hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

4639 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
56b9c891d8 Python: Adjust XmlBomb.qhelp from JS 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
b00766b054 Python: Adjust XXE qhelp 
and remove the old copy, we don't need it anymore :)
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
c365337867 Python: Delete XmlEntityInjection.ql 
Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be
used to write the new qhelp files
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e45f9d69cc Python: Adjust Xxe/XmlBomb for Python 
I changed a few QLdocs so they fit the style we have used in Python...
although I surely do regret having introduced a new style for how these
QLDocs look :D
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
65907c9762 Python: Copy Xxe/XmlBomb queries from JS 
After internal discussion, these will replace the `XmlEntityInjection`
query, so we can have separate severities on DoS and the other (more
serious) attacks.

Note: These clearly don't work, since they are verbatim copies of the JS
code, but I split it into multiple commits to clearly highlight what
changes were made.
 2022-03-31 09:52:54 +02:00
Erik Krogh Kristensen
758a5d7a85 few join order fixes 2022-03-30 22:54:00 +02:00
haby0
1e6893e230 Update python/ql/src/experimental/semmle/python/security/injection/CsvInjection.qll 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-03-30 22:54:30 +08:00
haby0
8f2013c32e Simplify StartsWithCheck 2022-03-30 19:04:03 +08:00
Porcupiney Hairs
92033047a5 Python : Add query to detect PAM authorization bypass 
Using only a call to `pam_authenticate` to check the validity of a login can
lead to authorization bypass vulnerabilities. A `pam_authenticate` only
verifies the credentials of a user. It does not check if a user has an
appropriate authorization to actually login. This means a user with a
expired login or a password can still access the system.

This PR includes a qhelp describing the issue, a query which detects instances where a call to
`pam_acc_mgmt` does not follow a call to `pam_authenticate` and it's
corresponding tests.

This PR has multiple detections. Some of the public one I can find are :
* [CVE-2022-0860](https://nvd.nist.gov/vuln/detail/CVE-2022-0860) found
in [cobbler/cobbler](https://www.github.com/cobbler/cobbler)
* [fredhutch/motuz](https://www.huntr.dev/bounties/d46f91ca-b8ef-4b67-a79a-2420c4c6d52b/)
 2022-03-30 00:47:58 +05:30
yoff
3416f074e8 Update python/ql/src/Security/CWE-352/CSRFProtectionDisabled.ql 
Explain why `TestScope` is not used.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-29 13:59:04 +02:00
haby0
bf8c7a2ea7 Added Sanitizer Guard 2022-03-29 14:29:33 +08:00
Erik Krogh Kristensen
36db492aa2 move the polynomialbacktracking-test to the test folder 2022-03-28 13:22:26 +02:00
Arthur Baars
2ae5e8158e Python: import RegExpTreeView correctly 2022-03-28 12:41:32 +02:00
yoff
5efc19c39d Merge pull request #7806 from erik-krogh/pyDef 
Python: Add def nodes to API graphs
 2022-03-28 08:09:14 +02:00
Rasmus Lerchedahl Petersen
774c811e97 python: move CSRF concepts inside HTTP::Server 2022-03-28 07:35:13 +02:00
Ahmed Farid
d89ed8b98b Update zipslip_bad.py 2022-03-28 01:40:08 +00:00
Ahmed Farid
cafbd98454 Update zipslip_bad.py 2022-03-28 01:08:39 +00:00
Ahmed Farid
ddba3b7784 Update ZipSlip.qll 2022-03-28 00:59:56 +00:00
Ahmed Farid
0fac4f195d Update Concepts.qll 2022-03-28 00:47:27 +00:00
Ahmed Farid
413f1945ce Update Zip.qll 2022-03-28 00:44:56 +00:00
Rasmus Lerchedahl Petersen
1e9840d779 python: broaden local protection concept 2022-03-25 12:28:33 +01:00
Rasmus Lerchedahl Petersen
778a88f32c python: update qhelp 
removing custom middleware stack
will _not_ enable CSRF protection
 2022-03-25 11:49:06 +01:00
yoff
85f1d92a0d Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-25 11:42:32 +01:00
Rasmus Lerchedahl Petersen
ce017394e6 python: fix change note (hepofully) 2022-03-24 12:01:46 +01:00
Rasmus Lerchedahl Petersen
aecf4e48f8 python: add change note 2022-03-24 11:43:07 +01:00
Ahmed Farid
eab6568cda Update zipslip_good.py 2022-03-24 00:35:24 +01:00
Ahmed Farid
b5f1e9de08 Update zipslip_bad.py 2022-03-24 00:33:28 +01:00
Ahmed Farid
1836723ecb Merge branch 'main' into ZipSlip 2022-03-23 19:27:12 -04:00
Taus
af888f7604 Python: Add call graph meta-query 2022-03-23 16:36:28 +00:00
Rasmus Lerchedahl Petersen
441e206cfa python: CSRF -> Csrf 2022-03-23 11:29:27 +01:00
Rasmus Lerchedahl Petersen
53de8287f5 python: rule out test code for CSRF 2022-03-22 14:57:05 +01:00
Rasmus Lerchedahl Petersen
0f2c21c8bd python: require local protection to be absent 
for CSRF to be likely
 2022-03-22 13:42:52 +01:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
Rasmus Wriedt Larsen
b8dee25cce Python: ReflectedXSS -> ReflectedXss for new Query file 
So we stick to the naming conventions.

This rename is OK, since the new file was only just introduced in this
PR.
 2022-03-21 16:12:38 +01:00
Arthur Baars
79cd7bf8ed Python: create semmle/python/dataflow/new/Regex.qll 2022-03-21 15:57:19 +01:00
Rasmus Wriedt Larsen
695553ba9f Python: Deprecate old non-Query.qll dataflow defs 2022-03-21 15:03:22 +01:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
Arthur Baars
9412b331db Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql"" 
This reverts commit 6d24591416.
 2022-03-18 16:31:22 +01:00
Arthur Baars
6d24591416 Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql" 
This reverts commit ce50f35dda.
 2022-03-18 13:02:55 +01:00
Erik Krogh Kristensen
879680057e fix all ql/unused-field warnings 2022-03-17 09:41:42 +01:00
Arthur Baars
ab93b3784b Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-16 12:31:12 +01:00
Erik Krogh Kristensen
c7509c4dd3 Merge branch 'main' into deadCode 2022-03-15 09:19:14 +01:00
Jonas Jensen
d89c52f4b0 Merge pull request #8403 from erik-krogh/noUpper 
Rename all upper-case variables, and all lower-case modules
 2022-03-15 09:00:37 +01:00
haby0
e11c74c580 Delete redundant comments 2022-03-15 15:25:08 +08:00
haby0
4195eef9ba Add CSV injection model 2022-03-15 15:15:38 +08:00
Arthur Baars
6a74e761c8 Merge pull request #8398 from github/post-release-prep/codeql-cli-2.8.3 
Post-release preparation for codeql-cli-2.8.3
 2022-03-14 21:05:09 +01:00
Erik Krogh Kristensen
3bf5e06d53 delete all dead code 2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen
ad2ab5602e PY: rename remaining private python modules 2022-03-14 12:22:33 +01:00
Jeroen Ketema
4c2081b7fc Merge pull request #8401 from jketema/taint-flow 
Extend taint tracking interface with flow states
 2022-03-14 12:06:10 +01:00
Rasmus Wriedt Larsen
2f4a22c86c Merge pull request #6112 from jorgectf/jorgectf/python/deserialization 
Python: Port and extend XXE modeling
 2022-03-14 11:59:28 +01:00