codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Tony Torralba	8b50b3d00f	Add jackson-core to test dependencies	2021-08-02 16:04:49 +02:00
Chris Smowton	09a873138d	Add missing qldoc	2021-08-02 14:48:42 +01:00
Chris Smowton	170bb43393	Update java/ql/test/library-tests/frameworks/json-java/test.ql Remove unnecessary import Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-08-02 14:46:38 +01:00
Chris Smowton	8a78075d3d	Remove redundant method taint flow specifications	2021-08-02 14:30:31 +01:00
Anders Schack-Mulligen	53e6ddfeb6	Merge pull request #6001 from atorralba/atorralba/promote-mvel-injection Java: Promote MVEL injection query from experimental	2021-08-02 14:40:26 +02:00
Tony Torralba	f4b78ef3bd	Fix stubs	2021-08-02 14:12:05 +02:00
Tony Torralba	9b384d84cc	Merge branch 'main' into atorralba/promote-ognl-injection	2021-08-02 14:06:45 +02:00
Tony Torralba	351a24558d	Add tests for JacksonSerializability Upgraded jackson stubs to 2.12	2021-08-02 14:03:30 +02:00
Tony Torralba	632ae747c7	Fix JacksonModel duplicate row	2021-08-02 12:53:30 +02:00
Anders Schack-Mulligen	3b676d432f	Merge pull request #5900 from artem-smotrakov/unsafe-jackson-deserialization Java: Unsafe deserialization with Jackson	2021-08-02 12:45:30 +02:00
Anders Schack-Mulligen	6c973b59ac	Update java/ql/src/semmle/code/java/frameworks/Jackson.qll	2021-08-02 10:16:42 +02:00
Tony Torralba	9fadb26325	Fix qhelp sample	2021-08-02 10:00:59 +02:00
Tony Torralba	4435853c8a	Apply suggestions from code review Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-08-02 09:56:40 +02:00
Fosstars	bd7e7b1371	Better qldoc for timing attacks	2021-08-01 10:18:37 +02:00
Fosstars	44e52517ad	Removed unsafeMacCheckWithArraysDeepEquals() test	2021-08-01 10:12:38 +02:00
Fosstars	0fc487fb04	Better qhelp for timing attacks	2021-08-01 09:57:14 +02:00
Artem Smotrakov	9b953cf0fc	Apply suggestions from code review Co-authored-by: Chris Smowton <smowton@github.com>	2021-08-01 09:47:07 +02:00
Fosstars	ad54c9d937	Two queries for timing attacks	2021-08-01 09:47:07 +02:00
Artem Smotrakov	e3b6ceade5	Renamed NonConstantTimeCryptoComparison.ql to NonConstantTimeCheckOnSignature.ql	2021-08-01 09:47:06 +02:00
Artem Smotrakov	8b557765b3	Narrow NonConstantTimeCryptoComparison.ql to timing attack on signatures and MACs only	2021-08-01 09:47:06 +02:00
Artem Smotrakov	c359852608	Consider only Cipher.ENCRYPT_MODE in NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:06 +02:00
Artem Smotrakov	1f2a9cdda7	Added taint propagation steps for hashes in NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:06 +02:00
Artem Smotrakov	c96d939cf5	Covered custom fast-fail checks in NonConstantTimeCryptoComparison.ql Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-08-01 09:47:06 +02:00
Artem Smotrakov	6500a1bbbb	More references in NonConstantTimeCryptoComparison.qhelp	2021-08-01 09:47:05 +02:00
Artem Smotrakov	860e8f379e	Better signatures in java/non-constant-time-crypto-comparison	2021-08-01 09:47:05 +02:00
Artem Smotrakov	1b4ee05b80	Better docs for java/non-constant-time-crypto-comparison	2021-08-01 09:47:05 +02:00
Artem Smotrakov	8c4da16459	More test cases for java/non-constant-time-crypto-comparison	2021-08-01 09:47:04 +02:00
Artem Smotrakov	295fd686ce	Make java/non-constant-time-crypto-comparison a warning	2021-08-01 09:47:04 +02:00
Artem Smotrakov	c977fd09cb	Better constant check in java/non-constant-time-crypto-comparison	2021-08-01 09:47:04 +02:00
Artem Smotrakov	d01dc35011	Less duplicate code in java/non-constant-time-crypto-comparison	2021-08-01 09:47:04 +02:00
Artem Smotrakov	40e513ba52	Added more taint propagation steps for InputStream and ByteBuffer	2021-08-01 09:47:04 +02:00
Artem Smotrakov	a4f3a5a88e	Take into account remote user input in java/non-constant-time-crypto-comparison	2021-08-01 09:47:03 +02:00
Artem Smotrakov	8e6d227dc0	More sinks for java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:03 +02:00
Artem Smotrakov	dfa3b523d0	Renamed files	2021-08-01 09:47:03 +02:00
Artem Smotrakov	75f67959f3	Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	5dbcf1d611	Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	5c474f689d	Better comments and descriptions	2021-08-01 09:47:02 +02:00
Artem Smotrakov	f245dc3ac8	Removed hashes from NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:02 +02:00
Artem Smotrakov	8a69b7b3ac	Added NotConstantTimeCryptoComparison.qhelp and examples	2021-08-01 09:47:01 +02:00
Artem Smotrakov	67579dd1d8	Added tests for NotConstantTimeCryptoComparison.ql	2021-08-01 09:47:01 +02:00
Artem Smotrakov	c2c85d32da	Java: Added a query for timing attacks	2021-08-01 09:47:01 +02:00
Artem Smotrakov	7959e76da8	Better qldoc in UnsafeDeserializationQuery.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 09:30:59 +02:00
Fosstars	a4b0041120	Better looksLikeResolveClassStep() predicate	2021-07-30 09:28:03 +02:00
Fosstars	1d3eb570bf	hasJsonTypeInfoAnnotation() should check fields recursively Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-30 08:30:40 +02:00
Joe Farebrother	e23f666f67	Replace get and newWith methods with real implementations	2021-07-29 16:39:50 +01:00
Tony Torralba	29490e5872	Add suggestion from code review	2021-07-29 17:07:18 +02:00
Joe Farebrother	f1ca29a846	Add more stubs	2021-07-29 15:58:42 +01:00
Tony Torralba	3fcc9fae79	Refactor sinks to reuse code	2021-07-29 16:48:47 +02:00
Tony Torralba	6e3b6dcb98	Imporve qhelp	2021-07-29 16:36:38 +02:00
Tony Torralba	bdf0f582a4	QLDoc improvements from code review Co-authored-by: Felicity Chapman <felicitymay@github.com> Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-07-29 16:34:21 +02:00

... 8 9 10 11 12 ...

3427 Commits