hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,884 Commits 1,671 Branches 157 Tags
main
Commit Graph

14067 Commits

Author SHA1 Message Date
REDMOND\brodes
f524de4afc Crypto: Updating insecure iv/nonce to consider if an operation is known for it, and if so do not alert on non-secure random if it is tied to decryption 2025-10-08 16:27:18 -04:00
REDMOND\brodes
7a57496c54 Crypto: Missing test update. 2025-10-08 14:16:47 -04:00
REDMOND\brodes
11e81395b5 Crypto: Updated default flows to use taint tracking (this is needed to fix false positives in the unknown IV/Nonce query). Add the unknown IV/Nonce query and associated test cases. Fix unknown IV/Nonce query to focus on cases where the oepration isn't known or the operation subtype is not encrypt or wrap. 2025-10-08 14:14:17 -04:00
REDMOND\brodes
75b5a9fda8 Crypto: Update general regression test results to account for removal of JCA random source. 2025-10-08 12:55:11 -04:00
REDMOND\brodes
8e10e1937d Crypto: Adding query for unknown IV initialization. 2025-10-08 12:49:54 -04:00
REDMOND\brodes
83ff70bcd8 Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals. 2025-10-08 12:47:58 -04:00
REDMOND\brodes
bd34b6ce02 Crypto: Removing JCA model of random, need to reassess this as this impacts the insecure IV/Nonce query. Updated name of the Insecure nonce query to be InsecureIVorNonce 2025-10-08 11:41:21 -04:00
REDMOND\brodes
143be8cc35 Crypto: Remove redundant queries. 2025-10-08 10:26:05 -04:00
REDMOND\brodes
1b1b333e8b Crypto: Modify suggested queries per misc. side conversations on standards. Remove redundant query. Fix QL-for-QL issues. 2025-10-08 10:21:06 -04:00
REDMOND\brodes
cf88e3f52d Crypto: Standardize naming where use of "family" and "type" have been used. Prefer 'type'. 2025-10-08 09:54:53 -04:00
REDMOND\brodes
bba541c016 Merge remote-tracking branch 'upstream/java-crypto-check' into santander-java-crypto-check 2025-10-08 09:30:26 -04:00
Owen Mansel-Chan
0bcdb91639 Improve qhelp for broken crypto algo queries 
Previously it focussed too much on the risk of data being decrypted,
and didn't explain why using weak algorithms is a problem in other
contexts.
 2025-10-08 14:10:54 +01:00
Anders Schack-Mulligen
99f5dcaaa4 Java: Fix bug in ConstantExpAppearsNonConstant. 2025-10-08 10:32:51 +02:00
Idriss Riouak
28fe20e3e4 Merge pull request #20595 from github/idrissrio/java-lambda 
Java: Add integration test for buildless lambda recovery
 2025-10-08 09:53:29 +02:00
Alex Eyers-Taylor
77d4af153d Java: Make some query libraries local. 2025-10-07 18:24:37 +01:00
Alex Eyers-Taylor
542bdf0792 Java: Use Overlay dataflow in java. 2025-10-07 17:52:12 +01:00
Alex Eyers-Taylor
c49e2ab2da DataFlow: Add code to do overlay informed dataflow. 2025-10-07 17:52:12 +01:00
idrissrio
f69e5f5ffc Java: Accept new test results after extractor changes 2025-10-07 16:55:53 +02:00
idrissrio
55b15a261a Java: Add integration test for buildless lambda recovery 2025-10-07 16:55:52 +02:00
Anders Schack-Mulligen
18e33b193e Merge pull request #20589 from aschackmull/java/array-entrypoint-read-taint 
Java: Allow taint-read-steps for array sources.
 2025-10-07 15:04:03 +02:00
Anders Schack-Mulligen
7dadbc43fb Java: Add change note. 2025-10-07 13:51:49 +02:00
Anders Schack-Mulligen
f0bfd7053e Java: Add test case. 2025-10-07 13:40:44 +02:00
Anders Schack-Mulligen
11665bea0a Java: Allow taint-read-steps for array sources. 2025-10-07 10:10:02 +02:00
idrissrio
5c6d187ef2 Java: Fix buildless test HTTP server binding on macOS26 2025-10-07 09:24:55 +02:00
Nicolas Will
e2a8d58e02 Merge pull request #20583 from bdrodes/jca_signature_extensions 
Crypto: Add JCA signatures, RNG, and unit tests
 2025-10-06 18:51:30 +02:00
REDMOND\brodes
cb812b47ed Crypto: more non-ascii removal. 2025-10-06 11:53:39 -04:00
Nicolas Will
9e278b9fa4 Merge pull request #20258 from bdrodes/java_nonce_reuse_tests 
Crypto: Add reuse nonce test for Java
 2025-10-06 17:42:25 +02:00
REDMOND\brodes
017a956d5e Crypto: more non-ascii removal. 2025-10-06 11:34:45 -04:00
REDMOND\brodes
abeb3141b1 Crypto: Formatting test cases, more removal of non-ascii 2025-10-06 10:46:09 -04:00
Nicolas Will
15e9bb9cc1 Format Test and update .expected 2025-10-06 16:29:25 +02:00
REDMOND\brodes
96f6832a6f Crypto: Updating expected files for unit tests. 2025-10-06 10:07:15 -04:00
REDMOND\brodes
606aef38cb Crypto: Removing non-ascii characters from unit tests 2025-10-06 09:56:14 -04:00
Ben Rodes
b32a6407b9 Update java/ql/lib/experimental/quantum/JCA.qll 
Co-authored-by: Nicolas Will <nicolaswill@github.com>
 2025-10-06 09:04:19 -04:00
Idriss Riouak
4a1157bff9 Merge pull request #20491 from github/idrissrio/java-maven 
Java: Integration tests for Maven 4
 2025-10-06 14:57:22 +02:00
Nicolas Will
579da1dbd6 Fix QL-for-QL alerts 2025-10-06 14:45:45 +02:00
idrissrio
a22ec2d9c6 Java: Accept new test results after extractor changes 2025-10-06 11:18:16 +02:00
idrissrio
f6b6a007b1 Java: Add integration tests for Maven 4 2025-10-06 11:18:15 +02:00
REDMOND\brodes
9fa30a3884 Crypto: Updating algorithm string literals and key generation algorithm literal sources to include signatures. 2025-10-03 18:09:27 -04:00
REDMOND\brodes
9c5765a48c Crypto: Add missing string constants for signature algorithms. 2025-10-03 17:17:07 -04:00
REDMOND\brodes
66e9d7671d Crypto: Add jca unit tests. 2025-10-03 13:32:02 -04:00
REDMOND\brodes
f1eb6511a7 Crypto: Add modeling for JCA signatures. Make consistent use of "unknown" or "other" for unrecognized types. 2025-10-03 12:07:37 -04:00
Anders Schack-Mulligen
ca7d56023a ControlFlow: Rename getAPhiInput to getAnInput. 2025-10-03 15:29:31 +02:00
REDMOND\brodes
a46bd4c4ca Crypto: JCA random number generation model. 2025-10-02 15:21:28 -04:00
Ben Rodes
e823d80f0c Merge branch 'main' into java_nonce_reuse_tests 2025-10-02 13:31:40 -04:00
Nicolas Will
4901cdf929 Crypto: Refactor and change casts to super 2025-10-02 18:43:38 +02:00
REDMOND\brodes
9673b81677 Crypto: Update JCA 'wihHmac" raw name to be the entire raw string, not just "Hmac" 2025-10-02 11:49:23 -04:00
REDMOND\brodes
704a06e1fa Crypto: Update JCA PBKDF2 modeling: 1) add further inheritance structures to make the inheritance decomposition and caveats clearer, and 2) use getConsumer to establish the hash and hmac consumer. Update the Model to expect hash node types specifically for HMAC getHashALgorithmOrUnknown. 2025-10-02 11:45:13 -04:00
REDMOND\brodes
850c1ec12d Crypto: Fix use of a member where a singleton set literal exists 2025-10-02 09:20:40 -04:00
REDMOND\brodes
b08533b322 Crypto: Fix missing output variable 2025-10-02 09:10:50 -04:00
REDMOND\brodes
c37b7c1389 Merge branch 'signature_model_refactor' of https://github.com/bdrodes/codeql into signature_model_refactor 2025-10-02 09:05:09 -04:00