hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

549 Commits

Author SHA1 Message Date
Alex Ford
7c1bd9a533 Ruby: add a test case for cleartext logging that uses NonCleartextPasswordFlow 2022-02-10 15:50:56 +00:00
Alex Ford
59ab384825 Ruby: rb/clear-text-logging-sensitive-data - match on CFG nodes rather than AST nodes 2022-02-10 15:50:56 +00:00
Harry Maclean
314683d5fb Ruby: Improve UrlRedirect query using Rails routes 
Handlers for non-GET requests aren't vulnerable to URL redirect attacks,
because browsers won't initiate non-GET requests when you click a link.

We can use Rails routing information, if present, to filter out any
handlers for non-GET requests.
 2022-02-02 16:26:20 +13:00
Alex Ford
7ed447842f Ruby: cleartext logging test output 2022-01-28 17:24:56 +00:00
Alex Ford
91ccd307e8 Ruby: Implement rb/clear-text-logging-sensitive-data 2022-01-28 17:24:56 +00:00
Harry Maclean
8e40899dfd Merge pull request #7419 from github/hmac/const-get 2022-01-22 07:01:09 +13:00
Alex Ford
9613ff743b Merge pull request #7611 from github/ruby/protect_from_forgery-without-exception 
Ruby: flag up `protect_from_forgery` calls without an exception strategy
 2022-01-20 13:45:30 +00:00
Alex Ford
0aab670b17 Ruby: add missing example rails action 2022-01-19 13:47:00 +00:00
Tom Hvitved
cb098df4ea Merge pull request #7334 from github/hmac/regexp-interpolations 
Ruby: Resolve simple string interpolations
 2022-01-19 14:43:58 +01:00
Alex Ford
b27d315ff4 Ruby: add an example of protect_from_forgery with: :exception 2022-01-19 13:30:27 +00:00
Jeff Gran
47697f59c1 Ruby: Add classes for detecting user input from graphql-ruby 2022-01-18 09:13:58 -07:00
Anders Schack-Mulligen
9479301485 Ruby: Accept qltest expected changes. 2022-01-18 10:36:52 +01:00
Chris Smowton
f7d3892320 Update test expectations 2022-01-18 10:30:09 +01:00
Alex Ford
c1a51d94a2 Ruby: add test for protect_from_forgery without exception strategy 2022-01-17 17:44:52 +00:00
Erik Krogh Kristensen
acaf294bee support a limited number of regexp ranges 2022-01-07 18:36:30 +01:00
Harry Maclean
43ddc54f2b Ruby: Add Module#const_get as a code execution 
Module#const_get takes a single string argument and interprets it as the
name of a constant. It then looks up the constant and returns its value.

    Object.const_get("Math::PI")
    # => 3.141592653589793

By itself, this method is not as dangerous as e.g. eval, but if the
value returned is a class that is then instantiated, this can allow an
attacker to instantiate arbitrary Ruby classes.

As a result, I think it's safe to say that any remote input flowing into
this call is a potential vulnerability. A real-world example of this is
https://github.com/advisories/GHSA-52p9-v744-mwjj.
 2022-01-06 13:03:41 +13:00
Harry Maclean
23f1352953 Add ReDoS test that uses string interpolation 
This exercises the support for resolving string interpolations, and is
based on a real vulnerability:

https://github.com/advisories/GHSA-jxhc-q857-3j6g)
 2022-01-06 12:27:03 +13:00
Alex Ford
dadaf25262 Merge branch 'main' into ruby/rails-cookie-config 2022-01-04 12:04:44 +00:00
Alex Ford
7d3932dc8d Merge remote-tracking branch 'origin/main' into ruby/rails-cookie-config 2021-12-22 17:54:03 +00:00
Alex Ford
71c5711eb3 Ruby: add some rb/weak-cookie-configuration tests 2021-12-22 17:47:44 +00:00
Tom Hvitved
55492ef348 Ruby: Update expected test output after rebase 2021-12-22 15:56:20 +01:00
Tom Hvitved
400802c5ce Ruby: Add flow summaries for Array/Enumerable methods 2021-12-22 15:56:20 +01:00
Tom Hvitved
27f786b41e Merge pull request #7442 from hvitved/ruby/dataflow/keyword-params 
Ruby: Data flow for keyword arguments/parameters
 2021-12-22 15:23:22 +01:00
Tom Hvitved
1e27ddf7c7 Ruby: Data flow for keyword arguments/parameters 2021-12-17 15:42:29 +01:00
Nick Rolfe
a4da528812 Ruby: query to find user-controlled bypass of sensitive actions 2021-12-10 11:41:09 +00:00
Tom Hvitved
5735bb698d Ruby: Hide desugared nodes in data-flow paths 2021-12-08 09:00:16 +01:00
Nick Rolfe
05415768c9 Merge remote-tracking branch 'origin/main' into nickrolfe/regexp_g_anchor 2021-12-02 12:07:13 +00:00
Arthur Baars
ec0bd24b64 Update diagnostic tests 2021-11-25 12:55:50 +01:00
Erik Krogh Kristensen
87a1ccd428 Merge branch 'main' into getRubyInSync 2021-11-23 20:20:37 +01:00
Nick Rolfe
1a90b388a9 Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection 2021-11-23 15:42:05 +00:00
Alex Ford
055641e684 Merge pull request #7062 from github/ruby/rails-csrf 
Ruby: Add `rb/csrf-protection-disabled` query
 2021-11-23 13:46:42 +00:00
Erik Krogh Kristensen
b2e40ac603 fix typo in test 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-11-23 13:09:22 +01:00
Nick Rolfe
e5f473052d Ruby: add Regexp.{compile,quote} to regex injection test 2021-11-23 11:05:41 +00:00
Nick Rolfe
752b126862 Merge remote-tracking branch 'origin/main' into nickrolfe/regex_injection 2021-11-22 17:05:27 +00:00
Alex Ford
68c3c16ab3 Ruby: enable forgery protection checks for development environments 2021-11-22 15:00:32 +00:00
Nick Rolfe
f63c768d9f Ruby: parse \G, \b, and \B anchors as special characters, not escapes 2021-11-19 14:20:51 +00:00
Harry Maclean
ac20eafecc Add qhelp for Ruby SSRF 2021-11-19 11:28:08 +00:00
Harry Maclean
2bba31eb02 Update metadata of Ruby SSRF query 2021-11-19 11:28:08 +00:00
Harry Maclean
dc464879a2 Add a query for server-side request forgery 2021-11-19 11:28:08 +00:00
Erik Krogh Kristensen
ee858d840e get ReDoSUtil in sync for ruby 2021-11-18 16:49:34 +01:00
Erik Krogh Kristensen
1cca377e7d Merge pull request #6561 from erik-krogh/htmlReg 
JS/Py/Ruby: add a bad-tag-filter query
 2021-11-18 09:39:13 +01:00
Tom Hvitved
34fdf11b4b Ruby: Update expected test output 2021-11-10 15:11:13 +01:00
Alex Ford
25da904314 test cases for rb/csrf-protection-disabled 2021-11-04 19:56:56 +00:00
Nick Rolfe
11154a9409 Ruby: add regex injection query 2021-10-27 15:58:12 +01:00
Erik Krogh Kristensen
97264b5dda add the bad tag filter query to ruby 2021-10-26 15:25:12 +02:00
Tom Hvitved
f020b2e437 Merge pull request #335 from github/hmac/self-flow 2021-10-22 19:14:20 +02:00
Harry Maclean
356828cd51 Update stored XSS fixture 
The change to `self` modelling finds more true positives in this query.
 2021-10-20 13:30:51 +01:00
Nick Rolfe
86da3c2db3 Add rb/path-injection query 2021-10-20 12:31:16 +01:00
Arthur Baars
976daddd36 Move files to ruby subfolder 2021-10-15 11:47:28 +02:00