hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-24 02:43:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,984 Commits 1,693 Branches 161 Tags
6b6d8862b023b4ac8ed92e1069def2e89b007051
Commit Graph

9460 Commits

Author SHA1 Message Date
Taus
6b6d8862b0 Merge pull request #21288 from microsoft/azure_python_sanitizer_upstream2 
Azure python sanitizer upstream2
 2026-02-18 14:59:59 +01:00
Ben Rodes
a1eaf42cbf Update python/ql/lib/change-notes/2026-02-09-ssrf_test_case_cleanup_and_new_ssrf_barriers.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-17 13:05:51 -05:00
Ben Rodes
ceb3b21e0f Update python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryCustomizations.qll 
Co-authored-by: Taus <tausbn@github.com>
 2026-02-17 10:28:43 -05:00
github-actions[bot]
b5898c5a30 Post-release preparation for codeql-cli-2.24.2 2026-02-16 17:07:45 +00:00
github-actions[bot]
ef04f927fb Release preparation for version 2.24.2 2026-02-16 13:29:25 +00:00
REDMOND\brodes
4d4e7a1b5c Pretty print for tests. 2026-02-12 08:28:08 -05:00
Taus
7d17454a3b Merge pull request #21138 from github/tausbn/python-prepare-for-overlay-annotations 
Prepare dataflow for local annotations
 2026-02-12 14:23:45 +01:00
Chris Smowton
5f970d9f2f Rewordings per copilot 2026-02-12 12:01:33 +00:00
Chris Smowton
bed1ec8981 Enhance path validation recommendations 
Expanded recommendations for validating user input when constructing file paths, including normalization and using allowlists.
 2026-02-11 12:10:08 +00:00
REDMOND\brodes
9f9c353806 Update expected files. Copilot suggestions broke unit test expected results (column numbers). 2026-02-10 11:47:23 -05:00
REDMOND\brodes
4bb110beb8 More copilot suggestions. 2026-02-10 11:46:16 -05:00
REDMOND\brodes
a91cf6b7cb Applying copilot PR suggestions. 2026-02-10 11:37:11 -05:00
Ben Rodes
9f8ed710e2 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_path_validation.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-10 11:09:25 -05:00
REDMOND\brodes
23bab81855 Added change log 2026-02-09 13:22:35 -05:00
REDMOND\brodes
df54459552 Restore prior PR change log (accidentally removed) 2026-02-09 13:19:02 -05:00
Ben Rodes
85ae4045c5 Merge branch 'main' into azure_python_sanitizer_upstream2 2026-02-09 13:12:38 -05:00
yoff
5ad42f8bcc Merge pull request #20563 from microsoft/azure_python_sdk_url_summary_upstream 
Azure python sdk url summary upstream
 2026-02-09 18:34:36 +01:00
REDMOND\brodes
f6c302b68c Removing commented out test cases. 2026-02-06 11:28:48 -05:00
REDMOND\brodes
4f11913ee5 removing SSRFSink.qll 2026-02-06 11:23:58 -05:00
REDMOND\brodes
42f6e6a19c Fixing inefficiently passed variable in nested existential quantification. 2026-02-06 11:20:15 -05:00
REDMOND\brodes
97f19d03ad Updating test case expected alerts. 2026-02-06 11:20:13 -05:00
REDMOND\brodes
97ddab0724 Added support for new URIValidator in AntiSSRF library. Updated test caes to use postprocessing results. Currently results for partial ssrf still need work, it is flagging cases where the URL is fully controlled, but is sanitized. I'm not sure if this should be flagged yet. 2026-02-06 11:20:11 -05:00
REDMOND\brodes
27e19813be Removing an upstream change log, not needed for local fork update. 2026-02-06 11:20:10 -05:00
REDMOND\brodes
88adb05d4b Adjusting acryonym for SSRF for casing standards. 2026-02-06 11:20:08 -05:00
REDMOND\brodes
265922d2e5 Adding docs. 2026-02-06 11:20:01 -05:00
REDMOND\brodes
7db97799c1 Moved change log to correct location. 2026-02-06 11:19:22 -05:00
Ben Rodes
08b72d0a86 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 11:18:51 -05:00
Ben Rodes
46a2a249f9 Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-02-06 11:18:49 -05:00
REDMOND\brodes
b8ba905253 Added change logs. 2026-02-06 11:18:23 -05:00
REDMOND\brodes
9912aaaf1a Adding azure sdk test cases and updated test expected file. 2026-02-06 11:18:16 -05:00
REDMOND\brodes
8459eec239 Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review. 2026-02-06 09:26:49 -05:00
Ben Rodes
ac1987f264 Update python/ql/lib/change-notes/2025-09-30-azure_ssrf_models.md 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2026-02-05 15:44:44 -05:00
Taus
8c27437628 Python: Bump extractor version and add change note 2026-02-05 13:50:54 +00:00
REDMOND\brodes
0a88425170 Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode. 2026-02-04 09:04:22 -05:00
Ben Rodes
cd73dcfb04 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-04 08:55:38 -05:00
Owen Mansel-Chan
3f08ff88a4 Pretty print models in test 
Otherwise the tests breaks when unrelated changes are made because the
model numbers change
 2026-02-04 10:52:44 +00:00
Taus
62fb38d834 Python: Rename otherArgs to implicitArgumentNode 
Co-authored-by: yoff <yoff@github.com>
 2026-02-03 15:32:46 +00:00
github-actions[bot]
73d06f26cb Post-release preparation for codeql-cli-2.24.1 2026-02-02 14:04:26 +00:00
Ben Rodes
7ddfa80399 Merge branch 'main' into azure_python_sdk_url_summary_upstream 2026-02-02 09:00:35 -05:00
github-actions[bot]
0db542e9f0 Release preparation for version 2.24.1 2026-02-02 12:09:09 +00:00
Owen Mansel-Chan
5204255615 Merge pull request #21234 from owen-mc/python/convert-sanitizers-to-mad 
Python: Allow models-as-data sanitizers
 2026-01-30 14:28:39 +00:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
Taus
958c798c3f Python: Accept dataflow test changes 
New nodes means new results. Luckily we rarely have a test that selects
_all_ dataflow nodes.
 2026-01-30 12:50:25 +00:00
Taus
fb6175d10b Python: Fix consistency test failures 
As we now have many more capturing closure arguments, we must once again
exclude the ones that don't actually have `argumentOf` defined.
 2026-01-30 12:50:25 +00:00
Taus
3f718123a6 Python: Make capturing closure arguments synthetic and non-global 
Uses the same trick as for `ExtractedArgumentNode`, wherein we postpone
the global restriction on the charpred to instead be in the `argumentOf`
predicate (which is global anyway).

In addition to this, we also converted `CapturedVariablesArgumentNode`
into a proper synthetic node, and added an explicit post-update node for
it. These nodes just act as wrappers for the function part of call
nodes. Thus, to make them work with the variable capture machinery, we
simply map them to the closure node for the corresponding control-flow
or post-update node.
 2026-01-30 12:50:25 +00:00
Taus
6113d4be9e Python: Fix test issues 
Fixes the test failures that arose from making `ExtractedArgumentNode`
local.

For the consistency checks, we now explicitly exclude the
`ExtractedArgumentNode`s (now much more plentiful due to the
overapproximation) that don't have a corresponding `getCallArg` tuple.

For various queries/tests using `instanceof ArgumentNode`, we instead us
`isArgumentNode`, which explicitly filters out the ones for which
`isArgumentOf` doesn't hold (which, again, is the case for most of the
nodes in the overapproximation).
 2026-01-30 12:50:25 +00:00
Taus
7fccc23dbe Python: Make ExtractedArgumentNode local 
Explicitly adds a bunch of nodes that were previously (using a global
analysis) identified as `ExtractedArgumentNode`s. These are then
subsequently filtered out in `argumentOf` (which is global) by putting
the call to `getCallArg` there instead of in the charpred.
 2026-01-30 12:50:25 +00:00
Taus
ac5a74448f Python: Fix tests 
With `ModuleVariableNode`s now appearing for _all_ global variables (not
just the ones that actually seem to be used), some of the tests changed
a bit. Mostly this was in the form of new flow (because of new nodes
that popped into existence). For some inline expectation tests, I opted
to instead exclude these results, as there was no suitable location to
annotate. For the normal tests, I just accepted the output (after having
vetted it carefully, of course).
 2026-01-30 12:50:25 +00:00
Taus
30ce4069c7 Python: Remove global restriction on ModuleVariableNode 
This may result in more nodes, but it should still be bounded by the
number of global variables in the source code.
 2026-01-30 12:50:24 +00:00
Taus
4543c66d26 Python: Prepare LocalSourceNode for locality 
Removes the dependence on the (global) `ModuleVariableNode.getARead()`,
by adding a local version (that doesn't include `import *` reads)
instead.
 2026-01-30 12:50:24 +00:00