codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00

Author	SHA1	Message	Date
Joe Farebrother	88c2ccbecf	Generate stubs	2024-02-01 16:59:50 +00:00
Joe Farebrother	5d1edd45c5	Add unit tests	2024-02-01 16:56:20 +00:00
Tony Torralba	e2bf9ea2eb	Consider File.exists() et al a path-injection sink	2024-01-30 14:51:36 +01:00
Joe Farebrother	460ffc89b2	Add additional test cases	2024-01-29 22:43:28 +00:00
Joe Farebrother	aa78050933	Implement checks for elements hidden by their xml attributes	2024-01-29 16:25:38 +00:00
Joe Farebrother	6081f18089	Add unit tests + make some fixes	2024-01-29 16:25:37 +00:00
Joe Farebrother	031bd8bd0c	Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif Java: Add query for exposure of sensitive information to android notifiactions	2024-01-26 16:42:55 +00:00
Tony Torralba	6e550d28af	Update more test expectations	2024-01-26 15:13:07 +01:00
Tony Torralba	2a146405ac	Adjust tests	2024-01-26 12:38:32 +01:00
Tony Torralba	19cb7adb6d	Migrate path injection sinks to MaD Deprecate and stop using PathCreation Path creation sinks are now summaries	2024-01-26 12:19:54 +01:00
Asger F	ee8e9a4e66	Shared: update test output	2024-01-26 11:14:23 +01:00
Asger F	ddbacc3d4a	Shared: add test case for stateful outBarrier bug	2024-01-26 11:14:11 +01:00
Tony Torralba	282632c33b	Add new snippets as tests	2024-01-25 15:11:11 +01:00
Joe Farebrother	0acb647e7d	Fix tests and add notification sink kind to model verification	2024-01-23 09:51:41 +00:00
Joe Farebrother	d806fcae3d	Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with)	2024-01-23 09:51:39 +00:00
Joe Farebrother	2ca164ce35	Generate androidx stubs and correct some models	2024-01-23 09:51:39 +00:00
Joe Farebrother	bafd65b1d2	Add tests to cover each modeled sink + some corrections to the models	2024-01-23 09:51:38 +00:00
Joe Farebrother	a1a2acd3ce	Add additional test cases	2024-01-23 09:51:38 +00:00
Joe Farebrother	f9bb004618	Add sink models to notification builder setters	2024-01-23 09:51:38 +00:00
Joe Farebrother	cd19a91704	Add unit test	2024-01-23 09:51:37 +00:00
Joe Farebrother	3aa27148de	Split existing tests under CWE-200 into separate folders	2024-01-23 09:51:37 +00:00
Tony Torralba	2246c969a3	Merge pull request #15244 from Marcono1234/marcono1234/regex-flags Java: Improve Regex flag parsing	2024-01-16 08:25:49 +01:00
Michael Nebel	9becd0876f	Merge pull request #15179 from michaelnebel/modelgenrespectmanual C#/Java: Increase precision of model generation.	2024-01-12 15:12:21 +01:00
Michael Nebel	37a21ec548	Java: Address review comments.	2024-01-12 13:36:23 +01:00
Michael Nebel	74cdcab6d8	Java: Update expected test output.	2024-01-12 13:36:23 +01:00
Michael Nebel	03d4025b99	Java: Add a testcase where both a neutral summary and summary is being generated.	2024-01-12 13:36:23 +01:00
Owen Mansel-Chan	6945289afc	Merge pull request #15246 from owen-mc/java/manual-neutral-overrides-generated C#/Java: Manual neutral summaries should block generated summaries	2024-01-12 10:05:18 +00:00
Owen Mansel-Chan	2f01688319	Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation Java: improve models for some important JDK methods	2024-01-11 12:47:37 +00:00
Owen Mansel-Chan	3767348dec	Update test expectations	2024-01-10 22:25:08 +00:00
Owen Mansel-Chan	370a32da8b	Test summary models and neutral models, manual and generated	2024-01-10 22:25:02 +00:00
Owen Mansel-Chan	9e2e01ff89	Update Top JDK APIs test expectation	2024-01-10 17:07:33 +00:00
Ed Minnix	709649e9df	Model `replace` and `putIfAbsent`	2024-01-08 09:39:03 -05:00
Ed Minnix	f05f16116b	Testing for Environment variable injection	2024-01-08 09:38:45 -05:00
Tony Torralba	7e6f2d1fc5	Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage Java: Add more sinks to the Insecure Randomness query	2024-01-08 15:33:03 +01:00
Marcono1234	3edfdc5ceb	Java: Improve Regex flag parsing Fixes: - Flag `d` not being recognized - Syntax for disabling flags (`-`) not being recognized - Non-capturing group with flags erroneously containing `:` as literal	2024-01-06 04:15:09 +01:00
Edward Minnix III	d6d76fa4f1	Merge pull request #15183 from egregius313/egregius313/java/fix-weak-hashing-adddition Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`	2023-12-22 11:38:55 -05:00
Tony Torralba	67f8bcce44	Merge pull request #14752 from masterofnow/LoadClassNoSignatureCheck Java: Insecure Loading of Class in Android App without Package Signature Checking	2023-12-22 10:24:34 +01:00
Ed Minnix	8051cfcef5	Fix tests and fix `getStringValue` method	2023-12-21 22:48:08 -05:00
Ed Minnix	6455e1893d	Add more test cases	2023-12-21 22:48:08 -05:00
masterofnow	7162540faf	Added options, .qhelp and .expected file for unit test.	2023-12-21 19:57:37 +08:00
masterofnow	25c818f425	Added unit test files.	2023-12-21 12:13:00 +08:00
Edward Minnix III	56921a6e21	Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`	2023-12-18 09:38:58 -05:00
Tony Torralba	9446249e94	Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp Java: Fix FPs in Missing certificate pinning	2023-12-18 09:37:18 +01:00
Ed Minnix	8826eaf1a3	Move test case to query tests	2023-12-15 11:09:08 -05:00
Tom Hvitved	c8b4a215bc	Merge pull request #14573 from hvitved/flow-summary-impl-param Move `FlowSummaryImpl.qll` to `dataflow` pack	2023-12-14 12:24:15 +01:00
Tony Torralba	66b54f03b7	Rename test	2023-12-13 11:15:27 +01:00
Tony Torralba	7bc907840c	Fix tests	2023-12-13 11:15:27 +01:00
Tony Torralba	bd8f35bef7	Java: Fix FPs in Missing certificate pinning Local URIs should never require pinning	2023-12-12 18:02:12 +01:00
Ed Minnix	7362158229	Fix test case	2023-12-11 11:18:40 -05:00
Ed Minnix	bbf99375c7	Alter cookie sinks to instead focus on creation of a cookie	2023-12-11 11:18:39 -05:00

... 13 14 15 16 17 ...

4322 Commits