codeql

mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00

Author	SHA1	Message	Date
Tony Torralba	bc2370ae1d	Use InlineExpectationsTest for tests	2021-05-17 15:58:33 +02:00
Tony Torralba	3e4ccaf9a8	Move from experimental to standard	2021-05-17 10:41:54 +02:00
Anders Schack-Mulligen	a247ae4357	Merge pull request #5843 from JLLeitschuh/feat/JLL/improve_kryo_support [Java] Fix Kryo FP & Kryo 5 Support	2021-05-12 09:52:24 +02:00
Anders Schack-Mulligen	744c495ac2	Merge pull request #5824 from JLLeitschuh/feat/JLL/guava_first_non_null [Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-11 09:42:20 +02:00
Chris Smowton	0afe22d60c	Merge pull request #5710 from p0wn4j/jsch-os-injection [Java] CWE-078: Add JSch lib OS Command Injection sink	2021-05-10 16:12:00 +01:00
Tony Torralba	2a501956b3	Mark a MISSING test result as suggested in code review	2021-05-07 11:17:51 +02:00
Tony Torralba	f1fab854c4	Fix tests for XXE, introduced a dependency with jaxen	2021-05-06 12:11:55 +02:00
Tony Torralba	76468559ba	Add safe example for dom4j	2021-05-06 10:17:25 +02:00
Tony Torralba	926fedb7fb	Update java/ql/test/query-tests/security/CWE-643/XPathInjectionTest.java Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-05-06 09:18:50 +02:00
Tony Torralba	00a7576679	Rename XPath Injection test file	2021-05-06 09:18:50 +02:00
Tony Torralba	8af7f4a484	New sinks and test cases	2021-05-06 09:18:49 +02:00
Tony Torralba	ccb3ea4453	Fix XPath Injection tests classpath	2021-05-06 09:18:49 +02:00
Tony Torralba	509fc8a640	Add missing docs to stubs	2021-05-06 09:18:49 +02:00
Tony Torralba	26c3ff2cee	Move from experimental to standard	2021-05-06 09:18:49 +02:00
Tony Torralba	720b5d6da3	Refactored sto use CSV sink model. Also, added more sinks	2021-05-06 09:18:49 +02:00
Tony Torralba	ab62bb66f4	Consider second parameter of Node.selectNodes	2021-05-06 09:18:49 +02:00
Tony Torralba	2bb2baf6f7	Support more methods that evaluate XPath expressions	2021-05-06 09:18:49 +02:00
Tony Torralba	d739a8cac2	Moved configuration from XPath.qll back to XPath Injection query	2021-05-06 09:18:48 +02:00
Tony Torralba	fb3e56eac8	Fix imports and stubs so that tests pass	2021-05-06 09:18:48 +02:00
Tony Torralba	a62997463f	Remove unused imports; use set literals in hasName	2021-05-06 09:18:48 +02:00
Tony Torralba	ed5619498c	WIP: XPath Injection promotion	2021-05-06 09:18:48 +02:00
Jonathan Leitschuh	67e9f06304	[Java] Fix Kryo FP & Kryo 5 Support Closes #4992	2021-05-05 17:38:34 -04:00
Jonathan Leitschuh	dfad1fc740	[Java] Add support for com.google.common.base.MoreObjects#firstNonNull	2021-05-03 12:58:00 -04:00
Chris Smowton	b2c0259197	Merge pull request #5631 from haby0/UseOfLessTrustedSource [Java] CWE-348: Using a client-supplied IP address in a security check	2021-04-30 15:20:53 +01:00
haby0	fdcc517b9f	UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"	2021-04-30 17:43:34 +08:00
Chris Smowton	ad9ea40954	Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse [Java] JWT without signature check.	2021-04-29 14:41:11 +01:00
haby0	e813257431	use hardCode	2021-04-29 21:23:52 +08:00
intrigus	a8865e2fa2	Java: Cleanup jwt stubs.	2021-04-28 20:46:09 +02:00
haby0	5be9fbbc5a	Remove LogOperationSink and PrintSink	2021-04-27 14:12:33 +08:00
p0wn4j	3d891f0b39	[Java] CWE-078: Add JSch OS command injection sink	2021-04-26 18:20:32 +04:00
haby0	454324781d	delete IfStmt	2021-04-22 11:59:33 +08:00
Tamas Vajk	e25305e3cc	Java: Introduce LoC summary metric query	2021-04-21 14:27:00 +02:00
p0wn4j	f2de440886	[Java] CWE-094: Query to detect Groovy Code Injections	2021-04-20 19:18:24 +04:00
yo-h	cb524b6c19	Merge pull request #5611 from github/yo-h/java16 Java: adjust test `options` for JDK 16 upgrade	2021-04-19 15:12:23 -04:00
haby0	8296abcea8	Fix Modify the ql query (the qhelp part is not modified).	2021-04-19 20:59:47 +08:00
Anders Schack-Mulligen	579c955892	Java: Adjust some tests.	2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen	175c71221a	Java: Adjust some test output with more edges/nodes.	2021-04-19 14:06:27 +02:00
haby0	23b508c5e7	Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource	2021-04-19 20:05:49 +08:00
Anders Schack-Mulligen	29aec0d770	Java: Adjust expected output.	2021-04-19 13:16:46 +02:00
Anders Schack-Mulligen	c5193cf03f	Apply suggestions from code review	2021-04-19 13:14:56 +02:00
Anders Schack-Mulligen	06514159be	Java: Add XXE tests.	2021-04-19 10:58:21 +02:00
Anders Schack-Mulligen	daad62c4e0	Java: Add TaintedPath test.	2021-04-19 10:07:03 +02:00
Anders Schack-Mulligen	605f28f741	Merge pull request #5686 from smowton/haby0/JsonHijacking Java: JSONP Injection w/cleanups	2021-04-16 11:09:17 +02:00
Chris Smowton	254de76078	Remove unnecessary stubs	2021-04-15 16:20:27 +01:00
Chris Smowton	fa36ba901a	Merge pull request #5471 from artem-smotrakov/el-injection Java: Query for detecting Jakarta Expression Language injections	2021-04-15 12:39:34 +01:00
haby0	216f204438	delete FilterClass	2021-04-15 19:28:25 +08:00
haby0	583d0889e2	delete tomcat-embed-core stub, update the ServletGetMethod class	2021-04-15 17:40:51 +08:00
haby0	b3bdf89fc2	rm VerificationMethodFlowConfig, use springframework-5.2.3 stub	2021-04-15 10:25:40 +08:00
Artem Smotrakov	97186b3d30	Added comments for tests	2021-04-14 19:30:58 +03:00
haby0	e2ed0d02b0	Delete existsFilterVerificationMethod and existsServletVerificationMethod, add from get handler to filter	2021-04-14 12:34:52 +08:00

1 2 3 4 5 ...

688 Commits