hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

3912 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
0462809edc Python: add taint test for urllib 2024-10-03 12:20:38 +02:00
Rasmus Lerchedahl Petersen
0dc036abd1 Python: Allow type tracking through comprehensions 
- the subscript operator is extended to comprehensions
- the capture jump-step is extended to work for the functions generated inside comprehensions
 2024-10-03 09:31:02 +02:00
Rasmus Lerchedahl Petersen
38b1eb7c71 Python: just use ListElementContent for iterables 2024-10-01 16:24:15 +02:00
Rasmus Lerchedahl Petersen
05910de8d1 Python: MaD expectations 2024-10-01 13:21:22 +02:00
yoff
7816f34d75 Merge branch 'main' into stdlib-optparse 2024-10-01 12:48:09 +02:00
yoff
62509a10c2 Update python/ql/test/library-tests/dataflow/coverage/test_builtins.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2024-10-01 11:39:12 +02:00
Rasmus Lerchedahl Petersen
bd68986fa4 Python: add test showing dict can take multiple arguments 2024-10-01 10:01:22 +02:00
Rasmus Lerchedahl Petersen
a22ea6c1c8 Python: use known sanitiser 
- also adjust test expectations in experimental
 2024-09-30 14:22:17 +02:00
Rasmus Lerchedahl Petersen
fb07a56de6 Python: adjust test expectations 2024-09-30 13:26:59 +02:00
Rasmus Lerchedahl Petersen
f9f46f0f98 Python: update test expectations 
We now have a new callable, yielding new enclosing callables
 2024-09-30 12:00:38 +02:00
Rasmus Lerchedahl Petersen
d4ea62edec Python: flow through yield 
- add yield as a dataflow return
- replace comprehension store step
   with a store step to the yield
 2024-09-30 09:01:29 +02:00
Rasmus Wriedt Larsen
431a1af628 Merge branch 'main' into threat-models 2024-09-26 11:44:24 +02:00
Rasmus Lerchedahl Petersen
fc2dc28f87 python: capture flow through comprehensions 
- add comprehension functions as `DataFlowCallable`s
- add comprehension call as `DataFlowCall`
- create capture argument node for comprehension calls
 2024-09-25 10:02:31 +02:00
yoff
e7f9b5bbbc Merge branch 'main' into stdlib-optparse 2024-09-24 20:24:00 +02:00
Taus
8c015b0784 Merge pull request #17305 from Kwstubbs/CORSMiddleware-Starlette 
Python: Add Support for CORS Middlewares
 2024-09-24 15:51:49 +02:00
Kevin Stubbings
01aa63e170 Add tests 2024-09-23 16:47:10 -07:00
Kevin Stubbings
b1c0e28aff Extra test 2024-09-23 15:00:23 -07:00
Kevin Stubbings
05765c4284 Formatting 2024-09-23 14:51:50 -07:00
Kevin Stubbings
5d12f7bd30 Pre formatting Bottle tests 2024-09-23 14:37:22 -07:00
Joe Farebrother
48f9e0efe5 Adress review comments: Add missing deprecation + additional test case 2024-09-23 10:57:04 +01:00
Rasmus Wriedt Larsen
4a21a85e73 Merge branch 'main' into threat-models 2024-09-23 11:19:58 +02:00
Joe Farebrother
81e99bf1bb Add tests 2024-09-20 15:05:51 +01:00
Joe Farebrother
3001a570b2 Replace uses of StringConstCompare 2024-09-20 14:47:22 +01:00
Paolo Tranquilli
8953ad6b76 Python: replace src_archive exclusion patterns with *.testproj ones 
The `**/src_archive/**` exclusion patterns seem to have to do with
trying to exclude archived source files from being picked up for the
extractor while running the test itself. However it seems that directory
is not being used any more by `codeql` (which uses a `src` directory
instead).

A `*.testproj` exclusion pattern will work in a more robust way, by
excluding any file inside the database being built.
 2024-09-16 14:30:55 +02:00
Kevin Stubbings
7657b3e115 Fix tests 2024-09-12 21:30:32 -07:00
Rasmus Wriedt Larsen
cbebf7b392 Python: Additional threatModelSource annotations 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
a0b24d6194 Python: Add e2e threat-model test 2024-09-10 14:32:38 +02:00
Rasmus Wriedt Larsen
8d8cd05b94 Python: Add basic support for database threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
7483075b7e Python: Fixup modeling of os.open 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
d245db54a1 Python: Model file threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
66f389a4b6 Python: Model stdin thread-model 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
e1801f3a29 Python: Proper threat-model handling for argparse 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
56c85ffe54 Python: Fixup threat-models for os.environ.get() 
Since using `.DictionaryElementAny` doesn't actually do a store on the
source, (so we can later follow any dict read-steps).

I added the ensure_tainted steps to highlight that the result of the
WHOLE expression ends up "tainted", and that we don't just mark
`os.environ` as the source without further flow.
 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
b9239d7101 Python: Add basic support for environment/commandargs threat-models 2024-09-10 14:32:36 +02:00
Joe Farebrother
d1cca13563 Merge pull request #17314 from joefarebrother/python-x509-cert 
Python: Exclude certificate classification fo sensitive data queries
 2024-09-09 10:48:36 +01:00
Kevin Stubbings
bd2564ee44 Formatting 2024-09-03 14:34:25 -07:00
Porcupiney Hairs
f86570f6e7 WIP: Python: CORS Bypass 
This PR adds a query to detect a Cross Origin Resource Sharing(CORS) policy bypass due to an incorrect check.

This PR attempts to detect the vulnerability pattern found in CVE-2022-3457

```python
if request.method in ['POST', 'PUT', 'PATCH', 'DELETE']:
    origin = request.headers.get('Origin', None)
    if origin and not origin.startswith(request.base):
        raise cherrypy.HTTPError(403, 'Unexpected Origin header')
```

In this case, a value obtained from a header is compared using `startswith` call. This comparision is easily bypassed resulting in a CORS bypass. Given that similar bugs have been found in other languages as well, I think this PR would be a great addition to the exisitng python query pack.

The databases for CVE-2022-3457 can be downloaded from
```
https://filetransfer.io/data-package/i4Mfepls#link
https://file.io/V67T4SSgmExF
```
 2024-09-03 03:11:35 +05:30
Kevin Stubbings
5c8c99d31f Add header support for bottle and tornado 2024-08-30 18:16:01 -07:00
Joe Farebrother
a8591c79c5 Update test 2024-08-28 09:11:34 +01:00
Joe Farebrother
fc24ca304d Update tests 2024-08-27 14:18:50 +01:00
Kevin Stubbings
8bf8893307 Add support for vulnerable CORS middlewares 2024-08-26 21:30:48 -07:00
Tom Hvitved
c92c96fa78 Data flow: Compute local big step relation per stage 2024-08-26 09:15:27 +02:00
Rasmus Wriedt Larsen
8f7dec07b8 Python: Remove 'response' from default threat-models 
I didn't want to put the configuration file in
`semmle/python/frameworks/**/*.model.yml`, so created `ext/` as in other
languages
 2024-08-19 10:54:48 +02:00
Rasmus Wriedt Larsen
617ab27c75 Python: Add test showing default active threat-models 2024-08-19 10:54:48 +02:00
Joe Farebrother
62c2fe6b17 Merge pull request #16933 from joefarebrother/python-cookie-concept-promote 
Python: Promote the insecure cookie query from experimental
 2024-08-07 09:06:05 +01:00
Anders Schack-Mulligen
377301a55a Merge pull request #17108 from aschackmull/dataflow/flowthrough-provenance 
Dataflow: Propagate provenance correctly for flow-through wrappers.
 2024-08-01 09:35:56 +02:00
yoff
251036c6b4 Merge pull request #17080 from sylwia-budzynska/streamlit 
Python: Add Streamlit models
 2024-07-31 18:20:11 +02:00
Anders Schack-Mulligen
9724516c84 C#/Go/Java/Python/Ruby: Accept qltest .expected changes. 2024-07-31 14:45:10 +02:00
yoff
123dcc75d1 Merge pull request #16971 from RasmusWL/mad-dict-source 
Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources
 2024-07-31 13:40:07 +02:00
Sylwia Budzynska
9bd00c9e1e Change Gradio rfs test to use shared rfs test module 2024-07-31 13:25:32 +02:00