hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

1594 Commits

Author SHA1 Message Date
Harry Maclean
0d68d88741 Merge pull request #11934 from hmac/actioncontroller-filters 2023-02-01 09:10:30 +13:00
Harry Maclean
c99a096c9b Ruby: Update test fixtures 2023-01-31 11:27:19 +13:00
erik-krogh
c2e8206090 add more array taint steps that taint the entire array 2023-01-30 21:14:27 +01:00
erik-krogh
962465f77a add array-taint-steps to unsafe-shell-command-construction 2023-01-30 16:56:03 +01:00
erik-krogh
e01002368f add query detecting validators that use badly anchored regular expressions on library/remote input 2023-01-30 16:34:20 +01:00
erik-krogh
f04a9cb523 Merge branch 'main' into rbRegConcept 2023-01-30 11:05:40 +01:00
Harry Maclean
708e303c01 Ruby: Model except: with a const argument 2023-01-30 21:17:31 +13:00
Harry Maclean
246ad46eb1 Ruby: Account for filter skip ordering 
A `skip_*_filter :foo` call only has an effect if there was an earlier
call that registered `:foo` as a filter.
 2023-01-30 18:50:30 +13:00
Harry Maclean
a164e76a5d Ruby: Model actioncontroller filter overrides 
If a filter is registered twice with the same name, the last
registration wins.
 2023-01-30 18:05:22 +13:00
Harry Maclean
fb86ef4aac Ruby: Model ActionController filters 
ActionController filters provide a way to register callbacks that run
before, after or around an action (i.e. HTTP request handler). They run
in the same class context as the action, so can get/set instance
variables and generally interact with the action in arbitrary ways.

In order to track flow between filters and actions, we have to model the
callback chain. This commit does that. A later change will add dataflow
steps to actually track flow through the chain.
 2023-01-30 17:41:36 +13:00
Harry Maclean
07a7a213b3 Merge pull request #11871 from hmac/rack 2023-01-26 08:40:30 +13:00
Alex Ford
3dd9392f5e Merge pull request #11869 from alexrford/rails/render_locals_shared 
Ruby: Rails - generalize rails flow step for accessing render locals hash in view
 2023-01-25 12:07:26 +00:00
erik-krogh
80d05c0425 also recognize protected methods as library-input sources 2023-01-24 20:55:25 +01:00
erik-krogh
a017b7500b Merge branch 'main' into rbPoly 2023-01-24 20:51:36 +01:00
Harry Maclean
e6e4e29bf8 Ruby: newline 2023-01-23 21:53:52 +00:00
Harry Maclean
c1207e0938 Ruby: Fix rack response tracking 
Use type tracking instead of getReturningNode, which seems to be faster
and works correctly for the cases I've tried.
 2023-01-23 21:43:04 +00:00
Erik Krogh Kristensen
240248b9cf Merge pull request #11453 from erik-krogh/unsafeHtmlConstruction 
RB: add unsafe-html-construction query
 2023-01-23 16:40:25 +01:00
Erik Krogh Kristensen
5be97f3761 Merge pull request #11909 from erik-krogh/concatCode 
Rb: recognize string concatenations as sinks for unsafe-code-construction
 2023-01-23 16:22:46 +01:00
erik-krogh
7c6ee5f293 Merge branch 'main' into unsafeHtmlConstruction 2023-01-23 15:01:01 +01:00
Alex Ford
3b10a2de11 Merge branch 'main' into rails/render_locals_shared 2023-01-23 10:00:22 +00:00
Arthur Baars
99148244a4 Merge pull request #11856 from aibaars/update-grammars 
Update grammars
 2023-01-23 09:46:50 +01:00
Alex Ford
8fec4b804f Ruby: StoredXSS test whitespace change 2023-01-20 13:40:19 +00:00
Alex Ford
fd8dd5e103 Ruby: update StoredXSS test output 2023-01-20 13:40:19 +00:00
Alex Ford
bea110b598 Ruby: remove blank line in test file 2023-01-20 13:40:19 +00:00
Alex Ford
b78ae1608e Ruby: remove a fixed TODO 2023-01-20 13:40:19 +00:00
Alex Ford
e5fbc92856 Ruby: generalize rails flow step for accessing render locals hash in view 2023-01-20 13:40:19 +00:00
erik-krogh
25e65e0d9f rewrite the regexp tracking DataFlow::Configuration to TypeTracking 2023-01-18 10:10:36 +01:00
erik-krogh
2fceee4e35 track regular expressions that gets compiled with Regexp.compile 2023-01-18 09:31:04 +01:00
erik-krogh
acf28ebd98 add a RegexExecution, and use it to track regular expressions to their uses in a nice way in rb/polynomial-redos 2023-01-18 09:31:04 +01:00
erik-krogh
6e33dd5df6 add failing test 2023-01-18 09:31:04 +01:00
erik-krogh
8251ad5e99 add unsafe-html-construction query 2023-01-17 15:35:17 +01:00
erik-krogh
a562568522 add string concat as a sink for command-construction 2023-01-17 14:48:09 +01:00
erik-krogh
8fc3b268e8 add string concat as a sink for code-construction 2023-01-17 14:48:06 +01:00
Erik Krogh Kristensen
59a8b21851 Merge pull request #10862 from erik-krogh/unsafeCodeConstruction 
Rb: Add an `unsafe-code-construction` query
 2023-01-16 13:22:58 +01:00
Arthur Baars
46063c7d04 Ruby: update expected output 2023-01-13 10:22:41 +01:00
Arthur Baars
c4ec674057 Ruby: support anonymous (hash)splat parameters/arguments 2023-01-13 10:22:41 +01:00
Harry Maclean
0626d693f5 Ruby: Recognise rack applications 
This is a basic first step in modelling rack apps. We recognise classes
that look like rack applications and then treat the argument to `call`
in the same way that we treat `request.env` in ActionController classes.

This finds a TP in CVE-2021-43840.
 2023-01-12 11:28:31 +13:00
Tony Torralba
c9d1cd97fb Ruby: Remove omittable exists variables 2023-01-10 13:39:49 +01:00
Erik Krogh Kristensen
5157d4df7b Merge pull request #11581 from erik-krogh/stdin 
Rb: add stdin as source for unsafe-deserialization
 2023-01-09 13:57:47 +01:00
yoff
c01ce955ba Merge pull request #11778 from yoff/shared/inline-tests 
Shared: Inline test expectations
 2023-01-09 13:21:18 +01:00
erik-krogh
19d2b49562 drive-by: make Base64.decode64(..) into a flowsummary that is shared with all queries 2023-01-06 09:04:37 +01:00
erik-krogh
1a27441cfb drive-by: delete code-execution sinks from unsafe-deserialization, we risked duplicate alerts 2023-01-06 09:04:36 +01:00
erik-krogh
0e6028a7f3 add stdin as source for unsafe-deserialization 2023-01-06 09:04:36 +01:00
erik-krogh
f98ff65b11 use eval() instead of send() in test 2023-01-05 20:04:04 +01:00
Rasmus Lerchedahl Petersen
c3b3c05cf3 Revert "Merge pull request #37 from erik-krogh/shared/inline-tests" 
This reverts commit 65fe9abcfe, reversing
changes made to 08e9d3391f.
 2023-01-05 09:19:43 +01:00
Harry Maclean
4d228bcddf Ruby: Recognise more string-valued variables 
This increases the sensitivity of our barrier guards.
 2023-01-04 11:45:10 +13:00
Harry Maclean
9944252c43 Ruby: Add test for barrier guards 
This demonstrates that we are missing a guard when a case branch
compares against a string-valued variable rather than a string literal.
 2023-01-04 11:45:10 +13:00
Harry Maclean
698a679c78 Ruby: add test 2023-01-04 11:45:10 +13:00
Harry Maclean
0fbb6bf608 Ruby: Make array inclusion barrier more sensitive 2023-01-04 11:45:09 +13:00
Erik Krogh Kristensen
79a2b6d0b0 use any() instead of this = this 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2023-01-02 10:49:54 +01:00