Merge branch 'main' into threat-models

2026-04-30 19:26:02 +02:00 · 2024-09-23 11:19:58 +02:00
parent e11bfc27bd e48e18af20
commit 4a21a85e73
6529 changed files with 233607 additions and 131008 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-346/Cors.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-346/Cors.py
@@ -0,0 +1,17 @@
+import cherrypy
+
+def bad():
+    request = cherrypy.request
+    validCors = "domain.com"
+    if request.method in ['POST', 'PUT', 'PATCH', 'DELETE']:
+        origin = request.headers.get('Origin', None)
+        if origin.startswith(validCors):
+            print("Origin Valid")
+
+def good():
+    request = cherrypy.request
+    validOrigin = "domain.com"
+    if request.method in ['POST', 'PUT', 'PATCH', 'DELETE']:
+        origin = request.headers.get('Origin', None)
+        if origin == validOrigin:
+            print("Origin Valid")
--- a/python/ql/test/experimental/query-tests/Security/CWE-346/CorsBypass.expected
+++ b/python/ql/test/experimental/query-tests/Security/CWE-346/CorsBypass.expected
@@ -0,0 +1,13 @@
+edges
+| Cors.py:7:9:7:14 | ControlFlowNode for origin | Cors.py:8:12:8:17 | ControlFlowNode for origin | provenance |  |
+| Cors.py:7:18:7:32 | ControlFlowNode for Attribute | Cors.py:7:18:7:52 | ControlFlowNode for Attribute() | provenance | Config |
+| Cors.py:7:18:7:32 | ControlFlowNode for Attribute | Cors.py:7:18:7:52 | ControlFlowNode for Attribute() | provenance | dict.get |
+| Cors.py:7:18:7:52 | ControlFlowNode for Attribute() | Cors.py:7:9:7:14 | ControlFlowNode for origin | provenance |  |
+nodes
+| Cors.py:7:9:7:14 | ControlFlowNode for origin | semmle.label | ControlFlowNode for origin |
+| Cors.py:7:18:7:32 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
+| Cors.py:7:18:7:52 | ControlFlowNode for Attribute() | semmle.label | ControlFlowNode for Attribute() |
+| Cors.py:8:12:8:17 | ControlFlowNode for origin | semmle.label | ControlFlowNode for origin |
+subpaths
+#select
+| Cors.py:8:12:8:17 | ControlFlowNode for origin | Cors.py:7:18:7:32 | ControlFlowNode for Attribute | Cors.py:8:12:8:17 | ControlFlowNode for origin | Potentially incorrect string comparison which could lead to a CORS bypass. |
--- a/python/ql/test/experimental/query-tests/Security/CWE-346/CorsBypass.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-346/CorsBypass.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-346/CorsBypass.ql
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-346/CorsBypass.ql`