codeql

mirror of https://github.com/github/codeql.git synced 2026-02-17 15:33:45 +01:00

Author	SHA1	Message	Date
$REDMOND\brodes$ REDMOND\brodes	55bbcee301	Crypto: Make WeakAsymmetricKeyGenSize a path problem.	2025-10-13 17:04:29 -04:00
$REDMOND\brodes$ REDMOND\brodes	7e8acd76c3	Crypto: Update WeakAsymmetricKeyGenSize to a path problem.	2025-10-13 15:48:32 -04:00
$REDMOND\brodes$ REDMOND\brodes	8b5a42328e	Crypto: Convert ReusedNonce.ql into a path problem.	2025-10-13 15:34:41 -04:00
$REDMOND\brodes$ REDMOND\brodes	7847e92670	Crypto: Update KDF iteration and count to be path problems	2025-10-13 15:30:53 -04:00
$REDMOND\brodes$ REDMOND\brodes	76128ed8dc	Crypto: Update InsecureIVorNonce to be a path problem.	2025-10-13 15:29:57 -04:00
$REDMOND\brodes$ REDMOND\brodes	4b241d7065	Crypto: adding initial weak hash query overhaul and tests, but no expected file yet.	2025-10-13 12:04:51 -04:00
$REDMOND\brodes$ REDMOND\brodes	e76ced1513	Crypto: Updating weak asymmetric key gen to include key exchange.	2025-10-10 15:32:39 -04:00
$REDMOND\brodes$ REDMOND\brodes	d68f3cff8b	Crypto: InsecureIVorNonceSource now ignored null to avoid being too noisy.	2025-10-10 14:51:16 -04:00
$REDMOND\brodes$ REDMOND\brodes	36673659ad	Crypto: Weak asymmetric key gen size fixes and test.	2025-10-10 14:49:35 -04:00
$REDMOND\brodes$ REDMOND\brodes	758759a304	Crypto: Reused nonce query updates and test updates to address false positives.	2025-10-10 12:25:31 -04:00
$REDMOND\brodes$ REDMOND\brodes	fba80870a6	Crypto: Example query reorg - moving queries of this PR into 'examples' subdirectories.	2025-10-09 09:03:00 -04:00
$REDMOND\brodes$ REDMOND\brodes	deb43735be	Crypto: Minor fixes to WeakSymmetricCipher, change to a singular name for consistency.	2025-10-09 08:39:39 -04:00
$REDMOND\brodes$ REDMOND\brodes	3dedda4233	Merge branch 'santander-java-crypto-check' of https://github.com/bdrodes/codeql into santander-java-crypto-check	2025-10-09 08:18:04 -04:00
$REDMOND\brodes$ REDMOND\brodes	c6cc4fff51	Crypto: Minor fixes to WeakBlockModes, WeakHash to consider SHA3 ok, Added unknown hash.	2025-10-09 08:16:28 -04:00
Nicolas Will	fdba3acc4b	Crypto: Fix QL-for-QL alert and auto-format	2025-10-09 13:59:51 +02:00
$REDMOND\brodes$ REDMOND\brodes	f524de4afc	Crypto: Updating insecure iv/nonce to consider if an operation is known for it, and if so do not alert on non-secure random if it is tied to decryption	2025-10-08 16:27:18 -04:00
$REDMOND\brodes$ REDMOND\brodes	11e81395b5	Crypto: Updated default flows to use taint tracking (this is needed to fix false positives in the unknown IV/Nonce query). Add the unknown IV/Nonce query and associated test cases. Fix unknown IV/Nonce query to focus on cases where the oepration isn't known or the operation subtype is not encrypt or wrap.	2025-10-08 14:14:17 -04:00
$REDMOND\brodes$ REDMOND\brodes	8e10e1937d	Crypto: Adding query for unknown IV initialization.	2025-10-08 12:49:54 -04:00
$REDMOND\brodes$ REDMOND\brodes	83ff70bcd8	Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals.	2025-10-08 12:47:58 -04:00
$REDMOND\brodes$ REDMOND\brodes	bd34b6ce02	Crypto: Removing JCA model of random, need to reassess this as this impacts the insecure IV/Nonce query. Updated name of the Insecure nonce query to be InsecureIVorNonce	2025-10-08 11:41:21 -04:00
$REDMOND\brodes$ REDMOND\brodes	143be8cc35	Crypto: Remove redundant queries.	2025-10-08 10:26:05 -04:00
$REDMOND\brodes$ REDMOND\brodes	1b1b333e8b	Crypto: Modify suggested queries per misc. side conversations on standards. Remove redundant query. Fix QL-for-QL issues.	2025-10-08 10:21:06 -04:00
Mark C	f38ab45e94	removed all @security.severity ratings to keep the main impartial	2025-10-01 17:49:45 +01:00
Mark C	c5cf0ffa75	added java cryptographic check queries	2025-10-01 11:55:51 +01:00
Michael Nebel	a732b36fa8	Update java/ql/src/experimental/quantum/Analysis/ArtifactReuse.qll Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2025-09-02 10:39:37 +02:00
Michael Nebel	77113b2e42	Java: Fix some Ql4Ql violations.	2025-09-01 15:04:08 +02:00
Nicolas Will	98479ff6c3	Crypto: Update queries to use new type names	2025-06-25 20:34:33 +02:00
Nicolas Will	c66ec63333	Fix query compilation errors	2025-05-12 14:48:58 +02:00
Nicolas Will	8f36624171	Add AsymmetricAlgorithmNode, refactor and address feedback	2025-05-12 14:37:44 +02:00
Nicolas Will	ab3f62eed1	Add missing tags to PrintCBOMGraph.ql queries	2025-05-12 14:34:16 +02:00
Nicolas Will	529128cbde	Add problem.severity for java analysis queries	2025-05-08 04:20:49 +02:00
Nicolas Will	a57f4a1022	Update Java analysis query metadata	2025-05-08 04:13:57 +02:00
Nicolas Will	e03f57da9b	Update type name in experimental BrokenCrypto.ql	2025-05-08 04:03:10 +02:00
Nicolas Will	b8c3b43cc4	Fix KnownAsymmetricAlgorithm query id	2025-05-08 03:58:06 +02:00
Nicolas Will	b558e844ff	Update slice query metadata and output tables	2025-05-08 03:56:20 +02:00
Nicolas Will	986c8e1aec	Change Java inventory slices to @kind table	2025-05-08 03:24:04 +02:00
Nicolas Will	a7ebe4a51a	Fix typo in asymmetric inventory slice query id	2025-05-08 02:43:29 +02:00
Nicolas Will	7339dd0077	Rename "Quantum" to "quantum" in dir structure	2025-05-08 02:39:40 +02:00

38 Commits