hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #2231 from semmledocs-ac/newqueries-docscheck

Browse Source 
CPP & C#: Review of qhelp (SD-4028)
This commit is contained in:
Geoffrey White
2019-11-05 11:11:34 +00:00
committed by GitHub
parent eb6e8866fa 27d0b51c6b
commit 8c16b36c7f
8 changed files with 21 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
cpp/ql/src/Likely Bugs/Memory Management/Buffer Overflow/NtohlArrayNoBoundOpenSource.qhelp
View File

@@ -14,7 +14,7 @@ byte order function, such as <code>ntohl</code>.
The use of a network-to-host byte order function is therefore a good indicator that the returned The use of a network-to-host byte order function is therefore a good indicator that the returned
value is unvalidated data retrieved from the network, and should not be used without further value is unvalidated data retrieved from the network, and should not be used without further
validation. In particular, the returned value should not be used as an array index or array length validation. In particular, the returned value should not be used as an array index or array length
value without validation, which may result in a buffer overflow vulnerability. value without validation, as this could result in a buffer overflow vulnerability.
</p> </p>
</overview> </overview>

2
cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.qhelp
View File

@@ -37,7 +37,7 @@ which is then subsequently accessed to fetch properties of the device. However,
check the return value from the function call to <code>initDeviceConfig</code>. If the check the return value from the function call to <code>initDeviceConfig</code>. If the
device number passed to the <code>notify</code> function was invalid, the device number passed to the <code>notify</code> function was invalid, the
<code>initDeviceConfig</code> function will leave the <code>config</code> variable uninitialized, <code>initDeviceConfig</code> function will leave the <code>config</code> variable uninitialized,
which would result in the <code>notify</code> function accessing uninitialized memory.</p> which will result in the <code>notify</code> function accessing uninitialized memory.</p>
<sample src="ConditionallyUninitializedVariableBad.c" /> <sample src="ConditionallyUninitializedVariableBad.c" />

2
cpp/ql/src/Security/CWE/CWE-457/ConditionallyUninitializedVariable.ql
View File

@@ -2,7 +2,7 @@
* @name Conditionally uninitialized variable * @name Conditionally uninitialized variable
* @description When an initialization function is used to initialize a local variable, but the * @description When an initialization function is used to initialize a local variable, but the
* returned status code is not checked, the variable may be left in an uninitialized * returned status code is not checked, the variable may be left in an uninitialized
* state, and reading the variable may result in undefined behaviour. * state, and reading the variable may result in undefined behavior.
* @kind problem * @kind problem
* @problem.severity warning * @problem.severity warning
* @opaque-id SM02313 * @opaque-id SM02313

4
csharp/ql/src/Security Features/CWE-091/XMLInjection.qhelp
View File

@@ -36,10 +36,10 @@ which ensures the content is appropriately escaped.</p>
<references> <references>
<li> <li>
<a href="http://projects.webappsec.org/w/page/13247004/XML%20Injection">XML Injection</a> (The Web Application Security Consortium). Web Application Security Consortium: <a href="http://projects.webappsec.org/w/page/13247004/XML%20Injection">XML Injection</a>.
</li> </li>
<li> <li>
<a href="https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmlwriter.writeraw?view=netframework-4.8">WriteRaw</a> (Microsoft documentation). Microsoft Docs: <a href="https://docs.microsoft.com/en-us/dotnet/api/system.xml.xmlwriter.writeraw?view=netframework-4.8">WriteRaw</a>.
</li> </li>
</references> </references>
</qhelp> </qhelp>

6
csharp/ql/src/Security Features/CWE-114/AssemblyPathInjection.qhelp
View File

@@ -14,7 +14,7 @@ was not intended to be loaded, and executing arbitrary code.
<p> <p>
Avoid loading assemblies based on user provided input. If this is not possible, ensure that the path Avoid loading assemblies based on user provided input. If this is not possible, ensure that the path
is validated before being used with <code>Assembly</code>. For example, compare the provided input is validated before being used with <code>Assembly</code>. For example, compare the provided input
against a whitelist of known safe assemblies, or confirm that path is restricted to a single against a whitelist of known safe assemblies, or confirm that the path is restricted to a single
directory which only contains safe assemblies. directory which only contains safe assemblies.
</p> </p>
</recommendation> </recommendation>
@@ -30,8 +30,8 @@ is only loaded if the user input matches one of those options.</p>
</example> </example>
<references> <references>
<li> <li>Microsoft:
<a href="https://docs.microsoft.com/en-us/dotnet/api/system.reflection.assembly?view=netframework-4.8">System.Reflection.Assembly</a> (Microsoft documentation). <a href="https://docs.microsoft.com/en-us/dotnet/api/system.reflection.assembly?view=netframework-4.8">System.Reflection.Assembly</a>.
</li> </li>
</references> </references>
</qhelp> </qhelp>

4
csharp/ql/src/Security Features/CWE-321/HardcodedEncryptionKey.ql
View File

@@ -1,6 +1,6 @@
/** /**
* @name Do not use hard-coded encryption keys. * @name Hard-coded encryption key
* @description The .Key property or rgbKey parameter of a SymmetricAlgorithm should never be a hardcoded value. * @description The .Key property or rgbKey parameter of a SymmetricAlgorithm should never be a hard-coded value.
* @kind problem * @kind problem
* @id cs/hardcoded-key * @id cs/hardcoded-key
* @problem.severity error * @problem.severity error

22
csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.qhelp
View File

@@ -3,7 +3,6 @@
"qhelp.dtd"> "qhelp.dtd">
<qhelp> <qhelp>
<overview> <overview>
<p>Finds uses of insecure SQL Connections string by not enabling the <code>Encrypt</code> option.</p>
<p> <p>
SQL Server connections where the client is not enforcing the encryption in transit are susceptible to multiple attacks, including a man-in-the-middle, that would potentially compromise the user credentials and/or the TDS session. SQL Server connections where the client is not enforcing the encryption in transit are susceptible to multiple attacks, including a man-in-the-middle, that would potentially compromise the user credentials and/or the TDS session.
@@ -29,18 +28,17 @@
</example> </example>
<references> <references>
<li>Microsoft, SQL Protocols blog:
<li> <a href="https://blogs.msdn.microsoft.com/sql_protocols/2009/10/19/selectively-using-secure-connection-to-sql-server/">Selectively using secure connection to SQL Server</a>.
<a href="https://blogs.msdn.microsoft.com/sql_protocols/2009/10/19/selectively-using-secure-connection-to-sql-server/">Selectively using secure connection to SQL Server</a>
</li> </li>
<li> <li>Microsoft:
<a href="https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring(v=vs.110).aspx">Net SqlClient (ADO .Net)</a> <a href="https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlconnection.connectionstring(v=vs.110).aspx">SqlConnection.ConnectionString Property</a>.
</li>
<li>Microsoft:
<a href="https://msdn.microsoft.com/en-us/library/ms130822.aspx">Using Connection String Keywords with SQL Server Native Client</a>.
</li>
<li>Microsoft:
<a href="https://msdn.microsoft.com/en-us/library/ms378988(v=sql.110).aspx">Setting the connection properties</a>.
</li> </li>
<li><a href="https://msdn.microsoft.com/en-us/library/ms130822.aspx">SQL native driver (SNAC)</a>
</li>
<li>
<a href="https://msdn.microsoft.com/en-us/library/ms378988(v=sql.110).aspx">JDBC driver</a>
</li>
</references> </references>
</qhelp> </qhelp>

2
csharp/ql/src/Security Features/CWE-327/InsecureSQLConnection.ql
View File

@@ -1,6 +1,6 @@
/** /**
* @name Insecure SQL connection * @name Insecure SQL connection
* @description TODO. * @description Using an SQL Server connection without enforcing encryption is a security vulnerability.
* @kind path-problem * @kind path-problem
* @id cs/insecure-sql-connection * @id cs/insecure-sql-connection
* @problem.severity error * @problem.severity error