Rasmus Wriedt Larsen
a82fa04d8a
Python: Add worked example of taint step modeling of external libs
...
This can't be seen on the example, but I went through quite a lot of iterations
before arriving at this fairly simple solution.
2020-09-22 16:28:26 +02:00
Rasmus Wriedt Larsen
00ea0cebc3
Python: More Flask modeling kinda works
...
It "kinda" works now, but it really is not a pretty solution. Adding all these
"tracked" objects is SUPER annoying... it _would_ be possible to skip them, but
that seems like it will give the wrong edges for dataflow/taintflow queries :|
A good chunk of it should be able to be removed with access-paths like C# does
for library modeling. Some of it could be solved by better type-tracking API
like API Graphs... but it seems like we generally are just lacking the
nice-to-have features like `.getAMemberCall` and the like. See
https://github.com/github/codeql/pull/4082/files#diff-9aa94c4d713ef9d8da73918ff53db774L33
2020-09-22 16:28:25 +02:00
Rasmus Wriedt Larsen
3c08590ee4
Python: Expand flask tests a bit
2020-09-22 16:28:24 +02:00
Rasmus Wriedt Larsen
2bdd0284dc
Python: Port py-command-line-injection with new dataflow
2020-09-22 16:28:23 +02:00
Rasmus Wriedt Larsen
7c205dd3fc
Python: First attempt at modeling Flask
2020-09-22 16:28:21 +02:00
Rasmus Wriedt Larsen
cdc5ca7aec
Python: Model os.system and os.popen
2020-09-22 16:28:20 +02:00
Rasmus Wriedt Larsen
0265f26301
Python: Add importModule and importMember DataFlow helpers
2020-09-22 16:28:19 +02:00
Rasmus Wriedt Larsen
2551173156
Python: Update example in QLDoc for TypeTracker
2020-09-22 16:28:18 +02:00
Tamás Vajk
54c35748f0
Merge pull request #4193 from tamasvajk/feature/sign-analysis
...
C#: Sign analysis
2020-09-22 15:33:33 +02:00
Anders Schack-Mulligen
66e2ed9b65
Merge pull request #4031 from aibaars/hibernate
...
Add additional Hibernate SQL sinks
2020-09-22 15:29:40 +02:00
CodeQL CI
036a36a474
Merge pull request #4317 from max-schaefer/js/api-node-depth
...
Approved by asgerf
2020-09-22 05:58:48 -07:00
Erik Krogh Kristensen
717ea2369c
Merge pull request #4311 from erik-krogh/indirect-fix
...
JS: improve join-order for HTTP::isDecoratedCall
2020-09-22 14:35:50 +02:00
CodeQL CI
9a306866c5
Merge pull request #4282 from erik-krogh/es2021
...
Approved by esbena
2020-09-22 05:34:35 -07:00
Anders Schack-Mulligen
47506a859e
Merge pull request #4287 from joefarebrother/exectainted-array
...
Java: Improve the ExecTainted query
2020-09-22 13:16:05 +02:00
Jonas Jensen
269b7101c0
Merge pull request #4273 from lcartey/cpp/custom-range-analysis-override
...
C++: Support overriding existing simple range analysis bounds
2020-09-22 13:15:05 +02:00
Jonas Jensen
e86bc0c6ac
C++: Autoformat fixup
2020-09-22 11:53:05 +02:00
Erik Krogh Kristensen
32b0f1b480
add code example to isDecoratedCall
2020-09-22 10:42:49 +02:00
Max Schaefer
dafd45f0f4
JavaScript: Add a few metric queries for API graphs.
2020-09-22 09:30:19 +01:00
Max Schaefer
46ba4a1fa8
JavaScript: Expose another useful predicate on API-graph nodes.
2020-09-22 09:30:12 +01:00
Jonas Jensen
5cbf498a2d
Merge pull request #4302 from MathiasVP/fix-field-conflation-after-4230
...
C++: Fix field conflation after #4230
2020-09-22 10:23:17 +02:00
Erik Krogh Kristensen
ec49c444ef
Apply suggestions from code review
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2020-09-22 10:15:30 +02:00
Jonas Jensen
c56d5eb90e
Merge pull request #4295 from rdmarsh2/rdmarsh2/cpp/ir-qualifier-flow
...
C++: Improved qualifier flow in IR taint tracking
2020-09-22 09:23:10 +02:00
Erik Krogh Kristensen
4243504c8b
improve join-order for HTTP::isDecoratedCall
2020-09-21 23:20:16 +02:00
Robert Marsh
947ad02db9
C++: autoformat
2020-09-21 11:38:57 -07:00
Taus
724baaf26a
Merge pull request #4308 from RasmusWL/python-private-import-of-DataFlowPrivate
...
Python: Make import of DataFlowPrivate private
2020-09-21 17:13:48 +02:00
Tom Hvitved
06dbec78f7
C#: Add Guard::controlsBasicBlock() and simplify Guard::isEquality()
2020-09-21 16:15:12 +02:00
Tamas Vajk
8bf4a4209c
C#: Sign analysis
...
Synced between Java and C# through `identical-files.json`.
2020-09-21 16:15:12 +02:00
Rasmus Wriedt Larsen
2f9f51dbd8
Python: Fix tests that use DataFlowPrivate
2020-09-21 16:08:17 +02:00
yoff
557db3381d
Merge pull request #4265 from tausbn/python-add-global-flow-steps
...
Python: Add `ModuleVariableNode` to keep track of global reads and writes
2020-09-21 15:51:19 +02:00
Tom Hvitved
d3ea20cd2c
Merge pull request #4271 from github/matt-gretton-dann/csharp-dont-trace-macos-pkill
...
Don't trace through pkill or pgrep on macOS.
2020-09-21 15:44:48 +02:00
Tamas Vajk
441fbe3215
Add Java test file for sign analysis
2020-09-21 15:07:09 +02:00
Mathias Vorreiter Pedersen
873e871620
C++: Handle more cases in arrayReadStep.
2020-09-21 14:35:37 +02:00
Mathias Vorreiter Pedersen
73cd5ceb80
C++: Accept tests. Due to the removal of overlap between the reads steps there are fewer repeated edges in path explanations.
2020-09-21 14:17:49 +02:00
Rasmus Wriedt Larsen
6aca82fa82
Python: Make import of DataFlowPrivate private
...
Otherwise you are able to use `DataFlow::isExpressionNode` where
`isExpressionNode` is defined in `DataFlowPrivate.qll`.
2020-09-21 13:52:58 +02:00
Taus
9d7a2d2b5d
Merge branch 'main' into python-add-global-flow-steps
2020-09-21 13:50:20 +02:00
Anders Schack-Mulligen
4a3118b13e
Merge pull request #4246 from RasmusWL/java-fix-ssa-varBlockReaches
...
Java: Minor fixup for SSA AdjacentUsesImpl::varBlockReaches
2020-09-21 13:28:20 +02:00
CodeQL CI
016e6d2001
Merge pull request #4275 from erik-krogh/CVE760-indirect
...
Approved by esbena
2020-09-21 04:09:51 -07:00
Mathias Vorreiter Pedersen
62d42f20d9
C++: use(x) is no longer an array read.
2020-09-21 12:46:03 +02:00
Rasmus Wriedt Larsen
233dd43635
Java: Port varBlockReaches fix to BaseSSA.qll
2020-09-21 12:11:25 +02:00
Taus Brock-Nannestad
1d6558b4e8
Python: Add a bit more documentation to ModuleVariableNode
2020-09-21 11:46:18 +02:00
Mathias Vorreiter Pedersen
c560c7584c
C++: Add QLDoc for BufferMayWriteSideEffectFieldStoreQualifierNode
2020-09-21 11:08:06 +02:00
Mathias Vorreiter Pedersen
49dd576352
C++: Add more tests
2020-09-21 10:59:16 +02:00
Erik Krogh Kristensen
4571ba38a5
add change-note for es2021
2020-09-21 10:51:36 +02:00
Erik Krogh Kristensen
4bc91c4439
add support for Promise.any
2020-09-21 10:50:06 +02:00
Erik Krogh Kristensen
9f1b3d61b9
add test for numeric separators
2020-09-21 10:50:06 +02:00
Erik Krogh Kristensen
b09015380a
add support for String.prototype.replaceAll
2020-09-21 10:50:04 +02:00
Erik Krogh Kristensen
0dbdbfa659
bump extractor version
2020-09-21 10:49:50 +02:00
Erik Krogh Kristensen
87d4e13584
added support for ES2021 assignment operators
2020-09-21 10:49:50 +02:00
Erik Krogh Kristensen
9e7a1934ea
add express and HTTP to change-notes
2020-09-21 10:45:43 +02:00
Erik Krogh Kristensen
4dfc0680e2
support non SourceNode receiver for partialInvoke in routeHandlerStep
2020-09-21 10:42:19 +02:00
