hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,824 Commits 1,672 Branches 157 Tags
ginsbach/EnableJavaOverlayCompilation
Commit Graph

951 Commits

Author SHA1 Message Date
Nora Dimitrijević
e0b3a2c5f9 Java: convert ArbitraryApkInstallation test to .qlref 2025-06-26 13:22:05 +02:00
Nora Dimitrijević
690446149a Java: add CleartextStorageCookie test 
Given that it's a non-path-problem dataflow query, the InlineExpectationsTest is not as useful.
 2025-06-24 18:12:19 +02:00
Nora Dimitrijević
e213e3fc37 Java: convert ImplicitPendingIntents test to .qlref 2025-06-24 16:42:37 +02:00
Nora Dimitrijević
e0311e26c6 Java: convert ImproperIntentVerification test to .qlref 
It's a non-path query, so the InlineExpectationsTest postprocessor doesn't do anything.
 2025-06-24 16:42:35 +02:00
Nora Dimitrijević
aac4f63e9a Java: convert RequestForgery test to .qlref 2025-06-24 16:42:32 +02:00
Nora Dimitrijević
7f05b72e10 Java: convert OgnlInjection test to .qlref 2025-06-24 16:42:30 +02:00
Nora Dimitrijević
cadfd0dcaa Java: convert RsaWithoutOaep test to .qlref 2025-06-24 16:42:28 +02:00
Nora Dimitrijević
b7e47e2cf3 Java: convert PolynomialReDoS and RegexInjection tests to .qlref 
Leaves ReDoS.ql unmodified since it's not a dataflow query; just moves it to its own directory.
 2025-06-24 16:42:26 +02:00
Nora Dimitrijević
f5c7ef6ab4 Java: convert XPathInjection test to .qlref 2025-06-24 16:42:23 +02:00
Nora Dimitrijević
162b1c51a9 Java: convert XXE test to .qlref 2025-06-24 16:42:21 +02:00
Nora Dimitrijević
7f33f57c9b Java: convert UrlForward test to .qlref 2025-06-24 16:42:19 +02:00
Nora Dimitrijević
bf1a699982 Java: convert CWE-522 tests to .qlref 2025-06-24 16:42:17 +02:00
Nora Dimitrijević
4412335223 Java: convert UnsafeDeserialization test to .qlref 2025-06-24 16:42:14 +02:00
Nora Dimitrijević
c4b0955045 Java: convert WebviewDebuggingEnabled test to .qlref 2025-06-24 16:42:12 +02:00
Nora Dimitrijević
192f45ed2b Java: convert FragmentInjection test to .qlref 2025-06-24 16:42:10 +02:00
Nora Dimitrijević
2b19cbcd7e Java: convert UnsafeContentUriResolution test to .qlref 2025-06-24 16:42:08 +02:00
Nora Dimitrijević
28694276e2 Java: convert MissingJWTSignatureCheck test to .qlref 2025-06-24 16:42:06 +02:00
Nora Dimitrijević
85c2f72892 Java: convert InsecureRandomness test to .qlref 2025-06-24 16:42:04 +02:00
Nora Dimitrijević
288a938814 Java: convert InsufficientKeySize test to .qlref 2025-06-24 16:42:02 +02:00
Nora Dimitrijević
993b261b63 Java: convert InsecureTrustManager test to .qlref 2025-06-24 16:42:00 +02:00
Nora Dimitrijević
b736e3733c Java: convert IntentUriPermissionManipulation test to .qlref 2025-06-24 16:41:58 +02:00
Nora Dimitrijević
c77875d834 Java: convert TemplateInjection test to .qlref 2025-06-24 16:41:56 +02:00
Nora Dimitrijević
b8c7bd29c3 Java: convert SpelInjection test to .qlref 2025-06-24 16:41:54 +02:00
Nora Dimitrijević
2a837b208b Java: convert MvelInjection test to .qlref 2025-06-24 16:41:52 +02:00
Nora Dimitrijević
1b61cb660a Java: convert JexlInjection test to .qlref 2025-06-24 16:41:50 +02:00
Nora Dimitrijević
1cc91e964d Java: convert GroovyInjection test to .qlref 2025-06-24 16:41:48 +02:00
Nora Dimitrijević
8e53da285f Java: convert XSS test to .qlref 2025-06-24 16:41:46 +02:00
Nora Dimitrijević
199eabdd20 Java: convert XsltInjection test to .qlref 
Also, split off into separate directory from JndiInjectionTest because their $Alerts were interfering with each other.
 2025-06-24 16:41:43 +02:00
Nora Dimitrijević
3f9e0fee81 Java: convert JndiInjection test to .qlref 2025-06-24 16:41:41 +02:00
Nora Dimitrijević
e1ddce8456 Java: convert PartialPathTraversalFromRemote test to .qlref 2025-06-24 16:41:39 +02:00
Nora Dimitrijević
588efe4b2b Java: Convert TaintedPath test to .qlref 2025-06-24 16:41:35 +02:00
Chris Smowton
3c555fce11 Add basic test for SQL injection vs Jakarta Persistence 2025-04-01 17:13:23 +01:00
Nick Rolfe
361fbba39b Java: fix comma splice in alert message 2025-03-21 14:23:32 +00:00
Owen Mansel-Chan
5c7588822d Fix test output 2025-03-14 11:44:00 +00:00
Owen Mansel-Chan
a8e993c942 Fix FP for always-locked fields 2025-03-13 15:03:32 +00:00
Owen Mansel-Chan
dc2cbf7402 Add tests for always-locked fields 2025-03-13 15:02:26 +00:00
Owen Mansel-Chan
aed51644ba Convert to inline expectations test 2025-03-13 12:55:02 +00:00
Jami Cogswell
e17486a9d8 Java: rename springframework stubs directory from 5.3.8 to 5.8.x 2025-03-11 15:20:58 -04:00
Jami
ea9b0462bf Merge pull request #18793 from jcogs33/jcogs33/java/spring-boot-actuators-promo 
Java: Promote Spring Boot Actuators query from experimental
 2025-03-11 14:42:14 -04:00
Owen Mansel-Chan
f2947f7066 Fix indentation 2025-03-05 14:13:53 +00:00
Lukas Abfalterer
41e9a837e5 Fix naming 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-03-05 12:50:54 +01:00
Lukas Abfalterer
c9b75afc2a Fix QLL and add change notes with tests 2025-03-05 10:23:35 +01:00
Jami Cogswell
82062e2847 Java: update test 2025-03-04 11:15:00 -05:00
Jonas Jensen
2edc9af1e0 Merge pull request #18848 from jbj/StaticInitializationVector-postprocess 
Java: StaticInitializationVector with postprocess
 2025-02-25 12:44:16 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
f65a5b9a66 Java: add test for qhelp good example 2025-02-24 18:27:45 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00