hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-15 03:54:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
64,121 Commits 1,736 Branches 164 Tags
52f71e4553784fa425b2cb07e90b726960cdf186
Commit Graph

3634 Commits

Author SHA1 Message Date
erik-krogh
b4b5ae2a2c add some request-forgery sanitizers, inspired from C# 2024-02-27 10:05:26 +01:00
Joe Farebrother
2ebb80b632 Merge pull request #15548 from joefarebrother/android-local-auth-keys 
Java: Add query for insecurely generated keys for local authentication.
 2024-02-22 14:04:17 +00:00
Ian Lynagh
9948052fb6 Java: Properties: Add a test that used to give a stack overflow 2024-02-21 13:51:53 +00:00
Joe Farebrother
9ad05fe51c Address reveiws - Add BAD example to doc, add doc example to tests and fix typo. 2024-02-16 12:00:51 +00:00
Anders Schack-Mulligen
03f7968dbf Dataflow: Fix flow-feature bug. 2024-02-16 11:38:30 +01:00
Anders Schack-Mulligen
ba1a0bc320 Java: Add test highlighting problem. 2024-02-16 11:25:33 +01:00
Tony Torralba
90a9d82b9d Java: Expand ExactPathSanitizer to work on the argument of 'equals' too 2024-02-15 10:00:24 +01:00
Asger F
faefa056eb Merge pull request #15507 from asgerf/shared/outbarrier-bugfix 
Shared: fix a bug in stateful outbarriers
 2024-02-12 21:44:49 +01:00
Joe Farebrother
2eb93b7a3b Add unit tests 2024-02-12 13:49:45 +00:00
Joe Farebrother
d8985f9f5b Move tests for local auth to a folder 2024-02-12 13:49:45 +00:00
Joe Farebrother
75a2b9415c Merge pull request #15481 from joefarebrother/android-local-auth 
Java: Add query for insecure local authentication
 2024-02-12 13:48:53 +00:00
Tony Torralba
cf7091ae5f Merge branch 'main' into atorralba/java/open-redirect-sanitizer 2024-02-12 10:31:52 +01:00
Anders Schack-Mulligen
e9e445b2ba Java: Add empty provenance column to expected files. 2024-02-09 11:32:00 +01:00
Tony Torralba
4c0d535cc2 Merge pull request #12886 from atorralba/atorralba/java/path-injection-mad-sinks 
Java: Refactor path injection sinks
 2024-02-09 10:48:49 +01:00
Tony Torralba
34f74869c8 Java: Add extension point and default sanitizer to Open Redirect query 2024-02-09 09:11:07 +01:00
Joe Farebrother
71852868ac Add case for androidx.biometric api 2024-02-02 17:19:20 +00:00
Joe Farebrother
88c2ccbecf Generate stubs 2024-02-01 16:59:50 +00:00
Joe Farebrother
5d1edd45c5 Add unit tests 2024-02-01 16:56:20 +00:00
Tony Torralba
e2bf9ea2eb Consider File.exists() et al a path-injection sink 2024-01-30 14:51:36 +01:00
Joe Farebrother
460ffc89b2 Add additional test cases 2024-01-29 22:43:28 +00:00
Joe Farebrother
aa78050933 Implement checks for elements hidden by their xml attributes 2024-01-29 16:25:38 +00:00
Joe Farebrother
6081f18089 Add unit tests + make some fixes 2024-01-29 16:25:37 +00:00
Joe Farebrother
031bd8bd0c Merge pull request #15281 from joefarebrother/android-sensitive-ui-notif 
Java: Add query for exposure of sensitive information to android notifiactions
 2024-01-26 16:42:55 +00:00
Tony Torralba
6e550d28af Update more test expectations 2024-01-26 15:13:07 +01:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
Tony Torralba
19cb7adb6d Migrate path injection sinks to MaD 
Deprecate and stop using PathCreation

Path creation sinks are now summaries
 2024-01-26 12:19:54 +01:00
Asger F
ee8e9a4e66 Shared: update test output 2024-01-26 11:14:23 +01:00
Asger F
ddbacc3d4a Shared: add test case for stateful outBarrier bug 2024-01-26 11:14:11 +01:00
Tony Torralba
282632c33b Add new snippets as tests 2024-01-25 15:11:11 +01:00
Joe Farebrother
0acb647e7d Fix tests and add notification sink kind to model verification 2024-01-23 09:51:41 +00:00
Joe Farebrother
d806fcae3d Remove sink models involving PendingIntent; as they do not carry sensitive data (including from the original intent they were created with) 2024-01-23 09:51:39 +00:00
Joe Farebrother
2ca164ce35 Generate androidx stubs and correct some models 2024-01-23 09:51:39 +00:00
Joe Farebrother
bafd65b1d2 Add tests to cover each modeled sink + some corrections to the models 2024-01-23 09:51:38 +00:00
Joe Farebrother
a1a2acd3ce Add additional test cases 2024-01-23 09:51:38 +00:00
Joe Farebrother
f9bb004618 Add sink models to notification builder setters 2024-01-23 09:51:38 +00:00
Joe Farebrother
cd19a91704 Add unit test 2024-01-23 09:51:37 +00:00
Joe Farebrother
3aa27148de Split existing tests under CWE-200 into separate folders 2024-01-23 09:51:37 +00:00
Tony Torralba
2246c969a3 Merge pull request #15244 from Marcono1234/marcono1234/regex-flags 
Java: Improve Regex flag parsing
 2024-01-16 08:25:49 +01:00
Michael Nebel
9becd0876f Merge pull request #15179 from michaelnebel/modelgenrespectmanual 
C#/Java: Increase precision of model generation.
 2024-01-12 15:12:21 +01:00
Michael Nebel
37a21ec548 Java: Address review comments. 2024-01-12 13:36:23 +01:00
Michael Nebel
74cdcab6d8 Java: Update expected test output. 2024-01-12 13:36:23 +01:00
Michael Nebel
03d4025b99 Java: Add a testcase where both a neutral summary and summary is being generated. 2024-01-12 13:36:23 +01:00
Owen Mansel-Chan
6945289afc Merge pull request #15246 from owen-mc/java/manual-neutral-overrides-generated 
C#/Java: Manual neutral summaries should block generated summaries
 2024-01-12 10:05:18 +00:00
Owen Mansel-Chan
2f01688319 Merge pull request #15280 from owen-mc/java/add-manual-models-for-df-generation 
Java: improve models for some important JDK methods
 2024-01-11 12:47:37 +00:00
Owen Mansel-Chan
3767348dec Update test expectations 2024-01-10 22:25:08 +00:00
Owen Mansel-Chan
370a32da8b Test summary models and neutral models, manual and generated 2024-01-10 22:25:02 +00:00
Owen Mansel-Chan
9e2e01ff89 Update Top JDK APIs test expectation 2024-01-10 17:07:33 +00:00
Ed Minnix
709649e9df Model replace and putIfAbsent 2024-01-08 09:39:03 -05:00
Ed Minnix
f05f16116b Testing for Environment variable injection 2024-01-08 09:38:45 -05:00
Tony Torralba
7e6f2d1fc5 Merge pull request #14681 from atorralba/atorralba/java/weak-randomness-cve-coverage 
Java: Add more sinks to the Insecure Randomness query
 2024-01-08 15:33:03 +01:00