hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

1439 Commits

Author SHA1 Message Date
Joe Farebrother
cd7c7c3152 Implement array getters/constructors in generated tests 2021-09-16 15:23:01 +01:00
Joe Farebrother
84748cda76 Increase field flow branch limit. 
I'm a little concerned that this appears to be necassary for tests; as it may mean that results involving these flow steps may not be found in real-world projects.
 2021-09-16 15:23:01 +01:00
Joe Farebrother
f94a61cc8a Remove unneeded rows 2021-09-16 15:23:01 +01:00
Joe Farebrother
b51ffadd27 Improve generated tests 2021-09-16 15:23:01 +01:00
Joe Farebrother
c8e2b027ee Add fieldFlowBranchLimit to the tests 2021-09-16 15:23:00 +01:00
Joe Farebrother
6ae11b5b2c Generate stubs. 
Some generated stubs were manually adjusted due to minor issues in the stub generator.
In particular, ambiguous references were resolved and references to private classes were removed.
 2021-09-16 15:23:00 +01:00
Joe Farebrother
ff733e0334 Fix up issues in generated tests 2021-09-16 15:23:00 +01:00
Joe Farebrother
693d729ec6 Generate tests and fix broken specs 2021-09-16 15:23:00 +01:00
Joe Farebrother
1273b063f4 Fix test expectations 2021-09-16 15:23:00 +01:00
Joe Farebrother
5fee6d2d19 Convert Sets utilities 2021-09-16 15:22:59 +01:00
Joe Farebrother
10f0f3038c Add tables, improve tests, make fixes 2021-09-16 15:22:59 +01:00
Joe Farebrother
73aba09eee Add create methods 2021-09-16 15:22:59 +01:00
Joe Farebrother
035d655e72 Update guava collection flow steps to CSV 2021-09-16 15:22:59 +01:00
Marcono1234
020aa4d94c Java: Address feedback and fix test failures 2021-09-16 14:10:48 +01:00
Marcono1234
58d2d5d14e Java: Replace incorrect usage of Literal.getLiteral() 2021-09-16 14:10:48 +01:00
Tony Torralba
f18c163408 Improve handling of the 'author' word as an exception 2021-09-16 11:57:28 +02:00
Tony Torralba
21079a1315 Fix conditionControlsMethod predicate 
Exceptions for throw and return statements were missing the appropriate condition
 2021-09-15 17:51:51 +02:00
Tony Torralba
5ed9949498 Adapt InsecureBasicAuth to the previous commit 2021-09-15 17:20:28 +02:00
Tony Torralba
30178d4f23 Decouple InsecureBasicAuth.qll to reuse the taint tracking configuration 2021-09-15 17:20:27 +02:00
Tony Torralba
148443fae1 Use InlineExpectationsTest 2021-09-15 17:20:27 +02:00
Tony Torralba
2cada386b4 Refactored into InsecureBasicAuth.qll 2021-09-15 17:20:27 +02:00
Tony Torralba
905be67aae Moved from experimental 2021-09-15 17:20:27 +02:00
Chris Smowton
03db15af9a Merge pull request #6685 from smowton/smowton/admin/android-uri-model 
Java: Add models for android.net.Uri[.Builder]
 2021-09-15 10:48:33 +01:00
Anders Schack-Mulligen
8485b6f0b3 Merge pull request #6691 from bmuskalla/moreStringMethods 
Java: Support String#getChars and #translateEscapes
 2021-09-15 10:14:54 +02:00
Anders Schack-Mulligen
3f7d6e6f85 Merge pull request #6136 from smowton/smowton/admin/spring-xss-content-type-sensitivity 
Spring HTTP: improve content-type sensitivity
 2021-09-15 09:50:56 +02:00
Chris Smowton
e5b84fb795 Use InlineFlowTest 2021-09-14 16:37:07 +01:00
Chris Smowton
367a53dd71 Add models for android.net.Uri[.Builder] 2021-09-14 16:37:07 +01:00
Chris Smowton
6cff0d0376 Merge pull request #6393 from luchua-bc/java/xss-jsf 
Java: CWE-079 Query to detect XSS with JavaServer Faces (JSF)
 2021-09-14 15:15:56 +01:00
Tony Torralba
4e93330cb9 Improved tests 
Note that a FN test case was added
 2021-09-14 15:51:08 +02:00
Anders Schack-Mulligen
26eafcb55a Merge pull request #6456 from smowton/smowton/admin/flexjson-unsafe-deserialization 
Java: add unsafe-deserialization support for Flexjson
 2021-09-14 14:33:22 +02:00
Tony Torralba
0640b41f00 Adjust tests 2021-09-14 13:44:53 +02:00
Chris Smowton
fcc0f1d5a7 Expand test to exercise all sinks 2021-09-14 12:27:33 +01:00
Tony Torralba
f8d1e2ac11 Refactor tests to use InlineExpectationsTest 2021-09-14 13:16:45 +02:00
luchua-bc
24addd5c10 Query to detect XSS with JavaServer Faces (JSF) 2021-09-14 11:47:32 +01:00
Anders Schack-Mulligen
e71173d953 Merge pull request #6591 from bmuskalla/inlineFlowTest 
Java: Simplify setup for flow tests using `InlineExpectationsTest`
 2021-09-14 10:31:29 +02:00
Benjamin Muskalla
199e015a06 Support missing String methods 2021-09-14 10:22:22 +02:00
Chris Smowton
122ffca049 Merge pull request #6645 from Marcono1234/marcono1234/spurious-javadoc-param-generic-class 
Java: Detect spurious param Javadoc tag of generic classes
 2021-09-13 16:41:06 +01:00
Benjamin Muskalla
24d740b2da Merge branch 'main' into inlineFlowTest 2021-09-13 17:15:37 +02:00
Benjamin Muskalla
bf5a46f6d8 Simplify inline tests 2021-09-13 17:08:02 +02:00
Anders Schack-Mulligen
7b764aec92 Merge pull request #6682 from aschackmull/java/callbacks 
Java: Add support for callback-based library models.
 2021-09-13 16:43:03 +02:00
Anders Schack-Mulligen
ab862276fc Java: Fix tests. 2021-09-13 16:04:11 +02:00
Chris Smowton
abdd3a5dbe Adjust Java tests that check for unpaired surrogate extraction 2021-09-13 14:02:05 +01:00
Anders Schack-Mulligen
89a6cdc711 Java: Add support for callback-based library models. 2021-09-13 14:49:28 +02:00
Chris Smowton
68ed3250e8 Merge pull request #6478 from smowton/smowton/feature/jax-rs-request-filters 
Java: Add sources for Jax-RS filters
 2021-09-13 10:59:17 +01:00
Marcono1234
5009ed618f Java: Extend functional interfaces test 2021-09-12 01:50:07 +02:00
Chris Smowton
451a46bf0e Add models for getLanguage, getMediaType 2021-09-10 16:36:38 +01:00
Chris Smowton
5e7a3ca2e6 Model UriInfo.relativize and resolve. 2021-09-10 16:36:37 +01:00
Chris Smowton
f1c3a11103 Add sources for Jax-RS filters 2021-09-10 16:36:34 +01:00
Chris Smowton
9b488207eb Add support for the Flexjson framework to the unsafe-deserialization query 2021-09-10 16:27:23 +01:00
Chris Smowton
b47939c737 Note resolved spurious results 2021-09-10 16:10:54 +01:00