hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

61 Commits

Author SHA1 Message Date
Chris Smowton
15989ce213 Merge pull request #14089 from am0o0/amammad-java-JWT 
Java: JWT decoding without verification
 2024-08-21 14:14:08 +01:00
am0o0
f4764378c9 update tests to contain the new source, delete query with local sources 2024-08-16 16:15:46 +02:00
Chris Smowton
95e504a5ff Merge branch 'main' into am0o0-java-PathInjection 2024-08-05 11:41:25 +01:00
am0o0
4169cfac9f use the current slf4j stubs instead of new one 2024-08-03 14:12:18 +02:00
am0o0
ee9f134828 update current springframework core stub and use this instead of creating a new stubs 2024-08-02 01:00:34 +02:00
am0o0
af43178602 move slf4j to a separate dir 2024-08-02 00:35:20 +02:00
am0o0
1551cf0093 move java/ql/test/experimental/stubs/org-springframework-6.1.4/org/reactivestreams into a separate dir 2024-08-02 00:06:02 +02:00
Chris Smowton
142d7ae005 Make test compatible with Servlet 2.5; use old Servlet stubs 2024-07-28 10:26:58 +02:00
am0o0
71e1d63953 finilize tests 2024-07-13 18:00:50 +02:00
am0o0
d8e2d355df categorize the new stubs 2024-07-13 17:25:38 +02:00
am0o0
1d1c476674 update tests and use TaintFlowTestArgString 
add stubs
add missed sink models
 2024-07-13 16:58:51 +02:00
am0o0
dd4bce8e30 finilize tests 2024-07-09 19:48:58 +02:00
Chris Smowton
0a6ccbca45 Add stubs and tests for new hardcoded-credential sinks 2022-08-13 12:39:15 +01:00
Porcuiney Hairs
e536628a66 Java : Add SSTI query 2022-02-22 15:57:53 +05:30
Tony Torralba
c792567904 Move from experimental 2021-09-27 11:57:53 +02:00
Tony Torralba
0356ed7f9e Merge pull request #5911 from atorralba/atorralba/promote-missing-jwt-signature-check 
Java: Promote Missing JWT signature check query from experimental
 2021-08-05 09:43:03 +02:00
Anders Schack-Mulligen
6a09a5667d Merge pull request #5931 from atorralba/atorralba/promote-jndi-injection 
Java: Promote JNDI Injection query from experimental
 2021-08-04 15:48:44 +02:00
Anders Schack-Mulligen
7fb1e1578e Merge pull request #5894 from atorralba/atorralba/promote-ognl-injection 
Java: Promote OGNL Injection query from experimental
 2021-08-03 15:31:40 +02:00
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Tony Torralba
b08f417a1e Merge branch 'main' into atorralba/promote-groovy-injection 2021-07-19 12:44:03 +02:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
haby0
3cf71c50b8 Mobile stubs 2021-06-24 19:24:38 +08:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Tony Torralba
91ba30a781 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-06-16 15:46:14 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
Chris Smowton
4ddf4558a7 Merged simplified query 2021-06-04 16:07:15 +02:00
Timo Mueller
75f6ec1f0d Updated test cases to include test for java10+ CREDENTIALS_FILTER_PATTERN constant 2021-05-25 17:08:58 +02:00
Timo Mueller
59ebe08c78 Added stup for RMIConnectorServer for valid test case 2021-05-25 16:40:41 +02:00
Tony Torralba
1351516e9a Moved JNDI injection related files from experimental to standard 2021-05-19 11:32:51 +02:00
Tony Torralba
e58746508d Merge branch 'main' into atorralba/promote-ognl-injection 2021-05-19 10:41:08 +02:00
luchua-bc
d664aa6d6a Include more scenarios and update qldoc 2021-05-18 16:12:22 +00:00
luchua-bc
b0b5338359 Rhino code injection 2021-05-18 16:12:22 +00:00
Tony Torralba
3e4ccaf9a8 Move from experimental to standard 2021-05-17 10:41:54 +02:00
Tony Torralba
fc03b92e11 Moved from experimental to standard 2021-05-11 15:42:13 +02:00
Chris Smowton
0afe22d60c Merge pull request #5710 from p0wn4j/jsch-os-injection 
[Java] CWE-078: Add JSch lib OS Command Injection sink
 2021-05-10 16:12:00 +01:00
Chris Smowton
ad9ea40954 Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse 
[Java] JWT without signature check.
 2021-04-29 14:41:11 +01:00
intrigus
a8865e2fa2 Java: Cleanup jwt stubs. 2021-04-28 20:46:09 +02:00
p0wn4j
3d891f0b39 [Java] CWE-078: Add JSch OS command injection sink 2021-04-26 18:20:32 +04:00
p0wn4j
f2de440886 [Java] CWE-094: Query to detect Groovy Code Injections 2021-04-20 19:18:24 +04:00
intrigus
b7e49c78fe [Java] Add stubs for jwtk-jjwt-0.11.2 2021-04-06 01:01:23 +02:00
intrigus
a4cbd7037b Java: Add tests for different versions. 
Adds a test for version 6.24, because that version is not vulnerable.
The other test is for versions < 6.24, because these versions are
vulnerable.
 2021-01-15 17:20:57 +01:00
intrigus
b30872806d Java: Add tests and test stubs. 2021-01-12 14:49:12 +01:00
Anders Schack-Mulligen
0450489022 Java: Review fixes. 2020-11-24 11:31:44 +01:00
Porcupiney Hairs
38de9b6433 add request forgery query 2020-11-10 01:19:35 +05:30
Grzegorz Golawski
5e462a897d Merge branch 'main' into xslt-injection 2020-08-30 22:45:31 +02:00
Grzegorz Golawski
37f4410764 Fix test 2020-08-30 22:32:57 +02:00
Anders Schack-Mulligen
6eac8e82a3 Java: Consolidate spring-ldap-2.3.2 stubs. 2020-07-08 10:08:44 +02:00
Anders Schack-Mulligen
40b9d34ab9 Java: Consolidate springframework-5.2.3 stubs 2020-07-08 09:57:48 +02:00