13803 Commits

Author	SHA1	Message	Date
Jami Cogswell	1b90a30d45	Java: move code to .qll file	2025-07-17 19:22:11 -04:00
Jami Cogswell	b479f5c8dc	Java: fix integration tests	2025-07-17 19:22:10 -04:00
Jami Cogswell	ed8da5e151	Java: convert tests to inline expectations	2025-07-17 19:22:08 -04:00
Jami Cogswell	fc930d9184	Java: update tests for non-experimental directory	2025-07-17 19:22:06 -04:00
Jami Cogswell	38260e76bf	Java: remove deprecation	2025-07-17 19:22:05 -04:00
Jami Cogswell	0dbddbdf0f	Java: remove experimental files	2025-07-17 19:22:03 -04:00
Jami Cogswell	a39cb40177	Java: copy out of experimental	2025-07-17 19:22:01 -04:00
Nora Dimitrijević	05df1d3cb9	[DIFF-INFORMED] Java: AndroidWebViewSettingsAllowsContentAccess	2025-07-17 19:02:15 +02:00
Nora Dimitrijević	24c28ed873	[DIFF-INFORMED] Java: UnsafeCertTrust ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql#L21	2025-07-17 19:02:13 +02:00
Nora Dimitrijević	ea4af8323c	[DIFF-INFORMED] Java: TrustBoundaryViolation ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql#L18	2025-07-17 19:02:09 +02:00
Nora Dimitrijević	7888dcbce2	[DIFF-INFORMED] Java: TempDirLocalInformationDisclosure ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql#L56	2025-07-17 19:02:07 +02:00
Nora Dimitrijević	3785dbec9e	[DIFF-INFORMED] Java: TaintedEnvironmentVariable ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql#L22	2025-07-17 19:02:05 +02:00
Nora Dimitrijević	b3b139bb02	[DIFF-INFORMED] Java: SqlConcatenated ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql#L27	2025-07-17 19:02:04 +02:00
Nora Dimitrijević	45b627df1d	[DIFF-INFORMED] Java: SensitiveLogging ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql#L20	2025-07-17 19:02:02 +02:00
Nora Dimitrijević	bc0b383595	[DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25	2025-07-17 19:02:00 +02:00
Nora Dimitrijević	b688df9dec	[DIFF-INFORMED] Java: LogInjection ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-117/LogInjection.ql#L20	2025-07-17 19:01:58 +02:00
Nora Dimitrijević	2d734056b1	[DIFF-INFORMED] Java: InsecureLdapAuth ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql#L21	2025-07-17 19:01:56 +02:00
Nora Dimitrijević	74b37e71a0	[DIFF-INFORMED] Java: InsecureCookie ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql#L21	2025-07-17 19:01:52 +02:00
Nora Dimitrijević	19e5c3d805	[DIFF-INFORMED] Java: ImproperValidationOfArray… ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql#L48 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql#L28 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql#L26 https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql#L24	2025-07-17 19:01:50 +02:00
Nora Dimitrijević	1c6ecf1216	[DIFF-INFORMED] Java: UntrustedDataToExternalAPI ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql#L20	2025-07-17 18:59:15 +02:00
Nora Dimitrijević	0cf1195678	[DIFF-INFORMED] Java: ConditionalBypass ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql#L26	2025-07-17 18:59:14 +02:00
Nora Dimitrijević	0bcdb421ed	[DIFF-INFORMED] Java: ArithmeticUncontrolled ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql#L36	2025-07-17 18:59:11 +02:00
Nora Dimitrijević	54546f6e99	[DIFF-INFORMED] Java: ArithmeticTainted ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql#L35	2025-07-17 18:59:09 +02:00
Nora Dimitrijević	8353fdd041	[DIFF-INFORMED] Java: (Android)SensitiveCommunication ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql#L20	2025-07-17 18:59:06 +02:00
Nora Dimitrijević	b33058c967	[TEST] Java: SensitiveCommunication: convert to qlref	2025-07-17 18:59:05 +02:00
Nora Dimitrijević	44bb5e7220	[TEST] Java: ConditionalBypass: convert to qlref	2025-07-17 18:59:03 +02:00
Nora Dimitrijević	6134518d60	[TEST] Java: SensitiveLogInfo: convert to qlref	2025-07-17 18:59:01 +02:00
Nora Dimitrijević	94386f0550	[TEST] Java: TrustBoundaryViolations: convert test to qlref	2025-07-17 18:58:59 +02:00
Nora Dimitrijević	49e03b4dfd	[TEST] Java: UnsafeCertTrust: convert test to qlref	2025-07-17 18:58:56 +02:00
Nora Dimitrijević	7aced48443	[TEST] Java: LogInjection: convert test to qlref	2025-07-17 18:58:54 +02:00
Nora Dimitrijević	5c2cf79785	[TEST] Java: CWE-020/ExternalAPI: new test based on qhelp	2025-07-17 18:58:52 +02:00
Anders Schack-Mulligen	996de78a66	Java: Prune PathGraph for CsrfUnprotectedRequestType.ql	2025-07-17 15:06:38 +02:00
Anders Schack-Mulligen	1485d7072d	Merge pull request #19885 from aschackmull/java/annotated-exit-cfg ... Java: Add AnnotatedExitNodes to the CFG.	2025-07-17 15:02:24 +02:00
Michael Nebel	2f29459cda	Merge pull request #19931 from michaelnebel/ql4ql/qualitytagcheck ... Ql4ql: Quality query tagging.	2025-07-17 14:53:14 +02:00
Idriss Riouak	36ebe99f2f	Merge pull request #19707 from microsoft/lwsimpkins/fix-qhelp-upstream ... fix qhelp files	2025-07-17 14:51:01 +02:00
Owen Mansel-Chan	af977e9ac7	Merge pull request #20067 from owen-mc/java/unsafe-deserialization-mad-sinks ... Java: allow the definition of `java/unsafe-deserialization` sinks using data extensions	2025-07-17 13:42:31 +01:00
Owen Mansel-Chan	6629bd8279	No need to deprecate classes when module is deprecated	2025-07-17 11:52:31 +01:00
Owen Mansel-Chan	b361f76643	Delete unused private class	2025-07-17 11:36:06 +01:00
Anders Schack-Mulligen	448cc82ef9	Kotlin: Accept more test changes.	2025-07-17 11:21:27 +02:00
Anders Schack-Mulligen	54775e0958	Java: Adjust Paths.qll	2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen	e7a6259bd7	Java: Accept test changes.	2025-07-17 11:21:26 +02:00
Anders Schack-Mulligen	fbe79e8a52	Java: Add AnnotatedExitNodes to the CFG.	2025-07-17 11:21:26 +02:00
Owen Mansel-Chan	805e31fdb9	Update test expectations	2025-07-16 15:25:45 +01:00
Owen Mansel-Chan	7d4a70cc1d	Add change notes	2025-07-16 14:44:24 +01:00
Owen Mansel-Chan	fdd1e3fefe	Use MaD models for unsafe deserialization sinks when possible ... Many of the unsafe deserialization sinks have to stay defined in QL because they have custom logic that cannot be expressed in MaD models.	2025-07-16 14:42:07 +01:00
Owen Mansel-Chan	9ef22fff8e	Update SnakeYaml reference to note that it is outdated	2025-07-15 15:27:01 +01:00
Kasper Svendsen	10a678dcbd	Java lib qlpack: Enable overlay compilation	2025-07-15 16:23:40 +02:00
Kasper Svendsen	9c3e275e66	Merge pull request #20011 from kaspersv/kaspersv/discard-xml ... Overlay: Add XML and Java property discarding	2025-07-15 16:13:38 +02:00
Kasper Svendsen	f84a3084f0	Address review comment about ignored QL variable ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2025-07-15 15:34:08 +02:00
Anders Schack-Mulligen	9e87095bed	Java: Restrict results to source literals.	2025-07-15 14:54:02 +02:00