hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,029 Commits 1,671 Branches 157 Tags
z80coder/query-pack-release-candidate-2
Commit Graph

6853 Commits

Author SHA1 Message Date
Andrew Eisenberg
57ef989a89 Fixes compile errors by moving files 
The two files moved in this commit are referenced from the
javascript/lib qlpack, but they are located in the
javascript/src qlpack. This causes compile errors when running
compile-ish commands for javascript queries. Moving the
files fixes it.
 2021-10-05 14:00:02 -07:00
Asger Feldthaus
3a20ca96c4 JS: Update CWE tags and severity score of code injection query 
The derived security-severity score of the JS code injection query
was much lower than for other languages (6.1 versus 9.3), possibly due
some differences in CWE tags, such as the inclusion of CWE-079.

We also add the more specific CWE-095 ("eval injection") for consistency
with other languages. It is a child of CWE-094 ("code injection") which
was already tagged.
 2021-10-05 10:12:19 +02:00
Asger Feldthaus
c4e8af983a JS: Update score and add CWE-730 to LoopBoundInjection 
This is a denial-of-service query, but was missing the CWE-730 tag
("denial of service") and consequently had a lower score than the
other DoS queries.
 2021-10-05 10:10:01 +02:00
Asger Feldthaus
682a71176d JS: Make TaintedFormatString have same severity as LogInjection 
The CWE number for this query is associated with buffer overflows
from printf/scanf-style functions in C++, which has likely determined
its derived security score.

But in JavaScript, a tainted format string is unlikely to lead to
anything worse than log injection so we're manually update its score
to reflect this.
 2021-10-05 10:10:01 +02:00
Asger Feldthaus
83ca4ef6d9 JS: Lower security-severity of queries with speculative threat model 
In the CVSS calculator we model this by setting 'Attack Complexity' to
High and 'User Interaction' to Low (as opposed to None).

CVSS vector:
  CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N
 2021-10-05 10:10:01 +02:00
CodeQL CI
40d98ad678 Merge pull request #6789 from asgerf/js/restrict-package-exports 
Approved by erik-krogh
 2021-10-05 06:20:23 +01:00
Asger Feldthaus
cbd577694c JS: Autoformat 2021-10-04 13:30:15 +02:00
Erik Krogh Kristensen
8d6cac76cc apply suggestions from asgerf 2021-10-04 12:45:02 +02:00
yoff
1ce9426adf Merge pull request #6761 from RasmusWL/cryptodome-sha3 
Python/JS: Recognize SHA-3 hash functions
 2021-10-01 13:33:36 +02:00
Asger Feldthaus
c8e7df7900 JS: Add test case 2021-10-01 12:02:40 +02:00
Asger Feldthaus
600e5bad0d JS: Exclude methods declared private/protected 2021-10-01 11:46:32 +02:00
Asger Feldthaus
af1b04de9c JS: Restrict what property names that are considered public exports 2021-10-01 11:42:03 +02:00
Erik Krogh Kristensen
5a1eb1995c add change note 2021-10-01 11:13:41 +02:00
Erik Krogh Kristensen
694016dcbe add missing qldoc 2021-10-01 09:01:57 +02:00
Erik Krogh Kristensen
6a9277b5ce recognize string sanitizers for ldap-injection 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
51b56a9e28 add cwe 090 (ldap injection) and cwe 943 (Improper Neutralization of Special Elements in Data Query Logic) to SqlInjection.ql 2021-10-01 09:01:29 +02:00
Erik Krogh Kristensen
2062afc868 add calls to parseDN as sinks for ldap-injection 2021-10-01 09:01:28 +02:00
Erik Krogh Kristensen
d4de5e3248 refactoring and renamings in the ldap model 2021-10-01 09:01:14 +02:00
Erik Krogh Kristensen
bcf4626fd0 remove ldap examples from experimental folder 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
c55b7bcd85 model ldap filters as taint steps 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
9b5ff66b68 naively port tests from ldap examples 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
2b286a856c naively move ldap into the SQL injection query 2021-10-01 09:00:10 +02:00
Erik Krogh Kristensen
94e2676c0f naive conversion of ldapjs model to API node 2021-10-01 09:00:10 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
Erik Krogh Kristensen
8d556ed1e1 Update python/ql/lib/semmle/python/security/BadTagFilterQuery.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-28 23:04:28 +02:00
luciaromeroML
1fc58e51a3 adding suggestion that removes sanitizer for unknown base urls 2021-09-27 17:37:36 -03:00
luciaromeroML
1f2618b893 new test case for unknown base url 2021-09-27 17:37:11 -03:00
Rasmus Wriedt Larsen
ded3088529 Python/JS: Recognize SHA-3 hash functions 
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 2021-09-27 12:08:40 +02:00
Erik Krogh Kristensen
805d1d170c do not filter away regular expressions with lookbehinds 2021-09-22 17:14:29 +02:00
Tom Hvitved
364dab6990 Remove CODEQL_REDUCE_FILES_FOLDERS_RELATIONS 2021-09-22 09:43:56 +02:00
Erik Krogh Kristensen
99ed4a1a89 add a bad-tag-filter query for Python and JavaScript 2021-09-21 15:04:03 +02:00
Erik Krogh Kristensen
c40ffab093 make isStartState public in ReDoSUtil 2021-09-21 12:14:21 +02:00
Erik Krogh Kristensen
672e4a3d72 cache TopLevel::isMinified 2021-09-21 12:13:37 +02:00
Erik Krogh Kristensen
60993214d5 cache isInterpretedAsRegExp 2021-09-21 12:13:37 +02:00
luciaromeroML
f348a5ce47 adding comments to some functions 2021-09-17 18:25:14 -03:00
luciaromeroML
25065bc986 simplifying sentence 2021-09-17 18:07:04 -03:00
luciaromeroML
0b0ac8317c format ql code 2021-09-17 18:05:52 -03:00
valeria-meli
054218a381 Merge branch 'main' into javascript/ssrf 2021-09-17 17:08:52 -03:00
Erik Krogh Kristensen
5c73fed83a fix dbsheme upgrade from TypeScript 4.4 PR 2021-09-15 22:38:27 +02:00
Erik Krogh Kristensen
3f736d3eb8 Merge pull request #6694 from erik-krogh/owasp-fixes 
JS/Java: use the correct cwe tags
 2021-09-15 13:46:35 +02:00
CodeQL CI
b228398b87 Merge pull request #6587 from erik-krogh/ts44 
Approved by asgerf
 2021-09-15 04:00:13 -07:00
Erik Krogh Kristensen
cf149bd8c8 add static_initializer as a stmt_parent 2021-09-15 11:54:30 +02:00
Erik Krogh Kristensen
0b83d033d7 add @static_initializer in the stats file 2021-09-15 11:33:05 +02:00
CodeQL CI
220f2ded85 Merge pull request #6698 from asgerf/js/template-self-assignment 
Approved by esbena
 2021-09-15 01:08:39 -07:00
Asger Feldthaus
b5db4047a0 JS: Exclude template files in SelfAssignment 2021-09-15 08:59:47 +02:00
Erik Krogh Kristensen
5a7785776c add upgrade script 2021-09-14 20:43:07 +02:00
Erik Krogh Kristensen
fdbf5f73b1 add JS support for static initializers 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
cc0d86403e revert some type changes that are no longer needed 2021-09-14 20:40:46 +02:00
Erik Krogh Kristensen
48b763c7e9 add qldoc to StaticInitializer::getBody 2021-09-14 20:40:46 +02:00