hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 02:24:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,291 Commits 1,740 Branches 164 Tags
40f0112e8a38ee5b66dbfa705e07cfba2f21d057
Commit Graph

1291 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Arthur Baars
40f0112e8a Merge pull request #297 from github/aibaars/alert-suppression 
Alert suppression and file classifier query
 2021-09-23 15:37:19 +02:00
Harry Maclean
4f9518a9c6 Merge pull request #293 from github/hmac-code-injection 
Add query for Code Injection
 2021-09-23 13:50:48 +01:00
Tom Hvitved
f347505542 Merge pull request #277 from github/hvitved/flow-summaries 
Add support for flow summaries
 2021-09-23 14:31:52 +02:00
Harry Maclean
41608ef47b Address review comments 2021-09-23 12:26:54 +01:00
Tom Hvitved
68d41f9f12 Address review comments 2021-09-23 12:39:47 +02:00
Harry Maclean
83705c5787 Merge pull request #306 from github/hmac-outgoing-http 
Model outgoing HTTP requests as remote flow sources
 2021-09-23 09:34:44 +01:00
Harry Maclean
5826f2c279 Move Net::HTTP modelling into http_clients module 
This seems a more convenient place to keep all the HTTP client
modelling.
 2021-09-23 09:04:20 +01:00
Harry Maclean
b658bacab3 Simplify Net::HTTP modelling 2021-09-23 09:04:01 +01:00
Harry Maclean
3000587849 Add Net::HTTP request modelling 2021-09-23 09:04:01 +01:00
Harry Maclean
2bdea01c8a Add HTTP::Client concept 2021-09-23 09:04:01 +01:00
Alex Ford
21e31a47d9 Merge pull request #283 from github/file-system-sources 
Start modelling some file system access concepts
 2021-09-22 16:45:13 +01:00
Alex Ford
b769aa67c2 test for IO.open as a way of creating an IO instance 2021-09-22 16:29:10 +01:00
Alex Ford
0092c0279b Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-22 14:28:15 +01:00
Tom Hvitved
e670fdbb82 Move two predicates in FlowSummaryImplSpecific.qll 2021-09-22 14:12:46 +02:00
Tom Hvitved
a37737d065 Replace string kind with boolean preservesValue 2021-09-22 09:28:55 +02:00
Alex Ford
70c2be8ca3 Files library tests 2021-09-21 19:08:03 +01:00
Alex Ford
05a04f4835 Files.qll library implementation 2021-09-21 19:07:55 +01:00
Alex Ford
6315621b16 use instanceof extensions for some filesystem concepts 2021-09-21 19:02:11 +01:00
Alex Ford
d1f2258d45 revamp weak file permissions query 2021-09-21 19:02:11 +01:00
Alex Ford
25300cb2b4 start modelling some file access concepts 2021-09-21 19:02:11 +01:00
Nick Rolfe
dd31473dff Merge pull request #301 from github/fix_source_archive 
Fix filenames in source archives
 2021-09-21 11:37:02 +01:00
Tom Hvitved
cdc359527a Resolve semantic conflicts after rebase 2021-09-21 11:14:11 +02:00
Tom Hvitved
564c76c41f Address review comments 2021-09-21 11:04:53 +02:00
Tom Hvitved
08dc6d79ef Add support for flow summaries 2021-09-21 11:04:53 +02:00
Nick Rolfe
143256e673 Fix filenames in source archives 2021-09-20 22:17:45 +01:00
Nick Rolfe
c183e05c49 Merge pull request #300 from github/fix_tests 
Fix tests
 2021-09-20 16:19:40 +01:00
Nick Rolfe
d27f8a6d24 Add empty subpaths section to expected test output 2021-09-20 15:56:58 +01:00
Tom Hvitved
8aaabe8b1e Merge pull request #299 from github/hvitved/actions-reuse 
Add two 'composite' actions for reusing logic
 2021-09-20 15:55:28 +02:00
Nick Rolfe
6f7d4fef70 Merge pull request #287 from github/unsafe-deserialization 
rb/unsafe-deserialization query
 2021-09-20 14:23:30 +01:00
Nick Rolfe
8af12a164a Merge pull request #298 from github/trap_extension 
Fix trap extension for source files without extensions
 2021-09-20 14:23:01 +01:00
Tom Hvitved
e201dae672 Add two 'composite' actions for reusing logic 2021-09-20 14:52:02 +02:00
Nick Rolfe
c30c7b380d Replace if let with match. 2021-09-20 12:22:55 +01:00
Nick Rolfe
0936c4cd7b Fix trap extension for source files without extensions 
We were writing files with names like `Gemfile..trap.gz`. Now fixed to
`Gemfile.trap.gz`.
 2021-09-20 12:11:00 +01:00
Tom Hvitved
4bfbf62e13 Merge pull request #296 from github/hvitved/empty-location 
Extract a special empty location
 2021-09-20 13:05:27 +02:00
Tom Hvitved
1393dc9eb4 Update extractor/src/main.rs 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-20 12:50:24 +02:00
Harry Maclean
95e50cedad Add query for Code Injection 
This query finds cases where user input flows to an argument to `eval`
or `send`, which can execute arbitrary Ruby code.
 2021-09-20 11:35:45 +01:00
Harry Maclean
916b844557 Merge pull request #280 from github/hmac-cli-injection 
Add CLI Injection query
 2021-09-20 08:54:01 +01:00
Tom Hvitved
b2d0c60a02 Replace hasLocationInfo with getLocation in API::Node 2021-09-20 09:52:26 +02:00
Tom Hvitved
58d06715fc Extract a special empty location 2021-09-20 09:52:26 +02:00
Alex Ford
36289aa9d9 Merge pull request #255 from github/reflected-xss 
rb/reflected-xss query
 2021-09-17 18:32:48 +01:00
Harry Maclean
739661eb10 Test that KernelMethodCall is specific enough 
Calls to `UnknownModule.system`, where `UnknownModule` is a module that
we know nothing about, should not be identified as instances of
`KernelMethodCall`.
 2021-09-17 17:02:17 +01:00
Harry Maclean
64a8cedaa7 Generalise the concept of a Kernel method call 2021-09-17 17:02:17 +01:00
Harry Maclean
599dc28ffa Add another test for shell interpretation 2021-09-17 17:02:17 +01:00
Harry Maclean
f8359767bc Exclude non-shell interpreted args 
Update the CommandInjection query to only consider sinks where the
argument is interpreted by a shell. If the argument is passed directly
to a subprocess then it's not vulnerable to shell injection.
 2021-09-17 17:02:17 +01:00
Harry Maclean
c8e9a592f0 Update CLI injection tests 
Cover more cases, like sinks after (but not guarded by) barrier guards.
 2021-09-17 17:02:17 +01:00
Harry Maclean
d046fb0591 Separate open3 pipeline methods 
These have a slightly different structure than the other open3 methods.
 2021-09-17 17:02:17 +01:00
Harry Maclean
174ba25c66 Update SystemCommandExecution to new pattern 
The new pattern is to use the new instanceof keyword in the class
definition, instead of constraining the "superclass" via a member field.
 2021-09-17 17:02:17 +01:00
Harry Maclean
cbc14ccda9 Make KernelSystemCall more specific 
Test that calls to`system` on modules other than `Kernel` are excluded,
such as in this example:

    module Foo
      def self.system(*args); end
    end

    # This is not a call to Kernel.system
    Foo.system("bar")
 2021-09-17 17:02:17 +01:00
Harry Maclean
fb23a2e3bf Add SubshellHeredocExecution 
This is a form of command execution:

    result = <<`EOF`
    echo foo bar #{baz}
    EOF
 2021-09-17 17:02:17 +01:00
Harry Maclean
799ef4e4c9 Add barrier guards for CLI injection 2021-09-17 17:02:17 +01:00