hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 19:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,493 Commits 1,672 Branches 157 Tags
4d51a15cc4fca88223a4995770d30ffc0a3824e4
Commit Graph

4654 Commits

Author SHA1 Message Date
erik-krogh
0fdd06fff5 use my script to delete outdated deprecations 2024-09-03 20:30:58 +02:00
Porcupiney Hairs
f86570f6e7 WIP: Python: CORS Bypass 
This PR adds a query to detect a Cross Origin Resource Sharing(CORS) policy bypass due to an incorrect check.

This PR attempts to detect the vulnerability pattern found in CVE-2022-3457

```python
if request.method in ['POST', 'PUT', 'PATCH', 'DELETE']:
    origin = request.headers.get('Origin', None)
    if origin and not origin.startswith(request.base):
        raise cherrypy.HTTPError(403, 'Unexpected Origin header')
```

In this case, a value obtained from a header is compared using `startswith` call. This comparision is easily bypassed resulting in a CORS bypass. Given that similar bugs have been found in other languages as well, I think this PR would be a great addition to the exisitng python query pack.

The databases for CVE-2022-3457 can be downloaded from
```
https://filetransfer.io/data-package/i4Mfepls#link
https://file.io/V67T4SSgmExF
```
 2024-09-03 03:11:35 +05:30
Joe Farebrother
5494389c4b Update changenote 
Co-authored-by: Sid Shankar <sidshank@github.com>
 2024-08-29 09:44:23 +01:00
Joe Farebrother
f3dea1d647 Add changenote 2024-08-28 09:04:01 +01:00
Kevin Stubbings
c60f459530 Grammar 2024-08-26 23:57:19 -07:00
Kevin Stubbings
812abea0de change-notes 2024-08-26 22:25:00 -07:00
Kevin Stubbings
1db7865d49 Corrections 2024-08-26 22:06:12 -07:00
Kevin Stubbings
8bf8893307 Add support for vulnerable CORS middlewares 2024-08-26 21:30:48 -07:00
github-actions[bot]
0724fd7ce2 Post-release preparation for codeql-cli-2.18.3 2024-08-21 18:25:54 +00:00
github-actions[bot]
17cd9624fb Release preparation for version 2.18.3 2024-08-21 17:13:52 +00:00
Felicity Chapman
fcb2b5730f Update CookieInjection.ql to remove period 2024-08-15 13:17:13 +01:00
Alexander Eyers-Taylor
ffd811a55d Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 
Post-release preparation for codeql-cli-2.18.2
 2024-08-08 16:28:03 +01:00
github-actions[bot]
cc6d87c276 Post-release preparation for codeql-cli-2.18.2 2024-08-08 12:56:21 +00:00
github-actions[bot]
019da8c287 Release preparation for version 2.18.2 2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor
46577b585e Revert "Release preparation for version 2.18.2" 2024-08-07 14:24:37 +01:00
Joe Farebrother
62c2fe6b17 Merge pull request #16933 from joefarebrother/python-cookie-concept-promote 
Python: Promote the insecure cookie query from experimental
 2024-08-07 09:06:05 +01:00
github-actions[bot]
c14ba0e4bd Release preparation for version 2.18.2 2024-08-06 12:46:15 +00:00
yoff
251036c6b4 Merge pull request #17080 from sylwia-budzynska/streamlit 
Python: Add Streamlit models
 2024-07-31 18:20:11 +02:00
Joe Farebrother
1127b08635 Merge branch 'main' into python-cookie-concept-promote 2024-07-29 10:26:03 +01:00
Joe Farebrother
58689c90fb Merge pull request #16893 from joefarebrother/python-cookie-injectio-promote 
Python: Promote cookie injection query from experimental
 2024-07-29 10:17:01 +01:00
Sylwia Budzynska
6d1c00742f Add tests and change note 2024-07-26 14:15:43 +02:00
Joe Farebrother
ebeb187fd9 Remove unneeded experimental file 2024-07-25 23:16:48 +01:00
Joe Farebrother
8f714c631f Code reveiw suggestions. correction in changenote + style in example 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-24 21:37:12 +01:00
Joe Farebrother
44271813a5 Add change note 2024-07-23 10:15:28 +01:00
Joe Farebrother
93f70b3ad9 Add unit tests 2024-07-23 10:15:23 +01:00
Joe Farebrother
a73d675e6e Remove experimental query versions 2024-07-23 10:14:55 +01:00
Joe Farebrother
226e4eb8a5 Use a 3-valued newtype for hasSameSiteAttribute 2024-07-23 10:14:45 +01:00
Joe Farebrother
df5569fda9 Add documentation 2024-07-23 10:14:40 +01:00
Joe Farebrother
6a7bdaf284 Fix experimental query compilation 2024-07-23 10:14:29 +01:00
Joe Farebrother
033dd9f8a6 Promote insecure cookie query 2024-07-23 10:14:22 +01:00
Joe Farebrother
9ad6c8c5eb Implement cookie attributes for cases in which a raw header is set 2024-07-23 10:14:16 +01:00
Joe Farebrother
2df09f6194 Change flag predicates to boolean parameters rather than boolean results 2024-07-23 10:14:08 +01:00
Joe Farebrother
6f7b2a2d20 Add cookie flags to cookie write concept, and alter experimental queries to use them 2024-07-23 10:14:00 +01:00
github-actions[bot]
49cc8f8ff8 Post-release preparation for codeql-cli-2.18.1 2024-07-22 22:00:48 +00:00
github-actions[bot]
368bcb684a Release preparation for version 2.18.1 2024-07-22 21:30:50 +00:00
Chuan-kai Lin
23320b6e5e Revert "Release preparation for version 2.18.1" 2024-07-22 13:22:49 -07:00
github-actions[bot]
55935fc123 Release preparation for version 2.18.1 2024-07-22 14:56:15 +00:00
Joe Farebrother
661a4126ac Add change note 2024-07-19 09:23:33 +01:00
Joe Farebrother
baf51334e4 Update documentation 2024-07-19 09:13:30 +01:00
Joe Farebrother
070d67816d Remove experimental version 2024-07-16 16:50:10 +01:00
Joe Farebrother
8d93c3a852 Move to cwe-20 2024-07-16 16:50:08 +01:00
Joe Farebrother
e885f1f8c4 Add documentation 2024-07-16 16:50:05 +01:00
Joe Farebrother
983bdb92a1 Add test cases + remove redundant import 2024-07-16 16:50:00 +01:00
Joe Farebrother
123214cb2b Promoto cookie injection query 2024-07-16 16:49:56 +01:00
Rasmus Wriedt Larsen
f41d2a896c Merge pull request #16771 from porcupineyhairs/js2py 
Python : Arbitrary code execution due to Js2Py
 2024-07-11 15:31:57 +02:00
github-actions[bot]
ae3aba061b Post-release preparation for codeql-cli-2.18.0 2024-07-08 13:30:13 +00:00
github-actions[bot]
b0d6778652 Release preparation for version 2.18.0 2024-07-08 09:10:51 +00:00
Rasmus Wriedt Larsen
0a32f9fed6 Python: Update query metadata 2024-07-04 14:09:37 +02:00
Rasmus Wriedt Larsen
8d1113cdaf Python: Fixup qhelp 2024-07-04 14:01:30 +02:00
Porcupiney Hairs
808af28618 Python : Arbitrary codde execution due to Js2Py 
Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python.
The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly.

This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call.

This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix.
The databases can be downloaded from the links bellow.
```
https://file.io/qrMEjSJJoTq1
https://filetransfer.io/data-package/a02eab7V#link
```
 2024-07-03 19:06:34 +05:30