hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

26405 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
79bef11cf7 Python: Use "new" SensitiveDataHeuristics 2021-06-03 12:10:29 +02:00
Tamas Vajk
793e3db085 C#: Change compilation settings to include all non-public symbols 2021-06-03 11:54:05 +02:00
Rasmus Wriedt Larsen
e9acea8643 Python: Improve multidict modeling 2021-06-03 11:50:49 +02:00
Rasmus Wriedt Larsen
2e851cd5f0 Python: Improve yarl.URL modeling 2021-06-03 11:38:15 +02:00
Rasmus Wriedt Larsen
9372e3b284 Python: Add aiohttp.web change-note 2021-06-03 11:23:28 +02:00
Tamas Vajk
5a3a011b8e Fix test results 2021-06-03 11:17:01 +02:00
Tom Hvitved
3d60c146ad C#: Base IDs for constructed methods on their unconstructed counterparts 2021-06-03 11:11:32 +02:00
Tamas Vajk
d044b15533 C#: Add colliding method ID tests 2021-06-03 11:11:32 +02:00
Tony Torralba
56a429a5f9 Merge branch 'main' into promote-jexl-injection 2021-06-03 11:10:56 +02:00
Tony Torralba
607dcd4a27 Don't use CSV models for private flow configs 2021-06-03 11:05:13 +02:00
Rasmus Wriedt Larsen
3c47e583d8 Python: Add test for missing data-flow step in aiohttp.web 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
2dbbf52903 Python: Model HTTP responses in aiohttp.web 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
735df4597f Python: Aiohttp add response tests 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
5d4140d3e2 Python: Handle more complicated route-setup in aiohttp 
Since we want to be able to easy select request-handlers that are not
set up as part of a view-class, we need to easily be able to identify
those. To handle cases like the one below, we _can't_ just define these
to be all the async functions that are not methods on a class :(

```py
    # see https://docs.aiohttp.org/en/stable/web_quickstart.html#organizing-handlers-in-classes

    class MyCustomHandlerClass:

        async def foo_handler(self, request):  # $ MISSING: requestHandler
            return web.Response(text="MyCustomHandlerClass.foo")

    my_custom_handler = MyCustomHandlerClass()
    app.router.add_get("/MyCustomHandlerClass/foo", my_custom_handler.foo_handler)   # $ routeSetup="/MyCustomHandlerClass/foo"
```

So it seemed easiest to narrow down the route-setups, but that means we
want both refinement and extensibility... so `::Range` pattern to the
rescue 🎉

The important piece of code that still works after this commit, but
which hasn't been changed, is the one below:

```codeql
  /**
   * A parameter that will receive a `aiohttp.web.Request` instance when a request
   * handler is invoked.
   */
  class AiohttpRequestHandlerRequestParam extends Request::InstanceSource, RemoteFlowSource::Range,
    DataFlow::ParameterNode {
    AiohttpRequestHandlerRequestParam() {
      exists(Function requestHandler |
        requestHandler = any(AiohttpCoroutineRouteSetup setup).getARequestHandler() and
```
 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
919a0b6b84 Python: aiohttp route setup is more complicated than expected 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
c69b857662 Python: Add self.request as RemoteFlowSource for aiohttp View 
Just like we do for Django in
7393443f8c/python/ql/src/semmle/python/frameworks/Django.qll (L1786-L1804)
 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
c4b618dcf5 Python: Model view-classes in aiohttp.web 
No taint modeling of them yet though
 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
8c039d5688 Python: Add more aiohttp view routing tests 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
1aa222d7cc Python: Add taint-test for class-based view 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
fb21bc04fa Python: Add taint-steps for yarl.URL 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
72e6a1489c Python: Add taint-steps for MultiDictProxy 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
e76f02b016 Python: Minor refactor to use LocalSourceNode 
This just more correctly reflects the reality, since the type-tracking
predicate just below only holds for LocalSourceNode anyway.
 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
dd131e6bf7 Python: Add taint-step for methods on aiohttp.web.Request 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
63c7fa0c2c Python: aiohttp match_info should be tainted 
Whoops
 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
597a9dfc80 Python: Don't consider has_body tainted 
Although it technically is, I think it belong in the section of things
that are unlikely to be exploitable
 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
d953ea47d4 Python: Basic handling of tainted attributes in aiohttp 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
88158e7414 Python: Add basic model setup for aiohttp.web.Request 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
2b992a635a Python: Add aiohttp taint tests 2021-06-03 10:55:34 +02:00
Rasmus Wriedt Larsen
3cbb909a3a Python: Add modeling of coroutine routes in aiohttp.web 2021-06-03 10:55:33 +02:00
Rasmus Wriedt Larsen
fa1d4e6de7 Python: Extract poor mans function resolution (from django) 
Since I also want to use this for aiohttp.web modeling
 2021-06-03 10:55:33 +02:00
Rasmus Wriedt Larsen
85d9483c7b Python: Add basic aiohttp tests 2021-06-03 10:55:33 +02:00
Tony Torralba
00836c4bac Fix QLDocs 2021-06-03 10:52:52 +02:00
Tony Torralba
2833f8daa4 Change predicate isUnsafeEngine -> isSafeEngine to improve performance 2021-06-03 10:42:41 +02:00
CodeQL CI
ffad65be40 Merge pull request #5993 from erik-krogh/lib-debug 
Approved by esbena
 2021-06-03 01:38:57 -07:00
CodeQL CI
60fb1a3b59 Merge pull request #5995 from erik-krogh/webpack-merge 
Approved by esbena
 2021-06-03 01:38:08 -07:00
CodeQL CI
7663095b57 Merge pull request #5948 from erik-krogh/fixRandom 
Approved by esbena
 2021-06-03 01:37:23 -07:00
CodeQL CI
40b6c85341 Merge pull request #5972 from erik-krogh/ts43 
Approved by esbena
 2021-06-03 01:35:58 -07:00
CodeQL CI
87268d57b8 Merge pull request #5994 from erik-krogh/abstractMongooseFunction 
Approved by esbena
 2021-06-03 01:34:44 -07:00
Tony Torralba
34a8383c1a Unused import 2021-06-03 10:22:53 +02:00
Tony Torralba
9cb0e3371c Bidirectional import in ExternalFlow.qll 2021-06-03 10:22:42 +02:00
Tony Torralba
56d6fc951c Fixed some QLDoc 2021-06-03 10:22:15 +02:00
Tony Torralba
ae0a00e30a Added change note 2021-06-03 10:21:59 +02:00
AlonaHlobina
99708c33fd Update versions-compilers.rst 2021-06-03 09:50:18 +02:00
Anders Schack-Mulligen
e86c534c48 Revert "Java: Update coverage." 
This reverts commit 1c081eeaed.
 2021-06-03 09:02:49 +02:00
Anders Schack-Mulligen
c86d433e2d Merge pull request #5996 from tamasvajk/feature/csv-coverage-2 
Temporarily disable CSV coverage PR file comparison step
 2021-06-03 08:51:44 +02:00
Anders Schack-Mulligen
acca26f1d6 Merge pull request #5992 from hvitved/java/is-unreachable-perf 
Java: Improve performance of `isUnreachableInCall()`
 2021-06-03 08:49:51 +02:00
Tamas Vajk
374adc8819 Temporarily disable CSV coverage PR file comparison step 2021-06-03 08:17:28 +02:00
Erik Krogh Kristensen
3bda1f2e26 update expected test output 2021-06-03 00:43:54 +02:00
Erik Krogh Kristensen
143bf9de14 add change note 2021-06-02 23:48:29 +02:00
Erik Krogh Kristensen
48ab630559 model webpack-merge as an extend call 2021-06-02 23:43:53 +02:00