hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-24 00:16:49 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,617 Commits 1,714 Branches 163 Tags
171dc26531ca669f903a3d2d656b3584ecff1c49
Commit Graph

24617 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Chris Smowton
171dc26531 Fix test reference and expectations 2021-08-09 13:56:55 +01:00
Fosstars
b913928294 Renamed queries and merged qhelp files 2021-08-04 17:54:16 +02:00
Fosstars
bd7e7b1371 Better qldoc for timing attacks 2021-08-01 10:18:37 +02:00
Fosstars
44e52517ad Removed unsafeMacCheckWithArraysDeepEquals() test 2021-08-01 10:12:38 +02:00
Fosstars
0fc487fb04 Better qhelp for timing attacks 2021-08-01 09:57:14 +02:00
Artem Smotrakov
9b953cf0fc Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-01 09:47:07 +02:00
Fosstars
ad54c9d937 Two queries for timing attacks 2021-08-01 09:47:07 +02:00
Artem Smotrakov
e3b6ceade5 Renamed NonConstantTimeCryptoComparison.ql to NonConstantTimeCheckOnSignature.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
8b557765b3 Narrow NonConstantTimeCryptoComparison.ql to timing attack on signatures and MACs only 2021-08-01 09:47:06 +02:00
Artem Smotrakov
c359852608 Consider only Cipher.ENCRYPT_MODE in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
1f2a9cdda7 Added taint propagation steps for hashes in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
c96d939cf5 Covered custom fast-fail checks in NonConstantTimeCryptoComparison.ql 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-08-01 09:47:06 +02:00
Artem Smotrakov
6500a1bbbb More references in NonConstantTimeCryptoComparison.qhelp 2021-08-01 09:47:05 +02:00
Artem Smotrakov
860e8f379e Better signatures in java/non-constant-time-crypto-comparison 2021-08-01 09:47:05 +02:00
Artem Smotrakov
622c7ee957 Added a change note for new steps for ByteBuffer and InputStream 2021-08-01 09:47:05 +02:00
Artem Smotrakov
1b4ee05b80 Better docs for java/non-constant-time-crypto-comparison 2021-08-01 09:47:05 +02:00
Artem Smotrakov
8c4da16459 More test cases for java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
295fd686ce Make java/non-constant-time-crypto-comparison a warning 2021-08-01 09:47:04 +02:00
Artem Smotrakov
c977fd09cb Better constant check in java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
d01dc35011 Less duplicate code in java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
40e513ba52 Added more taint propagation steps for InputStream and ByteBuffer 2021-08-01 09:47:04 +02:00
Artem Smotrakov
a4f3a5a88e Take into account remote user input in java/non-constant-time-crypto-comparison 2021-08-01 09:47:03 +02:00
Artem Smotrakov
8e6d227dc0 More sinks for java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:03 +02:00
Artem Smotrakov
dfa3b523d0 Renamed files 2021-08-01 09:47:03 +02:00
Artem Smotrakov
75f67959f3 Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5dbcf1d611 Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5c474f689d Better comments and descriptions 2021-08-01 09:47:02 +02:00
Artem Smotrakov
f245dc3ac8 Removed hashes from NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
8a69b7b3ac Added NotConstantTimeCryptoComparison.qhelp and examples 2021-08-01 09:47:01 +02:00
Artem Smotrakov
67579dd1d8 Added tests for NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:01 +02:00
Artem Smotrakov
c2c85d32da Java: Added a query for timing attacks 2021-08-01 09:47:01 +02:00
Aditya Sharad
cb686ea802 Merge pull request #6388 from github/geoffw0-patch-2 
Update query-metadata-style-guide.md
 2021-07-29 10:20:26 -07:00
Geoffrey White
5e6e176f32 Update query-metadata-style-guide.md 
Add a note about the `@security-severity` tag.
 2021-07-29 17:53:31 +01:00
Mathias Vorreiter Pedersen
b1e5fbe2de Merge pull request #6377 from sashabu/sashabu/virtual 
C++: Allow querying virtual, override, and final declaration specifiers.
 2021-07-29 17:51:14 +02:00
Alexandre Boulgakov
e55bd4fb64 C++: Allow querying virtual, override, and final declaration specifiers. 2021-07-29 14:02:03 +01:00
Joe Farebrother
143b302eef Merge pull request #6384 from joefarebrother/test-gen-improvements 
Java: Test generator: use getComponentType
 2021-07-29 10:47:37 +01:00
Joe Farebrother
f7099f459f Java: Test generator: use getComponentType 2021-07-29 10:08:45 +01:00
Joe Farebrother
d900fcaf42 Merge pull request #6374 from joefarebrother/test-gen-improvements 
Java: Add support for synthetic fields to the test generator
 2021-07-28 16:02:47 +01:00
Joe Farebrother
9ddae3e9f6 Fix spelling 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-07-28 10:12:17 +01:00
Aditya Sharad
d7c29791de Merge pull request #6368 from bmuskalla/addMissingKeywords 
Add missing keywords to language specification
 2021-07-27 11:08:25 -07:00
Felicity Chapman
0714f4abbb Merge pull request #6339 from github/package-manager-docs 
[July 27-8, 2021] CodeQL package manager: update CodeQL CLI docs (beta)
 2021-07-27 18:24:03 +01:00
Joe Farebrother
2d862ef119 Support synthetic fields 2021-07-27 17:28:53 +01:00
Joe Farebrother
a8cca4ba0e Merge pull request #6373 from joefarebrother/test-gen-improvements 
Java: Test generator improvements
 2021-07-27 15:44:56 +01:00
Chris Smowton
0049b8e3c4 Merge pull request #6371 from github/smowton/admin/test-generator-notice-bad-rows 
Add test-case generator check for non-parseable rows
 2021-07-27 15:44:01 +01:00
Joe Farebrother
309f0e7c26 Fix handling of arrays 2021-07-27 15:05:57 +01:00
Joe Farebrother
9ffcfbcd33 Add --force option 2021-07-27 15:05:57 +01:00
Joe Farebrother
8ab0fd54b4 Improvements to the test generator: 
- Only reference public methods
- Report rows for which test cases could not be generated
- Add a blanket `throws Exception` clause to the generated method
 2021-07-27 15:05:55 +01:00
Joe Farebrother
2036aa1e4a Format test generator 2021-07-27 15:04:19 +01:00
Felicity Chapman
28ce21ed7e Update docs/codeql/codeql-cli/publishing-and-using-codeql-packs.rst 2021-07-27 15:02:39 +01:00
Chris Smowton
97d603cafb Add test-case generator check for non-parseable rows 2021-07-27 14:26:22 +01:00