hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Corrections

Browse Source
This commit is contained in:
Kevin Stubbings
2024-08-26 22:06:12 -07:00
parent 8bf8893307
commit 1db7865d49
5 changed files with 60 additions and 30 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
python/ql/src/experimental/Security/CWE-942/CorsMisconfigurationMiddleware.qhelp
View File

@@ -4,7 +4,7 @@
<qhelp>
<overview>
<p>
Web browsers, by default, disallow cross-origin resource sharing via direct HTTP requests (i.e. using a JavaScript HTTP client).
Web browsers, by default, disallow cross-origin resource sharing via direct HTTP requests.
Still, to satisfy some needs that arose with the growth of the web, an expedient was created to make exceptions possible.
CORS (Cross-origin resource sharing) is a mechanism that allows resources of a web endpoint (let's call it "Peer A")
to be accessed from another web page belonging to a different domain ("Peer B").

47
python/ql/src/experimental/Security/CWE-942/CorsMisconfigurationMiddleware.ql
View File

@@ -11,26 +11,29 @@
* external/cwe/cwe-352
*/
import python
import semmle.python.Concepts
private import semmle.python.dataflow.new.DataFlow
predicate containsStar(DataFlow::Node array){
(array.asExpr() instanceof List and
array.asExpr().getASubExpression().(StringLiteral).getText().matches("*")) or
(array.asExpr().(StringLiteral).getText().matches(["*", "null"]))
import python
import semmle.python.Concepts
private import semmle.python.dataflow.new.DataFlow
}
predicate isCorsMiddleware(Http::Server::CorsMiddleware middleware){
middleware.middleware_name().matches("CORSMiddleware")
}
predicate credentialsAllowed(Http::Server::CorsMiddleware middleware){
middleware.allowed_credentials().asExpr() instanceof True
}
from Http::Server::CorsMiddleware a
where credentialsAllowed(a) and
containsStar(a.allowed_origins().getALocalSource()) and
isCorsMiddleware(a)
select a, "This CORS middleware uses a vulnerable configuration that leaves it open to attacks from arbitrary websites"
predicate containsStar(DataFlow::Node array) {
array.asExpr() instanceof List and
array.asExpr().getASubExpression().(StringLiteral).getText() = ["*", "null"]
or
array.asExpr().(StringLiteral).getText() = ["*", "null"]
}
predicate isCorsMiddleware(Http::Server::CorsMiddleware middleware) {
middleware.middleware_name().matches("CORSMiddleware")
}
predicate credentialsAllowed(Http::Server::CorsMiddleware middleware) {
middleware.allowed_credentials().asExpr() instanceof True
}
from Http::Server::CorsMiddleware a
where
credentialsAllowed(a) and
containsStar(a.allowed_origins().getALocalSource()) and
isCorsMiddleware(a)
select a,
"This CORS middleware uses a vulnerable configuration that leaves it open to attacks from arbitrary websites"