hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

5917 Commits

Author SHA1 Message Date
github-actions[bot]
e4f25c9a13 Release preparation for version 2.23.5 2025-11-11 11:33:33 +00:00
Michael B. Gale
8ba29a7821 Revert "Release preparation for version 2.23.4" 2025-11-10 17:13:28 +00:00
github-actions[bot]
6342da9503 Release preparation for version 2.23.4 2025-11-07 17:37:29 +00:00
Michael B. Gale
6ce8f07290 Revert "Release preparation for version 2.23.4" 2025-11-07 17:28:28 +00:00
github-actions[bot]
64fcdd1f2f Release preparation for version 2.23.4 2025-11-03 14:52:23 +00:00
yoff
4461be180a Merge pull request #19539 from yoff/java/conflicting-access 2025-10-28 20:37:44 +01:00
Anders Schack-Mulligen
02a942554d Java: Remove old SSA consistency queries. 2025-10-27 12:55:43 +01:00
yoff
83508ba661 java: adjust qhelp and examples for SafePublication 2025-10-27 11:25:51 +01:00
Nicolas Will
d4787520fd Merge pull request #20690 from bdrodes/weak_symmetric_cipher_bug 
Crypto: Fix bug in weak symmetric cipher query
 2025-10-24 22:38:07 +02:00
Nicolas Will
e7bd435bee Merge pull request #20696 from bdrodes/bad_mac_decrypt_then_mac 
Crypto: Adding bad decrypt then mac order query.
 2025-10-24 22:07:26 +02:00
REDMOND\brodes
65d0ca9e53 Crypto: Simplifying expression for ql-for-ql alert. 2025-10-24 14:08:25 -04:00
REDMOND\brodes
0394816756 Crypto: typo fix 2025-10-24 14:06:52 -04:00
REDMOND\brodes
b20689fa46 Crypto: removing comments 2025-10-24 14:06:08 -04:00
REDMOND\brodes
0e624f51d5 Crypto: Adding bad decrypt then mac order query. Fixes to BadMacOrderMacOnEncryptPlaintext as well. 2025-10-24 12:44:28 -04:00
Tom Hvitved
32f21d6d49 Merge pull request #20688 from hvitved/java/request-forgery-matches-sanitizer 
Java: Treat `x.matches(regexp)` as a sanitizer for request forgery
 2025-10-24 14:34:32 +02:00
REDMOND\brodes
ed492c7d5a Crypto: Fixed bug in WeakSymmetricCipher.qll, forgot to not only filter if !=AES but the algorithm must still be a SymmetriCipher algorithm. 2025-10-24 08:16:22 -04:00
Tom Hvitved
ce379161fc Add change note 2025-10-24 09:34:11 +02:00
REDMOND\brodes
dd60cf9395 Crypto: Adjust output of bad mac order queries, update associated bad mac order expected results, fix erroneous change to ID for a slicing query, update model to specify elliptic curve type as a property, update associated graph test expected files, update the not_included_in_qls.expected to reflect all queries now under quantum. 2025-10-22 10:29:31 -04:00
REDMOND\brodes
c50175bc9b Crypto: ql-for-ql alert fixes. 2025-10-21 10:32:00 -04:00
yoff
de05bfbce3 java: address review comments 
- do not use `getQualifiedName`
- use camelCase
- rework alert predicates
 2025-10-21 13:25:26 +02:00
yoff
715acefacc Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-10-21 12:52:59 +02:00
REDMOND\brodes
22c0f9fa91 Crypto: Adding a proof of concept bad mac ordering predicate that takes in an ArtifactNode to be used for graph generation to intercept nodes with known mac ordering issues, in order to format the node and output error messages in the graph. 2025-10-20 16:24:31 -04:00
REDMOND\brodes
eff94ef91f Crypto: To allow for graph generation to have properties informed by assessments, altering a few queries weak/vuln/bad crypto to have qll files that can be accessed for other purposes, like graph generation. Also altering weak symmetric cipher to look for non-aes algorithms to be more comprehensive. 2025-10-20 15:51:07 -04:00
Ben Rodes
2b683c210f Merge branch 'main' into santander-java-crypto-check 2025-10-18 17:56:43 -04:00
REDMOND\brodes
c01c060476 Crypto: more ID renaming to include "examples", fix singleton issues with ql-for-ql, use formatted test for WeakAsymmetricKeyGenSize (add post processing in the qlref), misc expected files updated (test passed locally but on rerun vscode reports failures, known bug with vscode unit tests). 2025-10-17 14:13:53 -04:00
REDMOND\brodes
b06e05362b Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production. 2025-10-17 13:39:50 -04:00
REDMOND\brodes
1b205d8673 Removing WeakRSA, this is redundant with weak asymmetric key size. 2025-10-17 13:39:05 -04:00
REDMOND\brodes
628bab92fc Crypto: Modify BadMacOrderMacOnEncryptPlaintext to be a path query that traces through any intermediate encrypt or mac to the final encrypt or mac. 2025-10-17 12:06:34 -04:00
REDMOND\brodes
ff7840dc9f Crypto: removing precision tags on experimental queries. 2025-10-17 10:52:32 -04:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
yoff
61a3e9630f java: rewrite conflict detection 
- favour unary predicates over binary ones
(the natural "conflicting access" is binary)
- switch to a dual solution to trade recursion through forall for simple existentials.

Co-authored-by: Anders Schack-Mulligen <aschackmull@github.com>
 2025-10-17 01:43:04 +02:00
REDMOND\brodes
ef6f0222f2 Crypto: Addressing FPs in BadMacOrderMacOnEncryptPlaintext 2025-10-16 16:11:42 -04:00
REDMOND\brodes
700f34e53a Crypto: Bad Mac use tests, and fix for BadMacOrderMacOnEncryptPlaintext (barriers were blocking flow through an encrypt to a subsequent mac on the same plaintext) 2025-10-16 15:44:57 -04:00
REDMOND\brodes
79ccef3a58 Crypto: Initial sketch for unknown hash, the model needs to recognize unknowns but where the algorithm category (e.g., hashing) is known. 2025-10-16 11:03:16 -04:00
REDMOND\brodes
15e266db94 Crypto: Tweaks to bad crypto ordering queries. 2025-10-15 14:20:40 -04:00
REDMOND\brodes
c6174fbb93 Crypto: remove precision tag 2025-10-15 14:10:16 -04:00
REDMOND\brodes
c7be23e1fe Crypto: Remove all precision tags from all experimental queries. Precision is largely in flux while the models are being developed. 2025-10-15 09:22:04 -04:00
REDMOND\brodes
bf9a249624 Crypto: Experimental queries for mac ordering 2025-10-15 08:06:50 -04:00
Joe Farebrother
f57526eedc Merge pull request #20572 from joefarebrother/java-httponly-cookie-promote 
Java: Promote Sensitive Cookie without HttpOnly query from experimental
 2025-10-15 10:28:40 +01:00
Joe Farebrother
d8b37d0cde Review suggestions - update comments and description 2025-10-14 16:03:40 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
REDMOND\brodes
55bbcee301 Crypto: Make WeakAsymmetricKeyGenSize a path problem. 2025-10-13 17:04:29 -04:00
REDMOND\brodes
7e8acd76c3 Crypto: Update WeakAsymmetricKeyGenSize to a path problem. 2025-10-13 15:48:32 -04:00
REDMOND\brodes
8b5a42328e Crypto: Convert ReusedNonce.ql into a path problem. 2025-10-13 15:34:41 -04:00
REDMOND\brodes
7847e92670 Crypto: Update KDF iteration and count to be path problems 2025-10-13 15:30:53 -04:00
REDMOND\brodes
76128ed8dc Crypto: Update InsecureIVorNonce to be a path problem. 2025-10-13 15:29:57 -04:00
REDMOND\brodes
4b241d7065 Crypto: adding initial weak hash query overhaul and tests, but no expected file yet. 2025-10-13 12:04:51 -04:00
Joe Farebrother
093b04f79f Update comments 2025-10-13 14:51:30 +01:00
Joe Farebrother
1c54296545 Add change note 2025-10-13 14:51:17 +01:00