581 Commits

Author	SHA1	Message	Date
REDMOND\brodes	d2598d4f5d	Crypto: Updating weak hash tests	2025-10-16 10:56:08 -04:00
REDMOND\brodes	4860034d41	Crypto: Weak Hash test cases update and expected file.	2025-10-16 10:40:53 -04:00
REDMOND\brodes	7e8acd76c3	Crypto: Update WeakAsymmetricKeyGenSize to a path problem.	2025-10-13 15:48:32 -04:00
REDMOND\brodes	8b5a42328e	Crypto: Convert ReusedNonce.ql into a path problem.	2025-10-13 15:34:41 -04:00
REDMOND\brodes	76128ed8dc	Crypto: Update InsecureIVorNonce to be a path problem.	2025-10-13 15:29:57 -04:00
REDMOND\brodes	bd068c2a69	Crypto: Updating expected file for weak asymmetric key gen size.	2025-10-13 12:08:07 -04:00
REDMOND\brodes	4b241d7065	Crypto: adding initial weak hash query overhaul and tests, but no expected file yet.	2025-10-13 12:04:51 -04:00
REDMOND\brodes	36673659ad	Crypto: Weak asymmetric key gen size fixes and test.	2025-10-10 14:49:35 -04:00
REDMOND\brodes	758759a304	Crypto: Reused nonce query updates and test updates to address false positives.	2025-10-10 12:25:31 -04:00
REDMOND\brodes	fba80870a6	Crypto: Example query reorg - moving queries of this PR into 'examples' subdirectories.	2025-10-09 09:03:00 -04:00
REDMOND\brodes	f524de4afc	Crypto: Updating insecure iv/nonce to consider if an operation is known for it, and if so do not alert on non-secure random if it is tied to decryption	2025-10-08 16:27:18 -04:00
REDMOND\brodes	7a57496c54	Crypto: Missing test update.	2025-10-08 14:16:47 -04:00
REDMOND\brodes	11e81395b5	Crypto: Updated default flows to use taint tracking (this is needed to fix false positives in the unknown IV/Nonce query). Add the unknown IV/Nonce query and associated test cases. Fix unknown IV/Nonce query to focus on cases where the oepration isn't known or the operation subtype is not encrypt or wrap.	2025-10-08 14:14:17 -04:00
REDMOND\brodes	83ff70bcd8	Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals.	2025-10-08 12:47:58 -04:00
Nicolas Will	15e9bb9cc1	Format Test and update .expected	2025-10-06 16:29:25 +02:00
Ben Rodes	e823d80f0c	Merge branch 'main' into java_nonce_reuse_tests	2025-10-02 13:31:40 -04:00
REDMOND\brodes	30a07763e8	Crypto: Copilot suggested code changes.	2025-08-20 13:28:28 -04:00
REDMOND\brodes	33aa6c94df	Crypto: Adding tests for reuse nonce query for JAVA/JCA.	2025-08-20 13:21:18 -04:00
Jami Cogswell	0dbddbdf0f	Java: remove experimental files	2025-07-17 19:22:03 -04:00
Jami Cogswell	e17486a9d8	Java: rename springframework stubs directory from 5.3.8 to 5.8.x	2025-03-11 15:20:58 -04:00
Jami Cogswell	5e5bc2afe9	Java: remove experimental files	2025-02-24 18:24:19 -05:00
Jami Cogswell	61a184c1d7	Java: update more tests	2025-02-14 16:08:06 -05:00
Michael Nebel	999f1f21e2	Java: Accept expected test output.	2025-01-27 10:22:20 +01:00
Michael Nebel	e3997f65ed	Java: Deprecate experimental queries.	2025-01-27 10:22:16 +01:00
Michael Nebel	0a1d2d0bbb	Java: Update all test util paths to point to the new location.	2024-12-12 13:21:25 +01:00
Tom Hvitved	95e9d013cc	Update expected test output	2024-11-04 12:07:06 +01:00
Tom Hvitved	6a11120e50	Address review comments	2024-09-24 14:21:40 +02:00
Tom Hvitved	f287216060	Update expected test output	2024-09-24 14:21:38 +02:00
Tom Hvitved	ed9008a064	Update expected test output	2024-09-18 13:51:02 +02:00
Asger F	9703f67794	Test output updates that only affect nodes/edges	2024-08-23 11:03:26 +02:00
Anders Schack-Mulligen	d97a301fef	Merge pull request #17105 from aschackmull/dataflow/stage6 ... Dataflow: Refactor stage 6 to use shared stage code.	2024-08-22 09:46:49 +02:00
Chris Smowton	15989ce213	Merge pull request #14089 from am0o0/amammad-java-JWT ... Java: JWT decoding without verification	2024-08-21 14:14:08 +01:00
Anders Schack-Mulligen	525b6f30e3	C++/C#/Java: Accept test changes.	2024-08-21 10:51:28 +02:00
am0o0	b001c24dfc	update tests to pass the github actions	2024-08-20 20:57:11 +02:00
am0o0	f4764378c9	update tests to contain the new source, delete query with local sources	2024-08-16 16:15:46 +02:00
Anders Schack-Mulligen	a85f8a2fbd	Java/C#: Accept expected changes.	2024-08-15 13:24:31 +02:00
Chris Smowton	95e504a5ff	Merge branch 'main' into am0o0-java-PathInjection	2024-08-05 11:41:25 +01:00
am0o0	4169cfac9f	use the current slf4j stubs instead of new one	2024-08-03 14:12:18 +02:00
am0o0	ee9f134828	update current springframework core stub and use this instead of creating a new stubs	2024-08-02 01:00:34 +02:00
am0o0	af43178602	move slf4j to a separate dir	2024-08-02 00:35:20 +02:00
am0o0	1551cf0093	move java/ql/test/experimental/stubs/org-springframework-6.1.4/org/reactivestreams into a separate dir	2024-08-02 00:06:02 +02:00
Anders Schack-Mulligen	377301a55a	Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance ... Dataflow: Propagate provenance correctly for flow-through wrappers.	2024-08-01 09:35:56 +02:00
Owen Mansel-Chan	6280ed2a6b	Merge pull request #13555 from am0o0/amammad-java-bombs ... Java: Decompression Bombs	2024-07-31 14:55:28 +01:00
Anders Schack-Mulligen	9724516c84	C#/Go/Java/Python/Ruby: Accept qltest .expected changes.	2024-07-31 14:45:10 +02:00
am0o0	701e3d7e53	add same query but with local source support to comply with the CVE-2021-37580	2024-07-31 10:58:22 +02:00
Jami Cogswell	2db07bdbf3	Java: add missing models to experimental expected files	2024-07-30 12:13:18 -04:00
am0o0	591b1b4f07	use $ SPURIOUS: instead of "this test gives a FP"	2024-07-30 17:53:23 +02:00
am0o0	9662950405	add comments for FPs	2024-07-30 13:24:46 +02:00
am0o0	4dc1a10f71	update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk	2024-07-29 18:10:04 +02:00
Jami Cogswell	0a382bf0cf	Java: use post-process provenance pretty-printing in experimental/query-tests	2024-07-28 18:13:20 -04:00