hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

987 Commits

Author SHA1 Message Date
Nora Dimitrijević
192f45ed2b Java: convert FragmentInjection test to .qlref 2025-06-24 16:42:10 +02:00
Nora Dimitrijević
2b19cbcd7e Java: convert UnsafeContentUriResolution test to .qlref 2025-06-24 16:42:08 +02:00
Nora Dimitrijević
28694276e2 Java: convert MissingJWTSignatureCheck test to .qlref 2025-06-24 16:42:06 +02:00
Nora Dimitrijević
85c2f72892 Java: convert InsecureRandomness test to .qlref 2025-06-24 16:42:04 +02:00
Nora Dimitrijević
288a938814 Java: convert InsufficientKeySize test to .qlref 2025-06-24 16:42:02 +02:00
Nora Dimitrijević
993b261b63 Java: convert InsecureTrustManager test to .qlref 2025-06-24 16:42:00 +02:00
Nora Dimitrijević
b736e3733c Java: convert IntentUriPermissionManipulation test to .qlref 2025-06-24 16:41:58 +02:00
Nora Dimitrijević
c77875d834 Java: convert TemplateInjection test to .qlref 2025-06-24 16:41:56 +02:00
Nora Dimitrijević
b8c7bd29c3 Java: convert SpelInjection test to .qlref 2025-06-24 16:41:54 +02:00
Nora Dimitrijević
2a837b208b Java: convert MvelInjection test to .qlref 2025-06-24 16:41:52 +02:00
Nora Dimitrijević
1b61cb660a Java: convert JexlInjection test to .qlref 2025-06-24 16:41:50 +02:00
Nora Dimitrijević
1cc91e964d Java: convert GroovyInjection test to .qlref 2025-06-24 16:41:48 +02:00
Nora Dimitrijević
8e53da285f Java: convert XSS test to .qlref 2025-06-24 16:41:46 +02:00
Nora Dimitrijević
199eabdd20 Java: convert XsltInjection test to .qlref 
Also, split off into separate directory from JndiInjectionTest because their $Alerts were interfering with each other.
 2025-06-24 16:41:43 +02:00
Nora Dimitrijević
3f9e0fee81 Java: convert JndiInjection test to .qlref 2025-06-24 16:41:41 +02:00
Nora Dimitrijević
e1ddce8456 Java: convert PartialPathTraversalFromRemote test to .qlref 2025-06-24 16:41:39 +02:00
Nora Dimitrijević
588efe4b2b Java: Convert TaintedPath test to .qlref 2025-06-24 16:41:35 +02:00
Chris Smowton
3c555fce11 Add basic test for SQL injection vs Jakarta Persistence 2025-04-01 17:13:23 +01:00
Nick Rolfe
361fbba39b Java: fix comma splice in alert message 2025-03-21 14:23:32 +00:00
Owen Mansel-Chan
5c7588822d Fix test output 2025-03-14 11:44:00 +00:00
Owen Mansel-Chan
a8e993c942 Fix FP for always-locked fields 2025-03-13 15:03:32 +00:00
Owen Mansel-Chan
dc2cbf7402 Add tests for always-locked fields 2025-03-13 15:02:26 +00:00
Owen Mansel-Chan
aed51644ba Convert to inline expectations test 2025-03-13 12:55:02 +00:00
Jami Cogswell
e17486a9d8 Java: rename springframework stubs directory from 5.3.8 to 5.8.x 2025-03-11 15:20:58 -04:00
Jami
ea9b0462bf Merge pull request #18793 from jcogs33/jcogs33/java/spring-boot-actuators-promo 
Java: Promote Spring Boot Actuators query from experimental
 2025-03-11 14:42:14 -04:00
Owen Mansel-Chan
f2947f7066 Fix indentation 2025-03-05 14:13:53 +00:00
Lukas Abfalterer
41e9a837e5 Fix naming 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2025-03-05 12:50:54 +01:00
Lukas Abfalterer
c9b75afc2a Fix QLL and add change notes with tests 2025-03-05 10:23:35 +01:00
Jami Cogswell
82062e2847 Java: update test 2025-03-04 11:15:00 -05:00
Jonas Jensen
2edc9af1e0 Merge pull request #18848 from jbj/StaticInitializationVector-postprocess 
Java: StaticInitializationVector with postprocess
 2025-02-25 12:44:16 +01:00
Owen Mansel-Chan
74a249597a Merge pull request #18607 from owen-mc/java/xss-content-type-sanitizer 
Java: Add XSS Sanitizer for `HttpServletResponse.setContentType` with safe values
 2025-02-24 23:39:18 +00:00
Jami Cogswell
26e396732a Java: edit qhelp 2025-02-24 18:33:43 -05:00
Jami Cogswell
53cb30dcd0 Java: update metadata, move from CWE-016 to CWE-200 2025-02-24 18:33:41 -05:00
Jami Cogswell
f65a5b9a66 Java: add test for qhelp good example 2025-02-24 18:27:45 -05:00
Jami Cogswell
9e51b014d2 Java: handle example in Spring docs 2025-02-24 18:27:43 -05:00
Jami Cogswell
b2469ff8ba Java: add APIs and tests for more recent Spring versions: authorizeHttpRequests, AuthorizeHttpRequestsConfigurer, securityMatcher(s) 2025-02-24 18:26:02 -05:00
Jami Cogswell
8dfb920e05 Java: refactor QL, move code to libraries 2025-02-24 18:24:48 -05:00
Jami Cogswell
8064e8f1f9 Java: convert tests to inline expectations 2025-02-24 18:24:26 -05:00
Jami Cogswell
089a491d5a Java: fix tests; update for non-experimental directory 2025-02-24 18:24:17 -05:00
Jami Cogswell
2ce5920c5e Java: copy out of experimental 2025-02-24 18:24:12 -05:00
Jonas Jensen
11a0a9f8af Java: StaticInitializationVector with postprocess 
Use the new `postprocess` feature for the test of
`StaticInitializationVector.ql`. This makes it easier to modify and test
this query for diff-informed operation.
 2025-02-24 13:33:02 +01:00
Jami
d94dc5aa40 Merge pull request #18504 from jcogs33/jcogs33/java/file-constructor-path-sanitizer 
Java: `File` constructor path sanitizer
 2025-02-18 08:00:32 -05:00
Jami Cogswell
2bb6a3914b Java: update tests 2025-02-14 15:16:08 -05:00
Jami Cogswell
530103e2d9 Java: narrow query 
remove PUT and DELETE from StaplerCsrfUnprotectedMethod

remove OPTIONS and TRACE from SpringCsrfUnprotectedMethod
 2025-01-30 10:14:31 -05:00
Jami Cogswell
d4114f66c2 Java: more name-based heuristic tests to test regex 2025-01-30 10:14:16 -05:00
Jami Cogswell
0ab37684e1 Java: more database update tests and stubs 2025-01-30 10:14:14 -05:00
Jami Cogswell
3bf6dc24c1 Java: Stapler tests and stubs 2025-01-30 10:14:11 -05:00
Jami Cogswell
fa27689719 Java: update InlineExpectationsTest import for new location 2025-01-30 10:14:05 -05:00
Jami Cogswell
ede9e78645 Java: remove exists variable in test 2025-01-30 10:14:01 -05:00
Jami Cogswell
c9ad15cc83 Java: update .expected file contents 2025-01-30 10:13:57 -05:00