hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

839 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
945b52fc46 Ruby: autoformat 
😳
 2022-03-22 10:59:26 +01:00
Michael Nebel
1d45996001 Merge pull request #8466 from michaelnebel/csharp/refactor-aspartial 
C#: Refactor asPartial to allow re-use.
 2022-03-22 10:54:54 +01:00
Rasmus Wriedt Larsen
68de6a4e3c Ruby: Add change-note 2022-03-22 10:53:55 +01:00
Rasmus Wriedt Larsen
9c2fc1b415 Ruby: client request: getUrl => getAUrlPart 
This is a port of the same change in Python from
f8fc583af3

The description of that commit was:

> I think `getUrl` is a bit too misleading, since from the name, I would
> only ever expect ONE result for one request being made.
>
> `getAUrlPart` captures that there could be multiple results, and that
> they might not constitute a whole URl.
>
> Which is the same naming I used when I tried to model this a long time ago
> a80860cdc6/python/ql/lib/semmle/python/web/Http.qll (L102-L111)
 2022-03-22 10:53:55 +01:00
Rasmus Wriedt Larsen
311cbb4e13 Merge branch 'main' into shared-concepts-scaffolding 2022-03-22 10:36:33 +01:00
Rasmus Wriedt Larsen
414764ccee Concepts: Minor rewrite in qldoc 
As suggested by @hmac
 2022-03-22 10:33:58 +01:00
Tom Hvitved
99ddfb489f Ruby: Rework getConstantValue implementation 2022-03-22 10:07:44 +01:00
Erik Krogh Kristensen
90a6717932 sync ExponentialBackTracking.qll for ruby 2022-03-22 09:27:04 +01:00
Harry Maclean
99b5c580a5 Ruby: Fix captured reads in lambdas 
These were previously identified as method calls. The fix is to
recognise lambdas as a scope which can inherit variables from its
parent.
 2022-03-22 15:35:43 +13:00
Harry Maclean
b1ae548f4c Ruby: Fix doc comment formatting 2022-03-22 11:10:09 +13:00
Harry Maclean
c2d4bc50c9 Add missing file doc comment 2022-03-22 11:10:09 +13:00
Harry Maclean
91a7e9405c Share HttpToFileAccessQuery between JS and Ruby 
There's so little in this query that it may not be worth sharing, but
it's an interesting exercise in figuring out how we do it nicely.
 2022-03-22 11:10:08 +13:00
Harry Maclean
130d93dded Ruby: Make HttpToFileAccess more specific 
Only consider sources from HTTP requests, rather than any remote flow
source.
 2022-03-22 11:09:08 +13:00
Harry Maclean
fac17384c3 Ruby: Add RequestInputAccess concept 
This sits in between RemoteFlowSource and specific classes like
ParamsSource from ActionController. It represents any user-controller
input from an incoming HTTP request.

This more closely aligns our concepts with the JS library, and allows us
to specifically target sources from HTTP requests in the
HttpToFileAccess query.
 2022-03-22 11:09:08 +13:00
Harry Maclean
ff1d96c922 Ruby: Add rb/http-to-file-access query 2022-03-22 11:09:08 +13:00
Harry Maclean
6c18e1d7ac Merge pull request #8272 from hmac/hmac/tainted-format-string 2022-03-22 08:37:47 +13:00
github-actions[bot]
a3e74efc21 Post-release preparation for codeql-cli-2.8.4 2022-03-21 19:36:47 +00:00
github-actions[bot]
dedc8c2254 Release preparation for version 2.8.4 2022-03-21 13:25:49 +00:00
Alex Ford
c891c53835 Merge pull request #8395 from alexrford/ruby/clear-text-storage 
Ruby: add `rb/clear-text-storage-sensitive-data` query
 2022-03-21 10:05:39 +00:00
Harry Maclean
5a6da827d0 Ruby: Avoid FP in TaintedFormatString query 
Kernel#printf supports two call signatures:

    printf(String, *args)
    printf(IO, String, *args)

We want to identify the String argument, which is the format string.
Previously we would return the 0th and 1st arguments, which gives some
FPs when the 1st arg is not a format string.

We now try to rule out the trivial case by checking if arg 0 has a
string value, and then assuming it is the format string. Otherwise we
fall back to returning both arguments.

This still has some false positive potential, but less than previously.
 2022-03-21 12:51:47 +13:00
Harry Maclean
5dcf0ad759 Ruby: Make IOPrintfCall more sensitive 
It will now identify cases like this:

    file = File.open "foo.txt", "a"
    file.printf(params[:format], arg)
 2022-03-21 12:51:47 +13:00
Harry Maclean
c253bddbe0 Ruby: Make getFormatArgument 0-indexed 2022-03-21 12:51:47 +13:00
Harry Maclean
0cfe37dff4 Share TaintedFormatString between Ruby and JS 2022-03-21 12:51:46 +13:00
Harry Maclean
4249e30824 Ruby: Test tainted interpolated format arg 2022-03-21 12:51:18 +13:00
Harry Maclean
63199024a2 Add missing QLDoc 2022-03-21 12:51:18 +13:00
Harry Maclean
f6215d4c7e Ruby: Add rb/tainted-format-string query 2022-03-21 12:51:18 +13:00
Alex Ford
b79bb72153 Ruby: split up CipherInstantiation charpred 2022-03-20 18:32:47 +00:00
Arthur Baars
beef8e29bc Merge pull request #8332 from hvitved/ruby/regexp-taint-flow 
Ruby: Use taint tracking instead of type tracking to define `regExpSource`
 2022-03-18 18:24:02 +01:00
Arthur Baars
bf888f0f0b Merge remote-tracking branch 'upstream/main' into incomplete-url-string-sanitization 
Conflicts:
	config/identical-files.json
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.ql
	javascript/ql/src/Security/CWE-020/IncompleteUrlSubstringSanitization.qll
	ruby/ql/src/queries/security/cwe-020/IncompleteUrlSubstringSanitization.qll
 2022-03-18 16:09:20 +01:00
Alex Ford
2bd25da8e3 Ruby: Tidy an exists 2022-03-18 14:43:45 +00:00
Alex Ford
62bc0357ea Ruby: Improve Cryptography module qldoc 2022-03-18 14:38:14 +00:00
Tom Hvitved
1437aefe9d Ruby: Use taint tracking instead of type tracking to define regExpSource 2022-03-18 14:48:12 +01:00
Tom Hvitved
d97eaba070 Ruby: Add dataflow/taintracking copies for use in libraries 2022-03-18 14:48:12 +01:00
Arthur Baars
431b60506e Merge remote-tracking branch 'upstream/main' into incomplete-hostname 2022-03-18 13:05:34 +01:00
Asger F
929419abba Merge pull request #8254 from asgerf/ruby/mad-prototype 
Ruby: initial prototype of models-as-data
 2022-03-18 10:48:33 +01:00
Tom Hvitved
79ea2a3a9c Data flow: Sync files 2022-03-17 14:03:58 +01:00
Tom Hvitved
4df12dc6e6 Data flow: State-changing taint steps should not be stepped over by the big step relation 2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
2b9408b0c3 Concepts: Add some architecture documentation 2022-03-17 13:49:10 +01:00
Harry Maclean
36c421346b Introduce ConceptsShared.qll 2022-03-17 13:49:10 +01:00
Arthur Baars
1a51f0cf56 Ruby: regex: fix getGroupNumber 
non-capture groups should not have a group number
 2022-03-16 18:50:51 +01:00
Michael Nebel
4a68b74aa3 C#: Re-use the asPartialModel for DataFlowPrivate in tests. 2022-03-16 17:02:00 +01:00
Arthur Baars
f95e1efb67 Ruby: remove wrong clause 2022-03-16 16:25:42 +01:00
Arthur Baars
fb8cc6e1a4 Ruby: String.index method returns 'nil', not '-1' 2022-03-16 16:18:19 +01:00
Jeroen Ketema
7a9a9d833a Merge pull request #8435 from jketema/all-the-barriers 
Add flow state versions of isBarrierIn, isBarrierOut, and isBarrierGuard
 2022-03-16 15:50:19 +01:00
Arthur Baars
f2ec5132ba Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2022-03-16 14:46:34 +01:00
Asger F
228570129e Merge branch 'main' into ruby/mad-prototype 2022-03-16 13:50:31 +01:00
Asger Feldthaus
e168da4c5f Shared: make a predicate private 2022-03-16 13:48:56 +01:00
Asger Feldthaus
8cef512234 Ruby: ensure ApiGraphs.qll imports its entry points 2022-03-16 13:40:14 +01:00
Asger Feldthaus
e3fbaf5d8f Shared: prefer exists(var) instead of var = any(string s) 2022-03-16 13:37:08 +01:00
Asger Feldthaus
102540072e Shared: remove documentation prone to falling out of date 2022-03-16 13:32:55 +01:00