23408 Commits

This Branch

This Branch

All Branches

Author	SHA1	Message	Date
Chris Smowton	575198a0e4	Java SSRF query: Server Side -> Server-Side everywhere.	2021-06-17 11:41:04 +01:00
Chris Smowton	7899e17f3a	Java SSRF query: move RequestForgery qll file into semmle/code hierarchy ... This makes it importable by people wishing to extend the query.	2021-06-17 11:41:04 +01:00
Chris Smowton	532a10bfdf	Java SSRF query: Provide hook for custom taint-propagating steps; make all default sinks/sanitizers/steps private.	2021-06-17 11:41:04 +01:00
Chris Smowton	5bdd9da27a	Java SSRF query: credit original author	2021-06-17 11:41:04 +01:00
Chris Smowton	e8613367e8	Java SSRF query: copyedit qhelp	2021-06-17 11:41:04 +01:00
Chris Smowton	3333e7d186	Java SSRF query: sanitize primitives ... Even 'char' isn't a realistic vector for an exploit, unless somebody is copying out a string char by char.	2021-06-17 11:41:04 +01:00
Chris Smowton	93a9f471ce	Add change note	2021-06-17 11:41:04 +01:00
Chris Smowton	77904d9597	Remove failing test ... The case where something might be exactly a constant is general across all queries, and not handled yet, particularly in the case where the result of `getParameter("uri")` might have changed between the check and the use.	2021-06-17 11:41:04 +01:00
Chris Smowton	6933d06a46	Add exactly the string '/' as a sanitizing prefix. ... Usually this is ignored for suspicion that it could be taken for a protocol specifier, but on balance the context `(something) + "/" + tainted()` is more likely to be taken for a user-controlled location within a host the user does not control.	2021-06-17 11:41:03 +01:00
Chris Smowton	bc43b6d760	Fix typo	2021-06-17 11:41:03 +01:00
Chris Smowton	e6249eed79	Add doc comments	2021-06-17 11:41:03 +01:00
Chris Smowton	26e10f3ad5	SSRF: don't consider results of fetches we initiated to be untrustworthy	2021-06-17 11:41:03 +01:00
Chris Smowton	c63d5986cf	Sanitize StringBuilder appends that follow directly from a constructor. ... Note that some of this logic ought to be incorporated into StringBuilderVar once that code can be reviewed.	2021-06-17 11:41:03 +01:00
Chris Smowton	b5a450b881	SSRF query: add sanitizer looking for a variety of ways of prepending a sanitizing prefix, such as one that restricts the hostname a URI will refer to.	2021-06-17 11:41:03 +01:00
Chris Smowton	487c1db6ed	Promote SSRF query to main query set	2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen	6ca8d69b26	Merge pull request #5881 from haby0/java/UnsafeDeserialization ... Java: CWE-502 Add UnsafeDeserialization sinks	2021-06-17 12:36:34 +02:00
Anders Schack-Mulligen	8fe2f4a554	Merge pull request #6034 from owen-mc/java/jax-rs ... Improve JAX-WS and JAX-RS models	2021-06-17 12:35:34 +02:00
Anders Schack-Mulligen	b173b4141d	Merge pull request #6096 from smowton/smowton/fix/inline-expectations-missing-prefix ... Inline expectation tests: accept // $MISSING: and // $SPURIOUS:	2021-06-17 11:41:15 +02:00
haby0	363ad5b470	Fix error	2021-06-17 17:36:35 +08:00
Owen Mansel-Chan	945db01f56	Address review comments	2021-06-17 10:29:33 +01:00
Owen Mansel-Chan	b9bc1f978c	Update style of inline expectation comments	2021-06-17 10:04:15 +01:00
Chris Smowton	558813acf7	Inline expectation tests: accept // $MISSING: and // $SPURIOUS: ... Previously there had to be a space after the $ token, unlike ordinary expectations (i.e., // $xss was already accepted)	2021-06-17 09:44:39 +01:00
Owen Mansel-Chan	0987425f94	Reinstate failing tests with MISSING: prefix	2021-06-17 09:36:51 +01:00
Tom Hvitved	0febf5a592	Merge pull request #6094 from hvitved/dataflow/consistency-compiler-too-smart ... Data flow: Workaround for too clever compiler in consistency queries	2021-06-17 10:23:31 +02:00
Tom Hvitved	cc383e0f6a	Data flow: Workaround for too clever compiler in consistency queries	2021-06-17 09:43:36 +02:00
haby0	3dd851fffb	expected	2021-06-17 15:20:03 +08:00
Owen Mansel-Chan	5f82993b0b	Put parameters with inline expectation comments on their own lines	2021-06-17 06:41:01 +01:00
CodeQL CI	bcafe532ac	Merge pull request #5944 from RasmusWL/async-api-graph-tests ... Approved by tausbn	2021-06-16 08:46:26 -07:00
CodeQL CI	9b84a8e146	Merge pull request #6048 from erik-krogh/graphql ... Approved by esbena	2021-06-16 06:35:42 -07:00
Owen Mansel-Chan	5d00bb23e4	Move logic for URL redirection sinks	2021-06-16 12:48:11 +01:00
yoff	0ddeb7a8c1	Merge pull request #5950 from RasmusWL/promote-clickhouse ... Python: Promote ClickHouse SQL models	2021-06-16 13:38:41 +02:00
Tamás Vajk	eaa69dfa5d	Merge pull request #6084 from tamasvajk/feature/effective-publicness ... C#: Fix isEffectively* visibility predicates	2021-06-16 12:52:38 +02:00
Anders Schack-Mulligen	75d5fe67ea	Merge pull request #6090 from atorralba/atorralba/move-httpsurls-tests ... Java: Move/tweak some tests	2021-06-16 12:00:55 +02:00
Tamas Vajk	28ef0e86f6	Apply code review findings	2021-06-16 10:51:52 +02:00
Tamas Vajk	c5b8acf216	Add change notes	2021-06-16 10:51:52 +02:00
Tamas Vajk	db8a777aa9	Fix isEffectively* predicates to members extracted from multiple assemblies	2021-06-16 10:51:52 +02:00
Tamas Vajk	77f8f3fa8a	Adjust comments on isEffectively*	2021-06-16 10:51:52 +02:00
Tamas Vajk	eea96a5585	Fix effective publicness of protected private and protected internal	2021-06-16 10:51:52 +02:00
Tamas Vajk	f715445c7a	Fix effective privateness of explicitly implemented members	2021-06-16 10:51:08 +02:00
Tamas Vajk	a24006239b	C#: Add more tests to effective visibility	2021-06-16 10:50:15 +02:00
Taus	96d8fc78f8	Merge pull request #6078 from hvitved/type-tracker-caching ... Python: Move cached predicates in type tracker library to same stage	2021-06-16 10:45:02 +02:00
Tamás Vajk	9f44bc575f	Merge pull request #6089 from tamasvajk/feature/interface-member-modifier ... C#: Allow abstract modifier on interface members	2021-06-16 10:44:43 +02:00
haby0	c1ada6d85b	Merge branch 'main' into java/UnsafeDeserialization	2021-06-16 16:37:03 +08:00
Tamás Vajk	386d88ab93	Merge pull request #6085 from tamasvajk/feature/unsafe ... C#: Fix `Modifiable::isUnsafe` to handle declarations extracted from assemblies	2021-06-16 10:30:09 +02:00
Tony Torralba	e2918d55b5	Move tests back from internal repo	2021-06-16 10:09:44 +02:00
Tamas Vajk	66835651fe	C#: Allow abstract modifier on interface members	2021-06-16 09:56:36 +02:00
Tamas Vajk	dacb044790	C#: Add tests for abstract/virtual modifier of interface members	2021-06-16 09:54:34 +02:00
haby0	9badd7aa27	change name	2021-06-16 11:29:37 +08:00
Tamas Vajk	74c4765ab9	Add change note	2021-06-15 17:30:48 +02:00
Tamas Vajk	44b30b70da	C#: Fix Modifiable::isUnsafe to handle declarations extracted from assemblies	2021-06-15 17:30:48 +02:00