hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

13974 Commits

Author SHA1 Message Date
REDMOND\brodes
0394816756 Crypto: typo fix 2025-10-24 14:06:52 -04:00
REDMOND\brodes
b20689fa46 Crypto: removing comments 2025-10-24 14:06:08 -04:00
REDMOND\brodes
0e624f51d5 Crypto: Adding bad decrypt then mac order query. Fixes to BadMacOrderMacOnEncryptPlaintext as well. 2025-10-24 12:44:28 -04:00
Tom Hvitved
32f21d6d49 Merge pull request #20688 from hvitved/java/request-forgery-matches-sanitizer 
Java: Treat `x.matches(regexp)` as a sanitizer for request forgery
 2025-10-24 14:34:32 +02:00
REDMOND\brodes
ed492c7d5a Crypto: Fixed bug in WeakSymmetricCipher.qll, forgot to not only filter if !=AES but the algorithm must still be a SymmetriCipher algorithm. 2025-10-24 08:16:22 -04:00
Tom Hvitved
a4eab484ce Address review comments 2025-10-24 13:32:39 +02:00
Tom Hvitved
ce379161fc Add change note 2025-10-24 09:34:11 +02:00
Tom Hvitved
7a9cb64e2e Java: Treat x.matches(regexp) as a sanitizer for request forgery 2025-10-24 09:06:57 +02:00
Anders Schack-Mulligen
72d83cc966 ControlFlowReachability: Align the SSA signature with the one from shared SSA. 2025-10-23 10:57:21 +02:00
Anders Schack-Mulligen
f257c7a570 Guards: Align the SSA signature with the one from shared SSA. 2025-10-23 10:23:22 +02:00
Anders Schack-Mulligen
20147cdd2b Shared/Java: Rename ControlFlowReachability library. 2025-10-23 09:07:34 +02:00
Anders Schack-Mulligen
8a3f62b9b6 Merge pull request #20558 from aschackmull/csharp/guards3 
C#: Instantiate shared Guards and shared ControlFlowReachability and replace nullness
 2025-10-23 08:43:14 +02:00
REDMOND\brodes
bdad95d810 Crypto: Fixed alphabetical ordering issue in not_included_in_qls.expected 2025-10-22 15:56:14 -04:00
REDMOND\brodes
08379393b3 Crypto: Fix off by one column issue in unit tests. 2025-10-22 15:50:33 -04:00
REDMOND\brodes
3561d01144 Crytpo: Trying to fix in pipeline test failure, experimentally altering a line to see if this forces the test to pass. The test is off by one column in the piepline 2025-10-22 14:16:12 -04:00
REDMOND\brodes
db6d3ad054 Crypto: Fix typo in not_included_in_qls.expected. 2025-10-22 10:31:19 -04:00
REDMOND\brodes
dd60cf9395 Crypto: Adjust output of bad mac order queries, update associated bad mac order expected results, fix erroneous change to ID for a slicing query, update model to specify elliptic curve type as a property, update associated graph test expected files, update the not_included_in_qls.expected to reflect all queries now under quantum. 2025-10-22 10:29:31 -04:00
Napalys Klicius
9c70ae04fb Add change note 2025-10-22 11:48:16 +00:00
Napalys Klicius
91b0aaa631 Java: Lower security-severity for Insecure Cookie query to 4.0 2025-10-22 11:45:04 +00:00
Napalys Klicius
fa47174013 CWE-020: Lower security-severity for OverlyLargeRange queries to 4.0 2025-10-22 11:32:33 +00:00
REDMOND\brodes
b374ba3d0c Crypto: Updating java 'location' information to be just a location's toString to be more verbose/precise. 2025-10-21 11:48:37 -04:00
REDMOND\brodes
ddeb42cddb Crypto: Adding false positive to BadMacUse.java, we have no way to avoid this FP currently but should note it exists in the test case. 2025-10-21 11:04:57 -04:00
REDMOND\brodes
c50175bc9b Crypto: ql-for-ql alert fixes. 2025-10-21 10:32:00 -04:00
yoff
9e77e5b046 java: add test with deeper paths 
also format test files
 2025-10-21 14:02:36 +02:00
yoff
f183a7223f java: add test for notFullyMonitored 2025-10-21 13:40:29 +02:00
yoff
f4878b3806 java: make as many predicates private as possible 2025-10-21 13:25:26 +02:00
yoff
de05bfbce3 java: address review comments 
- do not use `getQualifiedName`
- use camelCase
- rework alert predicates
 2025-10-21 13:25:26 +02:00
yoff
715acefacc Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2025-10-21 12:52:59 +02:00
REDMOND\brodes
22c0f9fa91 Crypto: Adding a proof of concept bad mac ordering predicate that takes in an ArtifactNode to be used for graph generation to intercept nodes with known mac ordering issues, in order to format the node and output error messages in the graph. 2025-10-20 16:24:31 -04:00
REDMOND\brodes
eff94ef91f Crypto: To allow for graph generation to have properties informed by assessments, altering a few queries weak/vuln/bad crypto to have qll files that can be accessed for other purposes, like graph generation. Also altering weak symmetric cipher to look for non-aes algorithms to be more comprehensive. 2025-10-20 15:51:07 -04:00
REDMOND\brodes
cc436e897d Merge branch 'santander-java-crypto-check' of https://github.com/bdrodes/codeql into santander-java-crypto-check 2025-10-20 15:24:40 -04:00
REDMOND\brodes
354effe829 Crypto: Missing hash algorithms for HMAC operations in jca. 2025-10-20 15:24:18 -04:00
Ben Rodes
2b683c210f Merge branch 'main' into santander-java-crypto-check 2025-10-18 17:56:43 -04:00
REDMOND\brodes
c01c060476 Crypto: more ID renaming to include "examples", fix singleton issues with ql-for-ql, use formatted test for WeakAsymmetricKeyGenSize (add post processing in the qlref), misc expected files updated (test passed locally but on rerun vscode reports failures, known bug with vscode unit tests). 2025-10-17 14:13:53 -04:00
REDMOND\brodes
540daa6df2 Crypto: weak symmetric cipher tests. 2025-10-17 13:40:15 -04:00
REDMOND\brodes
b06e05362b Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production. 2025-10-17 13:39:50 -04:00
REDMOND\brodes
1b205d8673 Removing WeakRSA, this is redundant with weak asymmetric key size. 2025-10-17 13:39:05 -04:00
REDMOND\brodes
b4ecb91c83 Crypto: Add missing cipher algorithms to JCA. Update node tests to account for missing cipher algorithms. 2025-10-17 13:38:47 -04:00
REDMOND\brodes
f480d90a68 Crypto: Add missing block mode JCA Models, add block mode unit tests 2025-10-17 13:13:14 -04:00
REDMOND\brodes
e12734162f Crypto: WeakKDFKeySize tests. 2025-10-17 12:32:24 -04:00
REDMOND\brodes
628bab92fc Crypto: Modify BadMacOrderMacOnEncryptPlaintext to be a path query that traces through any intermediate encrypt or mac to the final encrypt or mac. 2025-10-17 12:06:34 -04:00
REDMOND\brodes
ff7840dc9f Crypto: removing precision tags on experimental queries. 2025-10-17 10:52:32 -04:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
yoff
3a0a8999d5 java: fix ql alerts 2025-10-17 01:52:23 +02:00
yoff
61a3e9630f java: rewrite conflict detection 
- favour unary predicates over binary ones
(the natural "conflicting access" is binary)
- switch to a dual solution to trade recursion through forall for simple existentials.

Co-authored-by: Anders Schack-Mulligen <aschackmull@github.com>
 2025-10-17 01:43:04 +02:00
REDMOND\brodes
ef6f0222f2 Crypto: Addressing FPs in BadMacOrderMacOnEncryptPlaintext 2025-10-16 16:11:42 -04:00
REDMOND\brodes
5923e5cbb0 Crypto: Bad expected files in last push. 2025-10-16 15:45:27 -04:00
REDMOND\brodes
700f34e53a Crypto: Bad Mac use tests, and fix for BadMacOrderMacOnEncryptPlaintext (barriers were blocking flow through an encrypt to a subsequent mac on the same plaintext) 2025-10-16 15:44:57 -04:00
REDMOND\brodes
b9b0037e07 Crypto: Comment todo for observed missing modeled case. Tests for weak and unknown KDF iteration count. 2025-10-16 14:07:45 -04:00
REDMOND\brodes
3f36b09b3c Crypto: Rename tests for weak asymmetric key gen size. 2025-10-16 11:18:36 -04:00