hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
23,768 Commits 1,693 Branches 161 Tags
a79356e31632c5d9a098add7e1f78143bbe8513f
Commit Graph

1298 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
a79356e316 Apply suggestions from code review 2021-06-25 16:47:26 +02:00
intrigus
dc0b06a735 Java: Factor out SecurityFlag library. 2021-06-25 16:47:24 +02:00
Anders Schack-Mulligen
2d24387e9e Merge pull request #6149 from edoardopirovano/fix-java-regression 
Performance: Fix bad join order in Java dataflow library
 2021-06-25 10:42:05 +02:00
Anders Schack-Mulligen
95ad8b55fe Merge pull request #6107 from aschackmull/dataflow/implicit-reads 
Dataflow: Add support for implicit reads
 2021-06-24 15:38:35 +02:00
Anders Schack-Mulligen
cd0efbe7ce Dataflow: Sync. 2021-06-24 14:19:17 +02:00
Anders Schack-Mulligen
1c1d11a4a4 DataFlow: Address review comments. 2021-06-24 14:18:45 +02:00
Anders Schack-Mulligen
1e511c0a9e Merge pull request #6137 from smowton/smowton/feature/java-util-optional 
Java: Model java.util.Optional
 2021-06-24 13:21:36 +02:00
Edoardo Pirovano
0909c9ff22 Performance: Fix bad join order in dataflow library 2021-06-24 08:24:17 +01:00
Chris Smowton
74feaf2893 Adapt to static methods and nested types returning unbound declaring types 
Previously these returned raw declaring types instead
 2021-06-23 16:03:18 +01:00
Chris Smowton
b34448af87 {Generic,Parameterized,Raw}Type: implement getAPrimaryQlClass 
An aid to debugging
 2021-06-23 15:58:31 +01:00
Anders Schack-Mulligen
6374914053 Java: Fix bad magic. 2021-06-23 14:39:18 +02:00
Chris Smowton
9fd1606238 Model java.util.Optional 2021-06-22 21:17:22 +01:00
Anders Schack-Mulligen
38fc8a750c Java: Improve test and fix a few missing cases. 2021-06-22 11:16:02 +02:00
Anders Schack-Mulligen
27c973e157 Java: Fix some qltests. 2021-06-21 16:08:52 +02:00
Anders Schack-Mulligen
d383c0f69b Java: Remove temporary store-as-taint. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
65ac8be5ac Java: Add defaultImplicitTaintRead and sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
aa82d0b815 Java: Make Content public as DataFlow::Content. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
80880320d5 Dataflow: Sync. 2021-06-21 14:42:47 +02:00
Anders Schack-Mulligen
b7ac329ba1 DataFlow: Add support for configuration-specific implicit reads. 2021-06-21 14:41:19 +02:00
Anders Schack-Mulligen
9110dfaeb3 Merge pull request #6095 from hvitved/dataflow/local-cc-join 
Data flow: Fix `getLocalCallContext` join-order
 2021-06-21 12:53:38 +02:00
Anders Schack-Mulligen
7eb6da3888 Merge pull request #5772 from smowton/smowton/feature/apache-tuple-flow 
Add models for Apache Commons Lang's tuple types
 2021-06-18 11:25:07 +02:00
Tom Hvitved
eb86bceb4d Address review comments 2021-06-18 10:18:47 +02:00
Chris Smowton
d28c95d16c Field foo of -> Field[foo] of 2021-06-17 12:49:25 +01:00
Chris Smowton
74b2a2c7a6 Improve style of interpretField 2021-06-17 12:45:44 +01:00
Chris Smowton
2cc1f46871 Model constructors for (Imm|M)utable(Pair|Triple) 2021-06-17 12:34:40 +01:00
Chris Smowton
eebaab8fe9 Order left and right consistently 2021-06-17 12:34:40 +01:00
Chris Smowton
472a2a64dd Add models for Apache Commons tuples 2021-06-17 12:25:21 +01:00
Chris Smowton
73fa680224 Add support for CSV-specified flow to or from fields. 2021-06-17 12:24:28 +01:00
Chris Smowton
11b70326fd Add Jakarta WS url-open sink 2021-06-17 11:58:41 +01:00
Chris Smowton
da1e760269 Adjust Spring models to use erased function signatures 2021-06-17 11:43:33 +01:00
Chris Smowton
1176fec287 Improve docs 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-17 11:43:33 +01:00
Chris Smowton
8b080a94e7 Convert request forgery tests to inline expectations; add missing models revealed by this process. 2021-06-17 11:43:32 +01:00
Chris Smowton
b66dcbe5b6 Factor request-forgery config so it can be used in an inline-expectations test 2021-06-17 11:43:32 +01:00
Chris Smowton
ee872f1752 Add missing tests, add additional models revealed missing in the process, and add stubs to support them all. 2021-06-17 11:43:32 +01:00
Chris Smowton
49bbfc3f4b Convert SSRF sinks into url-open CSV sinks 
I also drop the previous approach of taint-tracking through various builder objects in favour of assuming that a URI set in a request-builder object is highly likely to end up requested in some way or another.

This will cause the `java/non-https-url` query to pick the new sinks up too, and fixes a Spring case that had never worked but went unnoticed until now.
 2021-06-17 11:43:30 +01:00
Chris Smowton
0f2139ff5d Fix and document one-based argument indexing in StringFormat's getAnArgUsageOffset 2021-06-17 11:41:06 +01:00
Chris Smowton
55c72cebf2 Improve StringBuilder append chain tracking 
Previously this didn't catch the case of constructors chaining directly into appends, like `StringBuilder sb = new StringBuilder("1").append("2")`
 2021-06-17 11:41:06 +01:00
Chris Smowton
5b25694a52 Simplify and improve AddExpr logic 
The improvement is in considering (userSupplied + "/") itself a sanitising prefix.
 2021-06-17 11:41:06 +01:00
Chris Smowton
6b76f42d22 Broaden PrimitiveSanitizer to include boxed primitives and other java.lang.Numbers 2021-06-17 11:41:06 +01:00
Chris Smowton
3167af29bd Tidy and remove catersian product from getUrlArgument 2021-06-17 11:41:05 +01:00
Chris Smowton
f388aae78e Fix getAnArgUsageOffset and improve its space complexity 
Also add tests checking the output of the new function
 2021-06-17 11:41:05 +01:00
Chris Smowton
0db5484399 Copyedit documentation 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-06-17 11:41:05 +01:00
Chris Smowton
9138d2b8f5 Improve comment casing 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-06-17 11:41:05 +01:00
Chris Smowton
b25e8671b9 Java SSRF query: comment on sanitizing regex 2021-06-17 11:41:05 +01:00
Chris Smowton
0d9a6e2b61 Update java/ql/src/semmle/code/java/security/RequestForgery.qll 
SpringRestTemplateUrlMethods -> SpringRestTemplateUrlMethod
 2021-06-17 11:41:05 +01:00
Chris Smowton
fb2989c16b Copyedit comments and function names 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-17 11:41:04 +01:00
Chris Smowton
960a903185 Java SSRF query: document RequestForgeryAdditionalTaintStep and use Unit not string for a supertype. 2021-06-17 11:41:04 +01:00
Chris Smowton
7899e17f3a Java SSRF query: move RequestForgery qll file into semmle/code hierarchy 
This makes it importable by people wishing to extend the query.
 2021-06-17 11:41:04 +01:00
Chris Smowton
b5a450b881 SSRF query: add sanitizer looking for a variety of ways of prepending a sanitizing prefix, such as one that restricts the hostname a URI will refer to. 2021-06-17 11:41:03 +01:00
Anders Schack-Mulligen
6ca8d69b26 Merge pull request #5881 from haby0/java/UnsafeDeserialization 
Java: CWE-502 Add UnsafeDeserialization sinks
 2021-06-17 12:36:34 +02:00