REDMOND\brodes
|
628bab92fc
|
Crypto: Modify BadMacOrderMacOnEncryptPlaintext to be a path query that traces through any intermediate encrypt or mac to the final encrypt or mac.
|
2025-10-17 12:06:34 -04:00 |
|
REDMOND\brodes
|
ff7840dc9f
|
Crypto: removing precision tags on experimental queries.
|
2025-10-17 10:52:32 -04:00 |
|
REDMOND\brodes
|
ef6f0222f2
|
Crypto: Addressing FPs in BadMacOrderMacOnEncryptPlaintext
|
2025-10-16 16:11:42 -04:00 |
|
REDMOND\brodes
|
700f34e53a
|
Crypto: Bad Mac use tests, and fix for BadMacOrderMacOnEncryptPlaintext (barriers were blocking flow through an encrypt to a subsequent mac on the same plaintext)
|
2025-10-16 15:44:57 -04:00 |
|
REDMOND\brodes
|
79ccef3a58
|
Crypto: Initial sketch for unknown hash, the model needs to recognize unknowns but where the algorithm category (e.g., hashing) is known.
|
2025-10-16 11:03:16 -04:00 |
|
REDMOND\brodes
|
15e266db94
|
Crypto: Tweaks to bad crypto ordering queries.
|
2025-10-15 14:20:40 -04:00 |
|
REDMOND\brodes
|
c6174fbb93
|
Crypto: remove precision tag
|
2025-10-15 14:10:16 -04:00 |
|
REDMOND\brodes
|
c7be23e1fe
|
Crypto: Remove all precision tags from all experimental queries. Precision is largely in flux while the models are being developed.
|
2025-10-15 09:22:04 -04:00 |
|
REDMOND\brodes
|
bf9a249624
|
Crypto: Experimental queries for mac ordering
|
2025-10-15 08:06:50 -04:00 |
|
REDMOND\brodes
|
55bbcee301
|
Crypto: Make WeakAsymmetricKeyGenSize a path problem.
|
2025-10-13 17:04:29 -04:00 |
|
REDMOND\brodes
|
7e8acd76c3
|
Crypto: Update WeakAsymmetricKeyGenSize to a path problem.
|
2025-10-13 15:48:32 -04:00 |
|
REDMOND\brodes
|
8b5a42328e
|
Crypto: Convert ReusedNonce.ql into a path problem.
|
2025-10-13 15:34:41 -04:00 |
|
REDMOND\brodes
|
7847e92670
|
Crypto: Update KDF iteration and count to be path problems
|
2025-10-13 15:30:53 -04:00 |
|
REDMOND\brodes
|
76128ed8dc
|
Crypto: Update InsecureIVorNonce to be a path problem.
|
2025-10-13 15:29:57 -04:00 |
|
REDMOND\brodes
|
4b241d7065
|
Crypto: adding initial weak hash query overhaul and tests, but no expected file yet.
|
2025-10-13 12:04:51 -04:00 |
|
REDMOND\brodes
|
e76ced1513
|
Crypto: Updating weak asymmetric key gen to include key exchange.
|
2025-10-10 15:32:39 -04:00 |
|
REDMOND\brodes
|
d68f3cff8b
|
Crypto: InsecureIVorNonceSource now ignored null to avoid being too noisy.
|
2025-10-10 14:51:16 -04:00 |
|
REDMOND\brodes
|
36673659ad
|
Crypto: Weak asymmetric key gen size fixes and test.
|
2025-10-10 14:49:35 -04:00 |
|
REDMOND\brodes
|
758759a304
|
Crypto: Reused nonce query updates and test updates to address false positives.
|
2025-10-10 12:25:31 -04:00 |
|
REDMOND\brodes
|
fba80870a6
|
Crypto: Example query reorg - moving queries of this PR into 'examples' subdirectories.
|
2025-10-09 09:03:00 -04:00 |
|
REDMOND\brodes
|
deb43735be
|
Crypto: Minor fixes to WeakSymmetricCipher, change to a singular name for consistency.
|
2025-10-09 08:39:39 -04:00 |
|
REDMOND\brodes
|
3dedda4233
|
Merge branch 'santander-java-crypto-check' of https://github.com/bdrodes/codeql into santander-java-crypto-check
|
2025-10-09 08:18:04 -04:00 |
|
REDMOND\brodes
|
c6cc4fff51
|
Crypto: Minor fixes to WeakBlockModes, WeakHash to consider SHA3 ok, Added unknown hash.
|
2025-10-09 08:16:28 -04:00 |
|
Nicolas Will
|
fdba3acc4b
|
Crypto: Fix QL-for-QL alert and auto-format
|
2025-10-09 13:59:51 +02:00 |
|
REDMOND\brodes
|
f524de4afc
|
Crypto: Updating insecure iv/nonce to consider if an operation is known for it, and if so do not alert on non-secure random if it is tied to decryption
|
2025-10-08 16:27:18 -04:00 |
|
REDMOND\brodes
|
11e81395b5
|
Crypto: Updated default flows to use taint tracking (this is needed to fix false positives in the unknown IV/Nonce query). Add the unknown IV/Nonce query and associated test cases. Fix unknown IV/Nonce query to focus on cases where the oepration isn't known or the operation subtype is not encrypt or wrap.
|
2025-10-08 14:14:17 -04:00 |
|
REDMOND\brodes
|
8e10e1937d
|
Crypto: Adding query for unknown IV initialization.
|
2025-10-08 12:49:54 -04:00 |
|
REDMOND\brodes
|
83ff70bcd8
|
Crypto: Adding tests for insecure iv or nonce. Updating generic literal sources to include array literals.
|
2025-10-08 12:47:58 -04:00 |
|
REDMOND\brodes
|
bd34b6ce02
|
Crypto: Removing JCA model of random, need to reassess this as this impacts the insecure IV/Nonce query. Updated name of the Insecure nonce query to be InsecureIVorNonce
|
2025-10-08 11:41:21 -04:00 |
|
REDMOND\brodes
|
143be8cc35
|
Crypto: Remove redundant queries.
|
2025-10-08 10:26:05 -04:00 |
|
REDMOND\brodes
|
1b1b333e8b
|
Crypto: Modify suggested queries per misc. side conversations on standards. Remove redundant query. Fix QL-for-QL issues.
|
2025-10-08 10:21:06 -04:00 |
|
REDMOND\brodes
|
bba541c016
|
Merge remote-tracking branch 'upstream/java-crypto-check' into santander-java-crypto-check
|
2025-10-08 09:30:26 -04:00 |
|
Anders Schack-Mulligen
|
99f5dcaaa4
|
Java: Fix bug in ConstantExpAppearsNonConstant.
|
2025-10-08 10:32:51 +02:00 |
|
Mark C
|
f38ab45e94
|
removed all @security.severity ratings to keep the main impartial
|
2025-10-01 17:49:45 +01:00 |
|
Mark C
|
c5cf0ffa75
|
added java cryptographic check queries
|
2025-10-01 11:55:51 +01:00 |
|
Chris Smowton
|
f88daff45f
|
Java: note that classes with entirely private constructors can't be subclassed
|
2025-09-30 13:57:44 +01:00 |
|
Idriss Riouak
|
fa8cbeeb44
|
Merge pull request #20546 from github/idrissrio/ql-constant
Java: Fix false positives in evaluation-to-constant query for ErrorType
|
2025-09-30 14:24:28 +02:00 |
|
idrissrio
|
63771110a5
|
Java: Address review comment
|
2025-09-30 11:46:37 +02:00 |
|
github-actions[bot]
|
a7a4e43991
|
Post-release preparation for codeql-cli-2.23.2
|
2025-09-29 15:10:19 +00:00 |
|
idrissrio
|
659afb5f30
|
Java: Fix false positives in evaluation-to-constant query for ErrorType
|
2025-09-29 13:37:25 +02:00 |
|
github-actions[bot]
|
d2130a589b
|
Release preparation for version 2.23.2
|
2025-09-29 10:28:45 +00:00 |
|
Ian Lynagh
|
c653d939d9
|
Merge pull request #20451 from github/post-release-prep/codeql-cli-2.23.1
Post-release preparation for codeql-cli-2.23.1
|
2025-09-17 13:00:14 +01:00 |
|
Michael Nebel
|
7589d0a18a
|
Merge pull request #20394 from michaelnebel/java/code-quality-extended
Java: Add most `medium` precision queries to the `code-quality-extended` suite.
|
2025-09-17 13:46:24 +02:00 |
|
github-actions[bot]
|
4e8343664f
|
Post-release preparation for codeql-cli-2.23.1
|
2025-09-17 10:13:40 +00:00 |
|
github-actions[bot]
|
02a1b1efcb
|
Release preparation for version 2.23.1
|
2025-09-16 14:14:42 +00:00 |
|
Anders Schack-Mulligen
|
b308c5438f
|
Java: Add a change note, and a minor ql comment.
|
2025-09-15 10:14:26 +02:00 |
|
Michael Nebel
|
8e392cf8de
|
Java: Remove java/undocumented-* queries from the code-quality-extended suite.
|
2025-09-10 16:13:24 +02:00 |
|
Michael Nebel
|
56802035df
|
Java: Add some medium precision queries to the code-quality-extended suite.
|
2025-09-10 16:11:20 +02:00 |
|
Anders Schack-Mulligen
|
3815503314
|
Java: Consolidate Assertions.qll and Preconditions.qll.
|
2025-09-10 15:42:18 +02:00 |
|
Idriss Riouak
|
dc247e03e0
|
Merge pull request #20383 from aschackmull/java/fix-more-broken-perf
Java: Fix more broken performance.
|
2025-09-08 14:49:43 +02:00 |
|