hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,624 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.3
Commit Graph

4059 Commits

Author SHA1 Message Date
yo-h
1f6996002a Java: add permits relation to dbscheme (sealed classes) 2021-06-28 19:48:39 -04:00
Chris Smowton
dd70f2c87e Add spurious results now found in JaxXSS.java 2021-06-28 19:24:19 +01:00
Chris Smowton
768a8e78dd Fixup JaxRs.ql to cope with stubbed MediaType file 
In a real-world situation this type would be defined in an imported jar, but since here it is defined in a stub the getADeclaredContentType routine can see it is defined as an empty string in the stubbed implementation. Filter these out so the test more closely resembles the real situation.
 2021-06-28 19:24:19 +01:00
Chris Smowton
8eaffaff35 Fix test mistakes 2021-06-28 19:24:19 +01:00
Chris Smowton
6b3bc42ef2 Add JAX-RS XSS tests 2021-06-28 19:24:18 +01:00
Chris Smowton
b3c186c513 Convert XSS test to inline expectations 2021-06-28 19:24:18 +01:00
Sauyon Lee
240058be28 fixup! Fix tests for Spring util 
Apply review comments
 2021-06-28 10:53:00 -07:00
Sauyon Lee
4012076c90 fixup! Model spring util 
Apply review comments
 2021-06-28 10:52:58 -07:00
Sauyon Lee
bddc88c010 Add stubs for Spring util tests 2021-06-28 08:26:40 -07:00
Sauyon Lee
60db9e1851 Rename springframework-5.2.3 to 5.3.8 2021-06-28 08:26:39 -07:00
Sauyon Lee
fb0e6bfb42 Fix tests for Spring util 2021-06-28 08:26:39 -07:00
Sauyon Lee
739b142209 Generate tests for Spring util 2021-06-28 08:26:38 -07:00
Sauyon Lee
92ebb63b1f Model Spring AntPath utils 2021-06-28 08:26:38 -07:00
Sauyon Lee
c4e9b1fd8e Model Spring util 2021-06-28 08:26:37 -07:00
Tony Torralba
8112d723e0 Merge branch 'main' into atorralba/spring-beans 2021-06-28 17:02:31 +02:00
Tony Torralba
393b95cbbe Remove 'magic' from tests 2021-06-28 17:01:34 +02:00
Chris Smowton
3d69868297 Change ID and description of cloned query 
This should be cleaned up more effectively soon, but this suffices to fix the clashing-id problem.
 2021-06-28 12:18:59 +01:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
Timo Mueller
e5fa5325b5 Auto formatting .ql file 2021-06-25 22:31:29 +02:00
Chris Smowton
def4a23af2 Merge pull request #4879 from intrigus-lgtm/java/improve-trustmanager 
Java: Add/improve insecure trustmanager query
 2021-06-25 18:15:55 +01:00
intrigus
5aa711a956 Accept test changes. 2021-06-25 17:04:36 +02:00
Anders Schack-Mulligen
a79356e316 Apply suggestions from code review 2021-06-25 16:47:26 +02:00
intrigus
be57aeccf2 Remove change-note. 2021-06-25 16:47:26 +02:00
intrigus
5106aec319 Fix test location. 2021-06-25 16:47:25 +02:00
intrigus
36575bb26f Move back to experimental......... 2021-06-25 16:47:25 +02:00
intrigus
fe923facc8 Java: Move comments to separate lines. 
Move comments to separate lines to improve
the rendering in the finished query help.
 2021-06-25 16:47:25 +02:00
intrigus-lgtm
f527df73d5 Apply suggestions from code review. 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-25 16:47:25 +02:00
intrigus
f0d4b1d2b0 Java: Add change-note. 2021-06-25 16:47:25 +02:00
intrigus
6bfdf8d148 Java: Fix qhelp errors. 2021-06-25 16:47:24 +02:00
intrigus
dc0b06a735 Java: Factor out SecurityFlag library. 2021-06-25 16:47:24 +02:00
intrigus-lgtm
51fdcf86c8 Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-25 16:47:24 +02:00
intrigus
6f217d37da Java: Apply suggestions from review. 2021-06-25 16:47:24 +02:00
intrigus
4a00670b68 Java: Reduce long comment. 2021-06-25 16:47:24 +02:00
intrigus
45cec3df1c Java: Use this consistently in QL classes. 2021-06-25 16:47:24 +02:00
intrigus
0c1ce74135 Java: Switch from tabs to spaces. 2021-06-25 16:47:24 +02:00
intrigus
281e0859d1 Java: Accept test changes. 2021-06-25 16:47:23 +02:00
intrigus
6413af4fbe Java: Expand tests. 2021-06-25 16:47:23 +02:00
intrigus
484533c659 Java: Flag "intentionally" unsafe methods in tests. 
Previously intentionally unsafe methods such as `disableCertificate`
would be ignored by this query. But now they will also be flagged
as it is hard to guess intentions...
Adjust the tests to account for this change.
 2021-06-25 16:47:23 +02:00
intrigus
7023793af4 Java: Fix compilation errors in test. 2021-06-25 16:47:23 +02:00
intrigus
6d09db6fd6 Java: Explicitly list custom flow steps. 2021-06-25 16:47:23 +02:00
intrigus
e4775e0fae Java: Remove "intention-guessing" sanitizer & simplify. 
This removes the sanitizer part that classified some results as FP
if the results were in methods with certain names, like
`disableVerification()`. I now think that it's a bad idea to filter
based on the method name.
The custom flow steps in `flagFlowStep` are now listed explicitly.
Simplified check whether a method throws an exception.
 2021-06-25 16:47:23 +02:00
intrigus
8a7f6b72e9 Java: Apply suggestions for QHelp 2021-06-25 16:47:23 +02:00
intrigus
d37d922e8f Java: Fix Typos 2021-06-25 16:47:22 +02:00
intrigus-lgtm
030c286902 Java: Use machine-in-the-middle consistently 2021-06-25 16:47:22 +02:00
intrigus-lgtm
f52e438f3e Java: Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-06-25 16:47:22 +02:00
intrigus
592fd1e8ca Java: Accept test changes 2021-06-25 16:47:22 +02:00
intrigus
1b96d0ac54 Java: Remove overlapping code 2021-06-25 16:47:22 +02:00
intrigus
87554a78d4 Java: Add insecure trust manager query. 2021-06-25 16:47:22 +02:00
Timo Mueller
b969b9b5e7 Merge branch 'insecureJmxRmiServerEnvironment' of github.com:mogwailabs/codeql into insecureJmxRmiServerEnvironment 2021-06-25 16:11:47 +02:00
Timo Mueller
72ef4983db Fixed wrong match for symbolic constant 2021-06-25 16:11:37 +02:00