hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 10:10:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,398 Commits 1,673 Branches 157 Tags
b47fa77dc6a3809b6d32f301cd35ffc0cbc2eb20
Commit Graph

71398 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
b47fa77dc6 JS: Add tests for stdin threat-model sources 2024-10-31 12:59:21 +01:00
Rasmus Wriedt Larsen
2b6c27eb60 JS: Add initial file threat-model support 
However, as indicated by the `MISSING` annotations, we could do better.
 2024-10-29 15:14:39 +01:00
Rasmus Wriedt Larsen
3656864695 JS: Add database threat-model source modeling 2024-10-29 15:11:09 +01:00
Rasmus Wriedt Larsen
7c7420a9a4 JS: Add change-note 2024-10-29 11:35:56 +01:00
Rasmus Wriedt Larsen
07bc1feb11 Docs: Threat-models supported in JS 
Capturing
- 7d3793e718
- e35c2b243a
- e11bfc27bd
 2024-10-29 11:33:02 +01:00
Rasmus Wriedt Larsen
84f6b89ced JS: Minor improvements to threat-model Concepts 
Mirroring what was done for Python
 2024-10-29 11:29:48 +01:00
Rasmus Wriedt Larsen
1726287bf4 JS: Add e2e threat-model test 2024-10-25 15:03:44 +02:00
Rasmus Wriedt Larsen
d3ae4c930e JS: Model newer yargs command-line parsing pattern 2024-10-25 15:03:43 +02:00
Rasmus Wriedt Larsen
3448751b4c JS: Consolidate command-line argument modeling 
Such that we can reuse the existing modeling, but have it globally
applied as a threat-model as well.

I Basically just moved the modeling. One important aspect is that this
changes is that the previously query-specific `argsParseStep` is now a
globally applied taint-step. This seems reasonable, if someone applied
the argument parsing to any user-controlled string, it seems correct to
propagate that taint for _any_ query.
 2024-10-25 15:03:43 +02:00
Rasmus Wriedt Larsen
412e841d69 JS: Add environment threat-model source 2024-10-25 15:03:43 +02:00
Rasmus Wriedt Larsen
f733ac19a9 JS: Make (most) queries use ActiveThreatModelSource 
7 cases looks something like this:

```
class RemoteFlowSourceAsSource extends Source instanceof RemoteFlowSource {
  RemoteFlowSourceAsSource() { not this instanceof ClientSideRemoteFlowSource }
}
```

(some have variations like `not this.(ClientSideRemoteFlowSource).getKind().isPathOrUrl()`)

javascript/ql/lib/semmle/javascript/security/dataflow/ClientSideUrlRedirectCustomizations.qll
javascript/ql/lib/semmle/javascript/security/dataflow/CommandInjectionCustomizations.qll
javascript/ql/lib/semmle/javascript/security/dataflow/CorsMisconfigurationForCredentialsCustomizations.qll
javascript/ql/lib/semmle/javascript/security/dataflow/RegExpInjectionCustomizations.qll
javascript/ql/lib/semmle/javascript/security/dataflow/RequestForgeryCustomizations.qll
javascript/ql/lib/semmle/javascript/security/dataflow/ResourceExhaustionCustomizations.qll
javascript/ql/lib/semmle/javascript/security/dataflow/TaintedPathCustomizations.qll
 2024-10-25 15:03:42 +02:00
Rasmus Wriedt Larsen
4b1c027359 JS: Integrate RemoteFlowSource with ThreatModelSource 2024-10-25 14:52:49 +02:00
Rasmus Wriedt Larsen
dbfbd2c00a JS: Remove 'response' from default threat-models 
I didn't want to put the configuration file in
`semmle/javascript/frameworks/**/*.model.yml`, so created `ext/` as in other
languages
 2024-10-25 14:52:49 +02:00
Rasmus Wriedt Larsen
05dce8a0be JS: Add test showing default active threat-models 2024-10-25 14:50:59 +02:00
Rasmus Wriedt Larsen
17a6d54e4d JS: Setup basic support for threat-models 
Integration with RemoteFlowSource is not straightforward, so postponing
that for later

Naming in other languages:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and instead I came up with new names.
 2024-10-25 14:50:59 +02:00
Paolo Tranquilli
55d092fd3e Merge pull request #17835 from github/redsun82/rust-qltest 
Rust: move `qltest` to rust code, add `options` with cargo check
 2024-10-24 18:29:17 +02:00
Paolo Tranquilli
41d0085918 Rust: address review 2024-10-24 17:54:18 +02:00
Paolo Tranquilli
c79f8180f3 Rust: move down options in query-tests 2024-10-24 17:14:48 +02:00
Tom Hvitved
e920a4c56c Merge pull request #17828 from hvitved/rust/enclosing-callable 
Rust: Introduce `AstNode.getEnclosingCallable`
 2024-10-24 14:57:12 +02:00
Paolo Tranquilli
3f8d438851 Rust: move qltest to rust code, add options with cargo check 2024-10-24 12:55:23 +02:00
Erik Krogh Kristensen
7bbd4a10b9 Merge pull request #17831 from erik-krogh/skip-more-types 
JS: have getId always return null if skipExtractingTypes is set
 2024-10-24 12:34:22 +02:00
Owen Mansel-Chan
e16f35478b Merge pull request #17833 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2024-10-24 11:19:01 +01:00
Calum Grant
a8f1d57573 Merge pull request #17775 from github/calumgrant/bmn/wrong-type-format-arguments-test 
C++: Reduce FPs in cpp/wrong-type-format-argument due to extraction errors
 2024-10-24 08:40:46 +01:00
github-actions[bot]
1e26db64fb Add changed framework coverage reports 2024-10-24 00:20:48 +00:00
erik-krogh
073d6d8c14 have getId always return null if skipExtractingTypes is set 2024-10-23 16:50:23 +02:00
Jeroen Ketema
226756e1d4 Merge pull request #17826 from MathiasVP/missing-flow-with-aliasing-fields 
C++: Add test with missing flow
 2024-10-23 15:49:42 +02:00
Calum Grant
421413a654 C++: Update change notes 2024-10-23 14:46:00 +01:00
Michael Nebel
779ee25a19 Merge pull request #17824 from michaelnebel/java/maptoobj 
Java: Add manual models for `mapToObj`.
 2024-10-23 15:40:28 +02:00
Calum Grant
f37be68067 C++: Handle builtin FormattingFunctions better 2024-10-23 14:35:32 +01:00
Tom Hvitved
a3d8b8eb14 Rust: Run codegen 2024-10-23 15:31:08 +02:00
Tom Hvitved
df19281b9f Rust: Introduce AstNode.getEnclosingCallable 2024-10-23 15:31:07 +02:00
Tom Hvitved
086e0c61fc Merge pull request #17817 from hvitved/rust/cfg-scope-callable 
Rust: Use `Callable` to define `CfgScope`
 2024-10-23 15:24:13 +02:00
Taus
24ae54886f Merge pull request #17809 from github/tausbn/python-fix-kwargs-in-class-bases 
Python: Fix bug in handling of `**kwargs` in class bases
 2024-10-23 15:04:54 +02:00
Mathias Vorreiter Pedersen
7c5f561724 C++: Accept test changes. 2024-10-23 13:37:06 +01:00
Taus
e1e35689ca Merge pull request #17807 from github/tausbn/python-fix-string-encoding-dataset-check-failure 
Python: Fix string encoding dataset check failure
 2024-10-23 14:26:45 +02:00
Mathias Vorreiter Pedersen
2fd07f28f0 C++: Add test with missing flow. 2024-10-23 13:00:33 +01:00
Michael Nebel
caa08046b6 Java: Update expected test output. 2024-10-23 09:29:29 +02:00
Michael Nebel
3d70f91b9f Java: Add manual models for various mapToObj methods. 2024-10-23 09:29:15 +02:00
Michael Nebel
197642c914 Merge pull request #17547 from michaelnebel/java/jdk17update 
Java: Update Java JDK 17 models.
 2024-10-23 09:07:02 +02:00
Henning Makholm
665354ebd2 Merge pull request #17823 from github/hmakholm/pr/graph-equivalence-test 
Supplement 'query-type: graph' with actual query metadata
 2024-10-22 21:08:15 +02:00
Henning Makholm
3d8d340f2a Supplement 'query-type: graph' with actual query metadata 
A number of CPP library tests contain `// query-type: graph`
annotations that make the test driver compare the output
from the test query in a special mode. (This feature is
not used by other languages).

It's somewhat awkward in the implementation of `codeql test run`
that this annotation is not an ordinary item of query metadata --
essentially it means that _every_ test query has to be opened
and read an extra time to look for this annotation. I'd like
to move towards using ordinary query metadata for this, since
the QL compiler already parses it anyway.

For the time being, give the annotation in both old and new
syntaxes, until a CLI that recognizes both has been released.
 2024-10-22 20:38:00 +02:00
Michael Nebel
16fe7a2fbe Merge pull request #17815 from michaelnebel/csharp/logforgingreplacelineending 
C#: Add sanitizer to `cs/log-forging`.
 2024-10-22 15:41:17 +02:00
Chris Smowton
2312f9d8df Merge pull request #17811 from github/smowton/admin/package-maven-plugin-change-note 
Add change-note for Java buildless packaging its required Maven plugin
 2024-10-22 14:23:01 +01:00
Cornelius Riemenschneider
cdffa09a7b Merge pull request #17821 from github/criemen/win-make-bazel 
Go: Fix makefile to use bash to look up bazel path.
 2024-10-22 12:50:10 +02:00
Cornelius Riemenschneider
1ccadbc3f6 Add comment. 2024-10-22 11:26:02 +02:00
Cornelius Riemenschneider
ad1ef65539 Go: Fix makefile to use bash to look up bazel path. 
On Windows, make's path resolution algorithm is incorrect.
It picks up a bazel.exe in PATH that's _after_ a bazel binary.
In particular, on actions, the non-exe binary is a bazelisk
instance, whereas bazel.exe is a bazel (at the current time 7.3.2)
installation.
This means we pick up the wrong bazel version, and
if the differences between the bazel we want and that we actually
get are too big, the build fails.
 2024-10-22 10:51:10 +02:00
Tom Hvitved
60c205ff37 Merge pull request #17818 from hvitved/rust/summary-stats-perf 
Rust: Speedup `SummaryStats.ql`
 2024-10-22 10:15:56 +02:00
Owen Mansel-Chan
23a1ea7191 Merge pull request #17717 from owen-mc/go/update-incorrect-integer-conversion-qhelp 
Go: Update `go/incorrect-integer-conversion` qhelp to explain possible source of FPs
 2024-10-21 21:53:32 +01:00
Jeroen Ketema
9ef1a9c3f9 Merge pull request #17225 from geoffw0/aliasperf2 
C++: Improve AliasedSSA performance
 2024-10-21 20:20:24 +02:00
Taus
9803bbdc4b Python: Update class parser test 2024-10-21 15:35:48 +00:00