hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,404 Commits 1,672 Branches 157 Tags
codeql-cli-2.22.1
Commit Graph

4694 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
2c27ce7aa5 Python: Make ast viewer see regexes 
This work is due to @erik-krogh who also
 - made corresponding fixes to `RegexTreeView.qll`
 - implemented `toUnicode` so it is available on `String`s
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
d953ba8dd4 Python: A parse-tree-view of regular expressions 
This contains several contributions from @erik-krogh
and also some fixes from @nickrolfe
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
21007d21f4 Python: track if qualifiers allow unbounded 
repeats. This in preparation for ReDoS
 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
74ca1d00b9 Python: More precise regex parsing 2021-06-28 17:04:48 +02:00
Rasmus Lerchedahl Petersen
e5f07cc4d3 Python: inline test of regex components 
- Added naive implementation of `charRange` so the test can run.
- Made predicates public as needed.
 2021-06-28 17:04:48 +02:00
jorgectf
1d4d8ab6e0 Fix tests 2021-06-28 14:16:52 +02:00
jorgectf
b9422518b3 Rephrase .qhelp 2021-06-28 14:00:00 +02:00
Rasmus Wriedt Larsen
318694ccc8 Python: Don't rely on d = d.getOutput() for Decoding 
Although it is for `json.loads` and the like.
 2021-06-28 13:17:45 +02:00
Rasmus Wriedt Larsen
59711424bd Python: Fix qhelp for NoSQL injection 2021-06-28 11:48:28 +02:00
Rasmus Wriedt Larsen
5477b2e0d5 Python: Minor refactoring cleanup 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
4a2c99a021 Python: Inline LDAPImproperAuth.qll 
Since having it inlined makes the query a bit easier to read. We
obviously need to share it if we want to share this predicate, but for
now that does not seem to be the case.
 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
b33f6a315c Python: Fix select for py/improper-ldap-auth 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
dfe16aae4c Python: Handle both positional and keyword args for LDAP bind 2021-06-28 10:46:13 +02:00
Rasmus Wriedt Larsen
97571e0b4f Python: Add modeling of peewee 2021-06-25 17:50:59 +02:00
Rasmus Wriedt Larsen
1317ae298c Python: Rename cursor => Cursor in PEP249 
Notice that since this will be part of the same PR as 5cfc433, it is OK
to do this change without keeping `PEP249::cursor` for backwards
compatibility.
 2021-06-25 17:30:35 +02:00
Rasmus Wriedt Larsen
d8db83d081 Python: Add cursor::instance for PEP249 
For Peewee modeling I want to be able to define new cursor instances
just like I can do for connections.
 2021-06-25 17:29:32 +02:00
Rasmus Wriedt Larsen
6be0db2c22 Python: Improve QLDoc of PEP249 modeling 2021-06-25 17:24:28 +02:00
Rasmus Wriedt Larsen
5cfc43395b Python: Refactor PEP249 to encapsulate in module 
So global namespace doesn't contain `Connection` whenever `PEP249.qll`
is imported
 2021-06-25 17:15:12 +02:00
Rasmus Wriedt Larsen
9573048ee8 Python: Port py/clear-text-logging-sensitive-data 2021-06-25 14:35:31 +02:00
Rasmus Wriedt Larsen
68cfeb0b5c Python: Model logging from the logging module 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
c05e375401 Python: Fix indentation of hashlib modeling 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
36c9ceb13b Python: Add Logging concept 2021-06-25 14:26:35 +02:00
Rasmus Wriedt Larsen
a7eb1b3a12 Python: Minor QLDoc fixup 2021-06-25 14:26:35 +02:00
Anders Schack-Mulligen
2d24387e9e Merge pull request #6149 from edoardopirovano/fix-java-regression 
Performance: Fix bad join order in Java dataflow library
 2021-06-25 10:42:05 +02:00
Rasmus Wriedt Larsen
a9469b73d9 Python: Port py/clear-text-storage-sensitive-data 2021-06-24 17:39:08 +02:00
Rasmus Wriedt Larsen
7017beca47 Python: Model CookieWrite for twisted 
Had to split the call to `request.cookies.append` since inline
expectation tests didn't like the expectation that contained `=` :(
 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
4606444b85 Python: Model CookieWrite for flask 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
65c526df86 Python: Model CookieWrite for tornado 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
9340d658a4 Python: Model CookieWrite for django 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
930ed0a712 Python: Minor django fixup 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
226425e831 Python: Model CookieWrite for aiohttp 2021-06-24 17:34:43 +02:00
Rasmus Wriedt Larsen
e1af1f11ee Python: Add HTTP::Server::CookieWrite concept 
along with tests, but no implementations (to ease reviewing).

---

I've put quite some thinking into what to call our concept for this.

[JS has `CookieDefinition`](581f4ed757/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll (L148-L187)), but I couldn't find a matching concept in any other languages.

We used to call this [`CookieSet`](f07a7bf8cf/python/ql/src/semmle/python/web/Http.qll (L76)) (and had a corresponding `CookieGet`).

But for headers, [Go calls this `HeaderWrite`](cd1e14ed09/ql/src/semmle/go/concepts/HTTP.qll (L97-L131)) and [JS calls this `HeaderDefinition`](581f4ed757/javascript/ql/src/semmle/javascript/frameworks/HTTP.qll (L23-L46))

I think it would be really cool if we have a naming scheme that means the name for getting the value of a header on a incoming request is obvious. I think `HeaderWrite`/`HeaderRead` fulfils this best. We could go with `HeaderSet`/`HeaderGet`, but they feel a bit too vague to me. For me, I'm so used to talking about def-use, that I would immediately go for `HeaderDefinition` and `HeaderUse`, which could work, but is kinda strange.

So in the end that means I went with `CookieWrite`, since that allows using a consistent naming scheme for the future :)
 2021-06-24 17:34:43 +02:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen
cd0efbe7ce Dataflow: Sync. 2021-06-24 14:19:17 +02:00
Rasmus Wriedt Larsen
686638a65f Merge pull request #6049 from RasmusWL/jmespath 
Python: Add modeling of `jmespath`
 2021-06-24 11:13:19 +02:00
Edoardo Pirovano
0909c9ff22 Performance: Fix bad join order in dataflow library 2021-06-24 08:24:17 +01:00
jorgectf
e0013fcdbb Fix Concepts.qll dependencies 2021-06-23 21:29:35 +02:00
jorgectf
7b9cbafd62 Move flask_mail to libraries/ 2021-06-23 21:28:11 +02:00
jorgectf
70d651184b Optimize Flask.qll 2021-06-23 21:21:45 +02:00
jorgectf
5e8f9959ef Extend Sendgrid setters 2021-06-23 20:56:48 +02:00
jorgectf
9563faf918 Add Sendgrid modeling 2021-06-23 20:53:17 +02:00
jorgectf
bf1eb7238e Cover django.core.mail 2021-06-23 18:37:55 +02:00
jorgectf
8ae864827a Format ReflectedXSS.qll 2021-06-23 18:37:33 +02:00
jorgectf
355bb5c734 Format Flask.qll 2021-06-23 18:37:11 +02:00
jorgectf
eac5eba9d2 Move tests and qlref to test/ 2021-06-23 18:36:44 +02:00
CodeQL CI
469e709113 Merge pull request #6055 from RasmusWL/rsa-modeling 
Approved by yoff
 2021-06-23 08:35:25 -07:00
jorgectf
c323fbbf3c Cover Flask-SendMail (Flask-Mail copy) 2021-06-23 17:26:14 +02:00
jorgectf
ae84df817a Extend ReflectedXSS query 2021-06-23 17:08:28 +02:00
Rasmus Wriedt Larsen
0774e985ce Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-06-23 13:37:38 +02:00
Rasmus Wriedt Larsen
902b450b12 Python: Also model pathlib.Path().open().write() 
And this transition to type-trackers also helped fix the missing path
through function calls 👍
 2021-06-23 10:50:04 +02:00