hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-18 07:53:43 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 160 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
df29538840 C#: Add test that exhibits bug in CSV overrides logic 2021-08-02 10:35:21 +02:00
Anders Schack-Mulligen
6c973b59ac Update java/ql/src/semmle/code/java/frameworks/Jackson.qll 2021-08-02 10:16:42 +02:00
Anders Schack-Mulligen
26881ec220 Merge pull request #6389 from github/yo-h-patch-1 
Java: update `frameworks.rst` with Jackson
 2021-08-02 10:07:02 +02:00
Tony Torralba
9fadb26325 Fix qhelp sample 2021-08-02 10:00:59 +02:00
Tony Torralba
4435853c8a Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-08-02 09:56:40 +02:00
Erik Krogh Kristensen
632ad518f0 enable unicode parsing in the ruby ReDoS query 2021-08-02 07:13:41 +00:00
ihsinme
375a60194b Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.ql 2021-08-01 16:44:54 +03:00
ihsinme
14b4e08ce9 Update OperatorPrecedenceLogicErrorWhenUseBitwiseOrLogicalOperations.expected 2021-08-01 16:43:56 +03:00
ihsinme
36131ee16a Update test.cpp 2021-08-01 16:43:05 +03:00
ihsinme
098773dd10 Update FindIncorrectlyUsedSwitch.ql 2021-08-01 15:04:30 +03:00
ihsinme
80eb4907c0 Update FindIncorrectlyUsedSwitch.expected 2021-08-01 15:03:30 +03:00
ihsinme
5c71a7c024 Update test.c 2021-08-01 15:02:41 +03:00
Fosstars
bd7e7b1371 Better qldoc for timing attacks 2021-08-01 10:18:37 +02:00
Fosstars
44e52517ad Removed unsafeMacCheckWithArraysDeepEquals() test 2021-08-01 10:12:38 +02:00
Fosstars
0fc487fb04 Better qhelp for timing attacks 2021-08-01 09:57:14 +02:00
Artem Smotrakov
9b953cf0fc Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
 2021-08-01 09:47:07 +02:00
Fosstars
ad54c9d937 Two queries for timing attacks 2021-08-01 09:47:07 +02:00
Artem Smotrakov
e3b6ceade5 Renamed NonConstantTimeCryptoComparison.ql to NonConstantTimeCheckOnSignature.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
8b557765b3 Narrow NonConstantTimeCryptoComparison.ql to timing attack on signatures and MACs only 2021-08-01 09:47:06 +02:00
Artem Smotrakov
c359852608 Consider only Cipher.ENCRYPT_MODE in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
1f2a9cdda7 Added taint propagation steps for hashes in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:06 +02:00
Artem Smotrakov
c96d939cf5 Covered custom fast-fail checks in NonConstantTimeCryptoComparison.ql 
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>
 2021-08-01 09:47:06 +02:00
Artem Smotrakov
6500a1bbbb More references in NonConstantTimeCryptoComparison.qhelp 2021-08-01 09:47:05 +02:00
Artem Smotrakov
860e8f379e Better signatures in java/non-constant-time-crypto-comparison 2021-08-01 09:47:05 +02:00
Artem Smotrakov
622c7ee957 Added a change note for new steps for ByteBuffer and InputStream 2021-08-01 09:47:05 +02:00
Artem Smotrakov
1b4ee05b80 Better docs for java/non-constant-time-crypto-comparison 2021-08-01 09:47:05 +02:00
Artem Smotrakov
8c4da16459 More test cases for java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
295fd686ce Make java/non-constant-time-crypto-comparison a warning 2021-08-01 09:47:04 +02:00
Artem Smotrakov
c977fd09cb Better constant check in java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
d01dc35011 Less duplicate code in java/non-constant-time-crypto-comparison 2021-08-01 09:47:04 +02:00
Artem Smotrakov
40e513ba52 Added more taint propagation steps for InputStream and ByteBuffer 2021-08-01 09:47:04 +02:00
Artem Smotrakov
a4f3a5a88e Take into account remote user input in java/non-constant-time-crypto-comparison 2021-08-01 09:47:03 +02:00
Artem Smotrakov
8e6d227dc0 More sinks for java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:03 +02:00
Artem Smotrakov
dfa3b523d0 Renamed files 2021-08-01 09:47:03 +02:00
Artem Smotrakov
75f67959f3 Covered Arrays.deepEquals() in NonConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5dbcf1d611 Covered Object.deepEquals() in NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
5c474f689d Better comments and descriptions 2021-08-01 09:47:02 +02:00
Artem Smotrakov
f245dc3ac8 Removed hashes from NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:02 +02:00
Artem Smotrakov
8a69b7b3ac Added NotConstantTimeCryptoComparison.qhelp and examples 2021-08-01 09:47:01 +02:00
Artem Smotrakov
67579dd1d8 Added tests for NotConstantTimeCryptoComparison.ql 2021-08-01 09:47:01 +02:00
Artem Smotrakov
c2c85d32da Java: Added a query for timing attacks 2021-08-01 09:47:01 +02:00
Artem Smotrakov
7959e76da8 Better qldoc in UnsafeDeserializationQuery.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 09:30:59 +02:00
Fosstars
a4b0041120 Better looksLikeResolveClassStep() predicate 2021-07-30 09:28:03 +02:00
Fosstars
1d3eb570bf hasJsonTypeInfoAnnotation() should check fields recursively 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-07-30 08:30:40 +02:00
yo-h
6a18b33616 Java: update frameworks.rst with Jackson 
Updating manually maintained list with coverage in `JacksonSerializability.qll`
 2021-07-29 17:35:06 -04:00
Arthur Baars
d986bea317 Merge pull request #238 from github/aibaars/extract-erb 
Extract ERB tags
 2021-07-29 19:21:32 +02:00
Aditya Sharad
cb686ea802 Merge pull request #6388 from github/geoffw0-patch-2 
Update query-metadata-style-guide.md
 2021-07-29 10:20:26 -07:00
Arthur Baars
00a0b93172 Add erb file 2021-07-29 19:09:56 +02:00
Geoffrey White
5e6e176f32 Update query-metadata-style-guide.md 
Add a note about the `@security-severity` tag.
 2021-07-29 17:53:31 +01:00
Nick Rolfe
4007e85991 Incorporate changes from Python PR 2021-07-29 17:25:39 +01:00