hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

114 Commits

Author SHA1 Message Date
yo-h
eedc385b37 Java 15: adjust test options 2020-11-26 00:14:24 -05:00
Alvaro Muñoz
3dcd8acf97 add expected results 2020-10-27 15:47:54 +01:00
Alvaro Muñoz
671ea2f6c6 add test and stubs 2020-10-27 15:47:54 +01:00
Anders Schack-Mulligen
a806a4f086 Merge pull request #4312 from JLLeitschuh/feat/JLL/java/jhipster_CVE-2019-16303 
Java: QL Query Detector for JHipster Generated CVE-2019-16303
 2020-10-16 15:47:09 +02:00
Joe Farebrother
aa8bacb724 Java: Update test output 2020-10-12 15:50:47 +01:00
Jonathan Leitschuh
ab3772eaeb Update JHipster CodeQL query from code review 2020-10-01 15:38:56 -04:00
Jonathan Leitschuh
ab618dcf2f Java: QL Query Detector for JHipster Generated CVE-2019-16303 2020-09-21 18:46:13 -04:00
Joe
fcfc836720 Java: Add tests for ExecTainted 2020-09-17 16:47:55 +01:00
Anders Schack-Mulligen
cc61e6117e Merge pull request #3542 from porcupineyhairs/mongoJava 
Java : add MongoDB injection sinks
 2020-09-01 16:19:17 +02:00
Anders Schack-Mulligen
e5d7208c12 Java: Adjust a few qltests. 2020-09-01 12:49:09 +02:00
Anders Schack-Mulligen
1dae99e4a5 Merge pull request #3543 from porcupineyhairs/WebsocketReadAsSource 
Java: add websocket reads as remote flow source.
 2020-09-01 10:58:02 +02:00
Porcupiney Hairs
441825919c Java : add MongoDB injection sinks 2020-08-31 02:24:23 +05:30
Porcupiney Hairs
4f07733b06 remove U+200B 2020-08-30 04:54:02 +05:30
Porcupiney Hairs
3f6eef8437 Java: add websocket reads as remote flow source. 
Currently, JAX-WS reads are considered as untrusted. However, `java.net.http.WebSocket` reads are not marked as such.

This PR adds support for the same.
 2020-08-27 02:45:59 +05:30
Anders Schack-Mulligen
a5701db3fa Java: Support String.formatted in the format string queries. 2020-08-17 15:01:48 +02:00
Arthur Baars
67b6018079 Merge pull request #3729 from luchua-bc/java-hardcoded-aws-credentials 
Java: Hardcoded AWS credentials
 2020-07-13 18:04:42 +02:00
luchua-bc
12803f1f53 Merge Hardcoded AWS Credentials check into the mail source folder 2020-07-13 12:22:34 +00:00
Anders Schack-Mulligen
581d496167 Java: Fix LdapInjection qltest 2020-07-08 14:04:01 +02:00
Jonathan Leitschuh
c2052ed152 Add .gitignore for VS Code Generated maven project files 
When VS Code detects a Maven project, it automatically generates
a bunch of Eclipse files to describe the project.

These are now ignored in order to not pollute the repository
 2020-06-15 22:29:30 -04:00
Anders Schack-Mulligen
8cbc01d49b Java: Add a few qltest cases for nullness and range analysis FPs. 2020-05-20 10:44:15 +02:00
Anders Schack-Mulligen
4601639bad Java: Document a FP in a test. 2020-03-03 13:39:26 +01:00
Anders Schack-Mulligen
3b81c3b95c Merge pull request #2651 from ggolawski/java-ldap-injection 
Java LDAP Injection (CWE-90)
 2020-01-31 16:43:52 +01:00
Grzegorz Golawski
3fd8d9eb5c Rename CWE-90 into CWE-090 2020-01-30 22:33:20 +01:00
Anders Schack-Mulligen
ea3d7b1b2f Java: Adjust stubs and unit test. 2020-01-30 11:27:33 +01:00
Anders Schack-Mulligen
9391058363 Java: Add unit test for ldap injection. 2020-01-29 11:37:33 +01:00
yo-h
97069a7988 Merge pull request #2683 from aschackmull/java/lshift32 
Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant.
 2020-01-28 13:30:26 -05:00
Anders Schack-Mulligen
4bd332ddca Java: Add Expr.isParenthesized, adjust VarAccess.toString, and fix tests. 2020-01-28 10:15:48 +01:00
Anders Schack-Mulligen
4cb28d9b1d Java: Add new query for large left shifts and bugfix ConstantExpAppearsNonConstant. 2020-01-28 10:13:34 +01:00
Chris Gavin
0e8d435ca1 Java: Add a test for java/suspicious-date-format. 2020-01-27 11:57:59 +00:00
Esben Sparre Andreasen
8deefd60a7 java: fixup whitespace/tabs in test 2020-01-24 11:01:38 +01:00
Esben Sparre Andreasen
57b3a55b48 java: sharpen java/maven/non-https-url to allow localhost URLs 2020-01-24 08:51:54 +01:00
Esben Sparre Andreasen
a5558809f4 java: add more tests for java/maven/non-https-url 2020-01-24 08:49:59 +01:00
Anders Schack-Mulligen
2dca188288 Java: Document two FPs with unit tests. 2020-01-17 09:57:11 +01:00
Anders Schack-Mulligen
ad92d6fe0f Merge pull request #2607 from yo-h/java-alert-suppression-block-comment 
Java: allow single-line `/* ... */` comments for alert suppression
 2020-01-10 11:05:23 +01:00
yo-h
1078424f79 Java: allow single-line /* ... */ comments for alert suppression 2020-01-08 09:19:25 -05:00
Anders Schack-Mulligen
e74aa33f9d Java: Include non-null final fields in clearlyNotNull. 2020-01-03 16:24:54 +01:00
Anders Schack-Mulligen
7e987c570f Merge pull request #2413 from JLLeitschuh/feature/JLL/maven_insecure_artifact_resolution 
Java: Use of HTTP/FTP to download/upload Maven artifacts
 2020-01-02 14:47:30 +01:00
Anders Schack-Mulligen
f88623ccb4 Java: Add .expected file to qltest. 2019-12-13 14:34:29 +01:00
Jonathan Leitschuh
229622459c Update InsecureDependencyResolution with code review comments 2019-12-09 20:37:53 -05:00
yo-h
ed97be459f Merge pull request #2454 from aschackmull/java/explicit-mul-zero 
Java: Allow explicit zero multiplication in java/evaluation-to-constant.
 2019-12-06 18:13:43 -05:00
Henning Makholm
95c26a51af remove java test EmptyInterface 
This is a test of an internal query for the Semmle repository. It cannot
run against the public QL repository alone, and therefore should not be
tested here.

https://git.semmle.com/Semmle/code/pull/35690 adds the test back to the
internal repo.
 2019-12-02 15:29:42 +01:00
Anders Schack-Mulligen
2c3a6d7359 Java: Allow explicit zero multiplication in java/evaluation-to-constant. 2019-11-27 11:49:43 +01:00
Cornelius Riemenschneider
5d4b6c3a8c Nullness: Track correlated conditions of equality tests of variables. 2019-11-21 19:24:40 +01:00
Cornelius Riemenschneider
92f32a12d8 Add tests for nullness tracking by comparing variables. 2019-11-21 19:23:39 +01:00
Cornelius Riemenschneider
3e5324e772 More precise Nullness tracking by taking correlated instanceof expressions into account. 
Fixes #2238.
 2019-11-21 18:38:27 +01:00
Cornelius Riemenschneider
d8aae1c126 Add tests to track nullness by instanceof checks. 2019-11-21 18:38:27 +01:00
Anders Schack-Mulligen
81a90943c0 Java: Fix range analysis bug where int was assumed. 2019-11-15 15:08:14 +01:00
Anders Schack-Mulligen
6a2edce040 Merge pull request #2205 from rneatherway/java/hamcrest-nullness 
Java: Respect Hamcrest assertThat(X, notNullValue())
 2019-11-14 13:09:56 +01:00
yh-semmle
429c307832 Merge pull request #2304 from aschackmull/java/rangeanalysis-integral-fix 
Java: Fix range analysis bug in integral inequality bounds.
 2019-11-12 16:33:12 -05:00
Anders Schack-Mulligen
7619275c8b Java: Fix range analysis bug in integral inequality bounds. 2019-11-12 17:28:40 +01:00