codeql

mirror of https://github.com/github/codeql.git synced 2026-05-09 15:41:36 +02:00

Author	SHA1	Message	Date
Artem Smotrakov	8c4da16459	More test cases for java/non-constant-time-crypto-comparison	2021-08-01 09:47:04 +02:00
Artem Smotrakov	a4f3a5a88e	Take into account remote user input in java/non-constant-time-crypto-comparison	2021-08-01 09:47:03 +02:00
Artem Smotrakov	8e6d227dc0	More sinks for java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:03 +02:00
Artem Smotrakov	dfa3b523d0	Renamed files	2021-08-01 09:47:03 +02:00
Artem Smotrakov	75f67959f3	Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	5dbcf1d611	Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	f245dc3ac8	Removed hashes from NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	67579dd1d8	Added tests for NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:01 +02:00
Anders Schack-Mulligen	a5f0a4ea71	Merge pull request #6087 from smowton/smowton/admin/rest-xss-tests Java: Add Spring XSS tests	2021-07-27 14:09:34 +02:00
Chris Smowton	5c917b4a23	Merge pull request #6353 from sauyon/sauyon/java/model-constructors Java: Add models for collection constructors	2021-07-22 16:27:59 +01:00
Sauyon Lee	fd02dcdf2e	Java: Add models for collection constructors	2021-07-22 07:23:26 -07:00
p0wn4j	f0d5520976	Add Spring URL Redirect ResponseEntity sink Copyedit qhelp	2021-07-21 03:16:16 +04:00
Chris Smowton	7819d32784	Make MediaType stub constants actually constant This is required to use them in annotations	2021-07-19 18:28:30 +01:00
Chris Smowton	a0297d51e5	Note fixed test result the Optional type has now been modelled	2021-07-19 18:28:06 +01:00
Chris Smowton	82ea2592ad	Spring HTTP: Fix test mistakes Classes without RestController and methods without GetMapping or similar were never going to be detected.	2021-07-19 18:21:13 +01:00
Chris Smowton	392e405f5d	Add Spring-XSS test This covers the cases currently exercised in https://github.com/github/codeql-securitylab/blob/main/java/ql/src/pwntester/security/RestXSS.ql	2021-07-19 18:21:11 +01:00
Chris Smowton	16c5952167	Add and improve Spring-web stubs	2021-07-19 18:20:37 +01:00
Anders Schack-Mulligen	d1f21a854a	Merge pull request #6042 from joefarebrother/spring-http [Java] Model spring `http` package	2021-07-19 11:24:41 +02:00
Anders Schack-Mulligen	c32a75a1b3	Merge pull request #6183 from smowton/smowton/feature/javax-json-models Add models of the jakarta/javax.json package	2021-07-19 11:19:21 +02:00
Chris Smowton	9cde13bf82	Note spurious results that stem from weak updates to synthetic fields.	2021-07-16 09:44:36 +01:00
Joe Farebrother	f7de2e64c5	Fix failing test caused by an imprecission in the stubber	2021-07-15 15:15:37 +01:00
Chris Smowton	7b984cc2b0	Add models for Apache Commons Lang's Mutable container	2021-07-15 14:58:25 +01:00
Joe Farebrother	0e8dd9f335	Use generated stubs	2021-07-15 11:03:51 +01:00
Joe Farebrother	f3ab295f0f	Fix up tests	2021-07-15 10:34:21 +01:00
Joe Farebrother	bbc4d4855c	Move tests	2021-07-15 10:34:18 +01:00
Joe Farebrother	df74a142dd	Update for collection flow and add more tests	2021-07-15 10:33:33 +01:00
Joe Farebrother	8f89d748fe	Add spring tests	2021-07-15 10:33:33 +01:00
Joe Farebrother	4be7e94dcc	Add more spring stubs	2021-07-15 10:33:30 +01:00
Chris Smowton	0b2750828e	Add models for org.springframework.jdbc.object Also add tests for the existing Spring JDBC SQL injection sinks in the process	2021-07-14 17:25:00 +01:00
Sauyon Lee	1f97ac88c8	Fix tests	2021-07-14 05:05:17 -07:00
Sauyon Lee	eaef1c146c	Add generated tests	2021-07-14 05:05:16 -07:00
Sauyon Lee	16931e5de8	Add necessary stubs for Spring Co-Authored-By: smowton <smowton@github.com>	2021-07-14 04:57:56 -07:00
Anders Schack-Mulligen	04244b3c45	Merge pull request #5974 from github/sauyon/java/spring-webmultipart Model Spring `web.multipart`	2021-07-14 13:57:24 +02:00
Anders Schack-Mulligen	3c4cd15738	Merge pull request #5505 from joefarebrother/android-sql-convert Java: Convert Android SQL-related flow steps to CSV format	2021-07-14 13:56:55 +02:00
Chris Smowton	3ae99b93ca	Merge pull request #6215 from aschackmull/java/fix-csv-subtype-interpretation Java: Fix CSV subtype interpretation	2021-07-14 09:57:21 +01:00
Sauyon Lee	51211c0394	Add stubs	2021-07-13 10:29:02 -07:00
Sauyon Lee	c2c7fee8df	Fix tests	2021-07-13 10:29:02 -07:00
Sauyon Lee	b01e6d49fb	Add generated tests	2021-07-13 10:29:01 -07:00
Anders Schack-Mulligen	9388983e41	Java: Add missing stub.	2021-07-13 15:26:37 +02:00
Chris Smowton	78fe0f810a	Add models for decode/encodePointer methods	2021-07-13 11:10:46 +01:00
Chris Smowton	cc4401b453	Add models of JsonPointer, JsonMergeDiff and JsonPatchBuilder	2021-07-12 18:08:45 +01:00
Chris Smowton	6bf931392b	Add missing model of JsonObjectBuilder.remove	2021-07-12 17:13:39 +01:00
Joe Farebrother	fc017b7934	Use ArrayElement of in flow step specifications	2021-07-02 14:46:31 +01:00
Anders Schack-Mulligen	3c6604daa7	Java: Fix subtypes interpretation.	2021-07-02 14:43:56 +02:00
Anders Schack-Mulligen	6813a79423	Java: Add test for override of Map.put highlighting problem.	2021-07-02 14:41:59 +02:00
Chris Smowton	a51154a8ef	Deduplicate Jexl configuration	2021-07-02 10:02:28 +01:00
Chris Smowton	747a8e4157	Split up JexlInjection.qll This avoids a DataFlow2::Configuration being in scope for all queries via the import from ExternalFlow.qll	2021-07-02 10:01:51 +01:00
Anders Schack-Mulligen	80124df78e	Merge pull request #5487 from joefarebrother/sql-sinks Java: Convert SQL sinks to CSV format	2021-07-02 10:51:09 +02:00
Chris Smowton	8b7db8a8cc	Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks Java: Add URLClassLoader, WebClient SSRF sinks	2021-07-01 16:14:22 +01:00
Joe Farebrother	1e82c607ef	Mark failing tests as missing	2021-07-01 15:29:47 +01:00

1 2 3 4 5 ...

938 Commits