hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

31240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
CodeQL CI
acbf7913b2 Merge pull request #7408 from asgerf/js/trusted-types-sinks 
Approved by esbena
 2021-12-16 08:59:51 +00:00
Michael Nebel
a5c055581e C#: Convert System.Runtime.CompilerServices.ConfiguredTaskAwaitable<>.ConfiguredTaskAwaiter flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
ddb7d722bc C#: Convert System.Runtime.CompilerServices.TaskAwaiter<> flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
bdd44c1c46 C#: Convert System.Runtime.CompilerServices.ConfiguredTaskAwaitable flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
034d45ddc0 C#: Convert System.Threading.Tasks.TaskFactory flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
440976fe63 C#: Convert System.Threading.Tasks.Task<> flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
cde98c7799 C#: Convert System.Threading.Tasks.Task flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
90d7b94b8a Merge pull request #7413 from hvitved/csharp/fix-test 
C#: Fix broken `FlowSummariesFiltered` test
 2021-12-16 09:31:33 +01:00
Rasmus Wriedt Larsen
1cc5e54357 Python: Add SSRF queries 
I've added 2 queries:

- one that detects full SSRF, where an attacker can control the full URL,
  which is always bad
- and one for partial SSRF, where an attacker can control parts of an
  URL (such as the path, query parameters, or fragment), which is not a
  big problem in many cases (but might still be exploitable)

full SSRF should run by default, and partial SSRF should not (but makes
it easy to see the other results).

Some elements of the full SSRF queries needs a bit more polishing, like
being able to detect `"https://" + user_input` is in fact controlling
the full URL.
 2021-12-16 01:48:34 +01:00
github-actions[bot]
18489c0ded Add changed framework coverage reports 2021-12-16 00:09:34 +00:00
Rasmus Wriedt Larsen
579de0c3f0 Python: Remove getResponse and do manual taint steps 2021-12-15 21:55:04 +01:00
Rasmus Wriedt Larsen
f8fc583af3 Python: client request: getUrl => getAUrlPart 
I think `getUrl` is a bit too misleading, since from the name, I would
only ever expect ONE result for one request being made.

`getAUrlPart` captures that there could be multiple results, and that
they might not constitute a whole URl.

Which is the same naming I used when I tried to model this a long time ago
a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
 2021-12-15 21:55:04 +01:00
Rasmus Wriedt Larsen
6f81685f48 Python: Add modeling of http.client.HTTPResponse 2021-12-15 21:55:04 +01:00
Rasmus Wriedt Larsen
a5bae30d81 Python: Add tests of http.client.HTTPResponse 2021-12-15 20:39:46 +01:00
Tom Hvitved
4ccf9bf67c Address review comments 2021-12-15 19:57:27 +01:00
Tom Hvitved
8f1b2b3bb5 C#: Fix broken FlowSummariesFiltered test 2021-12-15 18:32:25 +01:00
Arthur Baars
b53e3499cb Merge pull request #7249 from ShockwaveNN/patch-1 
Fix ruby incorrect version in documentation
 2021-12-15 18:32:24 +01:00
Asger Feldthaus
53b3581ed0 JS: Add test to stress flow through properties 2021-12-15 17:16:56 +01:00
Asger F
784991cce5 Update javascript/ql/lib/semmle/javascript/Routing.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-15 16:38:38 +01:00
Asger Feldthaus
79e6dcaf68 JS: Rename getValueAtAccessPath->getValueImplicitlyStoredInAccessPath 2021-12-15 16:37:28 +01:00
Asger Feldthaus
8aa4d8227e JS: Rename RouteHandlerInput->RouteHandlerParameter 2021-12-15 16:32:18 +01:00
Tom Hvitved
3bc6247ad8 Merge pull request #7378 from hvitved/ruby/module-infinite-loop 
Ruby: Prevent infinite recursion in module resolution library
 2021-12-15 16:27:36 +01:00
Asger Feldthaus
218b746f6f JS: Rename getAUseSite -> getRouteInstallation 2021-12-15 16:21:41 +01:00
Asger Feldthaus
4d85799fc7 JS: Add test for fastify-rate-limit 2021-12-15 16:18:22 +01:00
Asger Feldthaus
615b2ec539 JS: Fix handling of fastify-plugin 2021-12-15 16:04:46 +01:00
Asger Feldthaus
b226f767ad JS: Fix tracking of fastify server instance 2021-12-15 16:04:45 +01:00
Asger Feldthaus
0ca9feb854 JS: Always treat routers as resuming dispatch 2021-12-15 16:01:59 +01:00
Asger F
1b20506947 Update javascript/ql/lib/semmle/javascript/frameworks/Fastify.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-15 16:00:19 +01:00
Asger Feldthaus
995e33158f JS: Add test for res.locals flow to template 2021-12-15 16:00:19 +01:00
Asger Feldthaus
04bdba85ea JS: Shift line numbers in test expectations 2021-12-15 16:00:19 +01:00
Asger F
c1bb40f439 Update javascript/ql/lib/semmle/javascript/frameworks/Express.qll 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2021-12-15 16:00:19 +01:00
Asger Feldthaus
b2016bddac JS: Merge concepts of client/database in MongoDB model 2021-12-15 16:00:19 +01:00
Geoffrey White
b142a79a35 C++: Remove unnecessary additional taint step. 2021-12-15 14:35:54 +00:00
Tom Hvitved
c6696adfde Ruby: Add test case that would make old module resolution library diverge 2021-12-15 15:18:42 +01:00
Tom Hvitved
2187994f5c Ruby: Prevent infinite recursion in module resolution library 2021-12-15 15:15:19 +01:00
Geoffrey White
f82683cdf4 C++: Clean up QLDoc. 2021-12-15 14:08:43 +00:00
Geoffrey White
4891a649a2 C++: Newlines. 2021-12-15 13:52:47 +00:00
Arthur Baars
7ddfc00655 Merge branch 'main' into patch-1 2021-12-15 14:52:35 +01:00
Mathias Vorreiter Pedersen
8208f92f59 An alternative design for 'cpp/cleartext-transmission'. 2021-12-15 13:52:15 +00:00
Tony Torralba
7e644d8d7b Merge pull request #6098 from atorralba/atorralba/entrypoint-field-steps 
Java: Preserve taint on field-read-steps on entrypoint types
 2021-12-15 14:51:38 +01:00
Erik Krogh Kristensen
76dcfd479e more specific search path for dataset measure job 2021-12-15 14:36:43 +01:00
Erik Krogh Kristensen
133c496b94 Merge branch 'main' into erik-krogh/publish-ql-for-ql 2021-12-15 14:34:04 +01:00
Erik Krogh Kristensen
4beaceec68 QL: fix Buildins/Builtins typo 2021-12-15 14:26:58 +01:00
Erik Krogh Kristensen
fb979231f3 QL: merge the .codeqlmanifest.json file in the root 2021-12-15 14:22:40 +01:00
Erik Krogh Kristensen
0ac3e5c3ad Merge QL for QL into github/codeql 2021-12-15 14:19:53 +01:00
Erik Krogh Kristensen
8d91ba2a6e QL: fix Esbens workflow comments 2021-12-15 14:07:36 +01:00
Erik Krogh Kristensen
77cb822907 QL: fix search path for dataset measure 2021-12-15 13:34:33 +01:00
Tony Torralba
c1e4c05aa2 Update change note to new format 2021-12-15 13:08:34 +01:00
Tony Torralba
e2022f467c Update java/ql/lib/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-12-15 13:00:16 +01:00
Tony Torralba
a3b25f0eb5 Don't consider subtypes of fields 2021-12-15 13:00:16 +01:00