hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

285 Commits

Author SHA1 Message Date
Tony Torralba
f1fab854c4 Fix tests for XXE, introduced a dependency with jaxen 2021-05-06 12:11:55 +02:00
Tony Torralba
84504a88e4 Fix tests by adding AndroidManifest.xml 2021-05-06 10:55:56 +02:00
Tony Torralba
76468559ba Add safe example for dom4j 2021-05-06 10:17:25 +02:00
Tony Torralba
926fedb7fb Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-05-06 09:18:50 +02:00
Tony Torralba
00a7576679 Rename XPath Injection test file 2021-05-06 09:18:50 +02:00
Tony Torralba
8af7f4a484 New sinks and test cases 2021-05-06 09:18:49 +02:00
Tony Torralba
ccb3ea4453 Fix XPath Injection tests classpath 2021-05-06 09:18:49 +02:00
Tony Torralba
26c3ff2cee Move from experimental to standard 2021-05-06 09:18:49 +02:00
Tony Torralba
a706046a19 Reestructured test 2021-05-06 09:17:53 +02:00
Jonathan Leitschuh
67e9f06304 [Java] Fix Kryo FP & Kryo 5 Support 
Closes #4992
 2021-05-05 17:38:34 -04:00
Tony Torralba
03ce8d689f Refactored to use CSV sink model 2021-05-05 16:34:30 +02:00
Tony Torralba
9b78cee37a Add tests 2021-05-05 11:59:57 +02:00
Tony Torralba
e68c6e66a5 Remove qlref file 2021-05-03 17:53:37 +02:00
Tony Torralba
4d5ec87de9 Use InlineTest 2021-05-03 13:27:24 +02:00
Tony Torralba
4bfd34b1fe Moved from experimental 2021-05-03 13:15:24 +02:00
Anders Schack-Mulligen
175c71221a Java: Adjust some test output with more edges/nodes. 2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
29aec0d770 Java: Adjust expected output. 2021-04-19 13:16:46 +02:00
Anders Schack-Mulligen
c5193cf03f Apply suggestions from code review 2021-04-19 13:14:56 +02:00
Anders Schack-Mulligen
06514159be Java: Add XXE tests. 2021-04-19 10:58:21 +02:00
Anders Schack-Mulligen
daad62c4e0 Java: Add TaintedPath test. 2021-04-19 10:07:03 +02:00
Chris Smowton
e3cf5c235e Add support for Commons-Lang's RandomUtils 
This is realised by somewhat generalising our interfaces for modelling RNGs. We also add tests for randomness-related queries that didn't have any, and addtest cases checking the Apache random-number generators are interchangeable with the stdlib ones.
 2021-03-05 12:09:33 +00:00
Anders Schack-Mulligen
f0d3841369 Merge pull request #5105 from JLLeitschuh/feat/JLL/depricated_bintray_usage 
CWE-1104: Maven POM dependence upon Bintray/JCenter
 2021-02-25 09:08:31 +01:00
Jonathan Leitschuh
ad99aa2d76 Fix typo in test output 2021-02-22 13:26:51 -05:00
Anders Schack-Mulligen
6eafa9d396 Merge pull request #5133 from pwntester/fix_SnakeYaml 
Remove sanitizing condition which does not prevent vulnerability.
 2021-02-16 12:58:47 +01:00
Jonathan Leitschuh
d82e8216ed Merge branch 'main' into feat/JLL/depricated_bintray_usage 2021-02-15 10:48:28 -05:00
Alvaro Muñoz
00a0b12dad update expected results 2021-02-15 11:23:40 +01:00
Alvaro Muñoz
c7072aef16 update A.java test 2021-02-15 10:34:20 +01:00
yo-h
e5331a4735 Java: accept changes in expected output 2021-02-09 09:17:35 -05:00
yo-h
e194411cfa Java: fix javac errors in test code 2021-02-09 09:16:57 -05:00
Jonathan Leitschuh
bfa9324266 CWE-1104: Maven POM dependence upon Bintray/JCenter 2021-02-05 13:05:51 -05:00
intrigus
4fa8f5eab2 Java: Accept test changes 2021-01-12 15:29:03 +01:00
intrigus
e11304a1ca Java: Autoformat 2021-01-11 13:42:08 +01:00
intrigus
c88f07dde4 Java: Accept test output 2021-01-11 13:42:07 +01:00
intrigus
33b0ff28d8 Java: Update test 2021-01-11 13:42:07 +01:00
intrigus
3da1cb0879 Java: Add unsafe hostname verification query 2021-01-11 13:42:07 +01:00
Joe Farebrother
24dc631a8f Java: Fix false positive in XXE query 2020-12-08 16:38:42 +00:00
Joe Farebrother
2fd5d26b1b Add FP as a test case 2020-12-08 16:37:53 +00:00
Anders Schack-Mulligen
4be731d2ab Java: Adjust reference to static method and add test. 2020-11-16 11:47:58 +01:00
Alvaro Muñoz
3dcd8acf97 add expected results 2020-10-27 15:47:54 +01:00
Alvaro Muñoz
671ea2f6c6 add test and stubs 2020-10-27 15:47:54 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Joe Farebrother
aa8bacb724 Java: Update test output 2020-10-12 15:50:47 +01:00
Jonathan Leitschuh
ab3772eaeb Update JHipster CodeQL query from code review 2020-10-01 15:38:56 -04:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
Joe
fcfc836720 Java: Add tests for ExecTainted 2020-09-17 16:47:55 +01:00
Anders Schack-Mulligen
cc61e6117e Merge pull request #3542 from porcupineyhairs/mongoJava 
Java : add MongoDB injection sinks
 2020-09-01 16:19:17 +02:00
Anders Schack-Mulligen
e5d7208c12 Java: Adjust a few qltests. 2020-09-01 12:49:09 +02:00
Porcupiney Hairs
441825919c Java : add MongoDB injection sinks 2020-08-31 02:24:23 +05:30
Porcupiney Hairs
4f07733b06 remove U+200B 2020-08-30 04:54:02 +05:30
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30