hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

987 Commits

Author SHA1 Message Date
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00
Ed Minnix
b713efb711 Add ThreadLocalRandom.current as another source 2023-12-11 11:18:38 -05:00
Ed Minnix
1daa83bf46 Add test cases 2023-12-11 11:18:38 -05:00
Chris Smowton
29fdd04eb0 Include switch and instanceof binding in Variable.getAnAssignedValue, and test via endsInQuote 2023-11-30 11:24:05 +00:00
Max Schaefer
ca334021ad Merge pull request #14793 from github/max-schaefer/tainted-path-qhelp 
Java: Improve QHelp for `java/path-injection` to mention less disruptive fixes.
 2023-11-16 14:09:55 +00:00
Max Schaefer
a5e7ef424e Revert "Add additional example." 
This reverts commit 947b094387.
 2023-11-16 11:54:16 +00:00
Max Schaefer
947b094387 Add additional example. 2023-11-16 10:06:19 +00:00
Max Schaefer
009d58034f Address suggestions from review. 2023-11-16 10:05:54 +00:00
Max Schaefer
a46a7fadb2 Java: Improve QHelp for java/path-injection to mention less disruptive fixes. 2023-11-15 11:25:13 +00:00
Tony Torralba
7af3d239ab Java: Add JMS sink to java/unsafe-deserialization 2023-10-26 16:46:19 +02:00
Chris Smowton
f552a15aae Mass-rename MethodAccess -> MethodCall 2023-10-24 10:30:26 +01:00
Tony Torralba
4ecda9cccd Add consistency check exception 2023-10-17 10:18:19 +02:00
Tony Torralba
d08ee76b16 Java: Improve java/spring-disabled-csrf-protection 2023-10-16 16:01:14 +02:00
Anders Schack-Mulligen
8ee1f8ae69 Java: Add missing flow step for ThreadLocal.initialValue. 2023-09-22 13:33:45 +02:00
Anders Schack-Mulligen
7e04ac55b7 Merge pull request #14268 from aschackmull/java/xmlparsers-typetrack 
Java/Dataflow: Add new light-weight data flow api and use it in XmlParsers
 2023-09-21 13:33:21 +02:00
Anders Schack-Mulligen
5c40d553b4 Java: Switch XmlParsers lib to lightweight data flow. 2023-09-20 10:21:53 +02:00
yoff
4a37c2fc3a Merge pull request #13778 from geoffw0/javaparsemode 
Java: Understand multiple parse mode flags specified in a regular expression string
 2023-09-18 14:22:59 +02:00
Tony Torralba
b08e410f45 Merge pull request #14029 from atorralba/atorralba/apache-cxf-models 
Java: Add new Apache CXF models
 2023-09-18 10:54:05 +02:00
Geoffrey White
af3d8c88bb Java: Fix test comment. 2023-09-13 17:58:31 +01:00
Geoffrey White
8c3e778be6 Java: Port regex mode flag character fix from Python. 2023-09-13 17:50:52 +01:00
Tony Torralba
2448bc8ce2 Java: Add new Apache CXF models 2023-08-25 11:17:51 +02:00
Jeroen Ketema
b550c067a1 Java: Remove redundant inline expectation test imports 2023-08-25 00:18:55 +02:00
Jeroen Ketema
9d573e5544 Consolidate all InlineFlowTest libraries in the dataflow qlpack 2023-08-24 21:38:46 +02:00
Tony Torralba
8c32919381 Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models 
Java: New models for JAX-RS
 2023-08-24 11:43:13 +02:00
Tony Torralba
0f3918af16 Merge pull request #13773 from atorralba/atorralba/java/mdht-xxe-sink 
Java: Add XXE sinks for MDHT
 2023-08-23 13:49:49 +02:00
Edward Minnix III
929090a847 Typos and style fixes 
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2023-08-17 13:05:37 -04:00
Ed Minnix
55fae2daaa Added ESAPI sanitizer 2023-08-17 13:05:37 -04:00
Ed Minnix
97d6e82869 Stubs for org.owasp.esapi 2023-08-17 13:05:37 -04:00
Ed Minnix
f58590c6a9 Trust Boundary Work 2023-08-17 13:05:37 -04:00
Ed Minnix
2aba425464 TrustBoundary test ql file 2023-08-17 13:05:36 -04:00
Geoffrey White
657642a122 Java: Expose parts of the vquery message in the test. 2023-08-14 14:12:07 +01:00
Tony Torralba
fb0102b763 Java: New models for JAX-RS 2023-08-07 11:52:23 +02:00
Tony Torralba
2cbb7ed296 Java: Add XXE sinks for MDHT 2023-07-31 11:13:17 +02:00
Geoffrey White
369f88beda Java: Fix for multiple parse mode flags. 2023-07-20 11:49:54 +01:00
Geoffrey White
32c10885d4 Java: Add test case. 2023-07-20 11:43:11 +01:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
Tony Torralba
16529cdd18 Add failing test 2023-07-10 17:40:15 +02:00
Tony Torralba
a7c2a25cac Merge pull request #12879 from atorralba/atorralba/java/command-injection-mad-sinks 
Java: Convert all command injection sinks to MaD format
 2023-06-27 14:06:45 +02:00
Jorge
7d0b880bf7 Merge branch 'main' into jorgectf/deserialization-lookahead 2023-06-23 18:24:39 +02:00
jorgectf
b6e4ba6f9d Add SerialKiller model 2023-06-23 18:19:43 +02:00
Jeroen Ketema
742eb8dd12 Java: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:52:10 +02:00
Tony Torralba
182513a981 Merge pull request #13235 from atorralba/atorralba/java/hudson-models 
Java: Add Hudson models
 2023-06-14 12:33:18 +02:00
Jeroen Ketema
c3ba206b6a Merge pull request #13346 from jketema/inline-2 
Update inline expectation tests to use parameterized module
 2023-06-13 10:10:55 +02:00
Tony Torralba
ffe67689ec Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-13 09:27:33 +02:00
Jeroen Ketema
49993b023e Java: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:17 +02:00
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Tony Torralba
ad2f558002 Add Hudson models 
Includes models-as-data rows, flow sources, and XSS sanitizers.

Tests for models-as-data rows not included.
 2023-06-02 11:06:24 +02:00
Tony Torralba
c3b1ef2cdf Merge branch 'main' into atorralba/java/command-injection-mad-sinks 2023-06-02 08:57:24 +02:00