hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 01:54:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,437 Commits 1,740 Branches 164 Tags
0e0441743b4d66098f306c5eefbb48c24982ddea
Commit Graph

725 Commits

Author SHA1 Message Date
Andrew Eisenberg
d9ab13b43d Update ql/src/qlpack.yml 
Co-authored-by: Arthur Baars <aibaars@github.com>
 2021-10-12 13:01:03 -07:00
Andrew Eisenberg
2fca1f57c6 Add defaultSuite 
Also, change the dependencies to be in alignment with other standard qlpacks.
 2021-10-12 21:57:53 +02:00
Arthur Baars
4e79d9fad6 Merge pull request #334 from github/RasmusWL/normalize-qlpack 
Packaging: Normalize src/qlpack.yml
 2021-10-12 21:56:31 +02:00
Arthur Baars
06e91c1182 Merge pull request #322 from github/request-without-validation 
rb/request-without-cert-validation
 2021-10-12 20:19:11 +02:00
Nick Rolfe
ecc9f07c50 Merge pull request #311 from github/nickrolfe/oj 
Consider Oj.load a sink for unsafe deserialization
 2021-10-12 16:17:08 +01:00
Rasmus Wriedt Larsen
bca1cb141c Packaging: Normalize src/qlpack.yml 
Port of 4) from https://github.com/github/codeql/pull/6605

> Dependencies from query packs to other packs are always "*" since
these dependencies are always from source and we should get the
latest.

Compare with [C++ change](https://github.com/github/codeql/pull/6605/files#diff-0236560ca1b9c19eb7c74d8bfecd1c78005e762122f8bcdaee9eb9b20460bf9c).
 2021-10-11 14:36:14 +02:00
Nick Rolfe
eafe22ef93 Merge remote-tracking branch 'origin/main' into nickrolfe/oj 2021-10-07 16:40:36 +01:00
Alex Ford
168e67dd6d deduplicate string constantQualifiedName(ConstantWriteAccess) as string ConstantWriteAccess#getQualifiedName 2021-10-07 15:30:36 +01:00
Alex Ford
8e1b48e607 StoredXSS.qhelp 2021-10-07 15:30:36 +01:00
Alex Ford
182a926eeb rename some example files 2021-10-07 15:30:36 +01:00
Alex Ford
a2084f813e rb/stored-xss structure and initial implementation (FileSystemReadAccess sources) 2021-10-07 15:30:36 +01:00
Nick Rolfe
253064144b Tweak alert wording. 
This reflects the fact that the query finds results where validation is
only disabled under certain conditions.
 2021-10-07 12:06:53 +01:00
Nick Rolfe
1ce458fa33 Add query to find HTTP requests that disable SSL validation 2021-10-06 14:06:09 +01:00
Harry Maclean
7bf818fdf5 Refactor KernelMethodCall modelling 
By extending `DataFlow::CallNode` instead of `MethodCall`, we get rid of
a lot of `.asExpr().getExpr()` calls.
 2021-10-05 12:26:59 +01:00
Harry Maclean
232fb9ad5b Add cwe-073 tag to KernelOpen query 
CWE-073 is External Control of File Name or Path, which applies here.
 2021-10-05 11:13:58 +01:00
Harry Maclean
6f293c7a5e Add a query for uses of Kernel.open and IO.read 2021-10-05 11:13:58 +01:00
Arthur Baars
4268d9c565 XXE query 2021-09-30 11:20:17 +02:00
Nick Rolfe
175958b9be Consider Oj.load a sink for unsafe deserialization 
Unless a known-safe mode is used, either by setting the default options,
or by explicitly passing a mode in the options hash argument.
 2021-09-24 17:43:22 +01:00
Arthur Baars
40f0112e8a Merge pull request #297 from github/aibaars/alert-suppression 
Alert suppression and file classifier query
 2021-09-23 15:37:19 +02:00
Harry Maclean
4f9518a9c6 Merge pull request #293 from github/hmac-code-injection 
Add query for Code Injection
 2021-09-23 13:50:48 +01:00
Tom Hvitved
f347505542 Merge pull request #277 from github/hvitved/flow-summaries 
Add support for flow summaries
 2021-09-23 14:31:52 +02:00
Alex Ford
d1f2258d45 revamp weak file permissions query 2021-09-21 19:02:11 +01:00
Tom Hvitved
08dc6d79ef Add support for flow summaries 2021-09-21 11:04:53 +02:00
Nick Rolfe
6f7d4fef70 Merge pull request #287 from github/unsafe-deserialization 
rb/unsafe-deserialization query
 2021-09-20 14:23:30 +01:00
Harry Maclean
95e50cedad Add query for Code Injection 
This query finds cases where user input flows to an argument to `eval`
or `send`, which can execute arbitrary Ruby code.
 2021-09-20 11:35:45 +01:00
Harry Maclean
916b844557 Merge pull request #280 from github/hmac-cli-injection 
Add CLI Injection query
 2021-09-20 08:54:01 +01:00
Harry Maclean
4ecc78effc Kernel#system -> Kernel.system 2021-09-17 17:02:17 +01:00
Harry Maclean
fe8fc0697b Add qhelp for CLI Injection query 2021-09-17 17:02:17 +01:00
Harry Maclean
4a0d7c528a Add top-level CLI injection query and tests 2021-09-17 17:02:17 +01:00
Alex Ford
98fd0e1c24 Update ql/src/queries/security/cwe-079/ReflectedXSS.qhelp 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
ed708c1903 Update ql/src/queries/security/cwe-079/ReflectedXSS.qhelp 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
eed87b3319 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
dbb239b04e reorder and format rb/reflected-xss qhelp 2021-09-15 20:50:46 +01:00
Alex Ford
d71dd3f6c7 rb/reflected-xss 2021-09-15 20:50:46 +01:00
Arthur Baars
e03fe0fcd4 Add ClassifyFiles.ql 2021-09-14 16:30:34 +02:00
Arthur Baars
c2ec6407f5 Add AlertSuppression.ql 2021-09-14 11:53:53 +02:00
Nick Rolfe
6dbf6d7e82 Merge pull request #278 from github/aibaars/revert-hotfix 
Revert "Use hotfixed version of `codeql/suite-helpers` with workaround for bug in released CLI"
 2021-09-09 11:21:20 +01:00
Nick Rolfe
2ddca2c0db Document and test YAML.safe_load 2021-09-08 18:22:31 +01:00
Nick Rolfe
adceb0a2a1 Add query rb/unsafe-deserialization 2021-09-08 17:49:23 +01:00
Nick Rolfe
414362db8d Rename .qll to match our naming scheme for other dataflow queries. 2021-09-07 17:38:08 +01:00
Nick Rolfe
7666d856b7 Merge remote-tracking branch 'origin/main' into polynomial_redos 2021-09-07 17:35:07 +01:00
Nick Rolfe
4d5928ae5a Add @security-severity tag 2021-09-07 12:15:44 +01:00
Harry Maclean
87253032e2 Add a query for URL redirect vulnerabilities 
This query finds instances of CWE-601: Redirection to Untrusted Site.

The structure is copied from a query of the same name in the Python
library. We add customisations specific to `ActionController`.
 2021-09-03 13:17:14 +01:00
Nick Rolfe
d62b41bdf4 Add query for polynomial ReDoS 2021-09-02 17:57:56 +01:00
Arthur Baars
ab4cc753b0 Revert "Use hotfixed version of codeql/suite-helpers with workaround for bug in released CLI" 
This reverts commit 9d7b77496e.
 2021-09-02 16:01:51 +02:00
Harry Maclean
3490e328e1 codeql_ruby -> codeql.ruby 2021-08-31 15:43:02 +01:00
Harry Maclean
d3f683e573 Minor refactor of constantQualifiedName 2021-08-31 15:42:06 +01:00
Harry Maclean
34f02ee622 Fix constantQualifiedName 
Exclude partial results

Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2021-08-31 15:42:06 +01:00
Harry Maclean
91d56cd802 Use dataflow to find method call targets 
This includes both local and non-local methods, and is also simpler than
the previous definition.
 2021-08-31 15:42:06 +01:00
Harry Maclean
cd3192e8f1 Fix ordering for definitionOf 
Actually select the lexicographically least location, not the greatest.
 2021-08-31 15:42:06 +01:00