hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,677 Commits 1,671 Branches 157 Tags
72a97773b1904757a7ae46ffa8090df7b926dd1c
Commit Graph

13918 Commits

Author SHA1 Message Date
Nora Dimitrijević
72a97773b1 Java/NumericCastTaintedQuery 
java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
 2025-10-28 09:39:52 +01:00
Nora Dimitrijević
247ae1d23c Java/MaybeBrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
 2025-10-28 09:39:50 +01:00
Nora Dimitrijević
eebff9c282 Java/ImproperValidationOfArrayConstructionFlow 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
 2025-10-28 09:39:47 +01:00
Nora Dimitrijević
9eeeec336e Java/ImproperValidationOfArrayConstructionCodeSpecifiedQuery 
java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql
 2025-10-28 09:39:45 +01:00
Nora Dimitrijević
dc1dff98b0 Java/ConditionalBypass 
java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
 2025-10-28 09:39:42 +01:00
Nora Dimitrijević
4482e831d7 Java/CommandLineQuery 
85a4dd0325/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql

857b51be58/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql

b6e56f26c7/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
 2025-10-28 09:39:39 +01:00
Nora Dimitrijević
b023880a0a Java/BrokenCryptoAlgorithmQuery 
java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
 2025-10-28 09:39:37 +01:00
Nora Dimitrijević
1129230e10 Java/ArithmeticUncontrolledQuery 
java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
 2025-10-28 09:39:34 +01:00
Nora Dimitrijević
a228936c63 Java/ArithmeticTainted 
java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
 2025-10-28 09:39:31 +01:00
Nora Dimitrijević
913550f408 Java/ArbitraryApkInstallationQuery 
java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
 2025-10-28 09:39:29 +01:00
Alexander Eyers-Taylor
227e1fcbde Merge pull request #20598 from github/alexet/overlay-query-libraries 
Java: Make some query libraries local.
 2025-10-27 17:52:27 +00:00
Idriss Riouak
11a7d53002 Merge pull request #20657 from github/idrissrio/java-maven-fix 
Java: Add integration test to reproduce regression
 2025-10-27 15:09:41 +01:00
idrissrio
d473b36918 Java: Accept new test results after extractor changes 2025-10-27 14:26:48 +01:00
idrissrio
714b2ad565 Java: Add integration test for maven 2025-10-27 14:26:47 +01:00
Anders Schack-Mulligen
96fc1e889a Java: Accept .expected file. 2025-10-27 13:17:53 +01:00
Anders Schack-Mulligen
02a942554d Java: Remove old SSA consistency queries. 2025-10-27 12:55:43 +01:00
Nicolas Will
d4787520fd Merge pull request #20690 from bdrodes/weak_symmetric_cipher_bug 
Crypto: Fix bug in weak symmetric cipher query
 2025-10-24 22:38:07 +02:00
Nicolas Will
e7bd435bee Merge pull request #20696 from bdrodes/bad_mac_decrypt_then_mac 
Crypto: Adding bad decrypt then mac order query.
 2025-10-24 22:07:26 +02:00
REDMOND\brodes
65d0ca9e53 Crypto: Simplifying expression for ql-for-ql alert. 2025-10-24 14:08:25 -04:00
REDMOND\brodes
0394816756 Crypto: typo fix 2025-10-24 14:06:52 -04:00
REDMOND\brodes
b20689fa46 Crypto: removing comments 2025-10-24 14:06:08 -04:00
REDMOND\brodes
0e624f51d5 Crypto: Adding bad decrypt then mac order query. Fixes to BadMacOrderMacOnEncryptPlaintext as well. 2025-10-24 12:44:28 -04:00
Tom Hvitved
32f21d6d49 Merge pull request #20688 from hvitved/java/request-forgery-matches-sanitizer 
Java: Treat `x.matches(regexp)` as a sanitizer for request forgery
 2025-10-24 14:34:32 +02:00
REDMOND\brodes
ed492c7d5a Crypto: Fixed bug in WeakSymmetricCipher.qll, forgot to not only filter if !=AES but the algorithm must still be a SymmetriCipher algorithm. 2025-10-24 08:16:22 -04:00
Tom Hvitved
a4eab484ce Address review comments 2025-10-24 13:32:39 +02:00
Tom Hvitved
ce379161fc Add change note 2025-10-24 09:34:11 +02:00
Tom Hvitved
7a9cb64e2e Java: Treat x.matches(regexp) as a sanitizer for request forgery 2025-10-24 09:06:57 +02:00
Anders Schack-Mulligen
72d83cc966 ControlFlowReachability: Align the SSA signature with the one from shared SSA. 2025-10-23 10:57:21 +02:00
Anders Schack-Mulligen
f257c7a570 Guards: Align the SSA signature with the one from shared SSA. 2025-10-23 10:23:22 +02:00
Anders Schack-Mulligen
20147cdd2b Shared/Java: Rename ControlFlowReachability library. 2025-10-23 09:07:34 +02:00
Anders Schack-Mulligen
8a3f62b9b6 Merge pull request #20558 from aschackmull/csharp/guards3 
C#: Instantiate shared Guards and shared ControlFlowReachability and replace nullness
 2025-10-23 08:43:14 +02:00
REDMOND\brodes
bdad95d810 Crypto: Fixed alphabetical ordering issue in not_included_in_qls.expected 2025-10-22 15:56:14 -04:00
REDMOND\brodes
08379393b3 Crypto: Fix off by one column issue in unit tests. 2025-10-22 15:50:33 -04:00
REDMOND\brodes
3561d01144 Crytpo: Trying to fix in pipeline test failure, experimentally altering a line to see if this forces the test to pass. The test is off by one column in the piepline 2025-10-22 14:16:12 -04:00
REDMOND\brodes
db6d3ad054 Crypto: Fix typo in not_included_in_qls.expected. 2025-10-22 10:31:19 -04:00
REDMOND\brodes
dd60cf9395 Crypto: Adjust output of bad mac order queries, update associated bad mac order expected results, fix erroneous change to ID for a slicing query, update model to specify elliptic curve type as a property, update associated graph test expected files, update the not_included_in_qls.expected to reflect all queries now under quantum. 2025-10-22 10:29:31 -04:00
REDMOND\brodes
b374ba3d0c Crypto: Updating java 'location' information to be just a location's toString to be more verbose/precise. 2025-10-21 11:48:37 -04:00
REDMOND\brodes
ddeb42cddb Crypto: Adding false positive to BadMacUse.java, we have no way to avoid this FP currently but should note it exists in the test case. 2025-10-21 11:04:57 -04:00
REDMOND\brodes
c50175bc9b Crypto: ql-for-ql alert fixes. 2025-10-21 10:32:00 -04:00
REDMOND\brodes
22c0f9fa91 Crypto: Adding a proof of concept bad mac ordering predicate that takes in an ArtifactNode to be used for graph generation to intercept nodes with known mac ordering issues, in order to format the node and output error messages in the graph. 2025-10-20 16:24:31 -04:00
REDMOND\brodes
eff94ef91f Crypto: To allow for graph generation to have properties informed by assessments, altering a few queries weak/vuln/bad crypto to have qll files that can be accessed for other purposes, like graph generation. Also altering weak symmetric cipher to look for non-aes algorithms to be more comprehensive. 2025-10-20 15:51:07 -04:00
REDMOND\brodes
cc436e897d Merge branch 'santander-java-crypto-check' of https://github.com/bdrodes/codeql into santander-java-crypto-check 2025-10-20 15:24:40 -04:00
REDMOND\brodes
354effe829 Crypto: Missing hash algorithms for HMAC operations in jca. 2025-10-20 15:24:18 -04:00
Ben Rodes
2b683c210f Merge branch 'main' into santander-java-crypto-check 2025-10-18 17:56:43 -04:00
REDMOND\brodes
c01c060476 Crypto: more ID renaming to include "examples", fix singleton issues with ql-for-ql, use formatted test for WeakAsymmetricKeyGenSize (add post processing in the qlref), misc expected files updated (test passed locally but on rerun vscode reports failures, known bug with vscode unit tests). 2025-10-17 14:13:53 -04:00
REDMOND\brodes
540daa6df2 Crypto: weak symmetric cipher tests. 2025-10-17 13:40:15 -04:00
REDMOND\brodes
b06e05362b Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production. 2025-10-17 13:39:50 -04:00
REDMOND\brodes
1b205d8673 Removing WeakRSA, this is redundant with weak asymmetric key size. 2025-10-17 13:39:05 -04:00
REDMOND\brodes
b4ecb91c83 Crypto: Add missing cipher algorithms to JCA. Update node tests to account for missing cipher algorithms. 2025-10-17 13:38:47 -04:00
REDMOND\brodes
f480d90a68 Crypto: Add missing block mode JCA Models, add block mode unit tests 2025-10-17 13:13:14 -04:00