hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

More regexp improvements

Browse Source
This commit is contained in:
Alvaro Muñoz
2024-03-13 22:19:55 +01:00
parent 87b284e5e6
commit 0e50204672
13 changed files with 59 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

31
ql/lib/codeql/actions/ast/internal/Ast.qll
View File

@@ -1,5 +1,6 @@
private import codeql.actions.ast.internal.Yaml
private import codeql.Locations
private import codeql.actions.Ast::Utils as Utils
/**
* Gets the length of each line in the StringValue .
@@ -833,9 +834,9 @@ class StepsExpressionImpl extends ContextExpressionImpl {
string fieldName;
StepsExpressionImpl() {
expression.regexpMatch(stepsCtxRegex()) and
stepId = expression.regexpCapture(stepsCtxRegex(), 1) and
fieldName = expression.regexpCapture(stepsCtxRegex(), 2)
Utils::normalizeExpr(expression).regexpMatch(stepsCtxRegex()) and
stepId = Utils::normalizeExpr(expression).regexpCapture(stepsCtxRegex(), 1) and
fieldName = Utils::normalizeExpr(expression).regexpCapture(stepsCtxRegex(), 2)
}
override string getFieldName() { result = fieldName }
@@ -856,9 +857,9 @@ class NeedsExpressionImpl extends ContextExpressionImpl {
string fieldName;
NeedsExpressionImpl() {
expression.regexpMatch(needsCtxRegex()) and
fieldName = expression.regexpCapture(needsCtxRegex(), 2) and
neededJob.getId() = expression.regexpCapture(needsCtxRegex(), 1) and
Utils::normalizeExpr(expression).regexpMatch(needsCtxRegex()) and
fieldName = Utils::normalizeExpr(expression).regexpCapture(needsCtxRegex(), 2) and
neededJob.getId() = Utils::normalizeExpr(expression).regexpCapture(needsCtxRegex(), 1) and
neededJob.getLocation().getFile() = this.getLocation().getFile()
}
@@ -886,9 +887,9 @@ class JobsExpressionImpl extends ContextExpressionImpl {
string fieldName;
JobsExpressionImpl() {
expression.regexpMatch(jobsCtxRegex()) and
jobId = expression.regexpCapture(jobsCtxRegex(), 1) and
fieldName = expression.regexpCapture(jobsCtxRegex(), 2)
Utils::normalizeExpr(expression).regexpMatch(jobsCtxRegex()) and
jobId = Utils::normalizeExpr(expression).regexpCapture(jobsCtxRegex(), 1) and
fieldName = Utils::normalizeExpr(expression).regexpCapture(jobsCtxRegex(), 2)
}
override string getFieldName() { result = fieldName }
@@ -911,8 +912,8 @@ class InputsExpressionImpl extends ContextExpressionImpl {
string fieldName;
InputsExpressionImpl() {
expression.regexpMatch(inputsCtxRegex()) and
fieldName = expression.regexpCapture(inputsCtxRegex(), 1)
Utils::normalizeExpr(expression).regexpMatch(inputsCtxRegex()) and
fieldName = Utils::normalizeExpr(expression).regexpCapture(inputsCtxRegex(), 1)
}
override string getFieldName() { result = fieldName }
@@ -936,8 +937,8 @@ class EnvExpressionImpl extends ContextExpressionImpl {
string fieldName;
EnvExpressionImpl() {
expression.regexpMatch(envCtxRegex()) and
fieldName = expression.regexpCapture(envCtxRegex(), 1)
Utils::normalizeExpr(expression).regexpMatch(envCtxRegex()) and
fieldName = Utils::normalizeExpr(expression).regexpCapture(envCtxRegex(), 1)
}
override string getFieldName() { result = fieldName }
@@ -959,8 +960,8 @@ class MatrixExpressionImpl extends ContextExpressionImpl {
string fieldName;
MatrixExpressionImpl() {
expression.regexpMatch(matrixCtxRegex()) and
fieldName = expression.regexpCapture(matrixCtxRegex(), 1)
Utils::normalizeExpr(expression).regexpMatch(matrixCtxRegex()) and
fieldName = Utils::normalizeExpr(expression).regexpCapture(matrixCtxRegex(), 1)
}
override string getFieldName() { result = fieldName }

4
ql/lib/codeql/actions/dataflow/ExternalFlow.qll
View File

@@ -1,6 +1,6 @@
private import internal.ExternalFlowExtensions as Extensions
import codeql.actions.DataFlow
import actions
private import codeql.actions.DataFlow
private import actions
/**
* MaD sources

8
ql/lib/codeql/actions/dataflow/FlowSources.qll
View File

@@ -1,7 +1,7 @@
import actions
import codeql.actions.DataFlow
import codeql.actions.dataflow.ExternalFlow
import codeql.actions.Ast::Utils as Utils
private import actions
private import codeql.actions.DataFlow
private import codeql.actions.dataflow.ExternalFlow
private import codeql.actions.Ast::Utils as Utils
/**
* A data flow source.

4
ql/lib/codeql/actions/dataflow/FlowSteps.qll
View File

@@ -2,10 +2,10 @@
* Provides classes representing various flow steps for taint tracking.
*/
import actions
private import actions
private import codeql.util.Unit
private import codeql.actions.DataFlow
import codeql.actions.dataflow.ExternalFlow
private import codeql.actions.dataflow.ExternalFlow
/**
* A unit class for adding additional taint steps.

1
ql/src/Security/CWE-020/CompositeActionsSinks.ql
View File

@@ -12,6 +12,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

1
ql/src/Security/CWE-020/CompositeActionsSources.ql
View File

@@ -12,6 +12,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

1
ql/src/Security/CWE-020/CompositeActionsSummaries.ql
View File

@@ -12,6 +12,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

1
ql/src/Security/CWE-020/ReusableWorkflowsSinks.ql
View File

@@ -12,6 +12,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

1
ql/src/Security/CWE-020/ReusableWorkflowsSources.ql
View File

@@ -12,6 +12,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

1
ql/src/Security/CWE-020/ReusableWorkflowsSummaries.ql
View File

@@ -12,6 +12,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

1
ql/src/Security/CWE-094/CriticalExpressionInjection.ql
View File

@@ -13,6 +13,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

1
ql/src/Security/CWE-094/ExpressionInjection.ql
View File

@@ -13,6 +13,7 @@
*/
import actions
import codeql.actions.DataFlow
import codeql.actions.TaintTracking
import codeql.actions.dataflow.FlowSources
import codeql.actions.dataflow.ExternalFlow

49
ql/src/Security/CWE-829/UntrustedCheckout.ql
View File

@@ -18,32 +18,37 @@ import actions
/** An If node that contains an actor, user or label check */
class ControlCheck extends If {
ControlCheck() {
Utils::normalizeExpr(this.getCondition())
.regexpMatch([
".*github\\.actor.*", ".*github\\.triggering_actor.*",
".*github\\.event\\.pull_request\\.user\\.login.*",
".*github\\.event\\.pull_request\\.labels.*", ".*github\\.event\\.label\\.name.*"
])
exists(
Utils::normalizeExpr(this.getCondition())
.regexpFind([
"\\bgithub\\.actor\\b", // actor
"\\bgithub\\.triggering_actor\\b", // actor
"\\bgithub\\.event\\.pull_request\\.user\\.login\\b", //user
"\\bgithub\\.event\\.pull_request\\.labels\\b", // label
"\\bgithub\\.event\\.label\\.name\\b" // label
], _, _)
)
}
}
bindingset[s]
predicate containsHeadRef(string s) {
Utils::normalizeExpr(s)
.matches("%" +
[
"github.event.number", // The pull request number.
"github.event.pull_request.head.ref", // The ref name of head.
"github.event.pull_request.head.sha", // The commit SHA of head.
"github.event.pull_request.id", // The pull request ID.
"github.event.pull_request.number", // The pull request number.
"github.event.pull_request.merge_commit_sha", // The SHA of the merge commit.
"github.head_ref", // The head_ref or source branch of the pull request in a workflow run.
"github.event.workflow_run.head_branch", // The branch of the head commit.
"github.event.workflow_run.head_commit.id", // The SHA of the head commit.
"github.event.workflow_run.head_sha", // The SHA of the head commit.
"env.GITHUB_HEAD_REF",
] + "%")
exists(
Utils::normalizeExpr(s)
.regexpFind([
"\\bgithub\\.event\\.number\\b", // The pull request number.
"\\bgithub\\.event\\.pull_request\\.head\\.ref\\b", // The ref name of head.
"\\bgithub\\.event\\.pull_request\\.head\\.sha\\b", // The commit SHA of head.
"\\bgithub\\.event\\.pull_request\\.id\\b", // The pull request ID.
"\\bgithub\\.event\\.pull_request\\.number\\b", // The pull request number.
"\\bgithub\\.event\\.pull_request\\.merge_commit_sha\\b", // The SHA of the merge commit.
"\\bgithub\\.head_ref\\b", // The head_ref or source branch of the pull request in a workflow run.
"\\bgithub\\.event\\.workflow_run\\.head_branch\\b", // The branch of the head commit.
"\\bgithub\\.event\\.workflow_run\\.head_commit\\.id\\b", // The SHA of the head commit.
"\\bgithub\\.event\\.workflow_run\\.head_sha\\b", // The SHA of the head commit.
"\\benv\\.GITHUB_HEAD_REF\\b",
], _, _)
)
}
/** Checkout of a Pull Request HEAD ref */
@@ -68,7 +73,7 @@ class GitCheckout extends PRHeadCheckoutStep instanceof Run {
or
exists(string varname |
containsHeadRef(this.getInScopeEnvVarExpr(varname).getExpression()) and
line.matches("%" + varname + "%")
exists(line.regexpFind(varname, _, _))
)
)
)