hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-17 23:43:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
80,068 Commits 1,693 Branches 160 Tags
c19085e56e6830c190efd307c271f44851ed06df
Commit Graph

11915 Commits

Author SHA1 Message Date
Chris Smowton
1549993565 Update test results to account for changed model structure 
(Models now have internal nodes in order to allow field flow through them)
 2021-06-17 11:41:05 +01:00
Chris Smowton
9138d2b8f5 Improve comment casing 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-06-17 11:41:05 +01:00
Chris Smowton
b25e8671b9 Java SSRF query: comment on sanitizing regex 2021-06-17 11:41:05 +01:00
Chris Smowton
a665d5d111 Improve RequestForgery.qhelp recommendation 2021-06-17 11:41:05 +01:00
Chris Smowton
0d9a6e2b61 Update java/ql/src/semmle/code/java/security/RequestForgery.qll 
SpringRestTemplateUrlMethods -> SpringRestTemplateUrlMethod
 2021-06-17 11:41:05 +01:00
Chris Smowton
fb2989c16b Copyedit comments and function names 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2021-06-17 11:41:04 +01:00
Chris Smowton
960a903185 Java SSRF query: document RequestForgeryAdditionalTaintStep and use Unit not string for a supertype. 2021-06-17 11:41:04 +01:00
Chris Smowton
575198a0e4 Java SSRF query: Server Side -> Server-Side everywhere. 2021-06-17 11:41:04 +01:00
Chris Smowton
7899e17f3a Java SSRF query: move RequestForgery qll file into semmle/code hierarchy 
This makes it importable by people wishing to extend the query.
 2021-06-17 11:41:04 +01:00
Chris Smowton
532a10bfdf Java SSRF query: Provide hook for custom taint-propagating steps; make all default sinks/sanitizers/steps private. 2021-06-17 11:41:04 +01:00
Chris Smowton
e8613367e8 Java SSRF query: copyedit qhelp 2021-06-17 11:41:04 +01:00
Chris Smowton
3333e7d186 Java SSRF query: sanitize primitives 
Even 'char' isn't a realistic vector for an exploit, unless somebody is copying out a string char by char.
 2021-06-17 11:41:04 +01:00
Chris Smowton
77904d9597 Remove failing test 
The case where something might be exactly a constant is general across all queries, and not handled yet, particularly in the case where the result of `getParameter("uri")` might have changed between the check and the use.
 2021-06-17 11:41:04 +01:00
Chris Smowton
6933d06a46 Add exactly the string '/' as a sanitizing prefix. 
Usually this is ignored for suspicion that it could be taken for a protocol specifier, but on balance the context `(something) + "/" + tainted()` is more likely to be taken for a user-controlled location within a host the user does not control.
 2021-06-17 11:41:03 +01:00
Chris Smowton
bc43b6d760 Fix typo 2021-06-17 11:41:03 +01:00
Chris Smowton
e6249eed79 Add doc comments 2021-06-17 11:41:03 +01:00
Chris Smowton
26e10f3ad5 SSRF: don't consider results of fetches we initiated to be untrustworthy 2021-06-17 11:41:03 +01:00
Chris Smowton
c63d5986cf Sanitize StringBuilder appends that follow directly from a constructor. 
Note that some of this logic ought to be incorporated into StringBuilderVar once that code can be reviewed.
 2021-06-17 11:41:03 +01:00
Chris Smowton
b5a450b881 SSRF query: add sanitizer looking for a variety of ways of prepending a sanitizing prefix, such as one that restricts the hostname a URI will refer to. 2021-06-17 11:41:03 +01:00
Chris Smowton
487c1db6ed Promote SSRF query to main query set 2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen
6ca8d69b26 Merge pull request #5881 from haby0/java/UnsafeDeserialization 
Java: CWE-502 Add UnsafeDeserialization sinks
 2021-06-17 12:36:34 +02:00
Anders Schack-Mulligen
8fe2f4a554 Merge pull request #6034 from owen-mc/java/jax-rs 
Improve JAX-WS and JAX-RS models
 2021-06-17 12:35:34 +02:00
Anders Schack-Mulligen
b173b4141d Merge pull request #6096 from smowton/smowton/fix/inline-expectations-missing-prefix 
Inline expectation tests: accept // $MISSING: and // $SPURIOUS:
 2021-06-17 11:41:15 +02:00
haby0
363ad5b470 Fix error 2021-06-17 17:36:35 +08:00
Owen Mansel-Chan
945db01f56 Address review comments 2021-06-17 10:29:33 +01:00
Owen Mansel-Chan
b9bc1f978c Update style of inline expectation comments 2021-06-17 10:04:15 +01:00
Chris Smowton
558813acf7 Inline expectation tests: accept // $MISSING: and // $SPURIOUS: 
Previously there had to be a space after the $ token, unlike ordinary expectations (i.e., // $xss was already accepted)
 2021-06-17 09:44:39 +01:00
Owen Mansel-Chan
0987425f94 Reinstate failing tests with MISSING: prefix 2021-06-17 09:36:51 +01:00
Tom Hvitved
ffb2350a54 Data flow: Fix getLocalCallContext join-order 2021-06-17 10:02:31 +02:00
Tom Hvitved
cc383e0f6a Data flow: Workaround for too clever compiler in consistency queries 2021-06-17 09:43:36 +02:00
haby0
3dd851fffb expected 2021-06-17 15:20:03 +08:00
Owen Mansel-Chan
5f82993b0b Put parameters with inline expectation comments on their own lines 2021-06-17 06:41:01 +01:00
Tony Torralba
2dd862661b Generic type parameters no longer needed in CSV sink models 2021-06-16 16:23:50 +02:00
Tony Torralba
2c8f8911fc Adatp CSV sink models to generics fix 2021-06-16 16:12:02 +02:00
Tony Torralba
47fffb04a6 Merge branch 'main' into atorralba/promote-ognl-injection 2021-06-16 15:46:33 +02:00
Tony Torralba
91ba30a781 Merge branch 'main' into atorralba/promote-missing-jwt-signature-check 2021-06-16 15:46:14 +02:00
Tony Torralba
dab33b21fb Merge branch 'main' into atorralba/promote-mvel-injection 2021-06-16 15:44:43 +02:00
Tony Torralba
bf2be6ec7c Merge branch 'main' into atorralba/promote-jndi-injection 2021-06-16 15:34:37 +02:00
Owen Mansel-Chan
5d00bb23e4 Move logic for URL redirection sinks 2021-06-16 12:48:11 +01:00
Tony Torralba
66a8f57784 Fix HttpsUrls tests affected by the new URL summary 2021-06-16 13:04:00 +02:00
Tony Torralba
66d49aa4e8 Fix InsecureBasicAuth tests affected by the new URL summary 2021-06-16 13:01:40 +02:00
Tony Torralba
af6bd0b963 Consider subtypes of ReaderSource 2021-06-16 13:01:40 +02:00
Tony Torralba
87dfc92aba Add tests for CompilationUnit's subtypes 2021-06-16 13:01:40 +02:00
Tony Torralba
e324e4e8d1 Remove non-ascii characters added by accident 2021-06-16 13:01:40 +02:00
Tony Torralba
357b0e1a90 Fix SSRF tests affected by the new URL summary 2021-06-16 13:01:40 +02:00
Tony Torralba
f3ef93fa8a Make sinks more specific, improve tests 2021-06-16 13:01:39 +02:00
Tony Torralba
f9e6b3c3d2 Add new URL(tainted) as taint step 2021-06-16 13:01:39 +02:00
Tony Torralba
7ff4d368be Fix tests 2021-06-16 13:01:39 +02:00
Tony Torralba
6f926e1e80 Refine sinks and add more taint steps 2021-06-16 13:01:39 +02:00
Tony Torralba
5d56eb6ea1 Add stubs 2021-06-16 13:01:39 +02:00