hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-11 18:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,280 Commits 1,740 Branches 164 Tags
4cf520c2df5793e7b51010fb0787ca581b736cd1
Commit Graph

92 Commits

Author SHA1 Message Date
Harry Maclean
4cf520c2df Model the Faraday HTTP client 2021-09-23 16:32:15 +01:00
Harry Maclean
ee51298633 Model the Excon HTTP client 2021-09-23 16:32:15 +01:00
Harry Maclean
5826f2c279 Move Net::HTTP modelling into http_clients module 
This seems a more convenient place to keep all the HTTP client
modelling.
 2021-09-23 09:04:20 +01:00
Harry Maclean
b658bacab3 Simplify Net::HTTP modelling 2021-09-23 09:04:01 +01:00
Harry Maclean
3000587849 Add Net::HTTP request modelling 2021-09-23 09:04:01 +01:00
Harry Maclean
2bdea01c8a Add HTTP::Client concept 2021-09-23 09:04:01 +01:00
Alex Ford
0092c0279b Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-22 14:28:15 +01:00
Alex Ford
05a04f4835 Files.qll library implementation 2021-09-21 19:07:55 +01:00
Alex Ford
6315621b16 use instanceof extensions for some filesystem concepts 2021-09-21 19:02:11 +01:00
Alex Ford
d1f2258d45 revamp weak file permissions query 2021-09-21 19:02:11 +01:00
Alex Ford
25300cb2b4 start modelling some file access concepts 2021-09-21 19:02:11 +01:00
Nick Rolfe
6f7d4fef70 Merge pull request #287 from github/unsafe-deserialization 
rb/unsafe-deserialization query
 2021-09-20 14:23:30 +01:00
Tom Hvitved
4bfbf62e13 Merge pull request #296 from github/hvitved/empty-location 
Extract a special empty location
 2021-09-20 13:05:27 +02:00
Harry Maclean
916b844557 Merge pull request #280 from github/hmac-cli-injection 
Add CLI Injection query
 2021-09-20 08:54:01 +01:00
Tom Hvitved
b2d0c60a02 Replace hasLocationInfo with getLocation in API::Node 2021-09-20 09:52:26 +02:00
Alex Ford
36289aa9d9 Merge pull request #255 from github/reflected-xss 
rb/reflected-xss query
 2021-09-17 18:32:48 +01:00
Harry Maclean
739661eb10 Test that KernelMethodCall is specific enough 
Calls to `UnknownModule.system`, where `UnknownModule` is a module that
we know nothing about, should not be identified as instances of
`KernelMethodCall`.
 2021-09-17 17:02:17 +01:00
Harry Maclean
64a8cedaa7 Generalise the concept of a Kernel method call 2021-09-17 17:02:17 +01:00
Harry Maclean
f8359767bc Exclude non-shell interpreted args 
Update the CommandInjection query to only consider sinks where the
argument is interpreted by a shell. If the argument is passed directly
to a subprocess then it's not vulnerable to shell injection.
 2021-09-17 17:02:17 +01:00
Harry Maclean
d046fb0591 Separate open3 pipeline methods 
These have a slightly different structure than the other open3 methods.
 2021-09-17 17:02:17 +01:00
Harry Maclean
174ba25c66 Update SystemCommandExecution to new pattern 
The new pattern is to use the new instanceof keyword in the class
definition, instead of constraining the "superclass" via a member field.
 2021-09-17 17:02:17 +01:00
Harry Maclean
cbc14ccda9 Make KernelSystemCall more specific 
Test that calls to`system` on modules other than `Kernel` are excluded,
such as in this example:

    module Foo
      def self.system(*args); end
    end

    # This is not a call to Kernel.system
    Foo.system("bar")
 2021-09-17 17:02:17 +01:00
Harry Maclean
fb23a2e3bf Add SubshellHeredocExecution 
This is a form of command execution:

    result = <<`EOF`
    echo foo bar #{baz}
    EOF
 2021-09-17 17:02:17 +01:00
Harry Maclean
799ef4e4c9 Add barrier guards for CLI injection 2021-09-17 17:02:17 +01:00
Harry Maclean
8f65d78cb5 Add Shellwords.escape as CLI injection sanitizer 2021-09-17 17:02:17 +01:00
Harry Maclean
4a0d7c528a Add top-level CLI injection query and tests 2021-09-17 17:02:17 +01:00
Harry Maclean
8440fe2ba9 Add CommandInjection dataflow config 2021-09-17 17:02:17 +01:00
Harry Maclean
a8f0bce1d1 Add SystemCommandExecution concept 
A SystemCommandExecution is a method call or builtin that executes a
system command, either directly or via a subshell.
 2021-09-17 17:02:17 +01:00
Nick Rolfe
3d23575a38 Merge pull request #292 from github/regexp_slash_az 
Don't parse `\A` and `\Z` as `RegExpConstant`
 2021-09-17 16:42:13 +01:00
Tom Hvitved
464b50231b DB upgrade script 2021-09-16 12:57:32 +02:00
Tom Hvitved
fd04baa9fe No longer create redundant numlines relation 2021-09-16 11:43:13 +02:00
Alex Ford
773291e4c3 Put exprNodeReturnedFrom predicate in DataFlowDispatch.qll 2021-09-15 20:50:46 +01:00
Alex Ford
e80faa017c Fix rb/reflected-xss flow from helper method return values 2021-09-15 20:50:46 +01:00
Alex Ford
35da921deb format 2021-09-15 20:50:46 +01:00
Alex Ford
50b0bb8b36 Restrict rb/reflected-xss instance variable taint edges 2021-09-15 20:50:46 +01:00
Alex Ford
6cc82d46f3 Fix LinkToCallArgumentAsSink matching when link_to is passed a block 2021-09-15 20:50:46 +01:00
Alex Ford
200c8f2493 Add some HTMLEscaping implementations for Rails 2021-09-15 20:50:46 +01:00
Alex Ford
2e65f9b80e update some comments referencing view components 2021-09-15 20:50:46 +01:00
Alex Ford
0689e6095e make a type more specific 2021-09-15 20:50:46 +01:00
Alex Ford
205b141482 format 2021-09-15 20:50:46 +01:00
Alex Ford
76864a82be remove an incorrect test case 2021-09-15 20:50:46 +01:00
Alex Ford
3445a6a5e7 fix flow steps from controller instance var assignement to view read access 2021-09-15 20:50:46 +01:00
Alex Ford
b993723595 remove spurious ivar -> locals hash mapping (actionview/controller) 2021-09-15 20:50:46 +01:00
Alex Ford
3430a46440 fix some local variable mappings between view and controller 2021-09-15 20:50:46 +01:00
Alex Ford
b264a05288 Update ql/lib/codeql/ruby/security/ReflectedXSSCustomizations.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
d71dd3f6c7 rb/reflected-xss 2021-09-15 20:50:46 +01:00
Tom Hvitved
9e67382f06 Bump codeql submodule 2021-09-15 14:59:42 +02:00
Nick Rolfe
ebf23d00d1 Don't parse \A and \Z as RegExpConstant 
Fixes some FPs for the ReDoS queries.
 2021-09-14 16:49:35 +01:00
Harry Maclean
12723f0f13 Merge pull request #288 from github/hmac-barrier-guard-checks 
Make barrier guards more specific
 2021-09-14 16:16:20 +01:00
Tom Hvitved
8ac3dc29e0 Speedup RegExp::multiples 
Use regexps to perform matching to avoid constructing sub strings.
 2021-09-14 13:58:24 +02:00