hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

563 Commits

Author SHA1 Message Date
Fosstars
ad54c9d937 Two queries for timing attacks 2021-08-01 09:47:07 +02:00
Artem Smotrakov
e3b6ceade5 Renamed NonConstantTimeCryptoComparison.ql to NonConstantTimeCheckOnSignature.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
8b557765b3 Narrow NonConstantTimeCryptoComparison.ql to timing attack on signatures and MACs only 2021-08-01 09:47:06 +02:00
Artem Smotrakov
1f2a9cdda7 Added taint propagation steps for hashes in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
c96d939cf5 Covered custom fast-fail checks in NonConstantTimeCryptoComparison.ql 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-08-01 09:47:06 +02:00
Artem Smotrakov
8c4da16459 More test cases for java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
a4f3a5a88e Take into account remote user input in java/non-constant-time-crypto-comparison 2021-08-01 09:47:03 +02:00
Artem Smotrakov
8e6d227dc0 More sinks for java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:03 +02:00
Artem Smotrakov
dfa3b523d0 Renamed files 2021-08-01 09:47:03 +02:00
Artem Smotrakov
75f67959f3 Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5dbcf1d611 Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
f245dc3ac8 Removed hashes from NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
67579dd1d8 Added tests for NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:01 +02:00
haby0
eda3d864f5 Model written using smowton 2021-07-28 15:55:47 +08:00
haby0
00f13e1e6e Modify isAdditionalTaintStep 2021-07-27 10:59:38 +08:00
haby0
291ca3830a Modify according to suggestions 2021-07-23 09:28:55 +08:00
haby0
2a50cf8244 Fix 2021-07-22 22:24:09 +08:00
haby0
e160352b38 Fix 2021-07-22 21:48:46 +08:00
haby0
4ebf0ed7c5 Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') 2021-07-22 21:45:29 +08:00
p0wn4j
f0d5520976 Add Spring URL Redirect ResponseEntity sink 
Copyedit qhelp
 2021-07-21 03:16:16 +04:00
Tony Torralba
99e66cffa2 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-07-20 17:30:56 +02:00
Tony Torralba
b6904a7992 Merge branch 'main' into atorralba/promote-ognl-injection 2021-07-20 17:17:17 +02:00
Tony Torralba
430d9f1834 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-07-20 16:20:35 +02:00
Tony Torralba
42b6b26c10 Decouple JndiInjection.qll to reuse the taint tracking configuration 2021-07-20 15:38:34 +02:00
Tony Torralba
b8ea833a61 Merge branch 'main' into atorralba/promote-jndi-injection 2021-07-20 15:01:26 +02:00
Tony Torralba
45a72ff6eb Fix InsecureBasicAuth test expectations 2021-07-19 13:56:31 +02:00
Tony Torralba
46faf68d64 Decouple MvelInjection.qll to reuse the taint tracking configuration 2021-07-19 13:50:03 +02:00
Tony Torralba
5ca8b380e9 Merge branch 'main' into atorralba/promote-mvel-injection 2021-07-19 13:45:10 +02:00
Tony Torralba
b08f417a1e Merge branch 'main' into atorralba/promote-groovy-injection 2021-07-19 12:44:03 +02:00
Artem Smotrakov
cfe74b527a Use inline-expectation tests for StaticInitializationVector.ql 2021-07-17 01:04:52 +02:00
Artem Smotrakov
218731ca0a Added a query for static initialization vectors in encryption 
- Added StaticInitializationVector.ql
- Added StaticInitializationVector.qhelp
- Added tests
 2021-07-16 19:06:44 +02:00
Sauyon Lee
60db9e1851 Rename springframework-5.2.3 to 5.3.8 2021-06-28 08:26:39 -07:00
Chris Smowton
8aa9cd52b5 Merge pull request #5811 from mogwailabs/insecureJmxRmiServerEnvironment 
Java: Add query - insecure environment configuration during JMX/RMI server init
 2021-06-25 22:09:20 +01:00
intrigus
5aa711a956 Accept test changes. 2021-06-25 17:04:36 +02:00
intrigus
5106aec319 Fix test location. 2021-06-25 16:47:25 +02:00
intrigus
36575bb26f Move back to experimental......... 2021-06-25 16:47:25 +02:00
intrigus
592fd1e8ca Java: Accept test changes 2021-06-25 16:47:22 +02:00
intrigus
1b96d0ac54 Java: Remove overlapping code 2021-06-25 16:47:22 +02:00
Chris Smowton
2acb4de2cb Merge pull request #5955 from haby0/java/JShellCodeInjection 
Java: JShell Injection
 2021-06-24 17:03:30 +01:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
haby0
3cf71c50b8 Mobile stubs 2021-06-24 19:24:38 +08:00
Artem Smotrakov
14e724bce6 Added sinks for RmiBasedExporter and HessianExporter 2021-06-23 09:53:47 +02:00
Anders Schack-Mulligen
27c973e157 Java: Fix some qltests. 2021-06-21 16:08:52 +02:00
haby0
1750efad2a fix 2021-06-18 21:46:48 +08:00
haby0
dca737190b Modify JShellInjection.expected 2021-06-18 21:36:45 +08:00
haby0
ed0aabef46 add isAdditionalTaintStep 2021-06-18 21:36:44 +08:00
haby0
921b8e80a2 Jshell Injection 2021-06-18 21:36:44 +08:00
haby0
a73cb3f04a Fix error 2021-06-18 17:22:26 +08:00
haby0
0d18e4ff9c BeanShell Injection 2021-06-18 15:54:13 +08:00
Tony Torralba
0c71393171 Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch 2021-06-17 14:54:25 +02:00