1271 Commits

Author	SHA1	Message	Date
Ed Minnix	bbf99375c7	Alter cookie sinks to instead focus on creation of a cookie	2023-12-11 11:18:39 -05:00
Ed Minnix	b9d2a26e6e	Move ESAPI models into the Weak Randomness query ... These models don't need to apply to all queries. So instead they are better suited to be within the weak randomness query itself.	2023-12-11 11:18:39 -05:00
Ed Minnix	fb875f5095	More variety of test cases	2023-12-11 11:18:39 -05:00
Ed Minnix	ce7690b53f	Make imports private	2023-12-11 11:18:38 -05:00
Ed Minnix	b713efb711	Add ThreadLocalRandom.current as another source	2023-12-11 11:18:38 -05:00
Ed Minnix	1daa83bf46	Add test cases	2023-12-11 11:18:38 -05:00
Chris Smowton	29fdd04eb0	Include switch and instanceof binding in Variable.getAnAssignedValue, and test via endsInQuote	2023-11-30 11:24:05 +00:00
Chris Smowton	de2b98f4a1	Fix hasNullCase	2023-11-30 11:24:02 +00:00
Chris Smowton	e94c5a772c	Check nullness pass knows pattern case variables can't be null	2023-11-30 11:23:59 +00:00
Chris Smowton	6b9aed21df	Nullness library: recognise switches with null checks	2023-11-30 11:23:58 +00:00
Max Schaefer	ca334021ad	Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp ... Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.	2023-11-16 14:09:55 +00:00
Max Schaefer	a5e7ef424e	Revert "Add additional example." ... This reverts commit 947b094387.	2023-11-16 11:54:16 +00:00
Max Schaefer	947b094387	Add additional example.	2023-11-16 10:06:19 +00:00
Max Schaefer	009d58034f	Address suggestions from review.	2023-11-16 10:05:54 +00:00
Max Schaefer	a46a7fadb2	Java: Improve QHelp for java/path-injection to mention less disruptive fixes.	2023-11-15 11:25:13 +00:00
Tony Torralba	7af3d239ab	Java: Add JMS sink to java/unsafe-deserialization	2023-10-26 16:46:19 +02:00
Chris Smowton	f552a15aae	Mass-rename MethodAccess -> MethodCall	2023-10-24 10:30:26 +01:00
Tony Torralba	4ecda9cccd	Add consistency check exception	2023-10-17 10:18:19 +02:00
Tony Torralba	d08ee76b16	Java: Improve java/spring-disabled-csrf-protection	2023-10-16 16:01:14 +02:00
Anders Schack-Mulligen	8ee1f8ae69	Java: Add missing flow step for ThreadLocal.initialValue.	2023-09-22 13:33:45 +02:00
Anders Schack-Mulligen	7e04ac55b7	Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack ... Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers	2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen	5c40d553b4	Java: Switch XmlParsers lib to lightweight data flow.	2023-09-20 10:21:53 +02:00
yoff	4a37c2fc3a	Merge pull request #13778 from geoffw0/javaparsemode ... Java: Understand multiple parse mode flags specified in a regular expression string	2023-09-18 14:22:59 +02:00
Tony Torralba	b08e410f45	Merge pull request #14029 from atorralba/atorralba/apache-cxf-models ... Java: Add new Apache CXF models	2023-09-18 10:54:05 +02:00
Geoffrey White	af3d8c88bb	Java: Fix test comment.	2023-09-13 17:58:31 +01:00
Geoffrey White	8c3e778be6	Java: Port regex mode flag character fix from Python.	2023-09-13 17:50:52 +01:00
Anders Starcke Henriksen	361ae1747e	Merge branch 'main' into starcke/automodel-pack	2023-08-30 09:25:28 +02:00
Jean Helie	41726f52a2	Merge pull request #13954 from github/kaeluka/add-provenance-to-metadata ... Java: Automodel: Add Candidates for Regression Testing	2023-08-29 14:33:02 +01:00
Jean Helie	de76c0749a	Java: Automodel Framework Mode: Add Candidates for Regression Testing	2023-08-29 09:53:55 +01:00
Tony Torralba	2448bc8ce2	Java: Add new Apache CXF models	2023-08-25 11:17:51 +02:00
Jeroen Ketema	b550c067a1	Java: Remove redundant inline expectation test imports	2023-08-25 00:18:55 +02:00
Jeroen Ketema	9d573e5544	Consolidate all InlineFlowTest libraries in the dataflow qlpack	2023-08-24 21:38:46 +02:00
Tony Torralba	8c32919381	Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models ... Java: New models for JAX-RS	2023-08-24 11:43:13 +02:00
Tony Torralba	0f3918af16	Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink ... Java: Add XXE sinks for MDHT	2023-08-23 13:49:49 +02:00
Michael Nebel	699ed107f3	Java: Update SupportedExternalApis expected test output.	2023-08-21 09:59:00 +02:00
Michael Nebel	6deeb36a97	Java: Update the comments in SupportedExternalApis to include the neutral kind and add a sink neutral example.	2023-08-21 09:58:59 +02:00
Edward Minnix III	929090a847	Typos and style fixes ... Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>	2023-08-17 13:05:37 -04:00
Ed Minnix	55fae2daaa	Added ESAPI sanitizer	2023-08-17 13:05:37 -04:00
Ed Minnix	97d6e82869	Stubs for org.owasp.esapi	2023-08-17 13:05:37 -04:00
Ed Minnix	f58590c6a9	Trust Boundary Work	2023-08-17 13:05:37 -04:00
Ed Minnix	2aba425464	TrustBoundary test ql file	2023-08-17 13:05:36 -04:00
Anders Starcke Henriksen	56871c77f5	Merge branch 'main' into starcke/automodel-pack	2023-08-17 10:04:44 +02:00
Stephan Brandauer	44a9cf93e0	Merge branch 'main' into kaeluka/add-provenance-to-metadata	2023-08-16 09:31:03 +02:00
Stephan Brandauer	808dc3e8d3	Java: Automodel framework mode: track exact ai- provenance in alreadyAiModeled meta data property	2023-08-16 09:25:03 +02:00
Stephan Brandauer	20254c3d0a	Merge pull request #13886 from github/kaeluka/java-automodel-variadic-args ... Java: automodel application mode: use endpoint class like in framework mode	2023-08-16 08:49:01 +02:00
Michael Nebel	a95aad51bd	Merge pull request #13546 from michaelnebel/java/withoutelement ... Java: Support for With[out]Element for MaD.	2023-08-15 10:03:03 +02:00
Geoffrey White	657642a122	Java: Expose parts of the vquery message in the test.	2023-08-14 14:12:07 +01:00
Stephan Brandauer	551b34e3be	Java: Automodel application mode: include candidates that are useful for regression testing	2023-08-14 11:46:40 +02:00
Stephan Brandauer	1a95a34441	Java: automodel: use the call for call context, rather than the argument	2023-08-14 09:54:44 +02:00
Stephan Brandauer	4107758c8a	Java: automodel extraction: add strings to query selection	2023-08-14 09:49:50 +02:00