hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,258 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.3
Commit Graph

4561 Commits

Author SHA1 Message Date
yoff
b120721942 Update python/ql/src/Security/CWE-090/LdapInjection.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-02-01 11:02:47 +01:00
Rasmus Lerchedahl Petersen
ecea392a08 python: rewrite qhelp overview 
(combining the Java version and the JS version)
 2022-02-01 10:47:18 +01:00
Rasmus Lerchedahl Petersen
26befebfc2 python: drop precision and add severity score 
Given both the original FP score and our concerns
regarding sanitizers, `@precision medium`, which
is aligned with other languages, feels appropriate.
 2022-02-01 10:34:36 +01:00
Jorge
a1f8acc9bb Merge branch 'github:main' into jorgectf/python/deserialization 2022-01-31 17:48:35 +01:00
Rasmus Lerchedahl Petersen
9d416664a1 python: modern change note 
I set the category to newQuery since that is what users will see.
When we have tags, it would be nice to tag it as a query promotion.
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
8b5114d10e python: Add standard customization setup 
- modernize the sanitizer, but do not make it less specific
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
20d54543fd python: move log injection out of experimental 
- move from custom concept `LogOutput` to standard concept `Logging`
- remove `Log.qll` from experimental frameworks
  - fold models into standard models (naively for now)
    - stdlib:
      - make Logger module public
      - broaden definition of instance
      - add `extra` keyword as possible source
   - flak: add app.logger as logger instance
   - django: `add django.utils.log.request_logger` as logger instance
     (should we add the rest?)
- remove LogOutput from experimental concepts
 2022-01-31 11:27:55 +01:00
Rasmus Lerchedahl Petersen
68d18ead34 python: add change note 2022-01-28 14:00:07 +01:00
Rasmus Lerchedahl Petersen
ab43f041c3 python: rename files 2022-01-28 11:00:17 +01:00
Rasmus Lerchedahl Petersen
4c3c4deb34 python: Move over query and tests 2022-01-28 09:19:11 +01:00
Rasmus Lerchedahl Petersen
a026120c52 Python: Move configuration over and refine it 
The original configuration did not match sinks with sanitizers.
Here it is resolved using flow state,
it could also be done by using two configurations.
 2022-01-28 09:00:40 +01:00
Dave Bartolomeo
cca74e925f Merge pull request #7724 from github/aeisenberg/examples-groups 
Add new groups for examples packs
 2022-01-27 12:11:26 -05:00
yoff
4632c14280 Merge pull request #7654 from RasmusWL/remove-old-pointsto-queries 
Python: Cleanup: Remove old points-to versions of queries
 2022-01-27 16:39:01 +01:00
github-actions[bot]
634134f283 Release preparation for version 2.8.0 2022-01-27 10:40:20 +00:00
Andrew Eisenberg
a7f755cf12 Add new groups for examples packs 
Also, remove version numbers. Will make it easier to avoid publishing
the examples packs.
 2022-01-26 14:49:18 -08:00
Rasmus Lerchedahl Petersen
e6b5833bd6 python: fix typo in qhelp 2022-01-26 19:05:36 +01:00
Edoardo Pirovano
1b539eb4dc Merge branch rc/3.4 into main 2022-01-25 16:22:01 +00:00
Rasmus Lerchedahl Petersen
9aa4c4a6a7 python: Add missing input 
also update test expectation
 2022-01-21 13:55:33 +01:00
Rasmus Lerchedahl Petersen
35c9307baa python: rewrite NoSQLInjection to use flow state 
This allows a bit more precision. Specifically, we could
 require the sanitizer to only affect `ConvertedToDict`.
 In practice, most sanitizers woudl probably fail on raw
 input also, though.
 2022-01-21 12:12:58 +01:00
Erik Krogh Kristensen
ddfc3bc00f use set literals instead of big disjunctions 2022-01-21 11:46:33 +01:00
yoff
5b9ae9cede Merge pull request #7659 from RasmusWL/move-regex-injection-files 
Python: Move regex injection configuration files
 2022-01-21 11:42:06 +01:00
yoff
4fd0ada9a8 Merge pull request #7652 from RasmusWL/cleartext-remove-fps 
Python: Remove usernames as sensitive source for cleartext queries
 2022-01-21 11:30:40 +01:00
Rasmus Lerchedahl Petersen
a5bc5373d0 python: Rewrite path injection to use flow state 
This removes the FP cause by chaining
This PR also removes `ChainedConfigs12.qll`,
as we hope to solve future problems via flow states.
 2022-01-21 09:26:48 +01:00
Rasmus Wriedt Larsen
f53dce3a83 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-01-20 14:20:15 +01:00
github-actions[bot]
ab218421da Post-release preparation for codeql-cli-2.7.6 2022-01-20 12:59:20 +00:00
Erik Krogh Kristensen
4e8e3a7420 simplify expressions that could be type-casts 2022-01-20 10:41:35 +01:00
github-actions[bot]
4ce8ccc52b Release preparation for version 2.7.6 2022-01-20 08:21:18 +00:00
Rasmus Wriedt Larsen
aa10ad6a8a Python: Fix RegexInjection query, add old deprecated versions 2022-01-19 17:22:44 +01:00
Rasmus Wriedt Larsen
93b3cd669a Python: Cleanup: Remove old points-to versions of queries 
Since we've internally agreed that we've reached the same or better set
of results.
 2022-01-19 15:30:12 +01:00
Rasmus Wriedt Larsen
e82e648ca1 Python: Remove usernames as sensitive source for cleartext queries 
Closes #6363, #6927, #6726, #7497, #7116
 2022-01-19 15:25:21 +01:00
Andrew Eisenberg
fbb5d7196f Merge branch 'main' into post-release-prep/codeql-cli-2.7.5 2022-01-14 08:23:43 -08:00
github-actions[bot]
8a2d92badc Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:43 +00:00
Taus
ea538a1ee8 Merge pull request #7416 from github/not-that-kind-of-experimental 
Remove experimental tag from non-ATM queries
 2022-01-05 18:08:15 +01:00
Erik Krogh Kristensen
fe1107ccac remove duplicated spaces in qldoc 2022-01-04 21:03:06 +01:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Tom Hvitved
6b4eaf674f Python: Fix another change note typo 2022-01-04 13:53:07 +01:00
Tom Hvitved
23fb3455c0 Python: Fix typo in change note 2022-01-04 11:06:23 +01:00
yoff
5ba70ff3b6 Merge pull request #7369 from RasmusWL/filter-tag-cwe 
JS/Py/Ruby: Add more CWEs to bad-tag-filter queries
 2022-01-04 10:11:03 +01:00
Dave Bartolomeo
5f5af4a29e Move change notes to correct location 
A few change notes slipped through the cracks of my previous change. These are now in the proper locations: `old-change-notes` for older notes, and `<lang>\ql\[src|lib]\change-notes` for current change notes.
 2022-01-03 18:21:16 -05:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
jorgectf
1b9567a1d8 Avoid using Str_ internal class 2021-12-19 19:56:58 +01:00
jorgectf
b6bdcd0eb8 Delete redundant exists() 2021-12-19 18:57:22 +01:00
jorgectf
f82ed8573e Model python_jwt.process_jwt 2021-12-19 18:32:14 +01:00
Rasmus Wriedt Larsen
83f1b2ca5d Python: Add SSRF qhelp 
I included examples of both types in the qhelp of both queries, to
provide context of what each of them actually are.
 2021-12-17 11:48:26 +01:00
Rasmus Wriedt Larsen
4b5599fe17 Python: Improve full/partial SSRF split 
Now full-ssrf will only alert if **all** URL parts are fully
user-controlled.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
cb934e17b1 Python: Adjust SSRF location to request call 
Since that might not be the same place where the vulnerable URL part is.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
1cc5e54357 Python: Add SSRF queries 
I've added 2 queries:

- one that detects full SSRF, where an attacker can control the full URL,
  which is always bad
- and one for partial SSRF, where an attacker can control parts of an
  URL (such as the path, query parameters, or fragment), which is not a
  big problem in many cases (but might still be exploitable)

full SSRF should run by default, and partial SSRF should not (but makes
it easy to see the other results).

Some elements of the full SSRF queries needs a bit more polishing, like
being able to detect `"https://" + user_input` is in fact controlling
the full URL.
 2021-12-16 01:48:34 +01:00
Sam Partington
db7b3bc136 Remove experimental tag from non-ATM queries 2021-12-15 16:17:14 +00:00
github-actions[bot]
59da2cdf69 Release preparation for version 2.7.4 2021-12-14 21:35:09 +00:00