codeql

mirror of https://github.com/github/codeql.git synced 2026-05-24 08:07:07 +02:00

Author	SHA1	Message	Date
Nicolas Will	3869abebea	Fix Micronaut ql-for-ql alerts	2026-02-27 17:24:02 +01:00
Nicolas Will	cf31af77c9	Add Micronaut framework support for Java QL Add CodeQL support for Micronaut: add MaD models for HTTP, HTTP client and multipart (sources, sinks and summary propagation), new framework QLL modules (Controller, WebSocket, Config, Data, Security). Add library tests and query tests exercising request inputs, file uploads, HttpClient sinks (SSRF), header sinks (response-splitting) and redirect sinks (open-redirect), plus expected results and extractor options. Include Micronaut 4.x stubs used by the tests.	2026-02-27 17:17:07 +01:00
Anders Schack-Mulligen	6f40ac15b4	Java: Rename ReturnStmt.getResult to getExpr.	2026-02-04 14:43:31 +01:00
Tom Hvitved	7024b07dd2	Java: Adapt to changes in `FlowSummaryImpl` Missing manual models were added using the following code added to `FlowSummaryImpl.qll`: ```ql private predicate testsummaryElement( Input::SummarizedCallableBase c, string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model, boolean isExact ) { exists(string input, string output, Callable baseCallable \| summaryModel(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, kind, provenance, model) and baseCallable = interpretElement(namespace, type, subtypes, name, signature, ext, isExact) and ( c.asCallable() = baseCallable and input = originalInput and output = originalOutput or correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalInput, input) and correspondingKotlinParameterDefaultsArgSpec(baseCallable, c.asCallable(), originalOutput, output) ) ) } private predicate testsummaryElement2( string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model, string namespace2, string type2 ) { exists(Input::SummarizedCallableBase c \| testsummaryElement(c, namespace2, type2, _, _, _, ext, originalInput, originalOutput, kind, provenance, model, false) and testsummaryElement(c, namespace, type, subtypes, name, _, _, _, _, _, provenance, _, true) and signature = paramsString(c.asCallable()) and not testsummaryElement(c, _, _, _, _, _, _, originalInput, originalOutput, kind, provenance, _, true) ) } private string getAMissingManualModel(string namespace2, string type2) { exists( string namespace, string type, boolean subtypes, string name, string signature, string ext, string originalInput, string originalOutput, string kind, string provenance, string model \| testsummaryElement2(namespace, type, subtypes, name, signature, ext, originalInput, originalOutput, kind, provenance, model, namespace2, type2) and result = "- [\"" + namespace + "\", \"" + type + "\", True, \"" + name + "\", \"" + signature + "\", \"\", \"" + originalInput + "\", \"" + originalOutput + "\", \"" + kind + "\", \"" + provenance + "\"]" ) } ```	2026-01-26 12:40:15 +01:00
Owen Mansel-Chan	8a80158959	Merge pull request #17590 from Kwstubbs/java-mad-test Java: FileUpload Support MaD	2026-01-08 13:33:55 +00:00
Owen Mansel-Chan	6c291e1e7f	Add model for `handlePongMessage` and update test	2026-01-07 11:09:59 +00:00
Owen Mansel-Chan	bf79b8a792	Merge branch 'main' into java-mad-test	2026-01-01 23:34:45 +00:00
Joe Farebrother	94fcee5340	minor formatting tweak	2025-12-09 14:15:36 +00:00
Joe Farebrother	d98e660803	Test fixes + more tests	2025-12-09 14:13:28 +00:00
Joe Farebrother	a594ca9de8	Add tests	2025-12-09 14:12:45 +00:00
Anders Schack-Mulligen	dc6d3fe7ba	Use flowFrom.	2025-12-03 14:04:18 +01:00
Owen Mansel-Chan	fe6b4330de	Fix test import	2025-10-28 23:14:23 +00:00
Kevin Stubbings	0d3b65a35b	Resolved merge conflicts and completed merge	2025-10-06 22:37:28 -07:00
Owen Mansel-Chan	708bbe391e	Add test for `SpringRequestMappingMethod.getAValue`	2025-05-22 12:22:34 +01:00
Jami Cogswell	e17486a9d8	Java: rename springframework stubs directory from 5.3.8 to 5.8.x	2025-03-11 15:20:58 -04:00
Jami Cogswell	61a184c1d7	Java: update more tests	2025-02-14 16:08:06 -05:00
Owen Mansel-Chan	19df33fb43	Remove another erroneous comment Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2025-01-21 09:25:37 +00:00
Owen Mansel-Chan	6fa18be0cc	Fix QLDocs	2025-01-20 22:07:01 +00:00
Owen Mansel-Chan	9cc614ac2d	Allow jax-rs path annotation inheritance	2025-01-07 16:44:12 +00:00
Owen Mansel-Chan	de1b374e0e	Test JAX-RS class/interface annotation inheritance	2025-01-07 15:28:41 +00:00
Michael Nebel	0a1d2d0bbb	Java: Update all test util paths to point to the new location.	2024-12-12 13:21:25 +01:00
Anders Schack-Mulligen	4bf63fedc9	Merge pull request #18179 from aschackmull/dataflow/accesspath-notypes Dataflow: Remove tracked types from Access Paths, track tainted object type, and tweak type pruning.	2024-12-05 09:58:36 +01:00
Jeroen Ketema	89d20fd086	Java: Update expected test results	2024-12-03 19:18:59 +01:00
Anders Schack-Mulligen	9734cff15b	Java/C#: Update expected files.	2024-12-03 12:57:44 +01:00
Kevin Stubbings	9c63033d45	Fix tests	2024-11-20 16:53:39 +00:00
Kevin Stubbings	981f67598c	Formatting	2024-11-20 07:51:11 +00:00
Kevin Stubbings	ddcf852d3f	Add taint steps	2024-11-20 01:07:03 +00:00
Tom Hvitved	95e9d013cc	Update expected test output	2024-11-04 12:07:06 +01:00
Michael Nebel	e2ada2536b	Java: Update java.net expected output.	2024-10-21 15:19:41 +02:00
Rasmus Wriedt Larsen	381ea93ec3	Merge pull request #17424 from RasmusWL/active-threat-model-source Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`	2024-09-26 13:08:17 +02:00
Tom Hvitved	f287216060	Update expected test output	2024-09-24 14:21:38 +02:00
Rasmus Wriedt Larsen	63c3a71d95	Merge branch 'main' into active-threat-model-source	2024-09-23 11:18:14 +02:00
Mauro Baluda	cab35a25a5	Remove duplicate summary for `MultipartFile.getInputStream` and update `.expected` file	2024-09-18 20:43:04 +02:00
Rasmus Wriedt Larsen	8c10155eb7	mass rename to ActiveThreatModelSource	2024-09-12 10:16:55 +02:00
Michael Nebel	53b2471c9d	Java: Update expected test output.	2024-08-29 09:03:46 +02:00
Michael Nebel	7488cc0811	Java: Updated expected test output.	2024-08-27 13:28:13 +02:00
Asger F	9703f67794	Test output updates that only affect nodes/edges	2024-08-23 11:03:26 +02:00
Anders Schack-Mulligen	525b6f30e3	C++/C#/Java: Accept test changes.	2024-08-21 10:51:28 +02:00
Chris Smowton	80e03c3c51	Improve ql/doc style	2024-08-19 16:25:06 +01:00
Chris Smowton	27522a2781	Remove redundant imports	2024-08-19 16:23:06 +01:00
Chris Smowton	9c0bdbb20a	Java: add a test exercising Spring component liveness detection The existing Spring stubs are expanded sufficiently to support the needed annotations and a few referenced classes and exceptions.	2024-08-16 16:36:08 +01:00
Anders Schack-Mulligen	51c43a7440	Java: Accept expected changes.	2024-08-16 07:01:35 +02:00
Anders Schack-Mulligen	e77c3dfda1	Java: Fix expected files following https://github.com/github/codeql/pull/17233 and https://github.com/github/codeql/pull/17224 .	2024-08-15 15:45:37 +02:00
Anders Schack-Mulligen	fb1dfd4217	Java: Accept test changes.	2024-08-15 10:32:12 +02:00
Anders Schack-Mulligen	3cdc8d5eca	Java: Add PathGraph to test output for default inline flow tests.	2024-08-15 10:17:31 +02:00
Jami Cogswell	bab89c46b6	Java: use post-process provenance pretty-printing in library-tests	2024-07-28 18:13:58 -04:00
Jami	91f5f086fb	Merge pull request #17025 from jcogs33/jcogs33/java/adjust-url-syntheticfield Java: add TaintInheritingContent for URL synthetic fields	2024-07-25 12:11:39 -04:00
Jami Cogswell	4790656b79	Java: add TaintInheritingContent for URL synthetic fields	2024-07-20 23:03:32 -04:00
Ed Minnix	62944ee473	Add tests for lastaflute framework	2024-07-18 17:41:02 -04:00
Anders Schack-Mulligen	37d78249e7	Java: Update provenance ids.	2024-07-16 11:11:54 +02:00

1 2 3 4 5 ...

488 Commits