hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

426 Commits

Author SHA1 Message Date
Chad Bentz
b0c8992eef Adding CWE-798 MSSQL Tests 2023-02-13 19:44:02 -05:00
Ed Minnix
f9b8200009 Add stub for android.webkit.JavascriptInterface annoation 2023-01-03 15:31:40 -05:00
Joe Farebrother
4afecf575e Generate more stubs for okhttp and fix tests. 
Some generated stubs needed to be manually corrected.
 2022-12-09 13:41:17 +00:00
Joe Farebrother
dd4e1d0ac3 Add tests and fix issues 2022-11-16 10:54:14 +00:00
Jami Cogswell
61e24a888f remove stubs/android directory and update options files 2022-09-27 14:55:08 -04:00
Jami
56e3334c6d Merge pull request #10479 from jcogs33/android-service-sources 
Java: add Android service sources
 2022-09-27 12:40:18 -04:00
Jami Cogswell
9acda05dbd update Service stub 2022-09-23 18:59:27 -04:00
Jami Cogswell
65f3ae9829 clean up files 2022-09-23 18:59:27 -04:00
Jami Cogswell
7a96727c59 add tests 2022-09-23 18:59:27 -04:00
luchua-bc
311c9e4719 Query to detect unsafe resource loading in Java Spring applications 2022-09-23 12:31:15 +00:00
Tony Torralba
cbb64cc8c1 Merge pull request #10352 from atorralba/atorralba/promote-template-injection 
Java: Promote Server-side template injection from experimental
 2022-09-20 16:11:58 +02:00
Tony Torralba
df5178d7ee Merge pull request #10330 from atorralba/atorralba/implicit-pendingintents-compat-sinks 
Java: Add Implicit PendingIntents sinks for Compat classes
 2022-09-15 14:39:19 +02:00
Tony Torralba
c9728098ef Generate stubs, adapt tests 2022-09-08 17:38:21 +02:00
Tony Torralba
8e0b4892ee Add Implicit PendingIntents sinks for Compat classes 2022-09-07 11:04:22 +02:00
Tony Torralba
b745b5ab71 Add models for androidx.core.app.NotificationCompat 2022-09-06 14:43:13 +02:00
Tony Torralba
bee4e4b40a Add new AlarmManager sinks 2022-09-01 09:47:58 +02:00
Chris Smowton
0a7350f3bf Merge pull request #10041 from smowton/AddSensitiveApiCalls 
Java: support more libraries in hardcoded-credentials queries
 2022-08-23 10:51:04 +01:00
Tony Torralba
3314b56ffe Fix Fragment tests after androidx stubs update 2022-08-22 11:13:19 +02:00
Tony Torralba
794fd976a9 Add androidx Fragment support 2022-08-19 16:32:06 +02:00
Chris Smowton
c40ec728c6 Remove non-ascii char 2022-08-15 12:08:14 +01:00
Chris Smowton
0a6ccbca45 Add stubs and tests for new hardcoded-credential sinks 2022-08-13 12:39:15 +01:00
Joe Farebrother
498ad230c2 Update stubs 2022-08-05 12:56:19 +01:00
Chris Smowton
84a4b6a866 Make reporting locations consistent with PathCreation; add test 2022-08-03 10:42:09 +01:00
Joe Farebrother
810854d6b5 Add tests 2022-06-28 10:10:27 +02:00
Joe Farebrother
59e400d2e0 Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Tony Torralba
5be30209c1 Merge pull request #9036 from luchua-bc/java/hardcoded-jwt-key 
Java: CWE-321 Query to detect hardcoded JWT secret keys
 2022-05-11 16:31:34 +02:00
Tony Torralba
43b425d0e4 Merge pull request #9002 from atorralba/atorralba/https-urls-improvs 
Java: Add OkHttp and Retrofit models
 2022-05-11 10:48:08 +02:00
Tony Torralba
ca2959cf37 Merge pull request #8537 from atorralba/atorralba/unsafe_android_access_improvs 
Java: Improvements to UnsafeAndroidAccess
 2022-05-05 16:46:54 +02:00
luchua-bc
937ab417b1 Query to detect hardcoded JWT secret keys 2022-05-04 23:09:48 +00:00
Joe Farebrother
e23162d91b Add test cases for PolynomialRedos dataflow logic; make fixes 2022-05-04 15:41:35 +01:00
Tony Torralba
49259a6575 Remove everything related to WebView CSV models 
This reverts commit c6c72eb.
 2022-05-04 10:53:31 +02:00
Tony Torralba
7ba5a032ce Add tests and stubs for the new sources and flow steps 2022-05-04 10:53:30 +02:00
Tony Torralba
b876431950 Merge pull request #8706 from luchua-bc/java/unsafe-get-resource 
Java: CWE-552 Add sources and sinks to to detect unsafe getResource calls in Java EE applications
 2022-05-04 10:12:28 +02:00
Tony Torralba
9c92454fa7 Merge pull request #8872 from atorralba/atorralba/android-widget-flowstep 
Java: Add Editable.toString flow step
 2022-05-03 15:27:52 +02:00
Tony Torralba
8602a6f6c9 Add models for OkHttp and Retrofit 2022-05-02 15:42:15 +02:00
luchua-bc
0aa1251ffe Add more test cases 2022-04-29 02:31:43 +00:00
Jorge
193ea1a86e Merge branch 'main' into mybatis-new-sinks 2022-04-28 22:26:38 +02:00
Tony Torralba
604a5fc71f Merge pull request #8639 from atorralba/atorralba/spring-beans-improvements 
Java: Improve Spring models
 2022-04-28 11:59:51 +02:00
Artem Smotrakov
52b7fbf484 Removed non-ASCII characters 2022-04-26 13:34:24 +01:00
Artem Smotrakov
b6bd4f92d1 Added sources and steps for JMS API 2022-04-26 13:34:21 +01:00
Artem Smotrakov
269143a19f Java: Added sources and flow steps for RabbitMQ 2022-04-26 13:34:04 +01:00
Tony Torralba
2ee83e2ba2 Add Editable.toString flow step 2022-04-26 13:34:16 +02:00
Tony Torralba
9833fa2451 Add tests for SpringController 2022-04-07 18:17:50 +02:00
Chris Smowton
9309a652df Merge pull request #8493 from JLLeitschuh/feat/JLL/test_assertion_guard_preconditions 
[Java]: Add precondition support for testing library asserts
 2022-03-31 22:30:09 +01:00
Chris Smowton
9675f34cf5 Merge pull request #8257 from luchua-bc/java/insecure-webview-resource-response 
Java: CWE-200 Query to detect insecure WebResourceResponse implementation
 2022-03-30 15:56:27 +01:00
Jonathan Leitschuh
1d0275344d [Java]: Add precondition support for testing library asserts 2022-03-18 20:39:24 -04:00
Chris Smowton
767453520e Merge pull request #8032 from JLLeitschuh/feat/JLL/check_os 
Java: Add Guard Classes for checking OS & unify System Property Access
 2022-03-18 11:20:36 +00:00
Jonathan Leitschuh
09cc8ee09e Add tests for StandardSystemProperty 2022-03-15 12:37:42 -04:00
jorgectf
d47fcedd21 Add tests 2022-03-14 21:31:51 +01:00
p0wn4j
ee67d27b56 Java: Add JDBC connection SSRF sinks 2022-03-12 16:35:32 +04:00