hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

4639 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
bacd491875 Python: Fix isSequence() and isMapping() 2020-06-09 14:21:02 +02:00
semmle-qlci
1a7570ebbe Merge pull request #3563 from RasmusWL/python-fabric-execute 
Approved by tausbn
 2020-06-08 16:00:49 +01:00
Rasmus Wriedt Larsen
7c037cd2ab Python: Handle Enum._convert in Python 3.8 2020-06-08 14:49:58 +02:00
porcupineyhairs
6dd9106301 Update XSLT.qll 2020-06-08 03:12:23 +05:30
Porcupiney Hairs
424e88d318 include sugestions from review 2020-06-08 02:52:11 +05:30
Porcupiney Hairs
1ceb963d4c Python : Add support for detecting XSLT Injection 
This PR adds support for detecting XSLT injection in Python.
I have included the ql files as well as the tests with this.
 2020-06-07 03:05:50 +05:30
Robert Brignull
6e0552c074 add more code-scanning suites 2020-06-01 11:45:46 +01:00
Rasmus Wriedt Larsen
551420401a Python: Fix typo 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-29 14:27:07 +02:00
Rasmus Wriedt Larsen
48be57c8fd Python: Improve QLDoc for ExternalStringDictKind 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
b083c01520 Python: Deprecate StringDictKind 
This QL

```codeql
import python
import semmle.python.dataflow.TaintTracking
import semmle.python.security.strings.Untrusted

from CollectionKind ck
where
    ck.(DictKind).getMember() instanceof StringKind
    or
    ck.getMember().(DictKind).getMember() instanceof StringKind
select ck, ck.getAQlClass(), ck.getMember().getAQlClass()
```

generates these 6 results.

```
1	{externally controlled string}          ExternalStringDictKind	UntrustedStringKind
2	{externally controlled string}	        StringDictKind	        UntrustedStringKind
3	[{externally controlled string}]	SequenceKind	        ExternalStringDictKind
4	[{externally controlled string}]	SequenceKind	        StringDictKind
5	{{externally controlled string}}	DictKind	        ExternalStringDictKind
6	{{externally controlled string}}	DictKind	        StringDictKind
```

StringDictKind was only used in *one* place in our library code. As illustrated
above, it pollutes our set of TaintKinds. Effectively, every time we make a
flow-step for dictionaries with tainted strings as values, we do it TWICE --
once for ExternalStringDictKind, and once for StringDictKind... that is just a
waste.
 2020-05-29 12:06:57 +02:00
Rasmus Wriedt Larsen
87bc8ae28d Python: Don't use UntrustedStringKind in web lib 
If I wanted to use my own TaintKind and not have any interaction with
`UntrustedStringKind` that wouldn't be possible today since these standard http
libraries import it directly. (also, I wouldn't get any sources of my custom
TaintKind from turbogears or bottle). I changed them to use the same pattern of
`ExternalStringKind` as everything else does.
 2020-05-29 12:06:57 +02:00
Porcupiney Hairs
8c5a97170d Python : Add Xpath injection query 
This PR adds support for detecting XPATH injection in Python.
I have included the ql files as well as the tests with this.
 2020-05-28 03:15:12 +05:30
Rasmus Wriedt Larsen
21d531f81e Python: Add QLDoc for FunctionValue.getQualifiedName 
Matching the one for Function.getQualifiedName
 2020-05-27 16:59:18 +02:00
Rasmus Wriedt Larsen
6cba2fe4f8 Python: Model Django response sinks that are not vuln to XSS 
Since HttpResponse is not *only* used for XSS, it is still valuable to know the
content is send as part of the response.

The *proper* solution to this problem of not all HttpResponses being vulnerable
to XSS is probably to define a new abstract class in Http.qll called
HttpResponseXSSVulnerableSink (or similar). I would like to model a few more
libraries/frameworks before fully comitting to an approach though.
 2020-05-26 16:45:46 +02:00
Jonas Jensen
5deeda0337 Merge pull request #3387 from geoffw0/tostringperf 
C++: Eliminate recursion from toString().
 2020-05-26 13:24:43 +02:00
Rasmus Lerchedahl Petersen
6b168de7fc Python: re, handle \Z 2020-05-26 11:42:21 +02:00
Rasmus Wriedt Larsen
c78ca2616c Merge branch 'master' into python-keyword-only-args 2020-05-26 11:20:04 +02:00
Rasmus Wriedt Larsen
9c75a39b81 Python: Extend command-injection to handle fabric.api.execute 2020-05-26 10:22:27 +02:00
Taus
7716cff3d8 Merge pull request #3551 from RasmusWL/python-fix-upcoming-deprecation 
Python: Fix (upcoming) deprecation compiler-warnings
 2020-05-25 16:17:57 +02:00
semmle-qlci
8146073c74 Merge pull request #3553 from RasmusWL/python-fix-tainttracking-import 
Approved by tausbn
 2020-05-25 14:18:54 +01:00
Rasmus Wriedt Larsen
f602f3e1c7 Python: Use proper import for semmle.python.dataflow.TaintTracking 
It was moved in 637677d515, but imports were not
updated.
 2020-05-25 13:45:49 +02:00
Rasmus Wriedt Larsen
6ce1b9f7fa Python: Fix use of StrConst.strValue() 2020-05-25 13:12:56 +02:00
semmle-qlci
ac1a338390 Merge pull request #3407 from RasmusWL/python-add-BoundMethodValue-v2 
Approved by tausbn
 2020-05-25 12:00:45 +01:00
Rasmus Wriedt Larsen
32c8dd0491 Python: Fix (upcoming) deprecation compiler-warnings 
In a near-future release overriding a deprecated predicate without making as
deprecated would give a compiler warning.

Not fixing the XML one. [I can see that this shouldn't be reported
anymore](https://github.com/github/codeql/pull/3520#issuecomment-631552943), and
it's not safe to remove since it was only marked as deprecated in
e6425bb4cf.
 2020-05-25 11:05:30 +02:00
Taus
a2308771a3 Merge pull request #3489 from yoff/DeprecateObject 
Python: Modernise `py/missing-equals`.
 2020-05-25 10:56:16 +02:00
Rasmus Wriedt Larsen
49d7e12acd Python: Remove unnecessary restriction from getNamedArgumentForCall 
As agreed in https://github.com/github/codeql/pull/3407
 2020-05-25 10:17:37 +02:00
Rasmus Wriedt Larsen
87ee6ae101 Python: Add a bit of docs to CallableObjectInternal 
As requested :)
 2020-05-25 09:53:28 +02:00
Rasmus Wriedt Larsen
9e0d57c610 Python: Fix grammar in QLDoc 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-25 09:47:01 +02:00
Rasmus Lerchedahl Petersen
3e712be431 Python: Modernise 2020-05-25 09:00:34 +02:00
Rasmus Lerchedahl Petersen
712513916c Python: Address review 2020-05-25 07:44:00 +02:00
semmle-qlci
079021a3e9 Merge pull request #3453 from RasmusWL/python-flask-routed-params 
Approved by tausbn
 2020-05-20 14:47:53 +01:00
Rasmus Wriedt Larsen
712d4bd150 Python: Fix typo in docs 
Co-authored-by: Taus <tausbn@gmail.com>
 2020-05-20 13:06:24 +02:00
Rasmus Wriedt Larsen
3774310985 Python: Reduce FPs in Django due to bad XSS taint-sinks 
Fixes https://github.com/github/codeql-python-team/issues/38
 2020-05-18 19:14:43 +02:00
Rasmus Wriedt Larsen
fa08676a1d Python: Proper redirect taint sinks for Django 
Also a major restructuring of the code. A bit controversial since it
renames/moves classes that are already public.

Fixes https://github.com/github/codeql/issues/3466
 2020-05-18 19:14:29 +02:00
Rasmus Wriedt Larsen
8fc803fb9f Merge branch 'master' into python-keyword-only-args 2020-05-18 14:44:31 +02:00
Rasmus Lerchedahl Petersen
b56545b236 Python: Regexp: Handle repetions {n} (with no ,) 2020-05-18 14:44:11 +02:00
Rasmus Lerchedahl Petersen
81a5692935 Python: handle \uxxxx and refactor 2020-05-14 21:22:21 +02:00
Rasmus Lerchedahl Petersen
1817d2af2b Make test for wrong bool type pass 2020-05-14 15:56:57 +02:00
Rasmus Lerchedahl Petersen
c7ddd2c20c Python: make test for unicode names pass 2020-05-14 07:31:03 +02:00
Rasmus Lerchedahl Petersen
4c7cf2ac2d Python: Make test pass 
Also checked that the OP's snapshot no longer has alerts from
`duplicate_char_in_class`
 2020-05-14 07:06:59 +02:00
Rasmus Lerchedahl Petersen
d9d86e1f56 Make test pass 2020-05-13 12:16:11 +02:00
Rasmus Wriedt Larsen
8150c78ae0 Python: In flask, taint routed prameters for variable rules 
Fixes https://github.com/github/codeql-python-team/issues/79
 2020-05-12 15:02:32 +02:00
Taus
2502d1c3ed Merge pull request #3410 from RasmusWL/python-fix-3397 
Python: More safe methods for py/modification-of-default-value
 2020-05-07 15:28:24 +02:00
Taus
964b8478dc Merge pull request #3405 from jcreedcmu/jcreed/jump-to-def-python 
Python: Refactor definitions query, add queries for ide search
 2020-05-07 12:51:35 +02:00
Jason Reed
5934345fe3 Python: Fix formatting. 2020-05-06 08:48:45 -04:00
Rasmus Wriedt Larsen
a15833d194 Python: DB upgrade script for default-indexing change 
Follow this excellent guide:
https://github.com/github/codeql-c-extractor-team/blob/master/docs/db-upgrade.md
 2020-05-06 09:56:53 +02:00
Jason Reed
c759e891d0 Python: Exclude additional tag from LGTM suites 2020-05-05 09:43:40 -04:00
jcreedcmu
6cf30ef87a Update python/ql/src/analysis/DefinitionTracking.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-05-05 09:40:54 -04:00
Rasmus Wriedt Larsen
6488714758 Python: Autoformat 2020-05-05 11:38:17 +02:00
Rasmus Wriedt Larsen
07ae40206f Python: Don't allow getParameter(-1) for BoundMethodValue 
As per discussion in the PR
 2020-05-05 11:37:10 +02:00