hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 20:26:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

9277 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
4b03f5c724 Python: Rename xml.sax test for consistency 2022-03-03 19:39:32 +01:00
Rasmus Wriedt Larsen
7cda901da2 Python: Add separate query for SimpleXMLRPCServer 
This was a rough quick-n-dirty query, and should get some qhelp as well at some point.
 2022-03-03 19:35:33 +01:00
Rasmus Wriedt Larsen
9406a972cd Python: Fix vuln detection for xml.minidom with parser arg 2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1 Python: Annotate xml.dom tests 2022-03-03 17:37:25 +01:00
Rasmus Wriedt Larsen
c4d08db62a Python: Expand XML PoC with minidom/pulldom/expat 2022-03-03 17:30:16 +01:00
Ahmed Farid
5e14d89714 Update ZipSlip.qll 2022-03-03 17:12:06 +01:00
Rasmus Wriedt Larsen
3affa6cf3a Python: Annotate xmltodict tests 2022-03-03 15:08:56 +01:00
Rasmus Wriedt Larsen
61291936bf Python: Properly model xml.etree 2022-03-03 15:06:55 +01:00
Rasmus Wriedt Larsen
703e3e8a0f Python: Handle DTD retrieval vuln in lxml 2022-03-03 14:46:48 +01:00
Rasmus Wriedt Larsen
e295399f70 Python: Properly handle huge_tree in lxml 2022-03-03 14:43:37 +01:00
Rasmus Wriedt Larsen
124c03c15c Python: Expand lxml tests 
And add annotations, see PoC.py for reference

Some of these needs fixing though
 2022-03-03 14:40:45 +01:00
Tom Hvitved
9d6d479fba Add missing QL doc 2022-03-03 14:17:41 +01:00
Rasmus Wriedt Larsen
3c321dd98d Python: Model lxml.etree.get_default_parser in own class 2022-03-03 13:49:17 +01:00
Rasmus Wriedt Larsen
52891cb476 Python: Add PoC for XML vulns 2022-03-03 13:48:46 +01:00
Tom Hvitved
ba6ff88d05 Sync files 2022-03-03 12:30:50 +01:00
Rasmus Wriedt Larsen
661d8bf553 Python: Better handling of resolve_entities arg in lxml 2022-03-03 10:05:57 +01:00
Rasmus Wriedt Larsen
515b824b3c Python: Add lxml positive test 2022-03-03 09:42:19 +01:00
jorgectf
3159d8e211 Correlate SendGridMail declaration with its predicates 2022-03-03 04:33:10 +01:00
Ahmed Farid
c45b67c316 Create zipslip_good.py 2022-03-02 18:10:24 +01:00
Ahmed Farid
aef1df122b Create zipslip_bad.py 2022-03-02 18:09:45 +01:00
Ahmed Farid
c8f73ec845 Create ZipSlip.qlref 2022-03-02 18:08:32 +01:00
Rasmus Lerchedahl Petersen
6946ae931a python: missed a spot.. 2022-03-02 17:12:48 +01:00
Rasmus Wriedt Larsen
7f7758b83d Python: rewrite xml sax modeling 2022-03-02 15:22:11 +01:00
Rasmus Wriedt Larsen
6dd776b2de Python: Only produce one alert per vulnerable XML sink 
This made it much easier to debug the current alerts on tests at least.

Notice that it's important that we have `strictconcat` and not just
`concat`, since `concat` will also allow flow to sinks that are not
vulnerable to any kind of XML vulnerability :|
 2022-03-02 15:22:11 +01:00
Rasmus Wriedt Larsen
16e482bf6f Python: Improve QLDoc for XML parsing/parsers 2022-03-02 14:25:12 +01:00
Rasmus Wriedt Larsen
aaf55b21c4 Python: Add XMLVulnerabilityKind 
This gives some freedom in changing the name presented, and not worrying about whether you have made a typo that makes everything break :|
 2022-03-02 14:25:12 +01:00
Rasmus Wriedt Larsen
ee23c05489 Python: XML: Expose vuln kind on sink 2022-03-02 14:25:12 +01:00
Rasmus Wriedt Larsen
500e0aced6 Python: Rewrite sax XML tests 
The tests for type-trackers were not that interesting, since they did
not have XML input in both cases, which is the problem we were trying
hard to solve.

I did keep the test-case of not-user-supplied url alive as well though
👍

I added OK/NOT OK annotations.

Notice that we report all 4 kinds of vulnerabilities on line 93
 2022-03-02 14:24:46 +01:00
Rasmus Lerchedahl Petersen
143e9ee954 Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection 2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen
ee45e79948 python: Create XML modulein Concepts 
to prepare for XXE and other XML related modelling
 2022-03-02 13:10:23 +01:00
Rasmus Lerchedahl Petersen
80be767a7a python: implement stdlib xpath support 2022-03-02 12:59:34 +01:00
Rasmus Lerchedahl Petersen
06e0f140c5 python: add tests for stdlib xpath 2022-03-02 12:58:37 +01:00
Taus
8460ab4f31 Merge pull request #7549 from hvitved/python/points-to-perf 2022-03-01 23:05:10 +01:00
Rasmus Wriedt Larsen
518e2aeebf Merge branch 'main' into jorgectf/python/deserialization 2022-03-01 16:47:13 +01:00
Rasmus Wriedt Larsen
2309f67e9b Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-01 15:50:21 +01:00
Rasmus Wriedt Larsen
27d5349a74 Python: ORM: Remove imports from test code 
These are no longer needed, as data-flow now has this import by default
 2022-03-01 15:39:52 +01:00
Rasmus Wriedt Larsen
a1c7ec8c6d Python: Accept .exepcted changes from importing frameworks from data-flow 
Since `python.qll` has `private import
semmle.python.dataflow.new.DataFlow`, that means that all tests now
implicitly imports the frameworks modeling, and therefore any python
class is part of the DjangoViewClassHelper ql class.

de8ecb214f/python/ql/lib/python.qll (L44)
 2022-03-01 15:37:16 +01:00
Rasmus Lerchedahl Petersen
f55d7d627e python: model XPathEvaluator 2022-03-01 14:40:13 +01:00
Rasmus Lerchedahl Petersen
3bb17be389 python: add concept and library tests 2022-03-01 14:39:28 +01:00
Tom Hvitved
92fa0071bd Update python/ql/lib/semmle/python/pointsto/MRO.qll 
Co-authored-by: Taus <tausbn@github.com>
 2022-03-01 14:16:49 +01:00
Rasmus Wriedt Larsen
cd58c12bbe Merge branch 'main' into orm 2022-03-01 12:01:54 +01:00
Tamás Vajk
94cb5c2be4 Merge pull request #8296 from github/post-release-prep/codeql-cli-2.8.2 
Post-release preparation for codeql-cli-2.8.2
 2022-03-01 11:57:36 +01:00
Rasmus Wriedt Larsen
98c60a706e Python: Autoformat 
Oops
 2022-03-01 11:54:09 +01:00
Rasmus Wriedt Larsen
e32f8d98b0 Python: Always import ORM steps for data-flow 
For C#, see
fdd787b89c/csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPrivate.qll (L16)

that import EntityFramework, which is ORM library.
 2022-03-01 11:32:36 +01:00
Rasmus Lerchedahl Petersen
ce3ee65f47 python: remove getTree for now 2022-03-01 10:49:21 +01:00
yoff
853857bd7e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-01 10:26:29 +01:00
github-actions[bot]
980f822983 Post-release preparation for codeql-cli-2.8.2 2022-03-01 09:24:30 +00:00
Ahmed Farid
70c0c7e461 Update zipslip_bad.py 2022-03-01 00:24:33 +01:00
Ahmed Farid
85bcaa96ce Update Concepts.qll 2022-03-01 00:23:06 +01:00
Ahmed Farid
c22b032bbe Update Zip.qll 2022-03-01 00:11:33 +01:00