hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

4561 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
23637fd691 Merge branch 'main' into promote-xxe 2022-04-06 12:56:31 +02:00
Rasmus Wriedt Larsen
4d2a3b38d2 Merge pull request #8511 from RasmusWL/use-query-suffix 
Python: Use `Query.qll` suffix for dataflow configuration definitions
 2022-04-06 11:59:29 +02:00
Ahmed Farid
dfe7f532ac Update CopyFile.qll 2022-04-05 12:42:05 +00:00
Ahmed Farid
0d6d07886b Rename Zip.qll to CopyFile.qll 2022-04-05 12:37:14 +00:00
Ahmed Farid
8882bc1533 Update Frameworks.qll 2022-04-05 12:32:10 +00:00
Ahmed Farid
68bfe38529 Update Zip.qll 2022-04-05 12:31:30 +00:00
Rasmus Wriedt Larsen
a7dab53ed2 Python: Add change-note 2022-04-05 11:46:49 +02:00
Rasmus Wriedt Larsen
1f285b8983 Python: Rename to XmlParsingVulnerabilityKind 
To keep up with style guide
 2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen
ab59d5c786 Python: Rename to XmlParsing 
To follow our style guide
 2022-04-05 11:06:22 +02:00
github-actions[bot]
6af568b16d Post-release preparation for codeql-cli-2.8.5 2022-04-01 16:22:14 +00:00
github-actions[bot]
ee746d20df Release preparation for version 2.8.5 2022-04-01 10:39:31 +00:00
Rasmus Wriedt Larsen
d2b03bb480 Python: Fix SimpleXmlRpcServer.ql 2022-03-31 20:37:28 +02:00
Rasmus Wriedt Larsen
4abab22066 Python: Promote XXE and XML-bomb queries 
Need to write a change-note as well, but will do that tomorrow
 2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen
b8d3c5e96f Python: Remove last bits of experimental XML modeling 2022-03-31 18:40:26 +02:00
Rasmus Wriedt Larsen
e11269715d Python: Promote xml.sax and xml.dom.* modeling 2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen
64aa503cc3 Python: Promote xml.etree modeling 2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen
7f5f7679f8 Python: Promote xmltodict modeling 2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen
80b5cde3a2 Python: Promote lxml parsing modeling 2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen
1ea4bcc59f Python: Make XMLParsing a Decoding subclass 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e45288e812 Python: => XMLParsingVulnerabilityKind 
Since there are other XML vulnerabilities that are not about parsing,
this is more correct.
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e005a5c0ab Python: Promote XMLParsing concept 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
9caf4be21b Python: Add PortSwigger link to Xxe.qhelp 
I found this resource quite good myself at least :)
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
56b9c891d8 Python: Adjust XmlBomb.qhelp from JS 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
b00766b054 Python: Adjust XXE qhelp 
and remove the old copy, we don't need it anymore :)
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
c365337867 Python: Delete XmlEntityInjection.ql 
Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be
used to write the new qhelp files
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e45f9d69cc Python: Adjust Xxe/XmlBomb for Python 
I changed a few QLdocs so they fit the style we have used in Python...
although I surely do regret having introduced a new style for how these
QLDocs look :D
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
65907c9762 Python: Copy Xxe/XmlBomb queries from JS 
After internal discussion, these will replace the `XmlEntityInjection`
query, so we can have separate severities on DoS and the other (more
serious) attacks.

Note: These clearly don't work, since they are verbatim copies of the JS
code, but I split it into multiple commits to clearly highlight what
changes were made.
 2022-03-31 09:52:54 +02:00
Erik Krogh Kristensen
758a5d7a85 few join order fixes 2022-03-30 22:54:00 +02:00
haby0
1e6893e230 Update python/ql/src/experimental/semmle/python/security/injection/CsvInjection.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-30 22:54:30 +08:00
haby0
8f2013c32e Simplify StartsWithCheck 2022-03-30 19:04:03 +08:00
Porcupiney Hairs
92033047a5 Python : Add query to detect PAM authorization bypass 
Using only a call to `pam_authenticate` to check the validity of a login can
lead to authorization bypass vulnerabilities. A `pam_authenticate` only
verifies the credentials of a user. It does not check if a user has an
appropriate authorization to actually login. This means a user with a
expired login or a password can still access the system.

This PR includes a qhelp describing the issue, a query which detects instances where a call to
`pam_acc_mgmt` does not follow a call to `pam_authenticate` and it's
corresponding tests.

This PR has multiple detections. Some of the public one I can find are :
* [CVE-2022-0860](https://nvd.nist.gov/vuln/detail/CVE-2022-0860) found
in [cobbler/cobbler](https://www.github.com/cobbler/cobbler)
* [fredhutch/motuz](https://www.huntr.dev/bounties/d46f91ca-b8ef-4b67-a79a-2420c4c6d52b/)
 2022-03-30 00:47:58 +05:30
yoff
3416f074e8 Update python/ql/src/Security/CWE-352/CSRFProtectionDisabled.ql 
Explain why `TestScope` is not used.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-29 13:59:04 +02:00
haby0
bf8c7a2ea7 Added Sanitizer Guard 2022-03-29 14:29:33 +08:00
Erik Krogh Kristensen
36db492aa2 move the polynomialbacktracking-test to the test folder 2022-03-28 13:22:26 +02:00
Arthur Baars
2ae5e8158e Python: import RegExpTreeView correctly 2022-03-28 12:41:32 +02:00
yoff
5efc19c39d Merge pull request #7806 from erik-krogh/pyDef 
Python: Add def nodes to API graphs
 2022-03-28 08:09:14 +02:00
Rasmus Lerchedahl Petersen
774c811e97 python: move CSRF concepts inside HTTP::Server 2022-03-28 07:35:13 +02:00
Ahmed Farid
d89ed8b98b Update zipslip_bad.py 2022-03-28 01:40:08 +00:00
Ahmed Farid
cafbd98454 Update zipslip_bad.py 2022-03-28 01:08:39 +00:00
Ahmed Farid
ddba3b7784 Update ZipSlip.qll 2022-03-28 00:59:56 +00:00
Ahmed Farid
0fac4f195d Update Concepts.qll 2022-03-28 00:47:27 +00:00
Ahmed Farid
413f1945ce Update Zip.qll 2022-03-28 00:44:56 +00:00
Rasmus Lerchedahl Petersen
1e9840d779 python: broaden local protection concept 2022-03-25 12:28:33 +01:00
Rasmus Lerchedahl Petersen
778a88f32c python: update qhelp 
removing custom middleware stack
will _not_ enable CSRF protection
 2022-03-25 11:49:06 +01:00
yoff
85f1d92a0d Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-25 11:42:32 +01:00
Rasmus Lerchedahl Petersen
ce017394e6 python: fix change note (hepofully) 2022-03-24 12:01:46 +01:00
Rasmus Lerchedahl Petersen
aecf4e48f8 python: add change note 2022-03-24 11:43:07 +01:00
Ahmed Farid
eab6568cda Update zipslip_good.py 2022-03-24 00:35:24 +01:00
Ahmed Farid
b5f1e9de08 Update zipslip_bad.py 2022-03-24 00:33:28 +01:00
Ahmed Farid
1836723ecb Merge branch 'main' into ZipSlip 2022-03-23 19:27:12 -04:00