hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,671 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

549 Commits

Author SHA1 Message Date
erik-krogh
f09e3bd3ac add String#% as a printf like call 2022-10-17 13:51:43 +02:00
Arthur Baars
f7ff2cdc0d Merge branch 'main' into actiondispatch-response 2022-10-17 13:22:17 +02:00
erik-krogh
d4919d04ba add a taint-step for format-calls 2022-10-17 13:16:38 +02:00
Erik Krogh Kristensen
122d188f1d Merge pull request #10832 from erik-krogh/passRb 
RB: add model for the `Digest` and `OpenSSL::Digest` modules
 2022-10-17 10:02:33 +02:00
Harry Maclean
0e6322d673 Ruby: Restrict XSS header sinks 
Not all header writes are relevant to XSS. Restrict these to just
content-type and access-control-allow-origin.
 2022-10-17 09:34:44 +13:00
Harry Maclean
8ae86cf443 Ruby: Consider header writes as XSS sinks 2022-10-17 08:17:37 +13:00
erik-krogh
7c76645157 add model for the core OpenSSL::Digest module 2022-10-14 13:25:34 +02:00
erik-krogh
e2476949b9 add model for the core Digest module 2022-10-14 12:49:37 +02:00
Alex Ford
3baad89e57 Merge remote-tracking branch 'origin/main' into rb/sensitive-get-query 2022-10-14 10:50:09 +01:00
Harry Maclean
7d23170fb2 Merge pull request #10602 from hmac/hmac/actiondispatch-request 
Ruby: Model ActionDispatch::Request
 2022-10-14 22:17:20 +13:00
Erik Krogh Kristensen
332bc35ff1 Merge pull request #10708 from erik-krogh/kernelSink 
RB: add a query flagging uses of `Kernel.open()` that are not with a constant string
 2022-10-14 09:13:26 +02:00
Alex Ford
cda7d84633 Ruby: update rb/sensitive-get-query tests 2022-10-13 22:41:34 +01:00
Arthur Baars
a327802e43 Merge pull request #10801 from jsoref/spelling-ruby 
Spelling ruby
 2022-10-13 21:05:56 +02:00
Josh Soref
8078f91b28 spelling: mapping 
Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>
 2022-10-13 10:56:41 -04:00
Alex Ford
594812640e Merge pull request #10746 from alexrford/ruby/activejob-deserialize 
Ruby: Add `ActiveJob::Serializers.deserialize` as a code execution sink
 2022-10-13 15:36:45 +01:00
erik-krogh
3a3a5aa17c add case-in as a sink for polynomial-redos 2022-10-13 12:36:07 +02:00
Harry Maclean
4686718630 Ruby: Add kind to Http::Server::RequestInputAccess 
Like in JS, this describes whether the input came from the request URL,
body, parameters, headers or cookie. Only some of these are relevant for
UrlRedirect and ReflectedXSS queries.
 2022-10-13 13:24:16 +13:00
erik-krogh
66b3fe3425 add case-when expressions as a sink to rb/polynomial-redos 2022-10-12 19:57:01 +02:00
Alex Ford
0536d4b540 Merge branch 'main' into ruby/activejob-deserialize 2022-10-12 15:04:12 +01:00
Alex Ford
3d08a2954d Ruby: add rb/unsafe-deserialization sinks for const_get args 2022-10-11 15:45:51 +01:00
Alex Ford
a3f096a6bc Ruby: rb/unsafe-deserialization test realignment 2022-10-11 15:44:00 +01:00
erik-krogh
557dd10896 add a rb/unsafe-shell-command-construction query 2022-10-11 13:26:01 +02:00
erik-krogh
99b90789e5 add .shellescape as a sanitizer for rb/command-injection 2022-10-11 13:05:19 +02:00
erik-krogh
b16b3c0394 move cwe-078 tests into subfolders 2022-10-11 13:05:19 +02:00
erik-krogh
42e1735f2a update expected output 2022-10-11 11:37:26 +02:00
erik-krogh
8779da8c0b reintroduce Psych 2022-10-11 11:14:52 +02:00
erik-krogh
186205bd4b add a test for explicit shell invocations using Kernel.open 2022-10-11 09:23:29 +02:00
erik-krogh
de3b15ebe9 add a query flagging uses of Kernel.open that are not with a constant string 2022-10-11 09:23:29 +02:00
erik-krogh
708f6b51f3 move cwe-078 tests into subfolders 2022-10-11 09:23:29 +02:00
Alex Ford
ee77404006 Ruby: Add ActiveJob::Serializers.deserialize as a code execution sink 2022-10-09 22:28:22 +01:00
Alex Ford
4a39e4aac0 Ruby: Add new test case for rb/code-injection 2022-10-09 22:26:29 +01:00
Alex Ford
c4baf0b8fa Ruby: add space for test case 2022-10-09 22:16:23 +01:00
Alex Ford
43fec9dfc8 Revert "Ruby: switch rb/sensitive-get-query back to using local flow" 
This reverts commit fa58c51810.
 2022-10-09 13:06:13 +01:00
erik-krogh
a0725fba71 fix some more style-guide violations in the alert-messages 2022-10-07 12:01:03 +02:00
Alex Ford
fa58c51810 Ruby: switch rb/sensitive-get-query back to using local flow 2022-10-05 15:58:05 +01:00
Alex Ford
f01670f663 Ruby: add a note to a test case 2022-10-05 13:06:49 +01:00
Alex Ford
d64f8c73be Merge branch 'main' into rb/sensitive-get-query 2022-10-05 12:59:35 +01:00
Alex Ford
977e8a8a6f Ruby: add a test case for sensitive data from cookies for rb/sensitive-get-query (should not be flagged) 2022-10-05 12:57:07 +01:00
Alex Ford
880fb2b14a Ruby: split out rb/sensitive-get-query using query/customizations pattern 2022-10-05 11:59:40 +01:00
Nick Rolfe
525fe12671 Merge pull request #10585 from github/nickrolfe/libxml-xxe 
Ruby: detect uses of LibXML with entity substitution enabled by default
 2022-10-05 09:51:39 +01:00
Arthur Baars
c1c16e44ee Merge pull request #10559 from aibaars/cve-2019-3881 
Ruby: some improvements
 2022-10-04 21:24:14 +02:00
Alex Ford
703829c647 Ruby: use taint tracking for rb/sensitive-get-query 2022-10-04 15:04:41 +01:00
erik-krogh
dedbe66619 update expected output 2022-10-04 14:16:07 +02:00
erik-krogh
bf74481f65 add a link to the source in the alert-message for rb/kernel-open 2022-10-04 13:41:50 +02:00
Arthur Baars
44cc6f7350 Ruby: improve tracking of regular expressions 
There are two flavours of `match?`. If the receiver of `match?` has type String
then the argument to `match?` is a regular expression. However, if the receiver of
`match?` has type Regexp then the argument is the text.

The role of receiver and argument flips depending on the type of the receiver, this
caused a lot of false positives when looking for string-like literals that are
used as a regular expression.

This commit attempts to improve things by trying to determine whether the type of the
receiver is known to be of type Regexp. In such cases we know that the argument
is unlikely to be  regular expression.
 2022-10-04 12:58:49 +02:00
Arthur Baars
09bc78eafc Ruby: local dataflow step for || and && 2022-10-04 12:58:49 +02:00
Harry Maclean
42a97b26bb Merge pull request #10316 from hmac/hmac/actionview 
Ruby: Model ActionView
 2022-10-04 08:16:16 +13:00
Harry Maclean
ba83b7c6c7 Merge pull request #10599 from hmac/hmac/actioncontroller-datastreaming 
Ruby: Model send_file
 2022-10-03 09:44:05 +13:00
Alex Ford
5c32c8badf Merge pull request #10560 from alexrford/ruby/yaml-load_file 
Ruby: treat `Psych` and `YAML` as aliases for rb/unsafe-deserialization
 2022-10-02 20:19:10 +01:00
Nick Rolfe
ed74e0aad1 JS/Python/Ruby: s/a HTML/an HTML/ 2022-09-30 10:37:52 +01:00