hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,347 Commits 1,672 Branches 157 Tags
hmac/command-injection-from-library-inputs
Commit Graph

27 Commits

Author SHA1 Message Date
Chris Smowton
f981fee37d Adjust test expectation 2022-02-25 20:05:06 +00:00
Chris Smowton
8fbd8c52dd Fix test expectations 2022-02-25 17:35:52 +00:00
Chris Smowton
e02a3d0ddd Rename qlref file 2022-02-25 17:33:08 +00:00
Ahmed Farid
3a2d514b18 Create ComparingValueOfSensetiveHeader.qlref 2022-02-25 17:33:08 +00:00
Ahmed Farid
0d278f6d61 Create Test.java 2022-02-25 17:33:08 +00:00
Ahmed Farid
1bc5fe13eb Update and rename java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader.expected to java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/TimingAttackAgainstHeader.expected 2022-02-25 17:33:08 +00:00
Ahmed Farid
63133f7e8b Update TimingAttackAgainstHeader.expected 2022-02-25 17:33:08 +00:00
Ahmed Farid
f2457dafb5 Create TimingAttackAgainstHeader.expected 2022-02-25 17:33:08 +00:00
Chris Smowton
091227982c Delete unnecessary test files 2022-02-25 17:33:08 +00:00
Ahmed Farid
19d0e1f4a7 Create ComparingValueOfSensetiveHeader.qlref 2022-02-25 17:33:07 +00:00
ahmed532009
a0a1c587e5 Create ComparingValueOfSensetiveHeader.java 2022-02-25 17:33:07 +00:00
Anders Schack-Mulligen
f6541811d2 Dataflow: Update more tests. 2021-09-07 13:02:20 +02:00
Chris Smowton
171dc26531 Fix test reference and expectations 2021-08-09 13:56:55 +01:00
Fosstars
44e52517ad Removed unsafeMacCheckWithArraysDeepEquals() test 2021-08-01 10:12:38 +02:00
Fosstars
ad54c9d937 Two queries for timing attacks 2021-08-01 09:47:07 +02:00
Artem Smotrakov
e3b6ceade5 Renamed NonConstantTimeCryptoComparison.ql to NonConstantTimeCheckOnSignature.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
8b557765b3 Narrow NonConstantTimeCryptoComparison.ql to timing attack on signatures and MACs only 2021-08-01 09:47:06 +02:00
Artem Smotrakov
1f2a9cdda7 Added taint propagation steps for hashes in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
c96d939cf5 Covered custom fast-fail checks in NonConstantTimeCryptoComparison.ql 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-08-01 09:47:06 +02:00
Artem Smotrakov
8c4da16459 More test cases for java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
a4f3a5a88e Take into account remote user input in java/non-constant-time-crypto-comparison 2021-08-01 09:47:03 +02:00
Artem Smotrakov
8e6d227dc0 More sinks for java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:03 +02:00
Artem Smotrakov
dfa3b523d0 Renamed files 2021-08-01 09:47:03 +02:00
Artem Smotrakov
75f67959f3 Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5dbcf1d611 Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
f245dc3ac8 Removed hashes from NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
67579dd1d8 Added tests for NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:01 +02:00