hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
22,051 Commits 1,672 Branches 157 Tags
aeisenberg/codeql-action-main
Commit Graph

389 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
bd4934380a Python: Remove code duplication library 2021-03-25 15:27:55 +01:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
Rasmus Wriedt Larsen
315127d888 Python: Also test py/insecure-default-protocol on Python 3 2021-03-17 14:53:36 +01:00
Rasmus Wriedt Larsen
fbbec5d2b9 Merge pull request #5118 from yoff/python-port-stacktrace-exosure 
Python: Port stack trace exposure
 2021-03-16 14:52:44 +01:00
Rasmus Wriedt Larsen
50978364a6 Merge pull request #5246 from yoff/python-port-insecure-default-protocol 
Python: Port insecure default protocol
 2021-03-16 14:30:19 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Rasmus Lerchedahl Petersen
7142ddcb25 Python: add taint step for __traceback__ 2021-03-08 08:13:07 +01:00
Rasmus Lerchedahl Petersen
b36e0d0be7 Python: target SSA variable rather than Cfg node 
also add "INTERNAL: Do not use."
also give test functions different names
 2021-03-08 08:04:42 +01:00
Rasmus Lerchedahl Petersen
296297915c Python: add test for __traceback__ 2021-03-07 17:50:28 +01:00
yoff
d17246ce2b Merge pull request #5255 from RasmusWL/port-flask-debug 
Python: port py/flask-debug query
 2021-03-05 09:39:14 +01:00
Rasmus Lerchedahl Petersen
9f8a028dfc Python: add .expected-file 2021-03-04 00:12:34 +01:00
Rasmus Lerchedahl Petersen
f02a19669f Python: Make exception info concept local 2021-03-03 16:47:31 +01:00
Rasmus Lerchedahl Petersen
38748f9e23 Python: restrict attention to ss.wrap_socket 2021-03-01 16:35:21 +01:00
Rasmus Lerchedahl Petersen
9533c92fcc Python: Clean up tests and add comment 2021-02-26 19:28:44 +01:00
yoff
a067adbaf3 Update python/ql/test/query-tests/Security/CWE-327-py2/options 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-02-26 08:53:20 +01:00
Rasmus Wriedt Larsen
81b29316e1 Merge pull request #4737 from yoff/python-dataflow-add-cast-nodes 
Python: Force read- and store steps to add nodes.
 2021-02-25 14:28:54 +01:00
Taus
d326d40d71 Merge pull request #5252 from RasmusWL/test-cleanup 
Python: Minor cleanup of test setup
 2021-02-25 13:33:10 +01:00
Rasmus Lerchedahl Petersen
64c0eaf305 Python: Update test expectations 2021-02-25 11:49:57 +01:00
Rasmus Wriedt Larsen
27987717dc Merge branch 'main' into crypto 2021-02-25 11:30:32 +01:00
Rasmus Lerchedahl Petersen
24b51e8851 Merge branch 'main' of github.com:github/codeql into python-port-stacktrace-exosure 2021-02-25 07:24:41 +01:00
Rasmus Lerchedahl Petersen
bf3e5fceea Python: Rearrange directories 2021-02-24 22:07:27 +01:00
Rasmus Wriedt Larsen
0cad5ce5ca Python: Expand py/flask-debug tests a bit 2021-02-24 11:35:17 +01:00
Rasmus Wriedt Larsen
5c6989cf02 Revert "Python: Accept RequestWithoutValidation expected output change" 
Apparently CI is able to produce the ../ path, I have absolutely no clue what is
goign on...
 2021-02-24 11:14:18 +01:00
Rasmus Wriedt Larsen
0b9a65d234 Python: Accept RequestWithoutValidation expected output change 
I have no clue why this changed, but since it's only the `..` part, I guess
we'll live with it
 2021-02-24 10:13:25 +01:00
Rasmus Wriedt Larsen
cef37d19ce Python: Split CWE-295 tests 
Mostly just because it's nice. But now we can avoid having the same `options`
files for the tests.
 2021-02-24 10:12:45 +01:00
Rasmus Wriedt Larsen
0ffc801f9b Python: Remove options for InsecureTemporaryFile tests 2021-02-24 09:57:51 +01:00
Rasmus Lerchedahl Petersen
b28544da9c Python: Port insecure default protocol 
- use API graphs
- update .qlhelp-file
- limit to versions below 3.4
- move tests to its own directory to only test on old version
 2021-02-23 19:41:36 +01:00
Rasmus Wriedt Larsen
a09f8c4b4a Python: Port bind-to-all-interfaces to type-tracking 2021-02-23 16:01:24 +01:00
Rasmus Wriedt Larsen
4026d54095 Python: Expand bind-to-all-interfaces tests slightly 2021-02-23 15:53:47 +01:00
Rasmus Wriedt Larsen
d084261a79 Python: Ignore weak key-sizes from test-code in weak-crypto-key 
From looking at old results on LGTM.com, this was quite common (and those alerts
doesn't really provide value).
 2021-02-19 15:04:41 +01:00
Rasmus Wriedt Larsen
bfc8ead667 Python: Add example of test-code with weak crypto key 2021-02-19 15:04:14 +01:00
Rasmus Wriedt Larsen
dfa223ac6a Python: Better IntegerLiteral tracking for weak crypto key 2021-02-19 15:03:50 +01:00
Rasmus Wriedt Larsen
a6583345ba Python: Add weak crypto key example through function call 
We used to handle this, but no more :(

Adding this example was inspired by looking at results differences
 2021-02-19 15:03:49 +01:00
Rasmus Wriedt Larsen
0e9a54e9a9 Python: Rename WeakCrypto to WeakCryptoKey 
Since WeakCrypto always makes me think that it's about all weak crypto (like
using MD5, or completely broken ciphers such as ARC4 ro DES) and not just about
weak key generation.
 2021-02-19 15:03:44 +01:00
Rasmus Wriedt Larsen
46ad611d57 Python: Port py/weak-crypto-key to use type-tracking 
instead of points-to.

Looking at query results also made me realize I didn't supply a very good
"origin" for ECC in cryptography package, so I improved that 👍 -- maybe that
sohuld have been split into multiple commits... too late :(
 2021-02-19 15:03:43 +01:00
Rasmus Wriedt Larsen
2429c6c450 Python: Rewrite py/weak-crypto-key tests 
* Removed backend arugment that is not required
* Added DSA constants (they are just accidentially the same as RSA right now)
* Removed FakeWeakEllipticCurve and used a real weak elliptic curve instead
 2021-02-19 13:59:19 +01:00
Rasmus Wriedt Larsen
a19da54c9e Python: Exclude flask.request imports as RemoteFlowSource 
When I changed the taint modeling in 19b7ea8d85, that obviously also means that
some of the related locations for alerts will change. So that's why all the
examples needs to be updated.

Besides this, I had to fix a minor problem with having too many alerts. If
running a query agaisnt code like in the example below, there would be 3 alerts,
2 of them originating from the import.

```
from flask import Flask, request
app = Flask(__name__)
@app.route("/route")
def route():
    SINK(request.args.get['input'])
```

The 2 import sources where:

- ControlFlowNode for ImportMember
- GSSA Variable request

I removed these from being a RemoteFlowSource, as seen in the diff.

I considered restricting `FlaskRequestSource` so it only extends
`DataFlow::CfgNode` (and make the logic a bit simpler), but I wasn't actually
sure if that was safe to do or not... If you know, please let me know :)
 2021-02-19 12:22:05 +01:00
Rasmus Wriedt Larsen
7afe3972d8 Revert "Merge pull request #5171 from RasmusWL/restructure-queries" 
This reverts commit 8caafb3710, reversing
changes made to ec79094957.
 2021-02-17 16:32:53 +01:00
Taus
8caafb3710 Merge pull request #5171 from RasmusWL/restructure-queries 
Python: Restructure query file layout
 2021-02-17 12:09:32 +01:00
Rasmus Wriedt Larsen
cf9ad0cdc5 Python: Move ExternalAPI queries back under Security 
This was raised as a question at review, and I don't really have a good enough
argument for moving it under POI. At the end of the day, they are _security_
related enough I guess :)
 2021-02-17 11:29:33 +01:00
Rasmus Wriedt Larsen
dec026a820 Python: Fix security qlref to have single empty line 2021-02-17 11:26:02 +01:00
Rasmus Wriedt Larsen
2927d888cf Python: Fix location of PathInjection tests 2021-02-17 11:20:00 +01:00
Taus
36be72972d Merge pull request #2663 from tausbn/python-type-annotation-reuse-fp 
Python: Add false positive test example for issue #2652.
 2021-02-16 18:46:15 +01:00
Rasmus Wriedt Larsen
8494fcf45f Python: Move query tests to reflect new file layout 2021-02-16 13:15:01 +01:00
Rasmus Wriedt Larsen
1d6f9bee08 Python: Update qlrefs 2021-02-16 11:48:36 +01:00
Taus Brock-Nannestad
2632422783 Python: Add FP test for unknown argument in string format 
Reported in https://github.com/github/codeql/issues/2650

I found this during a bit of spring cleaning in my working
directory. As this doesn't have any immediate security implications, I
don't know when we'll get round to fixing it, but it can't hurt to
have the test case checked in.
 2021-02-12 19:28:12 +01:00
Rasmus Lerchedahl Petersen
cfa72af12c Python: Update test expectation to new format 2021-02-12 09:30:12 +01:00
Rasmus Wriedt Larsen
526ccdd227 Python: Add safe example from qhelp to qltests 2021-01-20 11:35:48 +01:00
Rasmus Wriedt Larsen
37aa9b9d06 Python: Add prefix sanitizer on URL redirect query 
This doesn't cover 100% of what we want to, but matches what we used to.
 2021-01-20 11:35:47 +01:00
Rasmus Wriedt Larsen
d8bfa3565f Python: Simple port of URL redirect query 
Still have not added sanitizer, but seems like old sanitizer was a bit too broad
(also covering %-formatting)
 2021-01-20 11:35:44 +01:00