hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,333 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJava
Commit Graph

58 Commits

Author SHA1 Message Date
Owen Mansel-Chan
19df33fb43 Remove another erroneous comment 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2025-01-21 09:25:37 +00:00
Owen Mansel-Chan
6fa18be0cc Fix QLDocs 2025-01-20 22:07:01 +00:00
Owen Mansel-Chan
9cc614ac2d Allow jax-rs path annotation inheritance 2025-01-07 16:44:12 +00:00
Owen Mansel-Chan
de1b374e0e Test JAX-RS class/interface annotation inheritance 2025-01-07 15:28:41 +00:00
Michael Nebel
0a1d2d0bbb Java: Update all test util paths to point to the new location. 2024-12-12 13:21:25 +01:00
Jeroen Ketema
89d20fd086 Java: Update expected test results 2024-12-03 19:18:59 +01:00
Tom Hvitved
95e9d013cc Update expected test output 2024-11-04 12:07:06 +01:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Jami Cogswell
bab89c46b6 Java: use post-process provenance pretty-printing in library-tests 2024-07-28 18:13:58 -04:00
Anders Schack-Mulligen
37d78249e7 Java: Update provenance ids. 2024-07-16 11:11:54 +02:00
Anders Schack-Mulligen
dc64a08467 Java: Update test expectations for Object.clone(). 2024-07-16 11:11:52 +02:00
Jami Cogswell
6b497da15f Java: fix line number changes in tests 2024-07-11 15:33:09 -04:00
Jami Cogswell
c73af7f789 Java: update some test cases due to shifted alert provenance line numbers 2024-06-27 21:07:35 -04:00
Tony Torralba
292395b80e Update test expectations 2024-06-04 10:35:16 +02:00
Anders Schack-Mulligen
a74cf6501a Java: update qltest expected files. 2024-05-22 11:13:06 +02:00
Anders Schack-Mulligen
c2f5731e8d Java: Update expected output (uninteresting). 2024-04-12 09:20:26 +02:00
Anders Schack-Mulligen
e9e445b2ba Java: Add empty provenance column to expected files. 2024-02-09 11:32:00 +01:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Michael Nebel
40e63a63e2 Java: Re-factor most queries and tests to use threat models. 2023-10-04 14:01:58 +02:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Tony Torralba
3f9701cea7 Two fixes: 
* Consider that the @WebService annotation (et al) can be in a supertype or interface

* getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
 2023-08-24 11:35:52 +02:00
Tony Torralba
43b9199734 Java: Improved JaxWsEndpoint::getARemoteMethod 2023-08-07 10:21:58 +02:00
Jeroen Ketema
742eb8dd12 Java: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:10 +02:00
Jeroen Ketema
49993b023e Java: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:17 +02:00
Ed Minnix
59e59125d6 Refactor tests 2023-04-24 17:10:32 -04:00
Anders Schack-Mulligen
46d6f5af7e Java: Update some tests. 2023-02-21 13:14:35 +01:00
Rasmus Wriedt Larsen
b840e8efb8 Java: Remove MISSING: XssSink annotations from text/plain responses in JaxWs 2022-10-27 15:55:14 +02:00
Rasmus Wriedt Larsen
cee9139a0d Java: Correctly annotate missing XSS sinks in JaxWs modeling 2022-10-27 15:17:17 +02:00
Rasmus Wriedt Larsen
977792070a Java: Fix tag missing from getARelevantTag 2022-10-27 09:11:24 +02:00
erik-krogh
46b5bf32f9 update alert-messsages of java queries 2022-09-26 12:15:25 +02:00
Erik Krogh Kristensen
83f26eb833 rename all upper-case variables to start with a lower-case letter 2022-03-14 11:50:48 +01:00
Benjamin Muskalla
24d740b2da Merge branch 'main' into inlineFlowTest 2021-09-13 17:15:37 +02:00
Benjamin Muskalla
bf5a46f6d8 Simplify inline tests 2021-09-13 17:08:02 +02:00
Chris Smowton
451a46bf0e Add models for getLanguage, getMediaType 2021-09-10 16:36:38 +01:00
Chris Smowton
5e7a3ca2e6 Model UriInfo.relativize and resolve. 2021-09-10 16:36:37 +01:00
Chris Smowton
f1c3a11103 Add sources for Jax-RS filters 2021-09-10 16:36:34 +01:00
Benjamin Muskalla
2d13906e0e Simplify jaxrs setup 2021-09-07 16:46:58 +02:00
Benjamin Muskalla
8830f1531f Convert some tests to use InlineFlowTest 2021-09-07 16:46:58 +02:00
Anders Schack-Mulligen
f6541811d2 Dataflow: Update more tests. 2021-09-07 13:02:20 +02:00
Chris Smowton
eaf3d3cc03 Merge pull request #6162 from smowton/smowton/feature/jax-rs-content-type-sensitivity-fixes 
Jax-RS: implement content-type tracking
 2021-08-03 14:53:31 +01:00
Anders Schack-Mulligen
3c6604daa7 Java: Fix subtypes interpretation. 2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen
6813a79423 Java: Add test for override of Map.put highlighting problem. 2021-07-02 14:41:59 +02:00
Chris Smowton
c37ecb7102 Fix existing JaxRs tests 
* Expose getContentTypeString for use by tests
* Use it to get constant arguments to @Produces annotations
* Note that text/html is xss-vulnerable (I have no idea how it ever came to expect exactly text/plain)
 2021-06-30 12:04:21 +01:00
Chris Smowton
768a8e78dd Fixup JaxRs.ql to cope with stubbed MediaType file 
In a real-world situation this type would be defined in an imported jar, but since here it is defined in a stub the getADeclaredContentType routine can see it is defined as an empty string in the stubbed implementation. Filter these out so the test more closely resembles the real situation.
 2021-06-28 19:24:19 +01:00
Chris Smowton
e2aaae8181 Increase test fieldFlowBranchLimit to 1000 
Might as well head off future failures in this test

Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-21 12:51:37 +01:00
Chris Smowton
c5eef7be8c Increase field flow branch limit in Jax-RS tests 
This fixes apparently-missing results by allowing the dataflow library to persist even when there are many Map implementations possibly available.
 2021-06-21 12:46:13 +01:00
Owen Mansel-Chan
b9bc1f978c Update style of inline expectation comments 2021-06-17 10:04:15 +01:00
Owen Mansel-Chan
0987425f94 Reinstate failing tests with MISSING: prefix 2021-06-17 09:36:51 +01:00
Owen Mansel-Chan
5f82993b0b Put parameters with inline expectation comments on their own lines 2021-06-17 06:41:01 +01:00
Owen Mansel-Chan
5e89fce734 Avoid strange bug by commenting out two tests 2021-06-14 10:57:28 +01:00