hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 15:16:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,293 Commits 1,700 Branches 161 Tags
79ccef3a5850528ea9c3348807b32547a6ded480
Commit Graph

4281 Commits

Author SHA1 Message Date
REDMOND\brodes
d2598d4f5d Crypto: Updating weak hash tests 2025-10-16 10:56:08 -04:00
REDMOND\brodes
4860034d41 Crypto: Weak Hash test cases update and expected file. 2025-10-16 10:40:53 -04:00
REDMOND\brodes
25599e9b4b crypto: Update JCA model macs to take into consideration update calls (use prior pattern for signatures). Misc. bug fixes. 2025-10-15 16:25:36 -04:00
REDMOND\brodes
7e8acd76c3 Crypto: Update WeakAsymmetricKeyGenSize to a path problem. 2025-10-13 15:48:32 -04:00
REDMOND\brodes
8b5a42328e Crypto: Convert ReusedNonce.ql into a path problem. 2025-10-13 15:34:41 -04:00
REDMOND\brodes
76128ed8dc Crypto: Update InsecureIVorNonce to be a path problem. 2025-10-13 15:29:57 -04:00
REDMOND\brodes
bd068c2a69 Crypto: Updating expected file for weak asymmetric key gen size. 2025-10-13 12:08:07 -04:00
REDMOND\brodes
4b241d7065 Crypto: adding initial weak hash query overhaul and tests, but no expected file yet. 2025-10-13 12:04:51 -04:00
REDMOND\brodes
36673659ad Crypto: Weak asymmetric key gen size fixes and test. 2025-10-10 14:49:35 -04:00
REDMOND\brodes
758759a304 Crypto: Reused nonce query updates and test updates to address false positives. 2025-10-10 12:25:31 -04:00
REDMOND\brodes
fba80870a6 Crypto: Example query reorg - moving queries of this PR into 'examples' subdirectories. 2025-10-09 09:03:00 -04:00
REDMOND\brodes
f524de4afc Crypto: Updating insecure iv/nonce to consider if an operation is known for it, and if so do not alert on non-secure random if it is tied to decryption 2025-10-08 16:27:18 -04:00
REDMOND\brodes
7a57496c54 Crypto: Missing test update. 2025-10-08 14:16:47 -04:00
REDMOND\brodes
11e81395b5 Crypto: Updated default flows to use taint tracking (this is needed to fix false positives in the unknown IV/Nonce query). Add the unknown IV/Nonce query and associated test cases. Fix unknown IV/Nonce query to focus on cases where the oepration isn't known or the operation subtype is not encrypt or wrap. 2025-10-08 14:14:17 -04:00
REDMOND\brodes
75b5a9fda8 Crypto: Update general regression test results to account for removal of JCA random source. 2025-10-08 12:55:11 -04:00
REDMOND\brodes
83ff70bcd8 Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals. 2025-10-08 12:47:58 -04:00
Anders Schack-Mulligen
18e33b193e Merge pull request #20589 from aschackmull/java/array-entrypoint-read-taint 
Java: Allow taint-read-steps for array sources.
 2025-10-07 15:04:03 +02:00
Anders Schack-Mulligen
f0bfd7053e Java: Add test case. 2025-10-07 13:40:44 +02:00
Nicolas Will
e2a8d58e02 Merge pull request #20583 from bdrodes/jca_signature_extensions 
Crypto: Add JCA signatures, RNG, and unit tests
 2025-10-06 18:51:30 +02:00
REDMOND\brodes
cb812b47ed Crypto: more non-ascii removal. 2025-10-06 11:53:39 -04:00
REDMOND\brodes
017a956d5e Crypto: more non-ascii removal. 2025-10-06 11:34:45 -04:00
REDMOND\brodes
abeb3141b1 Crypto: Formatting test cases, more removal of non-ascii 2025-10-06 10:46:09 -04:00
Nicolas Will
15e9bb9cc1 Format Test and update .expected 2025-10-06 16:29:25 +02:00
REDMOND\brodes
96f6832a6f Crypto: Updating expected files for unit tests. 2025-10-06 10:07:15 -04:00
REDMOND\brodes
606aef38cb Crypto: Removing non-ascii characters from unit tests 2025-10-06 09:56:14 -04:00
REDMOND\brodes
9c5765a48c Crypto: Add missing string constants for signature algorithms. 2025-10-03 17:17:07 -04:00
REDMOND\brodes
66e9d7671d Crypto: Add jca unit tests. 2025-10-03 13:32:02 -04:00
Ben Rodes
e823d80f0c Merge branch 'main' into java_nonce_reuse_tests 2025-10-02 13:31:40 -04:00
Chris Smowton
f88daff45f Java: note that classes with entirely private constructors can't be subclassed 2025-09-30 13:57:44 +01:00
Anders Schack-Mulligen
e302616135 Java: Accept qltest change. 2025-09-12 15:41:18 +02:00
Anders Schack-Mulligen
e8f1ec68db Java: Accept guards test results. 2025-09-12 15:41:17 +02:00
Anders Schack-Mulligen
03321ff910 Java: Replace nullness implementation. 2025-09-12 15:41:16 +02:00
Anders Schack-Mulligen
452bbf7289 Java: Add some more nullness tests. 2025-09-12 13:38:21 +02:00
Anders Schack-Mulligen
b5c7bc1b33 Java: Accept test output. 2025-09-10 15:42:18 +02:00
Idriss Riouak
b89b68dfdb Merge pull request #20339 from github/idrissrio/scoped-values 
Java: Add MaDs for `java.lang.ScopedValue`
 2025-09-10 11:21:34 +02:00
idrissrio
728a4aff22 Java: Add model for thenExpand and accept new results 2025-09-08 13:17:53 +02:00
idrissrio
3aba4d3e1e Java: Add test showing missing model for thenExpand 2025-09-08 13:17:52 +02:00
idrissrio
55ff71b760 Java: Address review comment. Fix dataflow model 2025-09-08 13:17:51 +02:00
idrissrio
311690cffe Java: accept new test results 2025-09-08 13:17:49 +02:00
idrissrio
16fbe8d96f Java: add dataflow test for newly added KDF API 2025-09-08 13:17:46 +02:00
idrissrio
666678a582 Java: Address review comment. Inline dataflow annotation 2025-09-08 12:55:20 +02:00
idrissrio
a8541b9f76 Java: accept new test results 2025-09-08 12:55:15 +02:00
idrissrio
0159f5b422 Java: Add failing test for Scoped Values 2025-09-08 12:55:13 +02:00
idrissrio
039b5af2e0 Java: Add module import declaration test 2025-09-06 12:38:40 +02:00
idrissrio
f1186432c1 Java: Accept new test result after extractor changes 2025-09-05 10:43:35 +02:00
idrissrio
b2ef60c165 Java: add tests for compact source files 2025-09-05 10:19:03 +02:00
idrissrio
9363bc318a Java: Add compact source file tests 2025-09-05 10:18:58 +02:00
idrissrio
1605438333 Java: Accept new test result after extractor changes 2025-09-04 17:01:45 +02:00
idrissrio
6c773a7473 Java: Add test to verify that the AST does not capture instance initializers 2025-09-04 17:01:44 +02:00
idrissrio
fffb4c03b0 Java: add flexible constructor test including CFG predecessor query 2025-09-04 17:01:43 +02:00