hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-28 06:36:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,178 Commits 1,673 Branches 157 Tags
9eed17f64756565e68e2ac00533b3479d8374c22
Commit Graph

140 Commits

Author SHA1 Message Date
yoff
9eed17f647 Merge pull request #5152 from RasmusWL/improve-pyyaml-support 
Python: Improve pyyaml support
 2021-02-23 19:58:04 +01:00
Rasmus Wriedt Larsen
4880350420 Python: Add a single missing QLDoc 2021-02-17 16:33:12 +01:00
Rasmus Wriedt Larsen
7afe3972d8 Revert "Merge pull request #5171 from RasmusWL/restructure-queries" 
This reverts commit 8caafb3710, reversing
changes made to ec79094957.
 2021-02-17 16:32:53 +01:00
Rasmus Wriedt Larsen
cf9ad0cdc5 Python: Move ExternalAPI queries back under Security 
This was raised as a question at review, and I don't really have a good enough
argument for moving it under POI. At the end of the day, they are _security_
related enough I guess :)
 2021-02-17 11:29:33 +01:00
Rasmus Wriedt Larsen
3a18881660 Python: Restructure query file location 
Since I can never remember the CWE numbers
 2021-02-16 11:36:10 +01:00
Rasmus Wriedt Larsen
f328e84bd2 Python: Mention yaml.safe_load in the qhelp 2021-02-12 12:29:55 +01:00
Rasmus Wriedt Larsen
d8bfa3565f Python: Simple port of URL redirect query 
Still have not added sanitizer, but seems like old sanitizer was a bit too broad
(also covering %-formatting)
 2021-01-20 11:35:44 +01:00
yoff
39acc9a40b Merge pull request #4735 from RasmusWL/python-untrusted-flow 
Python: Untrusted data used in external APIs
 2020-12-18 00:15:08 +01:00
yoff
3bddb946b7 Merge pull request #4773 from RasmusWL/path-injection-improvements 
Python: Path injection improvements
 2020-12-08 14:05:53 +01:00
Rasmus Wriedt Larsen
976559889f Python: Reword qhelp text 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2020-12-08 11:34:44 +01:00
Rasmus Wriedt Larsen
e53ed478ab Python: Highlight os.path.join behavior with absolute paths 2020-12-03 13:41:52 +01:00
Rasmus Wriedt Larsen
a08e1db601 Python: Remove leftover note to self in qhelp file 2020-11-30 17:44:18 +01:00
Anders Schack-Mulligen
8f2094f0bf Autoformat. 2020-11-30 14:42:38 +01:00
Rasmus Wriedt Larsen
cbfcfdf883 Python: Fix UntrustedDataToExternalAPI.qhelp 2020-11-27 17:54:22 +01:00
Rasmus Wriedt Larsen
9e4910f863 Python: Untrusted data used in external APIs 
A port of the one for Java that was added in https://github.com/github/codeql/pull/3938
 2020-11-26 18:19:35 +01:00
Rasmus Wriedt Larsen
9ebe59d393 Python: Move UnsafeDeserialization configuration to own file 2020-11-06 14:27:37 +01:00
Rasmus Wriedt Larsen
d38c48d2c8 Python: Move ReflectedXSS configuration to own file 2020-11-06 14:24:31 +01:00
Rasmus Wriedt Larsen
1897a0d59a Python: Move PathInjection configuration to own file 
This one required a bit more thought, but ended up pretty nicely. Had to write
some QLDoc, but I think it turned out OK.
 2020-11-06 14:21:23 +01:00
Rasmus Wriedt Larsen
0c6bd8401a Python: Move SqlInjection configuration to own file 2020-11-06 14:09:46 +01:00
Rasmus Wriedt Larsen
6299b73a46 Python: Move CommandInjection configuration to own file 2020-11-06 14:07:06 +01:00
Rasmus Wriedt Larsen
7c04c59456 Python: Move CodeInjection configuration to own file 
This makes it easy to extend the sources/sinks of the configuration and re-run
the query from the query console on LGTM.com.

File location in `semmle.<lang>.security.dataflow.<QueryName>.qll` is matching
what we currently do in other languages (JS and C# sampled).

I did not follow the pattern in other languages for wrapping all the code in a
`module CodeInjection`, since I didn't understand the value in doing so -- I
would like confirmation from the other teams if we _should_ actually do that,
before merging.
 2020-11-06 13:58:06 +01:00
Taus Brock-Nannestad
fb6a02e060 Python: More import fixups 2020-11-02 22:17:42 +01:00
Taus Brock-Nannestad
f903e4ffbe Python: Promote experimental queries 
DO NOT MERGE

Also adds performance fix to `python.qll`.
 2020-10-30 19:40:56 +01:00
Chris Smowton
578ea1ae43 Fix OWASP broken links 2020-10-01 13:09:52 +01:00
Faten Healy
03d8fc7296 changed to AES 2020-09-30 22:18:36 +10:00
Faten Healy
6f20516f84 Update broken_crypto.py to AES instead of Blowfish 2020-09-13 21:07:28 +10:00
Faten Healy
826fc0a630 Update BrokenCryptoAlgorithm - Blowfish to AES 2020-09-13 21:04:07 +10:00
Esben Sparre Andreasen
89305865d0 JS: make sanitization a "common" technique rather than "important" 2020-08-26 15:41:54 +02:00
Taus Brock-Nannestad
f07a7bf8cf Python: Autoformat everything using qlformat. 
Will need subsequent PRs fixing up test failures (due to deprecated
methods moving around), but other than that everything should be
straight-forward.
 2020-07-07 15:43:52 +02:00
Rasmus Wriedt Larsen
67be45f045 Merge branch 'master' into python-fix-django-taint-sinks 2020-07-02 11:55:42 +02:00
Taus Brock-Nannestad
01fb1e3786 Python: Get rid of deprecated terms in code and .qhelp. 2020-06-19 16:51:09 +02:00
Rasmus Wriedt Larsen
6cba2fe4f8 Python: Model Django response sinks that are not vuln to XSS 
Since HttpResponse is not *only* used for XSS, it is still valuable to know the
content is send as part of the response.

The *proper* solution to this problem of not all HttpResponses being vulnerable
to XSS is probably to define a new abstract class in Http.qll called
HttpResponseXSSVulnerableSink (or similar). I would like to model a few more
libraries/frameworks before fully comitting to an approach though.
 2020-05-26 16:45:46 +02:00
Rasmus Wriedt Larsen
9c75a39b81 Python: Extend command-injection to handle fabric.api.execute 2020-05-26 10:22:27 +02:00
Rasmus Wriedt Larsen
f602f3e1c7 Python: Use proper import for semmle.python.dataflow.TaintTracking 
It was moved in 637677d515, but imports were not
updated.
 2020-05-25 13:45:49 +02:00
Taus Brock-Nannestad
ab4cef53c2 Python: Autoformat one final straggler. 2020-03-30 12:36:43 +02:00
Taus Brock-Nannestad
87a9f51c78 Python: Autoformat all .ql files. 2020-03-30 11:59:10 +02:00
semmle-qlci
ac7c74dcee Merge pull request #3111 from RasmusWL/python-fabric-command-injection 
Approved by BekaValentine
 2020-03-25 10:07:33 +00:00
Rasmus Wriedt Larsen
d475bb998e Python: Add abstract class CommandSink 
I'm going to add more in a sec, and listing *all* of them in CommandInjection.ql
started to be silly
 2020-03-23 17:04:08 +01:00
Rasmus Wriedt Larsen
1029f04e76 Python: TarSlip sanitizer: handle not 2020-02-20 16:27:54 +01:00
Rasmus Wriedt Larsen
3c317ed0e6 Python: TarSlip sanitizer: only clear taint on false edge 
maybe it was on purpose, will have to investigate FPs when query is good
 2020-02-20 16:11:24 +01:00
Rasmus Wriedt Larsen
f3ab52b1fe Python: Use StringValue instead of Value::forString 2020-02-17 14:41:32 +01:00
Rasmus Wriedt Larsen
6d5a8e4995 Python: Fix typos 2020-02-17 14:34:22 +01:00
Rasmus Wriedt Larsen
6b5b28aded Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue 
Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
bd1f21fb7a Python: Fix modernisation regression on py/weak-crypto-key 
also fixes test code to use the right argument name
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
e5abfd0196 Python: Modernise Security/ queries 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
27a7d09c94 Python: Fix minor problems in security examples 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
5bc592514a Python: Consistenly use "a user-provided value" 
ReflectedXss was the only query that used it with the "a"
 2020-02-03 14:35:09 +01:00
Rasmus Wriedt Larsen
2648e34f1a Python: Autoformat security 2020-01-31 14:49:18 +01:00
Taus
618a35bb7c Merge pull request #2664 from RasmusWL/python-fix-redirect-example 
Python: Remove unused variable in example for py/url-redirection
 2020-01-23 13:42:00 +01:00
Rasmus Wriedt Larsen
7d9f1f08ee Python: Autoformat 2020-01-22 13:45:14 +01:00