hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

5839 Commits

Author SHA1 Message Date
Chris Smowton
0db5484399 Copyedit documentation 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-17 11:41:05 +01:00
Chris Smowton
9138d2b8f5 Improve comment casing 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-06-17 11:41:05 +01:00
Chris Smowton
b25e8671b9 Java SSRF query: comment on sanitizing regex 2021-06-17 11:41:05 +01:00
Chris Smowton
a665d5d111 Improve RequestForgery.qhelp recommendation 2021-06-17 11:41:05 +01:00
Chris Smowton
0d9a6e2b61 Update java/ql/src/semmle/code/java/security/RequestForgery.qll 
SpringRestTemplateUrlMethods -> SpringRestTemplateUrlMethod
 2021-06-17 11:41:05 +01:00
Chris Smowton
fb2989c16b Copyedit comments and function names 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-17 11:41:04 +01:00
Chris Smowton
960a903185 Java SSRF query: document RequestForgeryAdditionalTaintStep and use Unit not string for a supertype. 2021-06-17 11:41:04 +01:00
Chris Smowton
575198a0e4 Java SSRF query: Server Side -> Server-Side everywhere. 2021-06-17 11:41:04 +01:00
Chris Smowton
7899e17f3a Java SSRF query: move RequestForgery qll file into semmle/code hierarchy 
This makes it importable by people wishing to extend the query.
 2021-06-17 11:41:04 +01:00
Chris Smowton
532a10bfdf Java SSRF query: Provide hook for custom taint-propagating steps; make all default sinks/sanitizers/steps private. 2021-06-17 11:41:04 +01:00
Chris Smowton
e8613367e8 Java SSRF query: copyedit qhelp 2021-06-17 11:41:04 +01:00
Chris Smowton
3333e7d186 Java SSRF query: sanitize primitives 
Even 'char' isn't a realistic vector for an exploit, unless somebody is copying out a string char by char.
 2021-06-17 11:41:04 +01:00
Chris Smowton
6933d06a46 Add exactly the string '/' as a sanitizing prefix. 
Usually this is ignored for suspicion that it could be taken for a protocol specifier, but on balance the context `(something) + "/" + tainted()` is more likely to be taken for a user-controlled location within a host the user does not control.
 2021-06-17 11:41:03 +01:00
Chris Smowton
bc43b6d760 Fix typo 2021-06-17 11:41:03 +01:00
Chris Smowton
e6249eed79 Add doc comments 2021-06-17 11:41:03 +01:00
Chris Smowton
26e10f3ad5 SSRF: don't consider results of fetches we initiated to be untrustworthy 2021-06-17 11:41:03 +01:00
Chris Smowton
c63d5986cf Sanitize StringBuilder appends that follow directly from a constructor. 
Note that some of this logic ought to be incorporated into StringBuilderVar once that code can be reviewed.
 2021-06-17 11:41:03 +01:00
Chris Smowton
b5a450b881 SSRF query: add sanitizer looking for a variety of ways of prepending a sanitizing prefix, such as one that restricts the hostname a URI will refer to. 2021-06-17 11:41:03 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen
6ca8d69b26 Merge pull request #5881 from haby0/java/UnsafeDeserialization 
Java: CWE-502 Add UnsafeDeserialization sinks
 2021-06-17 12:36:34 +02:00
Anders Schack-Mulligen
8fe2f4a554 Merge pull request #6034 from owen-mc/java/jax-rs 
Improve JAX-WS and JAX-RS models
 2021-06-17 12:35:34 +02:00
Owen Mansel-Chan
945db01f56 Address review comments 2021-06-17 10:29:33 +01:00
Tom Hvitved
ffb2350a54 Data flow: Fix getLocalCallContext join-order 2021-06-17 10:02:31 +02:00
Tom Hvitved
cc383e0f6a Data flow: Workaround for too clever compiler in consistency queries 2021-06-17 09:43:36 +02:00
Tony Torralba
2dd862661b Generic type parameters no longer needed in CSV sink models 2021-06-16 16:23:50 +02:00
Tony Torralba
2c8f8911fc Adatp CSV sink models to generics fix 2021-06-16 16:12:02 +02:00
Tony Torralba
47fffb04a6 Merge branch 'main' into atorralba/promote-ognl-injection 2021-06-16 15:46:33 +02:00
Tony Torralba
91ba30a781 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-06-16 15:46:14 +02:00
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Tony Torralba
bf2be6ec7c Merge branch 'main' into atorralba/promote-jndi-injection 2021-06-16 15:34:37 +02:00
Owen Mansel-Chan
5d00bb23e4 Move logic for URL redirection sinks 2021-06-16 12:48:11 +01:00
Tony Torralba
af6bd0b963 Consider subtypes of ReaderSource 2021-06-16 13:01:40 +02:00
Tony Torralba
f3ef93fa8a Make sinks more specific, improve tests 2021-06-16 13:01:39 +02:00
Tony Torralba
f9e6b3c3d2 Add new URL(tainted) as taint step 2021-06-16 13:01:39 +02:00
Tony Torralba
6f926e1e80 Refine sinks and add more taint steps 2021-06-16 13:01:39 +02:00
Tony Torralba
4b491dcc50 Add codehaus sink and taint steps 2021-06-16 13:01:39 +02:00
Tony Torralba
7031e0a91d Refactor to use CSV sink models 2021-06-16 13:01:38 +02:00
Tony Torralba
356601ce15 Moved from experimental 2021-06-16 13:01:38 +02:00
haby0
c1ada6d85b Merge branch 'main' into java/UnsafeDeserialization 2021-06-16 16:37:03 +08:00
haby0
9badd7aa27 change name 2021-06-16 11:29:37 +08:00
Calum Grant
771e686946 Update security-severity scores 2021-06-15 13:25:17 +01:00
Anders Schack-Mulligen
19305a217a Merge pull request #5374 from joefarebrother/guava-base 
Java: Model additional flow steps for the package `com.google.common.base` of the Guava framwork.
 2021-06-15 10:58:48 +02:00
Joe Farebrother
36cb207600 Increase precision of tests to test value flow 2021-06-14 11:20:07 +01:00
Owen Mansel-Chan
8cf47f12b4 Model constructors of classes implementing MultivaluedMap 2021-06-14 10:56:35 +01:00
Calum Grant
85467adc5e Merge pull request #5839 from github/security-severities5 
Add security-severity scores
 2021-06-11 15:56:20 +01:00
Joe Farebrother
678597f3f9 Update CSV rows for collection flow 2021-06-11 15:08:27 +01:00
Chris Smowton
76838809bb Merge pull request #5818 from artem-smotrakov/rmi-deserialization 
Java: Unsafe RMI deserialization
 2021-06-11 13:43:07 +01:00
Joe Farebrother
04ffe80366 Add unit tests 2021-06-11 11:41:27 +01:00
Joe Farebrother
153e0c4ac3 Add modelling for more com.google.common.base methods 2021-06-11 11:40:37 +01:00
Calum Grant
a594afb828 Add security-severity metadata 2021-06-10 20:11:08 +01:00