hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-20 22:46:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,457 Commits 1,712 Branches 163 Tags
62f3e8d64a4f75fc6fdf21dbeafaa66685f91e39
Commit Graph

21457 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
thank_you
62f3e8d64a Add sanitizer for ObjectId 
ObjectId is a sanitizer used to sanitize strings into valid MongoDB ids. During research we've found that this method is used.

ObjectId returns a string representing an id. If at any time ObjectId can't parse it's input (like when a tainted dict in passed in), then ObjectId will throw an error preventing the query from running.
 2021-04-26 15:35:42 -04:00
thank_you
7773c53124 Replace any(string) with _ wildcard 2021-04-20 08:49:08 -04:00
thank_you
bbd3552392 Rename predicate to getQuery 2021-04-20 08:47:37 -04:00
jorgectf
5d25a27d62 Add .expected 2021-04-09 22:28:03 +02:00
jorgectf
4615927eeb Fix flask_mongoengine Call 2021-04-09 22:27:53 +02:00
jorgectf
166385755a Polish Calls naming 2021-04-09 21:49:41 +02:00
jorgectf
208b53e4d2 Polish query file 2021-04-09 21:36:21 +02:00
jorgectf
983af32ab5 Polish qhelp examples 2021-04-09 21:36:11 +02:00
jorgectf
fa5869afe7 Polish qhelp and examples 2021-04-09 21:31:45 +02:00
jorgectf
a6b3aefb0b Add flask_mongoengine sink 2021-04-09 21:30:17 +02:00
jorgectf
0e51dbec86 Polish tests 2021-04-09 21:29:56 +02:00
thank_you
83f28bfdda Catch any keyword argument passed to MongoEngine's objects method 
After some research, we discovered that any keyword argument passed to the objects method will result in NoSQL injection. This includes scenarios where we have the following:

objects(name_of_model_attribute=unsanitized_user_input)
 2021-04-07 16:45:48 -04:00
thank_you
719c30bd92 Fix file name and adjust where the test points to 2021-04-07 16:42:51 -04:00
thank_you
4e98348411 Remove comment 2021-04-06 13:57:03 -04:00
thank_you
dc274ecf36 Improve sentence structure and grammar 2021-04-06 13:51:59 -04:00
thank_you
520e65e3c3 Remove unnecessary example code 2021-04-06 13:46:51 -04:00
thank_you
ac31260fed Made grammar changes 2021-04-06 13:42:57 -04:00
thank_you
6ade120983 Add check for mongoengine raw queries 
After initial research on our end, we believe that the only vulnerability within the objects() method is passing a query into the __raw__ keyword argument. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 20:44:16 -04:00
thank_you
759fa2cd01 Update query to search for more pymongo sink methods 2021-04-05 20:42:18 -04:00
thank_you
3f0c758622 Add required __raw__ keyword 
This __raw__ keyword is required for the actual mongoengine vulnerability. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 19:07:13 -04:00
Your Name
80216f6974 Rename classes 2021-04-05 14:41:08 -04:00
Your Name
be9a3a95b1 Add relevant PyMongo sink methods 2021-04-05 14:23:56 -04:00
Your Name
9072d19cda Update qhelp file 2021-04-05 13:56:43 -04:00
jorgectf
15e176a3b8 Polish query select 2021-04-01 13:00:12 +02:00
jorgectf
f980d0694b Fix taint configs 2021-04-01 12:50:25 +02:00
jorgectf
c8740a2031 Update naming 2021-04-01 12:41:11 +02:00
jorgectf
3a47a45e47 Attempt to apply TaintTracking2 2021-03-31 18:49:41 +02:00
jorgectf
f0a50eb67a Polish up configs 2021-03-31 17:58:18 +02:00
jorgectf
017a826b30 Remove unused class variables 2021-03-31 17:52:03 +02:00
jorgectf
5a1dc48e48 Fix Mongoengine test 2021-03-31 17:50:31 +02:00
jorgectf
7a4dc46341 Fix Sinks 2021-03-31 17:50:05 +02:00
jorgectf
01f9d4a1b0 Fix MongoEngine Sink 2021-03-31 15:50:45 +02:00
jorgectf
ccd57bea7a Fix imports 2021-03-30 21:17:11 +02:00
jorgectf
4579132f22 Add left tests 2021-03-30 21:14:33 +02:00
jorgectf
d856f160c8 Adapt query configs and custom classes 2021-03-30 21:14:21 +02:00
jorgectf
bd5ff01ebb PyMongo and Mongoengine sinks 2021-03-30 21:13:43 +02:00
jorgectf
aea7546cf9 Add Concepts 2021-03-30 21:13:15 +02:00
jorgectf
517a9202ce PR init 2021-03-30 17:51:17 +02:00
Jonas Jensen
7f16c52217 Merge pull request #3364 from github/rdmarsh/cpp/use-taint-configuration-dtt 
C++: use TaintTracking::Configuration in DefaultTaintTracking
 2021-03-26 12:39:25 +01:00
Tom Hvitved
1dbfe2369d Merge pull request #5542 from hvitved/csharp/update-suites 
C#: Remove deleted queries from suites
 2021-03-26 12:13:09 +01:00
CodeQL CI
f584ff9acf Merge pull request #5533 from asgerf/js/fix-query-metadata 
Approved by esbena
 2021-03-26 11:09:54 +00:00
Tom Hvitved
9d1ef21d85 C#: Remove deleted queries from suites 2021-03-26 11:17:27 +01:00
Mathias Vorreiter Pedersen
c7c65736a9 C++: Accept test changes. These happened because of the incorrect usage of multiple configurations in 6c1ec6d96b. 2021-03-26 10:57:58 +01:00
Jonas Jensen
86755c6a98 Merge pull request #5515 from criemen/fix-query-metadata 
C++: Fix query metadata warnings.
 2021-03-26 10:19:46 +01:00
Anders Schack-Mulligen
506c95d098 Merge pull request #5372 from smowton/smowton/feature/commons-lang-models-to-csv 
Java: Convert existing Commons Lang models to CSV
 2021-03-26 10:18:23 +01:00
Tom Hvitved
d4ce42ac4f Merge pull request #5416 from hvitved/csharp/rework-summaries 
C#: Rework flow summary implementation
 2021-03-26 09:47:15 +01:00
Tom Hvitved
e93b72d563 Merge pull request #5459 from hvitved/csharp/update-nuget 
C#: Update more nuget packages
 2021-03-26 09:28:09 +01:00
Mathias Vorreiter Pedersen
983b64a05f Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt 2021-03-26 09:11:12 +01:00
Tom Hvitved
57fd2e3578 C#: Rename parameter in fieldOf() 2021-03-26 08:49:06 +01:00
yoff
208d5157fa Merge pull request #5500 from RasmusWL/django-forms 
Python: Model RemoteFlowSources on Django forms/fields
 2021-03-25 20:43:19 +01:00