hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,340 Commits 1,742 Branches 165 Tags
69ed88bccd4e1e52f4e6ffdf6c7f48940ec4c4fc
Commit Graph

1505 Commits

Author SHA1 Message Date
am0o0
fd9e6f48d7 fix the docs of secondary server cmd injection 2024-05-29 16:01:43 +02:00
am0o0
171486641e Ssh2.qll: fix a typo 2024-05-29 16:00:52 +02:00
am0o0
5299c4a845 fix the qhelp of secondary server cmd injectino 2024-05-29 16:00:06 +02:00
am0o0
0e80e867af fix actions reviews 2024-05-10 08:32:45 +02:00
amammad
6b9cc1a278 update Twisted document link 2024-05-06 14:36:10 +02:00
amammad
c4a38d0a2f add twisted SSH client as secondary server command injection sinks, add proper test cases 2024-05-06 14:36:10 +02:00
amammad
0a765cc94a add jsonpickle and pexpect libs in case of unsafe decoding and secondary command execution, add proper test cases 2024-05-06 14:36:10 +02:00
amammad
7e93102097 finalize Secondary server command injection queries and tests. 2024-05-06 14:36:10 +02:00
amammad
ead247469d add ssh client libraries, add SecondaryServerCmdInjectionCustomizations 2024-05-06 14:36:10 +02:00
amammad
4df73f9975 continue to convert paramiko query to a more general query, 
the proxy command is not a secondary command execution
so we can add proxy command to SystemCommandExecution::Range, update QLDocs,
add a proper Paramiko test case
fix a typo
 2024-05-06 14:36:10 +02:00
amammad
5fea71e5d6 convert paramiko query to SecondaryServerCmdInjection query, Add inline tests 2024-05-06 14:36:10 +02:00
Joe Farebrother
cf8db4e425 Update instances of experimental concept to the main one, and anotate missing experimental test results. 2024-04-24 14:05:39 +01:00
Joe Farebrother
daa31b5bb7 Add documentation 2024-04-24 14:05:38 +01:00
Joe Farebrother
8636a50190 Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query) 2024-04-24 14:05:38 +01:00
Joe Farebrother
a88ad62c00 Implemented sinks for bulk header updates, and added corresponding tests. 2024-04-24 14:05:38 +01:00
Joe Farebrother
68d90918cf Add to header write concept a specification of whether the name or value arg allows newlines. 
Ported sink defenitions from Flask and Werzeug from experimental to main.
Removed experimental sink definitions for Django, as neither name nor value are vulnerable.
 2024-04-24 14:05:37 +01:00
Joe Farebrother
6021d9238c Move headers injection query and concept from experimental to main 2024-04-24 14:05:37 +01:00
Taus
b484aee39e Python: Autoformat everything 
Of course, `StringLiteral` being much longer than `StrConst` meant a
bunch of files changed formatting.
 2024-04-22 12:00:09 +00:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
Sim4n6
26a16b7857 use of a single var "op" of type Cmpop 2024-03-15 14:17:23 +01:00
Sim4n6
a717bf1b9d Fix p tag in UnicodeDoS.qhelp 2024-03-15 14:17:23 +01:00
Sim4n6
af19a0342e Fix UnicodeDoS vulnerability in CWE-770 code 2024-03-15 14:17:23 +01:00
Sim4n6
085d803b14 Fix UnicodeDoS vulnerability in CWE-770 2024-03-15 14:17:23 +01:00
Sim4n6
31dc542111 Update request parameter name in good_1() function 2024-03-15 14:17:23 +01:00
Sim4n6
70ebc58b4c Refactor Unicode normalization code 2024-03-15 14:17:23 +01:00
Sim4n6${{7*'7'}}
658b88e62f Update python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql 
update the Config API

Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-15 14:17:23 +01:00
Sim4n6
1f767b887e Add some comments and docs 2024-03-15 14:17:23 +01:00
Sim4n6
5cc9170249 Add UnicodeDoS sink for werkzeug secure_filename 2024-03-15 14:17:23 +01:00
Sim4n6
342465057c Add Unicode DoS (CWE-770) 2024-03-15 14:17:23 +01:00
amammad
09d8a75844 Fix QLDoc issues 2024-02-14 23:31:22 +04:00
Rasmus Wriedt Larsen
eb401a205d Python: Fix test exclusion for stdlib Python 3.12 2024-02-14 16:53:19 +01:00
Rasmus Wriedt Larsen
e5bd633028 Python: Change name/id to Decompression Bomb 
The old title/id matches how we used to write queries, but I think just
using the normal conversational name is easier for everyone :)
 2024-02-14 14:54:25 +01:00
Rasmus Wriedt Larsen
69c8ef9898 Python: Use dataflow instead of taint-tracking 2024-02-14 14:52:37 +01:00
Rasmus Wriedt Larsen
ba7dd38fc9 Python: Delete duplicated file 2024-02-14 14:48:37 +01:00
Rasmus Wriedt Larsen
9ae3ea81ff Python: Remove spurious results in stdlib 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
d8fd457310 Python: Use helper predicate 
Since the helper predicate had nice qldocs
 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
e7772f1062 Python: Use Unit class 2024-02-14 14:47:28 +01:00
Rasmus Wriedt Larsen
9399258e3b Merge branch 'main' into amammad-python-bombs 2024-02-14 13:37:59 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Anders Schack-Mulligen
8ef4821f63 Python: Remove references to FlowStateString. 2023-12-14 15:05:33 +01:00
amammad
5795c72a99 added inline tests 2023-12-07 14:04:33 +01:00
amammad
6ebdae3bab Merge branch 'main' into amammad-python-bombs 2023-12-07 13:50:20 +01:00
amammad
2d0067d618 fix some qldocs, change Sink extenstion model, deduct some not necessarily checks :) 2023-12-07 13:45:28 +01:00
Chris Campbell
114b694553 Remove @precision values, correct missing tags 2023-11-16 15:50:41 +00:00
amammad
4283bb7d48 clean up unused vars,fix tests 2023-10-09 23:15:58 +02:00
amammad
9d86e7946c move library file to experimental lib directory 2023-10-09 23:10:30 +02:00
amammad
1318afdb27 modularize 2023-10-09 23:07:52 +02:00
amammad
3175db226e upgrade fastAPI remote sources 2023-10-09 20:51:19 +02:00
erik-krogh
4bc4e0845d delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses 2023-10-07 21:48:49 +02:00
Josh Brown
ad86e576a4 autoformat 2023-10-03 13:40:17 -07:00