Commit Graph

123 Commits

Author SHA1 Message Date
edvraa
7cbbd6cc89 Simplify query 2021-03-31 15:35:54 +03:00
edvraa
94234b8b02 Rename ObjectMethodSink to InstanceMethodSink 2021-03-31 15:22:30 +03:00
edvraa
ac29184521 deserialization sinks 2021-03-20 21:50:46 +02:00
Tom Hvitved
d53faa86dc C#: Restrict FormatInvalid.ql and UncontrolledFormatString.ql to calls with insertions 2020-12-18 10:53:11 +01:00
Tamas Vajk
24670160c2 Address code review findings 2020-12-04 13:26:53 +01:00
Tamas Vajk
cd5c1f06ee C#: Add queries to check untrusted data flow to external APIs 2020-12-04 13:26:53 +01:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Tamás Vajk
5ab5e75b85 Merge pull request #4255 from fatenhealy/IncreaseInsufficientKeySizeValue
Increase insufficient key size value from 1024 to 2048
2020-09-22 23:06:12 +02:00
Faten Healy
c35a5d120a C#: Increasing required size of RSA key to 2048 2020-09-22 11:09:49 +02:00
Tom Hvitved
aac2e0ebfb C#: Avoid bad magic in RuntimeChecksBypass.ql
Before:

```
[2020-09-18 14:03:57] (2587s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#bbf#antijoin_rhs#1:
                      1270       ~8%     {2} r1 = SCAN RuntimeChecksBypass::uncheckedWrite#bbf#shared AS I OUTPUT I.<1>, I.<0>
                      188197390  ~0%     {3} r2 = JOIN r1 WITH #Callable::Callable::calls_dispred#bfPlus AS R ON FIRST 1 OUTPUT R.<1>, r1.<1>, r1.<0>
                      2425784042 ~1%     {3} r3 = JOIN r2 WITH Expr::Expr::getEnclosingCallable_dispred#ff_10#join_rhs AS R ON FIRST 1 OUTPUT r2.<1>, R.<1>, r2.<2>
                      58         ~9%     {2} r4 = JOIN r3 WITH project#RuntimeChecksBypass::checkedWrite#bfff AS R ON FIRST 2 OUTPUT r3.<0>, r3.<2>
                                         return r4
```

After:

```
[2020-09-18 14:08:48] (5s) Tuple counts for RuntimeChecksBypass::uncheckedWrite#fff#antijoin_rhs:
                      24704473 ~2%      {2} r1 = SCAN DataFlowPublic::localExprFlow#ff AS I OUTPUT I.<1>, I.<0>
                      23784154 ~6%      {4} r2 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, 28, R.<0>, R.<1>
                      201391   ~2%      {2} r3 = JOIN r2 WITH expressions AS R ON FIRST 2 OUTPUT r2.<2>, r2.<3>
                      23784154 ~0%      {3} r4 = JOIN r1 WITH Expr::Expr::getEnclosingCallable_dispred#ff AS R ON FIRST 1 OUTPUT r1.<1>, R.<0>, R.<1>
                      1065242  ~20%     {2} r5 = JOIN r4 WITH expr_value AS R ON FIRST 1 OUTPUT r4.<1>, r4.<2>
                      1266633  ~16%     {2} r6 = r3 \/ r5
                                        return r6
```
2020-09-18 14:15:30 +02:00
Gavin Lang
7a023a65b0 Grammatical issues in Encryption using ECB.qhelp 2020-06-30 15:33:05 +10:00
Tom Hvitved
652de80fa5 C#: Enable syntax highlighting in QLDoc snippets 2020-06-23 16:56:56 +02:00
Tom Hvitved
1e8b7ed367 C#: Avoid multiple taint-tracking configurations
The taint-tracking configuration in `ExposureOfPrivateInformation.ql`
overlaps with the XSS taint-tracking configuration, as witnessed by this import chain:

```
semmle.code.csharp.security.dataflow.ExposureOfPrivateInformation.qll imports
semmle.code.csharp.security.dataflow.flowsinks.ExternalLocationSink imports
semmle.code.csharp.security.dataflow.flowsinks.Remote imports
semmle.code.csharp.security.dataflow.XSS
```

(The same for `CleartextStorage.qll` and `LogForging.ql`.)

The fix is to use `TaintTracking2` for the XSS configuration.
2020-06-02 14:42:35 +02:00
Tom Hvitved
a4d933d1d6 C#: More results for cs/web/missing-x-frame-options
Report an alert in _any_ `Web.config` file, as long as it does not have an
`X-Frame-Options` entry (as opposed to only reporting alerts when _all_
`Web.config` files lack the entry).
2020-05-04 09:17:08 +02:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
142737dc61 C#: Move HtmlSinks from XSS.qll into separate file 2020-03-25 20:05:39 +01:00
Tom Hvitved
fddbce0b7b C#: Move all predefined sources and sinks into security/dataflow/flow{sinks,sources} 2020-03-25 20:05:39 +01:00
Tom Hvitved
78380f5d59 Merge pull request #2658 from calumgrant/cs/serialization-check-bypass-type
C#: Fix cs/serialization-check-bypass
2020-02-12 10:26:01 +01:00
Calum Grant
803cb3f4d1 C#: Address review comment
- Flow from expressions with a value is excluded.
2020-02-10 16:02:29 +00:00
Jonas Jensen
c4d2163321 Merge pull request #2673 from aschackmull/ql/autoformat-comparisonterm
Java/C++/C#: Autoformat comparison terms
2020-01-30 08:47:50 +01:00
Calum Grant
7caae01ad1 C#: Exclude fields that are created 2020-01-29 15:47:12 +00:00
Tom Hvitved
474815bf57 Merge pull request #2660 from calumgrant/cs/release-notes
C#: Add release notes and precisions to queries
2020-01-29 16:05:45 +01:00
Anders Schack-Mulligen
726a873c3e C#: Autoformat. 2020-01-29 13:15:00 +01:00
Calum Grant
c0379cc3f1 C#: Address review comment: an SQL 2020-01-29 11:46:28 +00:00
Calum Grant
3d460aeb44 C#: ZipSlip query reports alert at source 2020-01-21 15:17:06 +00:00
Calum Grant
be68b6f938 C#: Add precision to queries 2020-01-21 13:24:48 +00:00
Calum Grant
6790028d4c C#: Use guards library 2020-01-15 15:46:19 +00:00
Calum Grant
41b4d70504 C#: Refactor, improve documentation and add tests for cs/serialization-check-bypass 2020-01-03 18:46:39 +00:00
Calum Grant
59ce8842bb Merge branch 'master' of git.semmle.com:Semmle/ql into ASPNetPagesValidateRequest
# Conflicts:
#	change-notes/1.24/analysis-csharp.md
2019-12-05 15:58:47 +00:00
Paulino Calderon
5fd0662264 Update csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.qhelp
Fixes typo

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2019-12-02 16:44:39 -05:00
Paulino Calderon
9576e2a698 Update csharp/ql/src/Security Features/CWE-016/ASPNetPagesValidateRequest.qhelp
Adds missing code tags

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2019-12-02 16:43:51 -05:00
Paulino Calderon
8026925a3a Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.ql
Added missing quotes.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2019-11-29 22:39:50 -05:00
Paulino Calderon
879d34d24d Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp
Missing comma.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2019-11-29 22:39:29 -05:00
Paulino Calderon
22964cba74 Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp
Rephrasing.

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2019-11-29 22:39:04 -05:00
Paulino Calderon
a2dfd551f6 Update csharp/ql/src/Security Features/CWE-016/ASPNetRequestValidationMode.qhelp
built in to built-in

Co-Authored-By: James Fletcher <42464962+jf205@users.noreply.github.com>
2019-11-29 22:38:42 -05:00
Calum Grant
30a2620a8c C#: Tidy up docs, query metadata and add tests. 2019-11-29 10:31:58 +00:00
Paulino Calderon
eeffd7cf8d Adds CodeQL query to check for Pages validateRequest directive 2019-11-28 14:22:08 +00:00
Calum Grant
d001c3c2d2 C#: Restructure files. 2019-11-27 17:29:53 +00:00
Calum Grant
c906a8238d C#: Edit qhelp for cs/insecure-request-validation-mode 2019-11-27 16:37:37 +00:00
Calum Grant
4b19f3b6a4 C#: Whitespace edit and edit query metadata. 2019-11-27 16:37:37 +00:00
Paulino Calderon
6f346c6676 Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET 2019-11-27 16:37:37 +00:00
Tom Hvitved
71fd5379c9 C#: Remove tabs from qhelp file 2019-11-25 13:40:44 +01:00
Paulino Calderon
63884c1a86 Mixed spaces and tabs 2019-11-19 13:06:55 -05:00
Paulino Calderon
96a02aba3f Adds quotes on name and additional info tags 2019-11-19 12:39:10 -05:00
Paulino Calderon
56c12adab7 Adds check for insecure MaxLengthRequest values 2019-11-16 14:21:39 -05:00
Felicity Chapman
c4f958d396 Merge pull request #2263 from sauyon/master
Update links to OWASP cheat sheet
2019-11-11 08:51:52 +00:00
semmle-qlci
2b120def01 Merge pull request #2211 from hvitved/csharp/unsafe-deserialization
Approved by jf205
2019-11-07 14:16:13 +00:00
Sauyon Lee
0040c9fb4c Update links to OWASP cheat sheet 2019-11-06 20:21:47 -08:00
Geoffrey White
8c16b36c7f Merge pull request #2231 from semmledocs-ac/newqueries-docscheck
CPP & C#: Review of qhelp (SD-4028)
2019-11-05 11:11:34 +00:00