hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

6226 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
90bebaa5a9 Merge pull request #6960 from erik-krogh/useSetLiteral 
use set literal instead of big disjunction of literals
 2021-10-26 14:06:05 +02:00
Erik Krogh Kristensen
9c8a51bca6 cache SensitiveExpr 2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen
038438edca assume that setting the secure/httpOnly flag to some unknown value is good 2021-10-26 13:47:28 +02:00
Erik Krogh Kristensen
5228196f79 fix typos and update docs 2021-10-26 13:47:21 +02:00
Erik Krogh Kristensen
311df4d2b7 add test for the cookie npm package 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
92d59aa11c refactor most of the isSensitive predicates into a common helper predicate 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
834d5ec6ad add session{key,id} as sensitive info 2021-10-26 13:46:59 +02:00
Erik Krogh Kristensen
1e1e549847 update tests so it's clear which cookies are insecure 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
283b8231cb add more cookie models 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
2cb3d2c53f documentation overhaul on client-exposed-cookie (and restricting it to server-side) 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
ab23ffff3d documentation overhaul for clear-text-cookie 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
f36accf3e6 only report clear-text cookies for sensitive cookies 2021-10-26 13:46:58 +02:00
Erik Krogh Kristensen
53b4337795 combine test files 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
9193984f1b delete the experimental query library for cookie queries 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
6858acc6a9 port experimental cookie models to non-experimental 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
26a24a3895 prepare move to non-experimental 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
44db920f10 refactor, cleanup, and improvements in experimental cookie queries 2021-10-26 13:46:57 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
Erik Krogh Kristensen
dbd1148bd6 apply range pattern patch to javascript 2021-10-25 19:38:00 +02:00
Henry Mercer
7e0e35f364 Rename ATM query pack for consistency with other packs 2021-10-25 17:32:25 +01:00
Henry Mercer
02b1fe27d2 Merge pull request #6907 from github/henrymercer/add-experimental-atm-libraries 
JS: [Internal only] Add experimental libraries and queries for adaptive threat modeling
 2021-10-22 11:02:09 +01:00
Henry Mercer
548a344d34 JS: Implement suggestions from review 
Co-authored-by: Andrew Eisenberg <aeisenberg@github.com>
 2021-10-19 12:00:40 +01:00
Henry Mercer
4d7a8285ad JS: Initial commit of Adaptive Threat Modeling 2021-10-18 17:24:24 +01:00
Geoffrey White
a0e501c3a9 Sync identical files. 2021-10-15 14:34:02 +01:00
Geoffrey White
8f30b8b586 Autoformat. 2021-10-14 16:00:23 +01:00
Geoffrey White
f08d2ee759 Merge branch 'main' into setliterals 2021-10-14 14:39:39 +01:00
Geoffrey White
b9cce57db4 JS: Fix mistake. 2021-10-14 14:22:43 +01:00
Geoffrey White
882adc8e50 JS: Set literals. 2021-10-14 14:22:42 +01:00
Anders Schack-Mulligen
8b6baa250c Merge pull request #6878 from aschackmull/remove-singleton-setliteral 
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
 2021-10-14 14:53:05 +02:00
Mathias Vorreiter Pedersen
47a85bbb1d Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality 
Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'
 2021-10-14 13:47:03 +01:00
Erik Krogh Kristensen
047aee313c add pragma[noinline] to predicates where the qldoc mentions join-order 2021-10-14 12:34:25 +02:00
Tom Hvitved
f5420333e2 Sync shared files 2021-10-14 11:49:02 +02:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Mathias Vorreiter Pedersen
a2371370ff Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen
4991301f36 JS: Fix incorrect fix. 2021-10-13 19:45:02 +01:00
Andrew Eisenberg
0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Mathias Vorreiter Pedersen
f3bb0a676e JS: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:07 +01:00
Mathias Vorreiter Pedersen
887849857d JS: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:13:55 +01:00
Andrew Eisenberg
bbb2637bcc QlPacks: Add the defaultSuite to query packs that are missing it 
Also, change some examples pack names from `codeql-lang-examples` to
`codeql/lang-examples`. This doesn't affect behaviour since internally,
the legacy name is converted to the modern name.
 2021-10-12 11:54:50 -07:00
yoff
f6122c8a6c Merge pull request #6734 from erik-krogh/regBehind 
JS/PY: do not filter away regular expressions with lookbehinds
 2021-10-10 13:54:26 +02:00
Henry Mercer
4b069d41f6 Merge pull request #6818 from github/henrymercer/js/add-classify-files-to-library-pack 
JS: Move `ClassifyFiles.qll` to library pack
 2021-10-07 11:18:20 +01:00
CodeQL CI
a0dd3d9e75 Merge pull request #6815 from asgerf/js/adjust-security-severity-scores 
Approved by erik-krogh, esbena
 2021-10-07 02:36:19 -07:00
Henry Mercer
83cbc86f50 JS: Move ClassifyFiles.qll to library pack 
This allows us to use this library in packs that depend on the
`codeql/javascript-all` library pack.
 2021-10-06 16:08:06 +01:00
Andrew Eisenberg
57ef989a89 Fixes compile errors by moving files 
The two files moved in this commit are referenced from the
javascript/lib qlpack, but they are located in the
javascript/src qlpack. This causes compile errors when running
compile-ish commands for javascript queries. Moving the
files fixes it.
 2021-10-05 14:00:02 -07:00
Asger Feldthaus
3a20ca96c4 JS: Update CWE tags and severity score of code injection query 
The derived security-severity score of the JS code injection query
was much lower than for other languages (6.1 versus 9.3), possibly due
some differences in CWE tags, such as the inclusion of CWE-079.

We also add the more specific CWE-095 ("eval injection") for consistency
with other languages. It is a child of CWE-094 ("code injection") which
was already tagged.
 2021-10-05 10:12:19 +02:00
Asger Feldthaus
c4e8af983a JS: Update score and add CWE-730 to LoopBoundInjection 
This is a denial-of-service query, but was missing the CWE-730 tag
("denial of service") and consequently had a lower score than the
other DoS queries.
 2021-10-05 10:10:01 +02:00
Asger Feldthaus
682a71176d JS: Make TaintedFormatString have same severity as LogInjection 
The CWE number for this query is associated with buffer overflows
from printf/scanf-style functions in C++, which has likely determined
its derived security score.

But in JavaScript, a tainted format string is unlikely to lead to
anything worse than log injection so we're manually update its score
to reflect this.
 2021-10-05 10:10:01 +02:00
Asger Feldthaus
83ca4ef6d9 JS: Lower security-severity of queries with speculative threat model 
In the CVSS calculator we model this by setting 'Attack Complexity' to
High and 'User Interaction' to Low (as opposed to None).

CVSS vector:
  CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
 2021-10-05 10:10:01 +02:00
CodeQL CI
40d98ad678 Merge pull request #6789 from asgerf/js/restrict-package-exports 
Approved by erik-krogh
 2021-10-05 06:20:23 +01:00
Asger Feldthaus
cbd577694c JS: Autoformat 2021-10-04 13:30:15 +02:00