hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,161 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.6
Commit Graph

4040 Commits

Author SHA1 Message Date
jorgectf
983465963a Polish CookieWrite 2021-07-25 18:18:29 +02:00
jorgectf
8a3e4f14d1 Add tests and .qlref 2021-07-25 04:06:02 +02:00
jorgectf
0aaa9c13bd Merge remote-tracking branch 'origin/jorgectf/python/headerInjection' into jorgectf/python/insecure-cookie 2021-07-25 03:22:16 +02:00
jorgectf
93c8529fc9 Add .expected 2021-07-25 01:53:21 +02:00
jorgectf
1dd77f167a Fix undetected tests 2021-07-25 01:51:52 +02:00
jorgectf
61e873d725 Polish tests 2021-07-24 02:09:23 +02:00
jorgectf
f9b244ecad Polish documentation 2021-07-24 01:06:05 +02:00
jorgectf
068150b1ab Finish modeling 2021-07-22 19:34:23 +02:00
jorgectf
b5e10b6c42 Write (String|Bytes)IO additional taint step 2021-07-22 19:15:30 +02:00
jorgectf
11f4c1cc8e Format tests 2021-07-22 19:04:35 +02:00
Jorge
f02b6d60a5 Merge branch 'github:main' into jorgectf/python/ldapinsecureauth 2021-07-22 18:49:51 +02:00
jorgectf
b03e75e3d1 Extend ldap3's start_tls and fix tests 2021-07-22 18:42:41 +02:00
jorgectf
a34d6d390e Port to ApiGraphs and finish the query 2021-07-22 18:34:57 +02:00
Rasmus Wriedt Larsen
71e6db8a01 Merge branch 'main' into jorgectf/python/ldapimproperauth 2021-07-22 15:57:43 +02:00
Rasmus Wriedt Larsen
802d9bda83 Merge pull request #5680 from mrthankyou/python-use-sqlalchemy 
Python: Add SqlAlchemy model
 2021-07-22 15:31:39 +02:00
Rasmus Wriedt Larsen
38875ca0c7 Python: Improve handling of async methods 2021-07-22 14:17:07 +02:00
Rasmus Wriedt Larsen
6e9d9fcbbd Python: Improve taint steps in for & iterable unpacking 
These were written way before the ones in DataFlowPrivate, but
apparently didn't cover quite as much :|
 2021-07-22 14:16:17 +02:00
Taus
e9a4114c04 Python: Hotfix: Disable ReDoS queries 2021-07-22 10:58:49 +00:00
Rasmus Wriedt Larsen
d3163d8a76 Python: Add iterable-unpacking in for test 2021-07-22 11:59:46 +02:00
Rasmus Wriedt Larsen
e2d3fa7093 Python: Add list-comprehension taint test 2021-07-22 11:59:46 +02:00
Rasmus Wriedt Larsen
6f63c03558 Python: Model http.cookies.Morsel and usage in Tornado 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
7e09a1cbfd Python: Model tornado.httputil.HTTPHeaders 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
7020e4132b Python: Model BaseHTTPRequestHandler.rfile as file-like object 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
d388dd547e Python: Model HTTPMessage from Stdlib 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
dac71ded9d Python: Add Authorization modeling in Flask 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
133632119d Python: Model werkzeug Headers 
Also removed a misleading comment link to method on wrong class :D
 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
4d9c86a252 Python: Model Werkzeug FileStorage.save as FileSystemAccess 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
9cb4899c5c Python: Add FileStorage modeling in Flask 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
04190ea308 Python: Add file-like modeling to werkzeug FileStorage 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
4f4dec50f2 Python: Model ResovlerMatch in Django 
Like before, omitted ClassInstantiation
 2021-07-22 10:43:13 +02:00
jorgectf
68f79f054b Update .expected 2021-07-21 21:32:08 +02:00
jorgectf
8d84d63b94 Add Python-Jose modeling and tests 2021-07-21 21:31:53 +02:00
jorgectf
ce507beed4 Add Authlib modeling and tests 2021-07-21 21:31:35 +02:00
jorgectf
e14b10370e Add indeterminate test to pyjwt 2021-07-21 21:30:54 +02:00
Rasmus Wriedt Larsen
7dc6518350 Python: Add FileLikeObject modeling 
Such that the result of `request.FILES["key"].file.read()` is tainted
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
18c0d13efd Python: Model most of UploadedFile in Django 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
5ec5557203 Python: Model MultiValueDict in Django 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
51b543c67c Python: Model taint for django request methods 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
ce4b192caa Python: Improve usefulness of RemoteFlowSourcesReach meta query 
Before, results from `dca` would look something like

    ## + py/meta/alerts/remote-flow-sources-reach

    - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:16:38:48
        reachable with taint-tracking from RemoteFlowSource
    - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:9:38:12
        reachable with taint-tracking from RemoteFlowSource

now it should make it easier to spot _what_ it is that actually changed,
since we pretty-print the node.
 2021-07-21 16:35:09 +02:00
Taus
6591a86aad Python: Add test cases 
I debated whether to add a
`MISSING: use=moduleImport("builtins").getMember("print").getReturn()`
annotation to the last line.

Ultimately, I decided to add it, as we likely _do_ want this information
to propagate into inner functions (even if the value of `var2` may
change before `func4` is called).
 2021-07-20 13:26:35 +00:00
Taus
e53b86fbbc Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-20 15:19:45 +02:00
Taus
bbcbcefedc Python: Add false negative test case. 2021-07-20 12:54:06 +00:00
Taus
233ae5a54b Python: Fix FP in py/unused-local-variable 
This is only a temporary fix, as indicated by the TODO comment.

The real underlying issue is the fact that `isUnused` is defined in
terms of the underlying SSA variables (as these are only created
for variables that are actually used), and the fact that annotated
assignments are always considered to redefine their targets, which may
not actually be the case.

Thus, the correct fix would be to change the extractor to _disregard_
mere type annotations for the purposes of figuring out whether an
SSA variable should be created or not.

However, in the short term the present fix is likely sufficient.
 2021-07-20 12:13:44 +00:00
Taus
8b3fa789da Python: Add AnnAssign DefinitionNode 
This was a source of false positives for the
`py/uninitialized-local-variable` query, as exemplified by the test
case.
 2021-07-20 11:57:26 +00:00
Taus
f91e826781 Python: Add test case 2021-07-20 11:57:12 +00:00
Rasmus Wriedt Larsen
5249591747 Python: Fix test folder for InsecureProtocol 2021-07-19 16:57:00 +02:00
Rasmus Wriedt Larsen
5939128a76 Python: Fix test folder for InsecureDefaultProtocol 
it was named wrong before. whoops.
 2021-07-19 16:56:07 +02:00
Rasmus Wriedt Larsen
77021ae119 Python: Restructure security tests to contain query name 
We were mixing between things, so this is just to keep things
consistent. Even though it's not strictly needed for all queries,
it does look nice I think
 2021-07-19 16:54:34 +02:00
Rasmus Wriedt Larsen
da021feb8b Python: Move py/incomplete-hostname-regexp tests to own folder 2021-07-19 16:48:21 +02:00
Rasmus Wriedt Larsen
7939a1372e Python: Move Jinja2WithoutEscaping tests to own folder 2021-07-19 16:44:41 +02:00