hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
32,907 Commits 1,672 Branches 157 Tags
codeql-cli-2.8.2
Commit Graph

346 Commits

Author SHA1 Message Date
Alvaro Muñoz
671ea2f6c6 add test and stubs 2020-10-27 15:47:54 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Joe Farebrother
aa8bacb724 Java: Update test output 2020-10-12 15:50:47 +01:00
Jonathan Leitschuh
ab3772eaeb Update JHipster CodeQL query from code review 2020-10-01 15:38:56 -04:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
Joe
fcfc836720 Java: Add tests for ExecTainted 2020-09-17 16:47:55 +01:00
Anders Schack-Mulligen
cc61e6117e Merge pull request #3542 from porcupineyhairs/mongoJava 
Java : add MongoDB injection sinks
 2020-09-01 16:19:17 +02:00
Anders Schack-Mulligen
e5d7208c12 Java: Adjust a few qltests. 2020-09-01 12:49:09 +02:00
Porcupiney Hairs
441825919c Java : add MongoDB injection sinks 2020-08-31 02:24:23 +05:30
Porcupiney Hairs
4f07733b06 remove U+200B 2020-08-30 04:54:02 +05:30
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Anders Schack-Mulligen
3b81c3b95c Merge pull request #2651 from ggolawski/java-ldap-injection 
Java LDAP Injection (CWE-90)
 2020-01-31 16:43:52 +01:00
Grzegorz Golawski
3fd8d9eb5c Rename CWE-90 into CWE-090 2020-01-30 22:33:20 +01:00
Anders Schack-Mulligen
ea3d7b1b2f Java: Adjust stubs and unit test. 2020-01-30 11:27:33 +01:00
Anders Schack-Mulligen
9391058363 Java: Add unit test for ldap injection. 2020-01-29 11:37:33 +01:00
Esben Sparre Andreasen
8deefd60a7 java: fixup whitespace/tabs in test 2020-01-24 11:01:38 +01:00
Esben Sparre Andreasen
57b3a55b48 java: sharpen java/maven/non-https-url to allow localhost URLs 2020-01-24 08:51:54 +01:00
Esben Sparre Andreasen
a5558809f4 java: add more tests for java/maven/non-https-url 2020-01-24 08:49:59 +01:00
Anders Schack-Mulligen
f88623ccb4 Java: Add .expected file to qltest. 2019-12-13 14:34:29 +01:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
Tom Hvitved
7f6e253425 Java: Update expected test output 2019-10-04 11:09:44 +02:00
Tom Hvitved
6318cc9a71 Java: Update expected test output 2019-09-18 13:36:15 +02:00
Anders Schack-Mulligen
2d620698d8 Java: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Jonas Jensen
9c9b7ac651 C#/C++/Java: Revert AccessPathNil.toString changes 
This caused too many `*.expected` files to change, also in our internal
repo.
 2019-09-02 15:59:36 +02:00
Jonas Jensen
a98992f0f9 C#/C++/Java: distinguish toString of nil from cons 2019-09-02 14:22:03 +02:00
Jonas Jensen
6c96a8d339 Java: Accept test changes 
Note: the results in `partial` have regressed and will need to be fixed
in a follow-up commit.
 2019-09-02 13:14:17 +02:00
Luke Cartey
dfa371c65b Java: Add missing SQL query APIs. 
* executeLargeUpdate
 * prepareCall
 2019-08-30 10:40:49 +01:00
Anders Schack-Mulligen
a50ea54ff6 Java: Fix tests. 2019-08-08 12:03:01 +02:00
Anders Schack-Mulligen
48b19f1fea Java: Replace ValidatedVariable with guarded accesses. 2019-05-20 16:46:11 +02:00
Anders Schack-Mulligen
dec31a3dd6 Java: Use range analysis in IntMultToLong. 2019-04-05 10:42:23 +02:00
Robin Neatherway
409733838b Java: Add a flow step for Path::toFile in ZipSlip 2019-02-11 10:33:44 +00:00
Anders Schack-Mulligen
06e48ca19f Java: Update test. 2019-01-08 11:57:54 +01:00
Anders Schack-Mulligen
d3fcfb0957 Java: Fix FP in UseSSL. 2018-12-04 17:44:05 +01:00
Anders Schack-Mulligen
deb61d6f29 Java: Update test output. 2018-11-16 13:48:50 +01:00
Anders Schack-Mulligen
2004445817 Merge pull request #409 from yh-semmle/java/move-tests 
Java: move/tweak some tests
 2018-11-06 16:38:03 +01:00
yh-semmle
c0fcf7fc9b Java: move a few more tests 2018-11-05 12:08:43 -05:00
Anders Schack-Mulligen
c3f71c2d42 Java: Change main ZipSlip location to the source. 2018-10-31 11:38:28 +01:00
Anders Schack-Mulligen
4953e4923a Java: Add test for sanitization using toAbsolutePath(). 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen
bf6b7c4734 Java: Add ZipSlip query. 2018-10-31 11:38:27 +01:00
Anders Schack-Mulligen
8fe1634fcc Java: Add test. 2018-10-25 13:00:15 +02:00
Anders Schack-Mulligen
dd5a8f0c14 Java: Autoformat most queries. 2018-10-11 11:31:37 +02:00
Anders Schack-Mulligen
b9acdf573a Java: Update qltest. 2018-09-13 10:18:09 +02:00
Pavel Avgustinov
846c9d5860 Migrate Java code to separate QL repo. 2018-08-30 10:48:05 +01:00