hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-09 17:15:44 +02:00
Code Issues Packages Projects Releases Wiki Activity
68,909 Commits 1,735 Branches 164 Tags
8f52b2cd95718eac4fcf65d00a5a98eac0d98330
Commit Graph

527 Commits

Author SHA1 Message Date
Am
96c142bf0a Merge branch 'main' into amammad-java-JWT 2024-07-28 13:03:23 +03:30
am0o0
6538a06f29 update tests 2024-07-28 11:30:59 +02:00
am0o0
46ddddc8cf Merge tag 'codeql-cli/v2.18.1' into amammad-java-JWT 
Compatible with CodeQL CLI 2.18.1
 2024-07-28 11:23:20 +02:00
am0o0
494f0b709e Merge branch 'main' into amammad-java-JWT 2024-07-28 10:37:26 +02:00
Chris Smowton
e3559d8f93 Adjust test expectations 2024-07-28 10:27:11 +02:00
Chris Smowton
142d7ae005 Make test compatible with Servlet 2.5; use old Servlet stubs 2024-07-28 10:26:58 +02:00
Ed Minnix
ad4bca9975 Fix provenance in tests 2024-07-18 18:18:24 -04:00
Jami Cogswell
f90df85722 Java: update provenance numbers in tests again 2024-07-16 11:55:46 -04:00
Anders Schack-Mulligen
37d78249e7 Java: Update provenance ids. 2024-07-16 11:11:54 +02:00
am0o0
71e1d63953 finilize tests 2024-07-13 18:00:50 +02:00
Jami Cogswell
6b497da15f Java: fix line number changes in tests 2024-07-11 15:33:09 -04:00
Jami Cogswell
be565288f2 Java: update more test cases due to shifted alert provenance line numbers 2024-06-27 22:08:38 -04:00
Mauro Baluda
a464a8e48e @mbaluda 
Update provenance in test expectations
 2024-06-11 15:15:50 +02:00
Mauro Baluda
bb5ef3ccd9 Update provenance in test expectations 2024-06-10 19:57:37 +02:00
Tony Torralba
292395b80e Update test expectations 2024-06-04 10:35:16 +02:00
Anders Schack-Mulligen
15a7c3faeb Java: Accept qltest .expected file changes. 2024-05-22 15:42:40 +02:00
Anders Schack-Mulligen
a650499a9c Java: Accept qltest .expected file changes (interesting). 2024-05-22 15:42:12 +02:00
Anders Schack-Mulligen
a74cf6501a Java: update qltest expected files. 2024-05-22 11:13:06 +02:00
Rasmus Wriedt Larsen
2451a6d3f6 Accept .expected changes 2024-05-21 14:47:42 +02:00
Anders Schack-Mulligen
f85ff9defc Java: Update expected output (interesting). 2024-04-12 09:20:28 +02:00
Anders Schack-Mulligen
c2f5731e8d Java: Update expected output (uninteresting). 2024-04-12 09:20:26 +02:00
Jami Cogswell
a8eb1d10f6 Java: remove experimental tests 2024-03-17 22:35:27 -04:00
Anders Schack-Mulligen
e9e445b2ba Java: Add empty provenance column to expected files. 2024-02-09 11:32:00 +01:00
Tony Torralba
e2bf9ea2eb Consider File.exists() et al a path-injection sink 2024-01-30 14:51:36 +01:00
Tony Torralba
2a146405ac Adjust tests 2024-01-26 12:38:32 +01:00
masterofnow
7162540faf Added options, .qhelp and .expected file for unit test. 2023-12-21 19:57:37 +08:00
masterofnow
25c818f425 Added unit test files. 2023-12-21 12:13:00 +08:00
amammad
0d0dc5158c stash 2023-12-01 15:03:03 +01:00
Eric Bickle
000c1f7ec8 Java: Flow taint through ArithExpr for ThreadResourceAbuse 
Ensure that tainted values flow through arithmetic operations when
checking for ThreadResourceAbuse vulnerabilities.

For example, multiplying 'number of seconds' by 1000 as an input
to Thread.Sleep, which accepts milliseconds, is a common scenario.
 2023-10-06 14:24:37 -07:00
aegilops
3658710578 Fixed formatting, committed expected test results 2023-08-03 13:50:40 +01:00
Paul Hodgkinson
3bc7cf6ac7 Merge branch 'main' into java/experimental/command-injection 2023-07-31 19:14:55 +01:00
Anders Schack-Mulligen
ae24d68b5d C/C++/C#/Java/Python/Ruby/Swift: Adjust expected output. 2023-07-19 11:41:15 +02:00
aegilops
8dbb0a51c0 Rewrote tests to work 2023-06-29 09:47:03 +01:00
aegilops
01798f63f8 Switched to new dataflow and added a test (but it doesn't produce results yet) 2023-06-28 17:14:39 +01:00
Anders Schack-Mulligen
a0a9d30286 Java: Fix qltests. 2023-06-09 08:37:35 +02:00
Tony Torralba
6d7234f8ed Merge pull request #13225 from atorralba/atorralba/java/path-injection-mad-sinks-2 
Java: Migrate path injection sinks to models-as-data (simplified)
 2023-06-07 14:27:36 +02:00
Tony Torralba
416d3d587d Accept test changes 
An uncovered test case is now correctly covered
 2023-06-07 10:33:17 +02:00
Tony Torralba
527fe523a8 Add PathCreation.qll sinks to models-as-data 
The old PathCreation sinks can't be removed because doing so would cause alert wobble in the path injection queries. See their getReportingNode predicates.
 2023-06-02 09:14:35 +02:00
Tony Torralba
770099f210 Merge branch 'main' into atorralba/java/promote-xxe-experimental-sinks 2023-05-16 09:49:34 +02:00
Anders Schack-Mulligen
8e6038577d Java: Update expected output. 2023-04-26 14:45:40 +02:00
Tony Torralba
fba61d51ed Remove experimental files 2023-04-26 12:24:30 +02:00
Tony Torralba
7d0680a280 Update JsonpInjection test expectations 2023-04-13 12:06:54 +02:00
Ed Minnix
57886e1713 Moved files from experimental to src/ 2023-03-27 12:16:43 -04:00
Ed Minnix
6de946ef00 Remove experimental files 2023-02-27 12:16:14 +01:00
Ed Minnix
fa6ac063d1 Add com.auth0.jwt.algorithm.Algorithm sinks 
The HMAC* constructors of the com.auth0.jwt.algorithm.Algorithm class
take a secret as a parameter. Therefore, the arguments should be added
to be checked for hardcoded credentials.
 2023-02-27 12:16:14 +01:00
Jami Cogswell
fd593fd4f0 Java: undo changes to tests that were affected by numeric-flow summary models 2023-01-11 22:34:19 -05:00
Jami Cogswell
f933fc75cd Java: update another test affected by Integer.parseInt, and one affected by String.length 2022-12-18 21:46:43 -05:00
Jami Cogswell
f3fc68352e Java: update tests affected by Integer.parseInt model 2022-12-18 19:43:32 -05:00
retanoj
8ee418405b consider blankspace / comma /dot field 2022-12-07 10:06:39 +08:00
retanoj
de652e1e27 expected 2022-12-06 18:09:48 +08:00