codeql

hohn/codeql

Fork 0

mirror of https://github.com/github/codeql.git synced 2026-05-20 22:27:18 +02:00

Commit Graph

Author	SHA1	Message	Date
MarkLee131	da4a2238bc	Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs - Model Signature.getInstance() as CryptoAlgoSpec sink (previously only Signature constructor was modeled) - Add HMAC-based algorithms (HMACSHA1/256/384/512, HmacSHA1/256/384/512) and PBKDF2 to the secure algorithm whitelist - Fix XDH/X25519/X448 tests to use KeyAgreement.getInstance() instead of KeyPairGenerator.getInstance() to match their key agreement semantics - Add test cases for SHA384withECDSA, HMACSHA*, and PBKDF2WithHmacSHA1 from user-reported false positives - Update change note to document all additions	2026-03-28 16:53:46 +08:00
MarkLee131	a9449cc991	Add EC to secure algorithm whitelist for Java CWE-327 query	2026-03-28 16:48:58 +08:00
Pavel Avgustinov	846c9d5860	Migrate Java code to separate QL repo.	2018-08-30 10:48:05 +01:00

Author

SHA1

Message

Date

MarkLee131

da4a2238bc

Address PR review: add Signature.getInstance sink, HMAC/PBKDF2 whitelist, fix test APIs

- Model Signature.getInstance() as CryptoAlgoSpec sink (previously only
  Signature constructor was modeled)
- Add HMAC-based algorithms (HMACSHA1/256/384/512, HmacSHA1/256/384/512)
  and PBKDF2 to the secure algorithm whitelist
- Fix XDH/X25519/X448 tests to use KeyAgreement.getInstance() instead of
  KeyPairGenerator.getInstance() to match their key agreement semantics
- Add test cases for SHA384withECDSA, HMACSHA*, and PBKDF2WithHmacSHA1
  from user-reported false positives
- Update change note to document all additions

2026-03-28 16:53:46 +08:00

MarkLee131

a9449cc991

Add EC to secure algorithm whitelist for Java CWE-327 query

2026-03-28 16:48:58 +08:00

Pavel Avgustinov

846c9d5860

Migrate Java code to separate QL repo.

2018-08-30 10:48:05 +01:00

3 Commits