hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,893 Commits 1,671 Branches 157 Tags
tausbn/python-add-support-for-template-string-literals
Commit Graph

3066 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
89bab6ae12 Merge pull request #7097 from erik-krogh/railsReDoS 
JS/PY/RB: support a limited number of ranges for ReDoS analysis
 2022-01-13 11:04:36 +01:00
Andrew Eisenberg
e435a3e9c3 Changenotes: Add changenotes for upgrades refactoring 2022-01-12 11:36:31 -08:00
Owen Mansel-Chan
8e8278764b Add predicate defaultTaintSanitizerGuard for each language 
This was done manually, as these files are not synced by sync-files.py.
 2022-01-12 14:44:56 +00:00
Owen Mansel-Chan
c112980b81 Sync TaintTrackingImpl.qll 
Done automatically using sync-files.py
 2022-01-12 14:44:55 +00:00
github-actions[bot]
8a2d92badc Post-release preparation for codeql-cli-2.7.5 2022-01-12 13:28:43 +00:00
Andrew Eisenberg
07228672df Merge branch 'main' into aeisenberg/remove-upgrades 2022-01-11 11:25:27 -08:00
Erik Krogh Kristensen
f7a63d5ea0 remove duplicated line 2022-01-07 18:38:02 +01:00
Erik Krogh Kristensen
1a8b6d7414 recognize ranges without upper bounds 2022-01-07 18:38:01 +01:00
Erik Krogh Kristensen
acaf294bee support a limited number of regexp ranges 2022-01-07 18:36:30 +01:00
haby0
05b0daa0b7 Add the test of shutil module in FileSystemAccess.py 2022-01-06 14:14:42 +08:00
Anders Schack-Mulligen
ef714f7328 Dataflow: Sync 2022-01-05 14:25:35 +01:00
Erik Krogh Kristensen
fe1107ccac remove duplicated spaces in qldoc 2022-01-04 21:03:06 +01:00
Dave Bartolomeo
83ceb822aa Move upgrades into standard library packs 
Move upgrade to new location

Remove incorrectly merged files

Fix upgrades section
 2022-01-04 11:30:25 -08:00
github-actions[bot]
1dfcf427aa Release preparation for version 2.7.5 2022-01-04 14:44:56 +00:00
Erik Krogh Kristensen
b9964799f3 Merge pull request #7458 from erik-krogh/modelling 
QL: add "modelling/modeling" to `ql/non-us-spelling`
 2022-01-04 13:33:54 +01:00
Dave Bartolomeo
ded3c52a34 Merge pull request #7407 from github/post-release-prep/codeql-cli-2.7.4 
Post-release preparation for codeql-cli-2.7.4
 2022-01-03 17:09:58 -05:00
github-actions[bot]
1334d207fa Post-release version bumps 2022-01-03 20:11:15 +00:00
Alex Ford
3da98ecb73 Bump a date 2021-12-22 16:38:16 +00:00
Alex Ford
a2104de8a0 Move CryptoAlgorithms::AlgorithmsName into a separate internal/CryptoAlgorithmNames.qll 2021-12-22 16:38:15 +00:00
Alex Ford
f16d77615d Remove unused isStrongBlockMode predicate from CryptoAlgorithms.qll 2021-12-22 16:38:15 +00:00
Alex Ford
d3af687767 Add more encryption algorithms and modes to CryptoAlgorithms::AlgorithmNames 
Strong encryption algorithms: ARIA, IDEA, SEED, SM4
Strong block modes: CBC, CFB, CTR, OFB
 2021-12-22 16:38:15 +00:00
Alex Ford
bdb2d8ba16 Ruby: split OpenSSL parts from CryptoALgorithms.qll and sync with JS/Python version 2021-12-22 16:38:15 +00:00
Erik Krogh Kristensen
8019b52838 run the non-us patch with "modelled/modeled" 2021-12-20 17:47:15 +01:00
Erik Krogh Kristensen
d17879e1f9 run the non-us patch 2021-12-20 16:24:41 +01:00
Nick Rolfe
f18492e39b Merge pull request #7443 from github/nickrolfe/behavior 
QL4QL: catch behaviour/behavior in ql/non-us-spelling
 2021-12-20 13:23:53 +00:00
haby0
fed1d88268 Add shutil module path injection sinks 2021-12-20 16:09:06 +08:00
Tom Hvitved
ed006d7283 Merge pull request #7231 from hvitved/csharp/dataflow/consistency-queries 
C#: Enable data-flow consistency queries
 2021-12-20 08:46:19 +01:00
Nick Rolfe
28912c508f Fix non-US spelling of 'behavior' 2021-12-17 15:29:31 +00:00
CodeQL CI
5054d5b555 Merge pull request #7420 from RasmusWL/ssrf-new 
Approved by yoff
 2021-12-17 15:20:49 +00:00
Rasmus Wriedt Larsen
626009ea60 Python: Fix typo 2021-12-17 14:29:38 +01:00
Tom Hvitved
e4d9f5f29e Fix QL doc 2021-12-17 13:14:11 +01:00
Tom Hvitved
ab2e0fdb18 Data flow: Sync files 2021-12-17 13:13:36 +01:00
Rasmus Wriedt Larsen
e309d8227c Python: Remove debug predicate 
Accidentally committed :|
 2021-12-17 09:44:35 +01:00
Rasmus Wriedt Larsen
1d00730753 Python: Allow http[s]:// prefix for SSRF 2021-12-17 00:27:18 +01:00
Rasmus Wriedt Larsen
4b5599fe17 Python: Improve full/partial SSRF split 
Now full-ssrf will only alert if **all** URL parts are fully
user-controlled.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
cb934e17b1 Python: Adjust SSRF location to request call 
Since that might not be the same place where the vulnerable URL part is.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
5a7efd0fee Python: Minor adjustments to QLDoc of HTTP::Client::Request 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
1cc5e54357 Python: Add SSRF queries 
I've added 2 queries:

- one that detects full SSRF, where an attacker can control the full URL,
  which is always bad
- and one for partial SSRF, where an attacker can control parts of an
  URL (such as the path, query parameters, or fragment), which is not a
  big problem in many cases (but might still be exploitable)

full SSRF should run by default, and partial SSRF should not (but makes
it easy to see the other results).

Some elements of the full SSRF queries needs a bit more polishing, like
being able to detect `"https://" + user_input` is in fact controlling
the full URL.
 2021-12-16 01:48:34 +01:00
Rasmus Wriedt Larsen
579de0c3f0 Python: Remove getResponse and do manual taint steps 2021-12-15 21:55:04 +01:00
Rasmus Wriedt Larsen
f8fc583af3 Python: client request: getUrl => getAUrlPart 
I think `getUrl` is a bit too misleading, since from the name, I would
only ever expect ONE result for one request being made.

`getAUrlPart` captures that there could be multiple results, and that
they might not constitute a whole URl.

Which is the same naming I used when I tried to model this a long time ago
a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
 2021-12-15 21:55:04 +01:00
Rasmus Wriedt Larsen
6f81685f48 Python: Add modeling of http.client.HTTPResponse 2021-12-15 21:55:04 +01:00
github-actions[bot]
59da2cdf69 Release preparation for version 2.7.4 2021-12-14 21:35:09 +00:00
Dave Bartolomeo
a62f181d42 Move new change notes to appropriate packs 2021-12-14 12:05:15 -05:00
Andrew Eisenberg
0669ef505e Fix semver for upgrades references 
Ensure the version range is flexible enough to handle
future version changes.
 2021-12-13 09:03:33 -08:00
Rasmus Wriedt Larsen
cf2ee0672f Python: Model requests Responses 2021-12-13 15:09:46 +01:00
Rasmus Wriedt Larsen
35cba17642 Python: Consider taint of client http requests 2021-12-13 14:56:16 +01:00
Rasmus Wriedt Larsen
b68d280129 Python: Add modeling of requests 2021-12-13 14:56:16 +01:00
Rasmus Wriedt Larsen
7bf285a52e Python: Alter disablesCertificateValidation to fit our needs 
For the snippet below, our current query is able to show _why_ we
consider `var` to be a falsey value that would disable SSL/TLS
verification. I'm not sure we're going to need the part that Ruby did,
for being able to specify _where_ the verification was removed, but
we'll see.

```
requests.get(url, verify=var)
```
 2021-12-13 11:37:12 +01:00
Rasmus Wriedt Larsen
08f6d1ab80 Python: Clearer sourceType for client response body 2021-12-13 11:24:38 +01:00
Rasmus Wriedt Larsen
5de79b4ffe Python: Add HTTP::Client::Request concept 
Taken from Ruby, except that `getURL` member predicate was changed to
`getUrl` to keep consistency with the rest of our concepts, and stick
to our naming convention.
 2021-12-13 11:09:09 +01:00