mirror of
https://github.com/github/codeql.git
synced 2026-05-03 12:45:27 +02:00
Merge branch 'main' into python-fix-exceptstmt-gettype
This commit is contained in:
Taus Brock-Nannestad
@@ -0,0 +1,7 @@
|
||||
import ssl
|
||||
|
||||
# secure versions
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)
|
||||
|
||||
# possibly insecure default
|
||||
ssl.wrap_socket()
|
||||
@@ -1,7 +1,37 @@
|
||||
import ssl
|
||||
from OpenSSL import SSL
|
||||
from ssl import SSLContext
|
||||
|
||||
# secure versions
|
||||
# insecure versions specified
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv2)
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv3)
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1)
|
||||
|
||||
SSLContext(protocol=ssl.PROTOCOL_SSLv2)
|
||||
SSLContext(protocol=ssl.PROTOCOL_SSLv3)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLSv1)
|
||||
|
||||
SSL.Context(SSL.SSLv2_METHOD)
|
||||
SSL.Context(SSL.SSLv3_METHOD)
|
||||
SSL.Context(SSL.TLSv1_METHOD)
|
||||
|
||||
METHOD = SSL.SSLv2_METHOD
|
||||
SSL.Context(METHOD)
|
||||
|
||||
# importing the protocol constant directly
|
||||
from ssl import PROTOCOL_SSLv2
|
||||
ssl.wrap_socket(ssl_version=PROTOCOL_SSLv2)
|
||||
SSLContext(protocol=PROTOCOL_SSLv2)
|
||||
|
||||
# secure versions specified
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
|
||||
SSL.Context(SSL.TLSv1_2_METHOD)
|
||||
|
||||
# possibly insecure default
|
||||
ssl.wrap_socket()
|
||||
# insecure versions allowed by specified range
|
||||
SSLContext(protocol=ssl.PROTOCOL_SSLv23)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLS)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLS_SERVER)
|
||||
|
||||
SSL.Context(SSL.SSLv23_METHOD)
|
||||
|
||||
@@ -1,37 +0,0 @@
|
||||
import ssl
|
||||
from OpenSSL import SSL
|
||||
from ssl import SSLContext
|
||||
|
||||
# insecure versions specified
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv2)
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_SSLv3)
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1)
|
||||
|
||||
SSLContext(protocol=ssl.PROTOCOL_SSLv2)
|
||||
SSLContext(protocol=ssl.PROTOCOL_SSLv3)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLSv1)
|
||||
|
||||
SSL.Context(SSL.SSLv2_METHOD)
|
||||
SSL.Context(SSL.SSLv3_METHOD)
|
||||
SSL.Context(SSL.TLSv1_METHOD)
|
||||
|
||||
METHOD = SSL.SSLv2_METHOD
|
||||
SSL.Context(METHOD)
|
||||
|
||||
# importing the protocol constant directly
|
||||
from ssl import PROTOCOL_SSLv2
|
||||
ssl.wrap_socket(ssl_version=PROTOCOL_SSLv2)
|
||||
SSLContext(protocol=PROTOCOL_SSLv2)
|
||||
|
||||
# secure versions specified
|
||||
ssl.wrap_socket(ssl_version=ssl.PROTOCOL_TLSv1_2)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLSv1_2)
|
||||
SSL.Context(SSL.TLSv1_2_METHOD)
|
||||
|
||||
# insecure versions allowed by specified range
|
||||
SSLContext(protocol=ssl.PROTOCOL_SSLv23)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLS)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLS_CLIENT)
|
||||
SSLContext(protocol=ssl.PROTOCOL_TLS_SERVER)
|
||||
|
||||
SSL.Context(SSL.SSLv23_METHOD)
|
||||
@@ -0,0 +1,12 @@
|
||||
edges
|
||||
| test.py:7:12:7:18 | ControlFlowNode for request | test.py:7:12:7:23 | ControlFlowNode for Attribute |
|
||||
| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:8:30:8:33 | ControlFlowNode for text |
|
||||
| test.py:7:12:7:23 | ControlFlowNode for Attribute | test.py:9:32:9:35 | ControlFlowNode for text |
|
||||
nodes
|
||||
| test.py:7:12:7:18 | ControlFlowNode for request | semmle.label | ControlFlowNode for request |
|
||||
| test.py:7:12:7:23 | ControlFlowNode for Attribute | semmle.label | ControlFlowNode for Attribute |
|
||||
| test.py:8:30:8:33 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
|
||||
| test.py:9:32:9:35 | ControlFlowNode for text | semmle.label | ControlFlowNode for text |
|
||||
#select
|
||||
| test.py:8:30:8:33 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:8:30:8:33 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of ' '. | test.py:8:21:8:23 | \\s+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |
|
||||
| test.py:9:32:9:35 | ControlFlowNode for text | test.py:7:12:7:18 | ControlFlowNode for request | test.py:9:32:9:35 | ControlFlowNode for text | This $@ that depends on $@ may run slow on strings with many repetitions of '99'. | test.py:9:27:9:29 | \\d+ | regular expression | test.py:7:12:7:18 | ControlFlowNode for request | a user-provided value |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security/CWE-730/PolynomialReDoS.ql
|
||||
@@ -0,0 +1,9 @@
|
||||
import re
|
||||
from flask import Flask, request
|
||||
app = Flask(__name__)
|
||||
|
||||
@app.route("/poly-redos")
|
||||
def code_execution():
|
||||
text = request.args.get("text")
|
||||
re.sub(r"^\s+|\s+$", "", text) # NOT OK
|
||||
re.match(r"^0\.\d+E?\d+$", text) # NOT OK
|
||||
@@ -92,5 +92,8 @@
|
||||
| redos.py:363:25:363:43 | ((?:a{0\|-)\|\\w\\{\\d)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0'. |
|
||||
| redos.py:364:25:364:45 | ((?:a{0,\|-)\|\\w\\{\\d,)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0,'. |
|
||||
| redos.py:365:25:365:48 | ((?:a{0,2\|-)\|\\w\\{\\d,\\d)+ | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of 'a{0,2'. |
|
||||
| redos.py:371:25:371:35 | (\\u0061\|a)* | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of 'a'. |
|
||||
| redos.py:380:35:380:41 | [^"\\s]+ | This part of the regular expression may cause exponential backtracking on strings starting with '/' and containing many repetitions of '!'. |
|
||||
| redos.py:381:35:381:41 | [^"\\s]+ | This part of the regular expression may cause exponential backtracking on strings starting with '/' and containing many repetitions of '!'. |
|
||||
| unittests.py:5:17:5:23 | (\u00c6\|\\\u00c6)+ | This part of the regular expression may cause exponential backtracking on strings starting with 'X' and containing many repetitions of '\u00c6'. |
|
||||
| unittests.py:9:16:9:24 | (?:.\|\\n)* | This part of the regular expression may cause exponential backtracking on strings containing many repetitions of '\\n'. |
|
||||
@@ -0,0 +1 @@
|
||||
experimental/Security/CWE-730/ReDoS.ql
|
||||
@@ -366,3 +366,16 @@ bad86 = re.compile(r'''^((?:a{0,2|-)|\w\{\d,\d)+X$''')
|
||||
|
||||
# GOOD:
|
||||
good42 = re.compile(r'''^((?:a{0,2}|-)|\w\{\d,\d\})+X$''')
|
||||
|
||||
# NOT GOOD
|
||||
bad87 = re.compile(r'X(\u0061|a)*Y')
|
||||
|
||||
# GOOD
|
||||
good43 = re.compile(r'X(\u0061|b)+Y')
|
||||
|
||||
# GOOD
|
||||
good44 = re.compile(r'("[^"]*?"|[^"\s]+)+(?=\s*|\s*$)')
|
||||
|
||||
# BAD
|
||||
bad88 = re.compile(r'/("[^"]*?"|[^"\s]+)+(?=\s*|\s*$)X')
|
||||
bad89 = re.compile(r'/("[^"]*?"|[^"\s]+)+(?=X)')
|
||||
@@ -1 +0,0 @@
|
||||
Security/CWE-730/ReDoS.ql
|
||||
Reference in New Issue
Block a user