4265 Commits

Author	SHA1	Message	Date
Napalys Klicius	225723bfeb	Java: Exclude @VisibleForTesting-to-@VisibleForTesting access from VisibleForTestingAbuse alerts	2025-08-22 09:23:49 +02:00
Napalys Klicius	e4042402bc	Java: Resolve spurious VisibleForTestingAbuse alerts for inner class access patterns	2025-08-22 09:23:49 +02:00
Napalys Klicius	1e2e6eccd7	Java: Test @VisibleForTesting method accessing @VisibleForTesting members	2025-08-22 09:23:49 +02:00
Napalys Klicius	9dfb4d4301	Java: Enchanced isWithinType to also include lambdas, inner classes etc.	2025-08-22 09:23:49 +02:00
Napalys Klicius	fbf18af076	Java: enchanced check if it is within same package	2025-08-22 09:23:49 +02:00
Napalys Klicius	2a16f4829e	Java: Expanded test suite of java/visible-for-testing-abuse	2025-08-22 09:23:49 +02:00
Napalys Klicius	652e9cba3d	Java: Added inline test expectations for java/visible-for-testing-abuse	2025-08-22 09:23:49 +02:00
Napalys Klicius	0c14d93bc6	Java: Added new query java/visible-for-testing-abuse	2025-08-22 09:23:49 +02:00
Napalys Klicius	eb6e9b8fe6	Java: Fix java/jvm-exit false positives for local nested classes in test methods	2025-08-21 14:20:49 +00:00
Napalys Klicius	41a78a0c3d	Java: Added nested local class test case	2025-08-21 14:10:12 +00:00
REDMOND\brodes	30a07763e8	Crypto: Copilot suggested code changes.	2025-08-20 13:28:28 -04:00
REDMOND\brodes	33aa6c94df	Crypto: Adding tests for reuse nonce query for JAVA/JCA.	2025-08-20 13:21:18 -04:00
Napalys Klicius	53ccc56959	Java: exclude single-method classes from mocking	2025-08-11 13:43:36 +02:00
Napalys Klicius	a9e9a62439	Java: add single-method class test case for mocking rule ... Classes with only one public method should be compliant when mocked.	2025-08-11 13:43:36 +02:00
Napalys Klicius	22caa584ad	Java: Add inline test expectations for MockingAllNonPrivateMethodsMeansUnitTestIsTooBig.qlref	2025-08-11 13:43:36 +02:00
Napalys Klicius	50c7160819	Java: port java/mocking-all-non-private-methods-means-unit-test-is-too-big query	2025-08-11 13:43:36 +02:00
Napalys Klicius	4df613ce37	Java: Improved java/jvm-exit query to remove FP's.	2025-08-11 09:24:01 +02:00
Napalys Klicius	d41a5e3a25	Java: Added basic test cases for java/jvm-exit	2025-08-11 09:24:01 +02:00
Anders Schack-Mulligen	d9cfe14729	Java: Accept qltest change.	2025-08-07 14:51:49 +02:00
Anders Schack-Mulligen	f90b6ab005	Guards: Add support for wrappers that may throw exceptions.	2025-08-07 14:51:48 +02:00
Anders Schack-Mulligen	0c31a80f3c	Guards: Generalise wrapper guards.	2025-08-07 14:51:47 +02:00
Anders Schack-Mulligen	23aac0ac51	Java: document nullness false negative as qltest	2025-08-05 13:49:51 +02:00
Jami Cogswell	c9692a6d10	Java: fix test failures cause by alert msg change	2025-07-19 13:27:09 -04:00
Jami Cogswell	7250265c1f	Java: consider all endpoints except for health and info as sensitive to align with Spring docs	2025-07-18 17:50:18 -04:00
Jami Cogswell	685f68d9d3	Java: support 'management.endpoints.web.expose' property	2025-07-18 17:50:17 -04:00
Jami Cogswell	70d51504a7	Java: rename to align with 'java/spring-boot-exposed-actuators' query	2025-07-18 17:50:12 -04:00
Jami Cogswell	ea35fbbe3b	Java: support version 3.x	2025-07-18 17:50:07 -04:00
Jami Cogswell	0d2a4222fd	Java: add related location to alert message	2025-07-17 19:22:18 -04:00
Jami Cogswell	2bfc4b4ee2	Java: fix test case for version 1.4 ... Need the existence of an ApplicationProperties File, not an ApplicationProperties ConfigPair	2025-07-17 19:22:15 -04:00
Jami Cogswell	3823186dc6	Java: split tests by versions ... splitting is required to properly test each scenario	2025-07-17 19:22:13 -04:00
Jami Cogswell	ed8da5e151	Java: convert tests to inline expectations	2025-07-17 19:22:08 -04:00
Jami Cogswell	fc930d9184	Java: update tests for non-experimental directory	2025-07-17 19:22:06 -04:00
Jami Cogswell	0dbddbdf0f	Java: remove experimental files	2025-07-17 19:22:03 -04:00
Jami Cogswell	a39cb40177	Java: copy out of experimental	2025-07-17 19:22:01 -04:00
Nora Dimitrijević	b33058c967	[TEST] Java: SensitiveCommunication: convert to qlref	2025-07-17 18:59:05 +02:00
Nora Dimitrijević	44bb5e7220	[TEST] Java: ConditionalBypass: convert to qlref	2025-07-17 18:59:03 +02:00
Nora Dimitrijević	6134518d60	[TEST] Java: SensitiveLogInfo: convert to qlref	2025-07-17 18:59:01 +02:00
Nora Dimitrijević	94386f0550	[TEST] Java: TrustBoundaryViolations: convert test to qlref	2025-07-17 18:58:59 +02:00
Nora Dimitrijević	49e03b4dfd	[TEST] Java: UnsafeCertTrust: convert test to qlref	2025-07-17 18:58:56 +02:00
Nora Dimitrijević	7aced48443	[TEST] Java: LogInjection: convert test to qlref	2025-07-17 18:58:54 +02:00
Nora Dimitrijević	5c2cf79785	[TEST] Java: CWE-020/ExternalAPI: new test based on qhelp	2025-07-17 18:58:52 +02:00
Anders Schack-Mulligen	1485d7072d	Merge pull request #19885 from aschackmull/java/annotated-exit-cfg ... Java: Add AnnotatedExitNodes to the CFG.	2025-07-17 15:02:24 +02:00
Anders Schack-Mulligen	e7a6259bd7	Java: Accept test changes.	2025-07-17 11:21:26 +02:00
Owen Mansel-Chan	805e31fdb9	Update test expectations	2025-07-16 15:25:45 +01:00
Owen Mansel-Chan	fdd1e3fefe	Use MaD models for unsafe deserialization sinks when possible ... Many of the unsafe deserialization sinks have to stay defined in QL because they have custom logic that cannot be expressed in MaD models.	2025-07-16 14:42:07 +01:00
Owen Mansel-Chan	8e4bd1a102	Add sink for ObjectInput.readObject to make test pass	2025-07-11 11:05:38 +01:00
Owen Mansel-Chan	34fae324a0	Add test for ObjectInput.readObject	2025-07-11 11:03:47 +01:00
Tamás Vajk	1351f57d2b	Merge pull request #19998 from tamasvajk/quality/label-in-switch ... Java: Add query to detect non-case labels in switch statements	2025-07-10 14:13:38 +02:00
Tamas Vajk	5f7d746266	Java: Add query to detect non-case labels in switch statements	2025-07-08 14:53:39 +02:00
Tamas Vajk	09a2aeead6	Java: Add query to detect special characters in string literals	2025-07-08 13:28:18 +02:00