Commit Graph

1147 Commits

Author SHA1 Message Date
REDMOND\brodes
c80588cda1 Adding content to KnownSymmetricCipherAlgorithmql. 2025-04-30 11:41:28 -04:00
Nicolas Will
83617e099f Merge pull request #2 from nicolaswill/knewbury01/JCA-sample
Implement first stage cryptography modelling and queries
2025-04-30 16:39:56 +02:00
Nicolas Will
9c87ad8293 Merge branch 'brodes/key_agreement' of https://github.com/nicolaswill/codeql into brodes/key_agreement 2025-04-30 16:28:35 +02:00
Nicolas Will
7f24a2557d Add modelling for JCA key gen cipher algorithm 2025-04-30 16:28:31 +02:00
REDMOND\brodes
ac798f2bc6 Cipher Algorithm Slices 2025-04-28 16:03:41 -04:00
REDMOND\brodes
ac3675bdac Typo fix 2025-04-28 16:00:41 -04:00
REDMOND\brodes
219476cee0 Adding KDF iteration count inventory filters. 2025-04-28 15:47:58 -04:00
REDMOND\brodes
5a8bffac11 Removing old asymmetric algorithm slice 2025-04-28 14:56:08 -04:00
REDMOND\brodes
1fd7643ab3 Adding example slicing queries. 2025-04-28 14:54:38 -04:00
REDMOND\brodes
7b7ed61beb Adding an asymmetric algorithm slice. 2025-04-28 11:34:32 -04:00
REDMOND\brodes
fdd09a4dbf Adding a new means for determining if there is nonce reuse. 2025-04-28 11:34:16 -04:00
Nicolas Will
1958c192ec Reimplement EC, MAC, key creation logic + consumer 2025-04-15 23:00:12 -04:00
Nicolas Will
b9d0abda63 Move CipherOperation into KeyOperation, refactor
- KeyOperation and Algorithm now encompasses encryption, decryption, wrapping, unwrapping, signing, and verifying.
- Removed elliptic curve implementation from JCA.qll pending rewrite
- Removed JCAAlgorithmInstance abstraction from JCA.qll
- Cleaned up and removed JCA-specific naming from Model.qll
- Added and clarified documentation
2025-04-09 21:19:00 +02:00
Nicolas Will
d18dac0c8e Add JCA key (generation) modelling 2025-03-20 21:26:18 +01:00
Nicolas Will
95607c5f31 Refactor instances and consumers + add JCA hashes 2025-03-18 22:05:00 +01:00
Tamas Vajk
9662b47464 Move likely test method logic to library 2025-03-14 11:36:15 +01:00
REDMOND\brodes
8865d89fe9 Removing old ReusedNonce query. 2025-03-03 16:51:30 -05:00
REDMOND\brodes
2ee1681126 Adding a proof-of-concept PossibleReusedNonce query. 2025-03-03 15:09:27 -05:00
REDMOND\brodes
14cb2bb12f Updates to insecure or unknown nonce at operation. 2025-03-03 14:42:50 -05:00
REDMOND\brodes
076f53147d Proof-of-concept query for InsecureOrUnknownNonceAtOperation 2025-03-03 13:53:16 -05:00
Nicolas Will
04f4683399 Rewrite handling of known unknowns and data-flow 2025-02-27 05:42:02 +01:00
Nicolas Will
f55f27b0d9 Expand handling of generic artifact sources 2025-02-25 18:22:38 +01:00
Jami Cogswell
5e5bc2afe9 Java: remove experimental files 2025-02-24 18:24:19 -05:00
Nicolas Will
2b0b927b0b Add Nonce association to Operation, update graph 2025-02-24 17:37:41 +01:00
Nicolas Will
df01fa7a9c Expand model and JCA modeling 2025-02-17 00:16:08 +01:00
Nicolas Will
b777a22d35 Expand model and specialize newtype relations 2025-02-14 23:43:07 +01:00
Nicolas Will
874e3b5e06 Modify model to use newtypes, expand modeling 2025-02-12 17:58:15 +01:00
Nicolas Will
4d44755945 Refactor Model and CBOM print queries 2025-02-11 15:37:15 +01:00
Kristen Newbury
efcf7eab0c Add broken crypto query 2025-02-05 17:24:25 -05:00
Kristen Newbury
86e51dad8a Improve JCA aes alg model, add test 2025-02-05 13:39:48 -05:00
Kristen Newbury
5f355c7f55 Add first sample JCA encryption model 2025-02-04 11:55:09 -05:00
Jami Cogswell
0071e1acc2 Java: resolve merge conflict
remove import no longer needed since contents of MyBatisMapperXML.qll have been moved to MyBatis.qll
2025-01-30 10:19:21 -05:00
Jami Cogswell
b88731df80 Java: move contents of MyBatisMapperXML.qll in src to MyBatis.qll in lib so importable, and fix experimental files broken by the move 2025-01-30 10:13:27 -05:00
Michael Nebel
c27b611c76 Java: Deprecate MyBatisMapperXML as it is only used by experimental queries. 2025-01-27 10:22:22 +01:00
Michael Nebel
cc48cec1c7 Java: Deprecate experimental model activation. 2025-01-27 10:22:17 +01:00
Michael Nebel
e3997f65ed Java: Deprecate experimental queries. 2025-01-27 10:22:16 +01:00
Owen Mansel-Chan
0f3dd6d8f1 Java: IPA the CFG 2024-12-10 15:26:11 +00:00
Anders Schack-Mulligen
f38602e9fe Java: Update references to deleted aliases. 2024-12-03 20:08:45 +01:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Chris Smowton
15989ce213 Merge pull request #14089 from am0o0/amammad-java-JWT
Java: JWT decoding without verification
2024-08-21 14:14:08 +01:00
am0o0
f4764378c9 update tests to contain the new source, delete query with local sources 2024-08-16 16:15:46 +02:00
Anders Schack-Mulligen
3a9610795b Merge pull request #16808 from JLLeitschuh/patch-8
Align Java CommandInjectionRuntimeExec.ql Severity
2024-08-16 15:14:48 +02:00
am0o0
d560c1ea0f fix formatting 2024-07-31 11:08:06 +02:00
am0o0
9110df6e80 Merge branch 'amammad-java-JWT' of https://github.com/am0o0/codeql into amammad-java-JWT 2024-07-31 11:04:24 +02:00
am0o0
c6814fcf47 merge duplicate module into a module file 2024-07-31 11:04:03 +02:00
am0o0
701e3d7e53 add same query but with local source support to comply with the CVE-2021-37580 2024-07-31 10:58:22 +02:00
am0o0
40eef25133 use more specefic Classes instead of Call 2024-07-30 18:07:03 +02:00
Chris Smowton
8f52b2cd95 Fix link 2024-07-30 12:23:38 +01:00
Chris Smowton
a781522ca0 Copyedit documentation 2024-07-30 12:19:16 +01:00
am0o0
4dc1a10f71 update tests for zip4j, add aditional flow steps for zip4j, remove BombTypeInputStream class since we don't need it anymore, add a predicate which was for testing porpose and was junk 2024-07-29 18:10:04 +02:00