 Update expected test output 2024-09-18 13:51:02 +02:00
Asger F
3aa32e4aff Java: use MISSING inline annotation 2024-08-21 13:40:40 +02:00
Asger F
f7ea8a1563 Java: trivial result set re-order 2024-08-21 13:37:38 +02:00
Asger F
5751fc2d3a Java: Reveal false negative in test 
One of the sinks was flagged for the wrong reason in the test case.

The flow into the 'startActivities' sink isn't working properly, but this was not revealed by the test since an alternate, spurious path exists. The spurious path goes through the implicit read at the prior sink and takes a use-use step to the 'startActivities' sink. Swapping the order of the two sinks reveals the false negative.
 2024-08-21 13:36:47 +02:00
Chris Smowton
0b56bf98f3 Java: add test for Apache Camel dead-code analysis 
This exercises code that detects Camel entry-points and marks them as live.
 2024-08-15 17:26:38 +01:00
Anders Schack-Mulligen
4d023f14a6 Merge pull request #17075 from RobbingDaHood/17052-second-try-do-not-expose-error-message 
Java: 17052 Second try: do not expose error message
 2024-08-02 12:44:27 +02:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
Owen Mansel-Chan
8901b1fd14 Merge pull request #17100 from owen-mc/java/sensitive-log/ignore-tokenizer 
Java: whitelist variable names containing "tokenizer" for `java/sensitive-log`
 2024-07-31 12:16:03 +01:00
Owen Mansel-Chan
59e22f6cd9 Merge pull request #17101 from owen-mc/java/dead-ref-types-junit-4-5 
Java: Fix FPs in `java/unused-reference-type` for JUnit 4-style tests
 2024-07-31 11:11:35 +01:00
Owen Mansel-Chan
cd0af0fc57 Ignore types with methods which have annotations 
The motivation is test classes in JUnit 4 and 5 are currently FPs for this. They have methods with `@Test`, so this should fix the FPs.
 2024-07-30 16:29:35 +01:00
Owen Mansel-Chan
050dcb1370 Add some tests for java/unused-reference-type 2024-07-30 16:29:11 +01:00
Owen Mansel-Chan
e259b25428 Add "tokenizer" to sensitive variable name FPs 2024-07-30 15:38:32 +01:00
Owen Mansel-Chan
bdff0fdcc5 Add test for "tokenizer" 2024-07-30 15:37:46 +01:00
Owen Mansel-Chan
0d71072f94 Make test more compact 2024-07-30 15:36:59 +01:00
Jami Cogswell
c70d39539e Java: use post-process provenance pretty-printing in query-tests 2024-07-28 18:12:17 -04:00
Owen Mansel-Chan
c051d33cc7 Merge branch 'main' into dataflow/provenance-postprocess-qltest 2024-07-26 08:04:05 +01:00
Daniel Winther Petersen
1c1ba7734f Now alerts about exposing exception.getMessage() in servlet responses are split out of java/stack-trace-exposure into its own alert java/error-message-exposure because this is a better fit. 2024-07-25 18:12:45 +02:00
Owen Mansel-Chan
ff8bb2b1f8 Merge pull request #16760 from owen-mc/java/reverse-dns-separate-threat-model-kind 
Java: make a separate threat model kind for reverse DNS sources
 2024-07-23 10:08:52 +01:00
Ed Minnix
ad4bca9975 Fix provenance in tests 2024-07-18 18:18:24 -04:00
Anders Schack-Mulligen
94078e851c Shared: Add support for provenance pretty-printing as a qltest postprocess step. 2024-07-18 15:34:30 +02:00
Jami
39f0288e09 Merge pull request #16964 from jcogs33/jcogs33/add-toByteArray-summaries 
Java: add `IOUtils.toByteArray` summaries
 2024-07-16 17:03:30 -04:00
Owen Mansel-Chan
e2356d9820 Merge pull request #16914 from owen-mc/java/android-app-detection 
Java: Improve Android app detection
 2024-07-16 21:52:43 +01:00
Jami Cogswell
f90df85722 Java: update provenance numbers in tests again 2024-07-16 11:55:46 -04:00
Jami
a73170df49 Merge branch 'main' into jcogs33/add-toByteArray-summaries 2024-07-16 10:46:36 -04:00
Anders Schack-Mulligen
37d78249e7 Java: Update provenance ids. 2024-07-16 11:11:54 +02:00
Anders Schack-Mulligen
b2f57b4b48 Java: Update expected output. 2024-07-16 11:11:53 +02:00
Jami Cogswell
8f6d4be256 Java: update tests 2024-07-15 14:33:40 -04:00
Jami Cogswell
6b497da15f Java: fix line number changes in tests 2024-07-11 15:33:09 -04:00
Owen Mansel-Chan
e2a6358048 Update tests so they still work 2024-07-07 00:24:28 +01:00
Jami Cogswell
be565288f2 Java: update more test cases due to shifted alert provenance line numbers 2024-06-27 22:08:38 -04:00
Jami Cogswell
c73af7f789 Java: update some test cases due to shifted alert provenance line numbers 2024-06-27 21:07:35 -04:00
Owen Mansel-Chan
162245fb9a Fix unrelated test using reverse DNS as source 2024-06-24 21:23:50 +01:00
Owen Mansel-Chan
9aa0c9f1f3 Fix test expectations 2024-06-14 15:55:30 +01:00