codeql

codeql copied to clipboard

This PR adds the ciphers `RSA/ECB/OAEPWithSHA-1AndMGF1Padding` and `RSA/ECB/OAEPWithSHA-256AndMGF1Padding` to the list of secure algorithms. CodeQL flags the uses of these ciphers as risky/weak because it sees ECB in the cipher...

grakshith

General issue [Azure DevOps Pipeline]: pipeline is stuck at "Starting evaluation of codeql/csharp-queries/Telemetry/UnsupportedExternalAPIs.ql." step

7

I am adding CodeQL checks to our repository for it to run when code is pushed to our branch. The code ql analyze task never finishes and it always stuck...

ibrahim-amer

Problems porting deprecated DataFlow to new IR DataFlow (field-involved)

2

Hello there, I'm trying to port my query from deprecated DataFlow to new IR DataFlow. However, due to the lack of clear documentation, I got myself stuck in the below...

f0rm2l1n

JS: decoding JWT without signature verification

7

am0o0

Java: JWT decoding without verification

6

am0o0

This PR changes `reorder` directives in upgrade/downgrade scripts to use proper entity type names, instead of using `int` as generic stand-in for entity types.

cklin

Taint Tracking to a LocalVariable

2

Hello, I'm trying my query on a simple code before moving to my main codebase. Basically, I would like to track all the local taints from all the function arguments...

mies47

Sim4n6

aschackmull

Treat operands of `Phi` instructions as escaped

1

Note: contains a few IR diffs that I haven't fully investigated. During escape analysis, we currently allow an address to be used as an operand of a `Phi` instruction without...

dbartol