hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,727 Commits 1,672 Branches 157 Tags
3a80baf39c57c64bbdfa130d4af4947d0893cf7c
Commit Graph

5503 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
769f5691d0 Python: Add taint for StringIO and BytesIO 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
57b9780428 Python: XXE: Add example of exfiltrating data through dtd-retrival 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
a1d88e39a7 Python: Adjust XXE PoC for newer lxml versions 
Which doesn't raise that syntax error (at least not on my laptop)
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
91795b8577 Python: Add simple test of Xxe/XmlBomb 
Note that most of the testing happens in the framework specific tests,
with an inline-expectation test
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
e45f9d69cc Python: Adjust Xxe/XmlBomb for Python 
I changed a few QLdocs so they fit the style we have used in Python...
although I surely do regret having introduced a new style for how these
QLDocs look :D
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
65907c9762 Python: Copy Xxe/XmlBomb queries from JS 
After internal discussion, these will replace the `XmlEntityInjection`
query, so we can have separate severities on DoS and the other (more
serious) attacks.

Note: These clearly don't work, since they are verbatim copies of the JS
code, but I split it into multiple commits to clearly highlight what
changes were made.
 2022-03-31 09:52:54 +02:00
Erik Krogh Kristensen
1218c4f4ed fix ql/name-casing, and drive-by QL-for-QL typo fix 2022-03-30 22:59:14 +02:00
Erik Krogh Kristensen
1847a5713b remove TODO 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
7ca6426ea5 revert the Taint stage, as it caused an alert for ql/abstract-class-import 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
7e4ab4c60b Revert "import all the frameworks that extend RegexString" 
This reverts commit 84bc9042de4e876685f8f5ffdd88893383d1cfdc.

It caused ql/abstract-class-import alerts
 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
3b9335c051 nomagic on containsInScope 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
5caff81ff9 import all the frameworks that extend RegexString 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
b959705531 revert changes in MRO.qll 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
b74852ffd6 cache a bit more (again) 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
d9ced55e2c make private predicates private 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
040196f40d cache more basicblock predicates 2022-03-30 22:54:01 +02:00
Erik Krogh Kristensen
79713e0ef8 a bit more caching 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
7643aac207 revert bad nomagic 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
35c7fa58a7 joiner order fixes 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
88e896992e cache the remainder of the pointsto layer 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
79da0970cc various join order fixes 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
3e9ee887d4 fix bad mistake 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
758a5d7a85 few join order fixes 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
6eca4ba2d3 get around identical files by adding the ref() call somewhere else 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
4089788629 revert caching of some large predicates that caused the DB size to increase too much 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
0da80f90d3 rename the SSA stages to AST 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
c9e3a62953 cached stages iteration 5 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
a8f9a91e38 cached stages iteration 4 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
f68357a063 cached stages iteration 3.5 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
37a9b41e26 cached stages iteration 3 2022-03-30 22:54:00 +02:00
Erik Krogh Kristensen
60b5af215f cached stages iteration 2 2022-03-30 22:53:59 +02:00
Erik Krogh Kristensen
71eacea90b add the cached stages pattern to Python 2022-03-30 22:53:59 +02:00
Sebastian Bauersfeld
a3c3a7fe0d Python: Identify alternative body argument in invocations of Response constructor. 2022-03-30 19:34:54 +07:00
Porcupiney Hairs
92033047a5 Python : Add query to detect PAM authorization bypass 
Using only a call to `pam_authenticate` to check the validity of a login can
lead to authorization bypass vulnerabilities. A `pam_authenticate` only
verifies the credentials of a user. It does not check if a user has an
appropriate authorization to actually login. This means a user with a
expired login or a password can still access the system.

This PR includes a qhelp describing the issue, a query which detects instances where a call to
`pam_acc_mgmt` does not follow a call to `pam_authenticate` and it's
corresponding tests.

This PR has multiple detections. Some of the public one I can find are :
* [CVE-2022-0860](https://nvd.nist.gov/vuln/detail/CVE-2022-0860) found
in [cobbler/cobbler](https://www.github.com/cobbler/cobbler)
* [fredhutch/motuz](https://www.huntr.dev/bounties/d46f91ca-b8ef-4b67-a79a-2420c4c6d52b/)
 2022-03-30 00:47:58 +05:30
yoff
3416f074e8 Update python/ql/src/Security/CWE-352/CSRFProtectionDisabled.ql 
Explain why `TestScope` is not used.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-29 13:59:04 +02:00
Erik Krogh Kristensen
20599d1846 Merge branch 'main' of github.com:github/codeql into labelNaming 2022-03-28 15:30:33 +02:00
Erik Krogh Kristensen
36db492aa2 move the polynomialbacktracking-test to the test folder 2022-03-28 13:22:26 +02:00
Erik Krogh Kristensen
c5fb19c377 update the JS API-graph labels toString() to print the predicate calls on the API-graphs 2022-03-28 13:19:16 +02:00
Arthur Baars
2ae5e8158e Python: import RegExpTreeView correctly 2022-03-28 12:41:32 +02:00
Arthur Baars
b103679d8a JS/Ruby/Python: rename RegExpTreeView.qll to ReDoSUtilSpecific.qll 2022-03-28 12:17:26 +02:00
Arthur Baars
af1d949d06 Merge pull request #8489 from aibaars/regex-refactor 
Ruby: refactor regex libraries
 2022-03-28 12:17:00 +02:00
Ahmed Farid
53f756b078 Update ZipSlip.expected 2022-03-28 08:54:44 +00:00
yoff
5efc19c39d Merge pull request #7806 from erik-krogh/pyDef 
Python: Add def nodes to API graphs
 2022-03-28 08:09:14 +02:00
Rasmus Lerchedahl Petersen
774c811e97 python: move CSRF concepts inside HTTP::Server 2022-03-28 07:35:13 +02:00
Ahmed Farid
d89ed8b98b Update zipslip_bad.py 2022-03-28 01:40:08 +00:00
Ahmed Farid
a50f051cdd Update zipslip_bad.py 2022-03-28 01:38:58 +00:00
Ahmed Farid
cafbd98454 Update zipslip_bad.py 2022-03-28 01:08:39 +00:00
Ahmed Farid
f364e41dbe Update ZipSlip.expected 2022-03-28 01:02:38 +00:00
Ahmed Farid
a8c14ed6c3 Update zipslip_bad.py 2022-03-28 01:00:38 +00:00
Ahmed Farid
ddba3b7784 Update ZipSlip.qll 2022-03-28 00:59:56 +00:00