4059 Commits

Author	SHA1	Message	Date
haby0	2b77f7d1bc	Modify isAdditionalTaintStep	2021-06-18 21:36:44 +08:00
haby0	a71757f0f4	Update java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.qhelp ... Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com>	2021-06-18 21:36:44 +08:00
haby0	bfe0d40987	using isAdditionalTaintStep	2021-06-18 21:36:44 +08:00
haby0	3a2a99e289	Fix 1	2021-06-18 21:36:44 +08:00
haby0	ed0aabef46	add isAdditionalTaintStep	2021-06-18 21:36:44 +08:00
haby0	921b8e80a2	Jshell Injection	2021-06-18 21:36:44 +08:00
Chris Smowton	6302187a5d	Merge pull request #5957 from haby0/java/BeanShellInjection ... Java: BeanShell Injection	2021-06-18 12:38:51 +01:00
Anders Schack-Mulligen	7eb6da3888	Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow ... Add models for Apache Commons Lang's tuple types	2021-06-18 11:25:07 +02:00
haby0	a73cb3f04a	Fix error	2021-06-18 17:22:26 +08:00
Calum Grant	32f6a465b0	Merge pull request #6080 from github/calumgrant/security-severities ... Update security-severity scores	2021-06-18 09:40:40 +01:00
Tom Hvitved	eb86bceb4d	Address review comments	2021-06-18 10:18:47 +02:00
haby0	0d18e4ff9c	BeanShell Injection	2021-06-18 15:54:13 +08:00
Tony Torralba	1014400a08	Fix test comments	2021-06-17 15:03:45 +02:00
Tony Torralba	3ec2c1308e	Add RequestForgerySanitizer	2021-06-17 14:58:27 +02:00
Tony Torralba	0c71393171	Merge branch 'main' into atorralba/promote-unsafe-android-webview-fetch	2021-06-17 14:54:25 +02:00
Chris Smowton	64001cc02c	Merge pull request #5587 from smowton/smowton/admin/promote-ssrf-query ... Promote SSRF query from experimental	2021-06-17 13:02:33 +01:00
Chris Smowton	d28c95d16c	Field foo of -> Field[foo] of	2021-06-17 12:49:25 +01:00
Chris Smowton	74b2a2c7a6	Improve style of interpretField	2021-06-17 12:45:44 +01:00
Chris Smowton	5cf0243dd0	Add change note	2021-06-17 12:34:40 +01:00
Chris Smowton	2cc1f46871	Model constructors for (Imm|M)utable(Pair|Triple)	2021-06-17 12:34:40 +01:00
Chris Smowton	fbaa382158	Add tests for Pair.of and Triple.of	2021-06-17 12:34:40 +01:00
Chris Smowton	eebaab8fe9	Order left and right consistently	2021-06-17 12:34:40 +01:00
Chris Smowton	472a2a64dd	Add models for Apache Commons tuples	2021-06-17 12:25:21 +01:00
Chris Smowton	73fa680224	Add support for CSV-specified flow to or from fields.	2021-06-17 12:24:28 +01:00
Tamás Vajk	200126b302	Merge pull request #6008 from github/tamasvajk/feature/csv-coverage-report ... Add timeseries CSV generator script	2021-06-17 13:03:41 +02:00
Chris Smowton	11b70326fd	Add Jakarta WS url-open sink	2021-06-17 11:58:41 +01:00
Chris Smowton	da1e760269	Adjust Spring models to use erased function signatures	2021-06-17 11:43:33 +01:00
Chris Smowton	1176fec287	Improve docs ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-06-17 11:43:33 +01:00
Chris Smowton	09f27554d0	Note incidental extra models in change note	2021-06-17 11:43:33 +01:00
Chris Smowton	7509e36382	Remove no-longer-needed BasicRequestLine model from InsecureBasicAuth.ql; adjust test expectations accordingly	2021-06-17 11:43:33 +01:00
Chris Smowton	c531b81ebe	Rename RequestForgery.java -> SanitizationTests.java	2021-06-17 11:43:33 +01:00
Chris Smowton	cb99e17f4d	Split and rename JavaNetHttp and ApacheHttp tests for consistency	2021-06-17 11:43:32 +01:00
Chris Smowton	6c4a909b86	Remove dead code from test	2021-06-17 11:43:32 +01:00
Chris Smowton	08ab5f5546	Remove redundant test	2021-06-17 11:43:32 +01:00
Chris Smowton	74569ce316	Tidy Jax-RS test	2021-06-17 11:43:32 +01:00
Chris Smowton	57ca36baad	Tidy Spring test	2021-06-17 11:43:32 +01:00
Chris Smowton	8b080a94e7	Convert request forgery tests to inline expectations; add missing models revealed by this process.	2021-06-17 11:43:32 +01:00
Chris Smowton	b66dcbe5b6	Factor request-forgery config so it can be used in an inline-expectations test	2021-06-17 11:43:32 +01:00
Chris Smowton	ee872f1752	Add missing tests, add additional models revealed missing in the process, and add stubs to support them all.	2021-06-17 11:43:32 +01:00
Chris Smowton	49bbfc3f4b	Convert SSRF sinks into url-open CSV sinks ... I also drop the previous approach of taint-tracking through various builder objects in favour of assuming that a URI set in a request-builder object is highly likely to end up requested in some way or another. This will cause the `java/non-https-url` query to pick the new sinks up too, and fixes a Spring case that had never worked but went unnoticed until now.	2021-06-17 11:43:30 +01:00
Chris Smowton	0f2139ff5d	Fix and document one-based argument indexing in StringFormat's getAnArgUsageOffset	2021-06-17 11:41:06 +01:00
Chris Smowton	55c72cebf2	Improve StringBuilder append chain tracking ... Previously this didn't catch the case of constructors chaining directly into appends, like `StringBuilder sb = new StringBuilder("1").append("2")`	2021-06-17 11:41:06 +01:00
Chris Smowton	5b25694a52	Simplify and improve AddExpr logic ... The improvement is in considering (userSupplied + "/") itself a sanitising prefix.	2021-06-17 11:41:06 +01:00
Chris Smowton	6b76f42d22	Broaden PrimitiveSanitizer to include boxed primitives and other java.lang.Numbers	2021-06-17 11:41:06 +01:00
Chris Smowton	3167af29bd	Tidy and remove catersian product from getUrlArgument	2021-06-17 11:41:05 +01:00
Chris Smowton	f388aae78e	Fix getAnArgUsageOffset and improve its space complexity ... Also add tests checking the output of the new function	2021-06-17 11:41:05 +01:00
Chris Smowton	0db5484399	Copyedit documentation ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2021-06-17 11:41:05 +01:00
Chris Smowton	1549993565	Update test results to account for changed model structure ... (Models now have internal nodes in order to allow field flow through them)	2021-06-17 11:41:05 +01:00
Chris Smowton	8d70e3d22e	Fix casing of change note	2021-06-17 11:41:05 +01:00
Chris Smowton	9138d2b8f5	Improve comment casing ... Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2021-06-17 11:41:05 +01:00