hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

5940 Commits

Author SHA1 Message Date
REDMOND\brodes
628bab92fc Crypto: Modify BadMacOrderMacOnEncryptPlaintext to be a path query that traces through any intermediate encrypt or mac to the final encrypt or mac. 2025-10-17 12:06:34 -04:00
REDMOND\brodes
ff7840dc9f Crypto: removing precision tags on experimental queries. 2025-10-17 10:52:32 -04:00
Owen Mansel-Chan
66f95bcbcd Merge pull request #20603 from owen-mc/update-broken-algo-qhelp 
Many languages: Update broken algo qhelp
 2025-10-17 12:30:43 +01:00
yoff
61a3e9630f java: rewrite conflict detection 
- favour unary predicates over binary ones
(the natural "conflicting access" is binary)
- switch to a dual solution to trade recursion through forall for simple existentials.

Co-authored-by: Anders Schack-Mulligen <aschackmull@github.com>
 2025-10-17 01:43:04 +02:00
REDMOND\brodes
ef6f0222f2 Crypto: Addressing FPs in BadMacOrderMacOnEncryptPlaintext 2025-10-16 16:11:42 -04:00
REDMOND\brodes
700f34e53a Crypto: Bad Mac use tests, and fix for BadMacOrderMacOnEncryptPlaintext (barriers were blocking flow through an encrypt to a subsequent mac on the same plaintext) 2025-10-16 15:44:57 -04:00
REDMOND\brodes
79ccef3a58 Crypto: Initial sketch for unknown hash, the model needs to recognize unknowns but where the algorithm category (e.g., hashing) is known. 2025-10-16 11:03:16 -04:00
REDMOND\brodes
15e266db94 Crypto: Tweaks to bad crypto ordering queries. 2025-10-15 14:20:40 -04:00
REDMOND\brodes
c6174fbb93 Crypto: remove precision tag 2025-10-15 14:10:16 -04:00
REDMOND\brodes
c7be23e1fe Crypto: Remove all precision tags from all experimental queries. Precision is largely in flux while the models are being developed. 2025-10-15 09:22:04 -04:00
REDMOND\brodes
bf9a249624 Crypto: Experimental queries for mac ordering 2025-10-15 08:06:50 -04:00
Joe Farebrother
f57526eedc Merge pull request #20572 from joefarebrother/java-httponly-cookie-promote 
Java: Promote Sensitive Cookie without HttpOnly query from experimental
 2025-10-15 10:28:40 +01:00
Joe Farebrother
d8b37d0cde Review suggestions - update comments and description 2025-10-14 16:03:40 +01:00
github-actions[bot]
6dd07790ac Post-release preparation for codeql-cli-2.23.3 2025-10-14 11:16:33 +00:00
github-actions[bot]
33542f7d40 Release preparation for version 2.23.3 2025-10-14 09:30:24 +00:00
REDMOND\brodes
55bbcee301 Crypto: Make WeakAsymmetricKeyGenSize a path problem. 2025-10-13 17:04:29 -04:00
REDMOND\brodes
7e8acd76c3 Crypto: Update WeakAsymmetricKeyGenSize to a path problem. 2025-10-13 15:48:32 -04:00
REDMOND\brodes
8b5a42328e Crypto: Convert ReusedNonce.ql into a path problem. 2025-10-13 15:34:41 -04:00
REDMOND\brodes
7847e92670 Crypto: Update KDF iteration and count to be path problems 2025-10-13 15:30:53 -04:00
REDMOND\brodes
76128ed8dc Crypto: Update InsecureIVorNonce to be a path problem. 2025-10-13 15:29:57 -04:00
REDMOND\brodes
4b241d7065 Crypto: adding initial weak hash query overhaul and tests, but no expected file yet. 2025-10-13 12:04:51 -04:00
Joe Farebrother
093b04f79f Update comments 2025-10-13 14:51:30 +01:00
Joe Farebrother
1c54296545 Add change note 2025-10-13 14:51:17 +01:00
Joe Farebrother
c4781146c0 Remove experimental query and tests 2025-10-13 14:51:10 +01:00
Joe Farebrother
c799f93811 Update tests and add inline expectations 2025-10-13 14:51:04 +01:00
Joe Farebrother
e1cf3d30d2 Update documentation, rename things and add more comments to explain how the implementation works, remove filter for test code (prefer to filter in code scanning ui than in query logic) 2025-10-13 14:50:57 +01:00
Joe Farebrother
54aefe0dce Copy experimental query to main 2025-10-13 14:50:51 +01:00
REDMOND\brodes
e76ced1513 Crypto: Updating weak asymmetric key gen to include key exchange. 2025-10-10 15:32:39 -04:00
REDMOND\brodes
d68f3cff8b Crypto: InsecureIVorNonceSource now ignored null to avoid being too noisy. 2025-10-10 14:51:16 -04:00
REDMOND\brodes
36673659ad Crypto: Weak asymmetric key gen size fixes and test. 2025-10-10 14:49:35 -04:00
REDMOND\brodes
758759a304 Crypto: Reused nonce query updates and test updates to address false positives. 2025-10-10 12:25:31 -04:00
REDMOND\brodes
fba80870a6 Crypto: Example query reorg - moving queries of this PR into 'examples' subdirectories. 2025-10-09 09:03:00 -04:00
REDMOND\brodes
deb43735be Crypto: Minor fixes to WeakSymmetricCipher, change to a singular name for consistency. 2025-10-09 08:39:39 -04:00
REDMOND\brodes
3dedda4233 Merge branch 'santander-java-crypto-check' of https://github.com/bdrodes/codeql into santander-java-crypto-check 2025-10-09 08:18:04 -04:00
REDMOND\brodes
c6cc4fff51 Crypto: Minor fixes to WeakBlockModes, WeakHash to consider SHA3 ok, Added unknown hash. 2025-10-09 08:16:28 -04:00
Nicolas Will
fdba3acc4b Crypto: Fix QL-for-QL alert and auto-format 2025-10-09 13:59:51 +02:00
yoff
1ad239459f java: move shared code into Concurrency.qll 2025-10-09 13:36:35 +02:00
yoff
830f02af1f java: fixes from the CI bots 2025-10-09 09:37:31 +02:00
yoff
5b30153113 java: add Escaping query (P1) 2025-10-09 09:14:16 +02:00
yoff
328b53576a java: add SafePublication query (P2) 2025-10-09 09:14:16 +02:00
yoff
fe487e8bf0 java: add ThreadSafe query (P3) 
Co-authored-by: Raúl Pardo <raul.pardo@protonmail.com>
Co-authored-by: SimonJorgensenMancofi <simon.jorgensen@mancofi.dk>
Co-authored-by: Bjørnar Haugstad Jåtten <bjornjaat@hotmail.com>
 2025-10-09 09:14:16 +02:00
REDMOND\brodes
f524de4afc Crypto: Updating insecure iv/nonce to consider if an operation is known for it, and if so do not alert on non-secure random if it is tied to decryption 2025-10-08 16:27:18 -04:00
REDMOND\brodes
11e81395b5 Crypto: Updated default flows to use taint tracking (this is needed to fix false positives in the unknown IV/Nonce query). Add the unknown IV/Nonce query and associated test cases. Fix unknown IV/Nonce query to focus on cases where the oepration isn't known or the operation subtype is not encrypt or wrap. 2025-10-08 14:14:17 -04:00
REDMOND\brodes
8e10e1937d Crypto: Adding query for unknown IV initialization. 2025-10-08 12:49:54 -04:00
REDMOND\brodes
83ff70bcd8 Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals. 2025-10-08 12:47:58 -04:00
REDMOND\brodes
bd34b6ce02 Crypto: Removing JCA model of random, need to reassess this as this impacts the insecure IV/Nonce query. Updated name of the Insecure nonce query to be InsecureIVorNonce 2025-10-08 11:41:21 -04:00
REDMOND\brodes
143be8cc35 Crypto: Remove redundant queries. 2025-10-08 10:26:05 -04:00
REDMOND\brodes
1b1b333e8b Crypto: Modify suggested queries per misc. side conversations on standards. Remove redundant query. Fix QL-for-QL issues. 2025-10-08 10:21:06 -04:00
REDMOND\brodes
bba541c016 Merge remote-tracking branch 'upstream/java-crypto-check' into santander-java-crypto-check 2025-10-08 09:30:26 -04:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00