hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-14 23:14:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
68,932 Commits 1,680 Branches 158 Tags
0d71072f9441cdb2af00a54e8c3e6ab6bb1fe549
Commit Graph

1466 Commits

Author SHA1 Message Date
Joe Farebrother
ebeb187fd9 Remove unneeded experimental file 2024-07-25 23:16:48 +01:00
Joe Farebrother
070d67816d Remove experimental version 2024-07-16 16:50:10 +01:00
Rasmus Wriedt Larsen
0a32f9fed6 Python: Update query metadata 2024-07-04 14:09:37 +02:00
Rasmus Wriedt Larsen
8d1113cdaf Python: Fixup qhelp 2024-07-04 14:01:30 +02:00
Porcupiney Hairs
808af28618 Python : Arbitrary codde execution due to Js2Py 
Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python.
The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly.

This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call.

This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix.
The databases can be downloaded from the links bellow.
```
https://file.io/qrMEjSJJoTq1
https://filetransfer.io/data-package/a02eab7V#link
```
 2024-07-03 19:06:34 +05:30
am0o0
ccb923a436 fix formatting 2024-06-18 18:31:29 +02:00
am0o0
1f99559e9f Revert "update id of the query file" 
This reverts commit 1f112467ce.
 2024-06-18 17:33:07 +02:00
am0o0
8a7fdfa6fe fix conflict 2024-06-18 17:18:59 +02:00
am0o0
1f112467ce update id of the query file 2024-05-29 16:48:35 +02:00
am0o0
b9edcb7943 rename secondary to remote :), complete the previous commit changes 2024-05-29 16:47:37 +02:00
am0o0
52a809145e SecondaryCommandInjection to RemoteCommandExecution, change RemoteCommandExecution to module like SystemCommandExecution module 2024-05-29 16:18:55 +02:00
am0o0
fd9e6f48d7 fix the docs of secondary server cmd injection 2024-05-29 16:01:43 +02:00
am0o0
171486641e Ssh2.qll: fix a typo 2024-05-29 16:00:52 +02:00
am0o0
5299c4a845 fix the qhelp of secondary server cmd injectino 2024-05-29 16:00:06 +02:00
am0o0
0e80e867af fix actions reviews 2024-05-10 08:32:45 +02:00
amammad
6b9cc1a278 update Twisted document link 2024-05-06 14:36:10 +02:00
amammad
c4a38d0a2f add twisted SSH client as secondary server command injection sinks, add proper test cases 2024-05-06 14:36:10 +02:00
amammad
0a765cc94a add jsonpickle and pexpect libs in case of unsafe decoding and secondary command execution, add proper test cases 2024-05-06 14:36:10 +02:00
amammad
7e93102097 finalize Secondary server command injection queries and tests. 2024-05-06 14:36:10 +02:00
amammad
ead247469d add ssh client libraries, add SecondaryServerCmdInjectionCustomizations 2024-05-06 14:36:10 +02:00
amammad
4df73f9975 continue to convert paramiko query to a more general query, 
the proxy command is not a secondary command execution
so we can add proxy command to SystemCommandExecution::Range, update QLDocs,
add a proper Paramiko test case
fix a typo
 2024-05-06 14:36:10 +02:00
amammad
5fea71e5d6 convert paramiko query to SecondaryServerCmdInjection query, Add inline tests 2024-05-06 14:36:10 +02:00
Joe Farebrother
cf8db4e425 Update instances of experimental concept to the main one, and anotate missing experimental test results. 2024-04-24 14:05:39 +01:00
Joe Farebrother
daa31b5bb7 Add documentation 2024-04-24 14:05:38 +01:00
Joe Farebrother
8636a50190 Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query) 2024-04-24 14:05:38 +01:00
Joe Farebrother
a88ad62c00 Implemented sinks for bulk header updates, and added corresponding tests. 2024-04-24 14:05:38 +01:00
Joe Farebrother
68d90918cf Add to header write concept a specification of whether the name or value arg allows newlines. 
Ported sink defenitions from Flask and Werzeug from experimental to main.
Removed experimental sink definitions for Django, as neither name nor value are vulnerable.
 2024-04-24 14:05:37 +01:00
Joe Farebrother
6021d9238c Move headers injection query and concept from experimental to main 2024-04-24 14:05:37 +01:00
Taus
b484aee39e Python: Autoformat everything 
Of course, `StringLiteral` being much longer than `StrConst` meant a
bunch of files changed formatting.
 2024-04-22 12:00:09 +00:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
Sim4n6
26a16b7857 use of a single var "op" of type Cmpop 2024-03-15 14:17:23 +01:00
Sim4n6
a717bf1b9d Fix p tag in UnicodeDoS.qhelp 2024-03-15 14:17:23 +01:00
Sim4n6
af19a0342e Fix UnicodeDoS vulnerability in CWE-770 code 2024-03-15 14:17:23 +01:00
Sim4n6
085d803b14 Fix UnicodeDoS vulnerability in CWE-770 2024-03-15 14:17:23 +01:00
Sim4n6
31dc542111 Update request parameter name in good_1() function 2024-03-15 14:17:23 +01:00
Sim4n6
70ebc58b4c Refactor Unicode normalization code 2024-03-15 14:17:23 +01:00
Sim4n6${{7*'7'}}
658b88e62f Update python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql 
update the Config API

Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-15 14:17:23 +01:00
Sim4n6
1f767b887e Add some comments and docs 2024-03-15 14:17:23 +01:00
Sim4n6
5cc9170249 Add UnicodeDoS sink for werkzeug secure_filename 2024-03-15 14:17:23 +01:00
Sim4n6
342465057c Add Unicode DoS (CWE-770) 2024-03-15 14:17:23 +01:00
amammad
09d8a75844 Fix QLDoc issues 2024-02-14 23:31:22 +04:00
Rasmus Wriedt Larsen
eb401a205d Python: Fix test exclusion for stdlib Python 3.12 2024-02-14 16:53:19 +01:00
Rasmus Wriedt Larsen
e5bd633028 Python: Change name/id to Decompression Bomb 
The old title/id matches how we used to write queries, but I think just
using the normal conversational name is easier for everyone :)
 2024-02-14 14:54:25 +01:00
Rasmus Wriedt Larsen
69c8ef9898 Python: Use dataflow instead of taint-tracking 2024-02-14 14:52:37 +01:00
Rasmus Wriedt Larsen
ba7dd38fc9 Python: Delete duplicated file 2024-02-14 14:48:37 +01:00
Rasmus Wriedt Larsen
9ae3ea81ff Python: Remove spurious results in stdlib 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
d8fd457310 Python: Use helper predicate 
Since the helper predicate had nice qldocs
 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
e7772f1062 Python: Use Unit class 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
9399258e3b Merge branch 'main' into amammad-python-bombs 2024-02-14 13:37:59 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00