hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
62,660 Commits 1,673 Branches 157 Tags
20254fd71e453f77d40ab80da1c77297efbb1509
Commit Graph

3586 Commits

Author SHA1 Message Date
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00
Edward Minnix III
d6d76fa4f1 Merge pull request #15183 from egregius313/egregius313/java/fix-weak-hashing-adddition 
Java: Fix minor error in `java/potentially-weak-cryptographic-algorithm`
 2023-12-22 11:38:55 -05:00
Tony Torralba
67f8bcce44 Merge pull request #14752 from masterofnow/LoadClassNoSignatureCheck 
Java: Insecure Loading of Class in Android App without Package Signature Checking
 2023-12-22 10:24:34 +01:00
Ed Minnix
8051cfcef5 Fix tests and fix getStringValue method 2023-12-21 22:48:08 -05:00
Ed Minnix
6455e1893d Add more test cases 2023-12-21 22:48:08 -05:00
masterofnow
7162540faf Added options, .qhelp and .expected file for unit test. 2023-12-21 19:57:37 +08:00
masterofnow
25c818f425 Added unit test files. 2023-12-21 12:13:00 +08:00
Edward Minnix III
56921a6e21 Merge pull request #14040 from egregius313/egregius313/weak-hashing-properties 
Java: Add support for algorithm names specified in `.properties` files to `java/potentially-weak-cryptographic-algorithm`
 2023-12-18 09:38:58 -05:00
Tony Torralba
9446249e94 Merge pull request #15012 from atorralba/atorralba/java/fix-missing-pinning-fp 
Java: Fix FPs in Missing certificate pinning
 2023-12-18 09:37:18 +01:00
Ed Minnix
8826eaf1a3 Move test case to query tests 2023-12-15 11:09:08 -05:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Tony Torralba
66b54f03b7 Rename test 2023-12-13 11:15:27 +01:00
Tony Torralba
7bc907840c Fix tests 2023-12-13 11:15:27 +01:00
Tony Torralba
bd8f35bef7 Java: Fix FPs in Missing certificate pinning 
Local URIs should never require pinning
 2023-12-12 18:02:12 +01:00
Ed Minnix
7362158229 Fix test case 2023-12-11 11:18:40 -05:00
Ed Minnix
bbf99375c7 Alter cookie sinks to instead focus on creation of a cookie 2023-12-11 11:18:39 -05:00
Ed Minnix
b9d2a26e6e Move ESAPI models into the Weak Randomness query 
These models don't need to apply to all queries. So instead they are
better suited to be within the weak randomness query itself.
 2023-12-11 11:18:39 -05:00
Ed Minnix
fb875f5095 More variety of test cases 2023-12-11 11:18:39 -05:00
Ed Minnix
ce7690b53f Make imports private 2023-12-11 11:18:38 -05:00
Ed Minnix
b713efb711 Add ThreadLocalRandom.current as another source 2023-12-11 11:18:38 -05:00
Ed Minnix
1daa83bf46 Add test cases 2023-12-11 11:18:38 -05:00
Tom Hvitved
f9dbf676a6 Java: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:45 +01:00
Jami
651653998c Merge pull request #14913 from jcogs33/jcogs33/unsafe-url-forward_path-inj-related_cve-2019-3799 
Java: add Spring models
 2023-12-04 10:18:50 -05:00
Chris Smowton
cc68169f43 Update test expectations re: record-pattern type accesses 2023-11-30 11:24:07 +00:00
Chris Smowton
b33dc38a65 Fix hasBranchEdge for switch exprs with an internal CFG and incoming edges from a passing case guard 2023-11-30 11:24:06 +00:00
Chris Smowton
aa5f7352e2 Remove fall-through CFG edge for exhaustive switch statements 2023-11-30 11:24:06 +00:00
Chris Smowton
d99a005b42 Fix pretty-printing case null, default 2023-11-30 11:24:06 +00:00
Chris Smowton
4bff7953fc Fix record pattern and pretty-printing 2023-11-30 11:24:05 +00:00
Chris Smowton
419d530a06 Add test ensuring read steps via record patterns lead to type filtering 2023-11-30 11:24:05 +00:00
Chris Smowton
087be2cca8 Adjust test expectations 2023-11-30 11:24:05 +00:00
Chris Smowton
a11c5c7257 Fixup pretty-printer and add test 2023-11-30 11:24:05 +00:00
Chris Smowton
29fdd04eb0 Include switch and instanceof binding in Variable.getAnAssignedValue, and test via endsInQuote 2023-11-30 11:24:05 +00:00
Chris Smowton
47e3d7d8a5 Cast back to Object in advance of returning, to ensure the test doesn't mask a shortcoming of type pruning by pruning at the return site 2023-11-30 11:24:05 +00:00
Chris Smowton
f0144d6a3d Expose that case guard test controls its case body 2023-11-30 11:24:04 +00:00
Chris Smowton
da62a04653 Note that binding variables may be casting nodes 2023-11-30 11:24:04 +00:00
Chris Smowton
c11a260369 Note we can't prove certain unreachable callables when 'case null' is present 2023-11-30 11:24:04 +00:00
Chris Smowton
6b3080ae92 Allow case null, default to be the first switch case 
This is consistent with existing treatment of `case null: default:`
 2023-11-30 11:24:04 +00:00
Chris Smowton
668f445fb4 Fix switchCaseControls and hasBranchEdge to account for mixed patterns and constant cases 2023-11-30 11:24:04 +00:00
Chris Smowton
6583c72c5d Restrict pattern type guards to account for nested record matching failures 2023-11-30 11:24:03 +00:00
Chris Smowton
0bb051e08c First stab at implementing negative type-test logic for pattern-case 2023-11-30 11:24:03 +00:00
Chris Smowton
d7a517a989 Remove needless test options 2023-11-30 11:24:03 +00:00
Chris Smowton
de2b98f4a1 Fix hasNullCase 2023-11-30 11:24:02 +00:00
Chris Smowton
480781b049 autoformat 2023-11-30 11:24:02 +00:00
Chris Smowton
011eb2201e Add test for ObjFlow over binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
4cf511e26a Add test for virtual-dispatch flow through binding patterns 2023-11-30 11:24:02 +00:00
Chris Smowton
43c935024a Add test for typeflow propagation through instanceof and pattern-case 2023-11-30 11:24:02 +00:00
Chris Smowton
e5fdf4dd50 Update test expectation 2023-11-30 11:24:01 +00:00
Chris Smowton
330a5b8c6c autoformat ql 2023-11-30 11:24:00 +00:00