hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

601 Commits

Author SHA1 Message Date
Mauro Baluda
bb5ef3ccd9 Update provenance in test expectations 2024-06-10 19:57:37 +02:00
Tony Torralba
292395b80e Update test expectations 2024-06-04 10:35:16 +02:00
Anders Schack-Mulligen
15a7c3faeb Java: Accept qltest .expected file changes. 2024-05-22 15:42:40 +02:00
Anders Schack-Mulligen
a650499a9c Java: Accept qltest .expected file changes (interesting). 2024-05-22 15:42:12 +02:00
Anders Schack-Mulligen
a74cf6501a Java: update qltest expected files. 2024-05-22 11:13:06 +02:00
Rasmus Wriedt Larsen
2451a6d3f6 Accept .expected changes 2024-05-21 14:47:42 +02:00
am0o0
02b0b402d6 remove useless predicate 
add missed FlowState
 2024-05-12 19:29:37 +02:00
am0o0
484923e706 update test files 2024-05-12 18:21:17 +02:00
Am
9946e07f36 Merge branch 'github:main' into amammad-java-bombs 2024-05-12 13:17:02 +02:00
Anders Schack-Mulligen
f85ff9defc Java: Update expected output (interesting). 2024-04-12 09:20:28 +02:00
Anders Schack-Mulligen
c2f5731e8d Java: Update expected output (uninteresting). 2024-04-12 09:20:26 +02:00
Jami Cogswell
a8eb1d10f6 Java: remove experimental tests 2024-03-17 22:35:27 -04:00
Anders Schack-Mulligen
e9e445b2ba Java: Add empty provenance column to expected files. 2024-02-09 11:32:00 +01:00
Tony Torralba
e2bf9ea2eb Consider File.exists() et al a path-injection sink 2024-01-30 14:51:36 +01:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
masterofnow
7162540faf Added options, .qhelp and .expected file for unit test. 2023-12-21 19:57:37 +08:00
masterofnow
25c818f425 Added unit test files. 2023-12-21 12:13:00 +08:00
amammad
0d0dc5158c stash 2023-12-01 15:03:03 +01:00
amammad
59fb479895 update tests 2023-10-14 12:28:58 +02:00
Eric Bickle
000c1f7ec8 Java: Flow taint through ArithExpr for ThreadResourceAbuse 
Ensure that tainted values flow through arithmetic operations when
checking for ThreadResourceAbuse vulnerabilities.

For example, multiplying 'number of seconds' by 1000 as an input
to Thread.Sleep, which accepts milliseconds, is a common scenario.
 2023-10-06 14:24:37 -07:00
aegilops
3658710578 Fixed formatting, committed expected test results 2023-08-03 13:50:40 +01:00
Paul Hodgkinson
3bc7cf6ac7 Merge branch 'main' into java/experimental/command-injection 2023-07-31 19:14:55 +01:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
aegilops
8dbb0a51c0 Rewrote tests to work 2023-06-29 09:47:03 +01:00
aegilops
01798f63f8 Switched to new dataflow and added a test (but it doesn't produce results yet) 2023-06-28 17:14:39 +01:00
amammad
7354db873a V1 Bombs 2023-06-24 08:57:57 +10:00
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Tony Torralba
416d3d587d Accept test changes 
An uncovered test case is now correctly covered
 2023-06-07 10:33:17 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Anders Schack-Mulligen
8e6038577d Java: Update expected output. 2023-04-26 14:45:40 +02:00
Tony Torralba
fba61d51ed Remove experimental files 2023-04-26 12:24:30 +02:00
Tony Torralba
7d0680a280 Update JsonpInjection test expectations 2023-04-13 12:06:54 +02:00
Ed Minnix
57886e1713 Moved files from experimental to src/ 2023-03-27 12:16:43 -04:00
Ed Minnix
6de946ef00 Remove experimental files 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
Jami Cogswell
fd593fd4f0 Java: undo changes to tests that were affected by numeric-flow summary models 2023-01-11 22:34:19 -05:00
Jami Cogswell
f933fc75cd Java: update another test affected by Integer.parseInt, and one affected by String.length 2022-12-18 21:46:43 -05:00
Jami Cogswell
f3fc68352e Java: update tests affected by Integer.parseInt model 2022-12-18 19:43:32 -05:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
retanoj
de652e1e27 expected 2022-12-06 18:09:48 +08:00
retanoj
fb8559f03a tiny fix function name 2022-12-06 18:03:00 +08:00
retanoj
d2140eb4b1 MyBatisAnnotationSqlInjection no @Param case 2022-12-06 17:07:49 +08:00
Tony Torralba
4bbc1dc734 Update test expectations 2022-11-24 12:34:48 +01:00
Tony Torralba
443d0f50c1 Apply suggestions from code review 2022-11-24 11:10:07 +01:00
ka1n4t
d113fb23c8 Add test case for PR-11368 2022-11-23 11:05:58 +08:00
Jami
8a73675483 Merge pull request #11070 from jcogs33/java-regex-injection 
Java: Promote regex injection query from experimental
 2022-11-21 15:04:26 -05:00
Jami Cogswell
32b140045e move files out of experimental 2022-11-08 15:29:32 -05:00
Jami Cogswell
9b7df354e6 move files 2022-10-11 16:56:10 -04:00