hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

1409 Commits

Author SHA1 Message Date
Tony Torralba
66d49aa4e8 Fix InsecureBasicAuth tests affected by the new URL summary 2021-06-16 13:01:40 +02:00
Tony Torralba
af6bd0b963 Consider subtypes of ReaderSource 2021-06-16 13:01:40 +02:00
Tony Torralba
87dfc92aba Add tests for CompilationUnit's subtypes 2021-06-16 13:01:40 +02:00
Tony Torralba
e324e4e8d1 Remove non-ascii characters added by accident 2021-06-16 13:01:40 +02:00
Tony Torralba
357b0e1a90 Fix SSRF tests affected by the new URL summary 2021-06-16 13:01:40 +02:00
Tony Torralba
f3ef93fa8a Make sinks more specific, improve tests 2021-06-16 13:01:39 +02:00
Tony Torralba
7ff4d368be Fix tests 2021-06-16 13:01:39 +02:00
Tony Torralba
5d56eb6ea1 Add stubs 2021-06-16 13:01:39 +02:00
Tony Torralba
7883549c25 Use InlineExpectationsTest 2021-06-16 13:01:39 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
haby0
c1ada6d85b Merge branch 'main' into java/UnsafeDeserialization 2021-06-16 16:37:03 +08:00
Tony Torralba
e2918d55b5 Move tests back from internal repo 2021-06-16 10:09:44 +02:00
Anders Schack-Mulligen
19305a217a Merge pull request #5374 from joefarebrother/guava-base 
Java: Model additional flow steps for the package `com.google.common.base` of the Guava framwork.
 2021-06-15 10:58:48 +02:00
Joe Farebrother
36cb207600 Increase precision of tests to test value flow 2021-06-14 11:20:07 +01:00
Owen Mansel-Chan
5e89fce734 Avoid strange bug by commenting out two tests 2021-06-14 10:57:28 +01:00
Owen Mansel-Chan
8cf47f12b4 Model constructors of classes implementing MultivaluedMap 2021-06-14 10:56:35 +01:00
Joe Farebrother
678597f3f9 Update CSV rows for collection flow 2021-06-11 15:08:27 +01:00
Chris Smowton
76838809bb Merge pull request #5818 from artem-smotrakov/rmi-deserialization 
Java: Unsafe RMI deserialization
 2021-06-11 13:43:07 +01:00
Joe Farebrother
04ffe80366 Add unit tests 2021-06-11 11:41:27 +01:00
Owen Mansel-Chan
e0130a932e Update experimental query using NewCookie 2021-06-10 13:33:20 +01:00
Owen Mansel-Chan
c173b89529 Model NewCookie 2021-06-10 13:32:39 +01:00
Owen Mansel-Chan
ee6019a2d8 Fix tests for experimental httponly query 2021-06-10 13:31:28 +01:00
Owen Mansel-Chan
d5d27d5ccf Duplicate tests for Jakarta 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
0ad35421f2 Comment out stubs (Jakarta) 2021-06-10 10:43:40 +01:00
Owen Mansel-Chan
318d1ea484 Stubs in javax-ws-rs-api-3.0.0 
Generated using java-autostub
 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
e6a6a8898b Move Jax XSS sinks to JaxWS.qll and add tests 2021-06-10 10:43:39 +01:00
Owen Mansel-Chan
d1fe62d4d5 (Minor) Update comments to match ExternalFlow docs 2021-06-10 10:43:38 +01:00
Owen Mansel-Chan
1ae9d68409 Move and convert URL redirect sinks 
Adds for them as well
 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
f2ff2aa3e1 Add flow tests for JAX-RS 2021-06-10 10:43:37 +01:00
Owen Mansel-Chan
155d63d5f7 Add tests for JAX-RS 2021-06-10 10:43:36 +01:00
Owen Mansel-Chan
baa21c5bcf Manually comment out parts of stubs 
This is to avoid having to make more stubs, which we don't really need
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
caf96b01e1 Stubs in javax-ws-rs-api-2.1.1 
Generated using java-autostub
 2021-06-10 10:43:34 +01:00
Owen Mansel-Chan
2cb76fe407 Test JAX-WS endpoints 2021-06-08 15:12:04 +01:00
Owen Mansel-Chan
d9cf1aaf39 Add stubs for JAX-WS 2021-06-08 15:12:04 +01:00
Tony Torralba
48b0df4a3e Add tests, minor bugfixes 2021-06-08 10:35:18 +02:00
Tony Torralba
d77d0c9e10 Added summaries for Spring PropertyValues 2021-06-07 17:35:03 +02:00
Anders Schack-Mulligen
96da85449d Merge pull request #5823 from atorralba/promote-jexl-injection 
Java: Promote JEXL Injection query from experimental
 2021-06-07 10:03:12 +02:00
Chris Smowton
4ddf4558a7 Merged simplified query 2021-06-04 16:07:15 +02:00
Anders Schack-Mulligen
f73960da8f Merge pull request #5788 from Marcono1234/marcono1234/stmt-toString 
Java: Override toString() for statements
 2021-06-04 12:41:03 +02:00
Anders Schack-Mulligen
60377a8f86 Merge pull request #5383 from smowton/smowton/feature/strbuilder-fluent-methods 
Java: Add models for StrBuilder's fluent methods
 2021-06-04 12:33:24 +02:00
Anders Schack-Mulligen
30cb80b341 Merge pull request #5181 from smowton/smowton/feature/commons-tostringbuilder 
Java: Add models for Commons ToStringBuilder
 2021-06-04 12:30:36 +02:00
Marcono1234
485b0be805 Java: Fix expected test output 2021-06-03 17:15:00 +02:00
Marcono1234
e0a45507f8 Java: Adjust toString() for statements 2021-06-03 16:27:36 +02:00
Marcono1234
7e778bc008 Java: Override toString() for statements 
Additionally remove redundant QLDoc which is inherited anyways.
 2021-06-03 16:27:35 +02:00
Anders Schack-Mulligen
bd9e3d0fa9 Merge pull request #5751 from aschackmull/java/collection-flow 
Java: Convert all collection and array steps from taint flow to value flow.
 2021-06-03 15:29:14 +02:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
34a8383c1a Unused import 2021-06-03 10:22:53 +02:00
Anders Schack-Mulligen
8e6dd51f50 Merge pull request #5868 from Marcono1234/marcono1234/ignore-not-closing-char-array-closeable 
Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql
 2021-06-02 15:00:59 +02:00
Anders Schack-Mulligen
8a20395857 Merge pull request #5940 from pwntester/main 
Remove XSS sink for Java
 2021-06-02 12:30:20 +02:00
Tony Torralba
d476459727 Use InlineExpectationsTest 2021-06-02 12:15:26 +02:00