hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-11 12:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
25,842 Commits 1,688 Branches 160 Tags
c2d203772628a86c23e516aff02e6000eab8fa2a
Commit Graph

3998 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
04190ea308 Python: Add file-like modeling to werkzeug FileStorage 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
5f5c0b11c7 Python: Refactor Werkzeugmodeling 
Having the additional taint step just next to the other definitions, so
everything is together.
 2021-07-22 10:43:18 +02:00
Rasmus Wriedt Larsen
4f4dec50f2 Python: Model ResovlerMatch in Django 
Like before, omitted ClassInstantiation
 2021-07-22 10:43:13 +02:00
Rasmus Wriedt Larsen
6f0a622252 Python: Remove ClassInstantiation from Django UploadedFile 
since UploadedFile is the abstract base class, all real usage would be
of one of the subclasses, so removing this to not provide a false hope
that it actually works.

I don't think investing the time into making this work would give any
value, so that's why I didn't do it ;)
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
7dc6518350 Python: Add FileLikeObject modeling 
Such that the result of `request.FILES["key"].file.read()` is tainted
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
18c0d13efd Python: Model most of UploadedFile in Django 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
5ec5557203 Python: Model MultiValueDict in Django 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
95e88c18b9 Python: Minor cleanup 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
51b543c67c Python: Model taint for django request methods 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
bced467a88 Python: Refactor django additional step handling 
So it matches the new style we're using in aiohttp/twisted/...
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
ce4b192caa Python: Improve usefulness of RemoteFlowSourcesReach meta query 
Before, results from `dca` would look something like

    ## + py/meta/alerts/remote-flow-sources-reach

    - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:16:38:48
        reachable with taint-tracking from RemoteFlowSource
    - django/django@c2250cf_cb8f: tests/messages_tests/urls.py:38:9:38:12
        reachable with taint-tracking from RemoteFlowSource

now it should make it easier to spot _what_ it is that actually changed,
since we pretty-print the node.
 2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen
6aabbf0b9a Python: Add some alert meta queries 
Intended for use with dca
 2021-07-21 14:53:01 +02:00
Taus
6591a86aad Python: Add test cases 
I debated whether to add a
`MISSING: use=moduleImport("builtins").getMember("print").getReturn()`
annotation to the last line.

Ultimately, I decided to add it, as we likely _do_ want this information
to propagate into inner functions (even if the value of `var2` may
change before `func4` is called).
 2021-07-20 13:26:35 +00:00
Taus
e53b86fbbc Python: Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-20 15:19:45 +02:00
Sam Havron
733e5b45bf Fix qhelp typo in RequestWithoutValidation 2021-07-19 16:01:06 -04:00
Rasmus Wriedt Larsen
5249591747 Python: Fix test folder for InsecureProtocol 2021-07-19 16:57:00 +02:00
Rasmus Wriedt Larsen
5939128a76 Python: Fix test folder for InsecureDefaultProtocol 
it was named wrong before. whoops.
 2021-07-19 16:56:07 +02:00
Rasmus Wriedt Larsen
77021ae119 Python: Restructure security tests to contain query name 
We were mixing between things, so this is just to keep things
consistent. Even though it's not strictly needed for all queries,
it does look nice I think
 2021-07-19 16:54:34 +02:00
Rasmus Wriedt Larsen
da021feb8b Python: Move py/incomplete-hostname-regexp tests to own folder 2021-07-19 16:48:21 +02:00
Rasmus Wriedt Larsen
7939a1372e Python: Move Jinja2WithoutEscaping tests to own folder 2021-07-19 16:44:41 +02:00
Rasmus Wriedt Larsen
c9087b2e1b Python: Minor fixup to snippet 
Spotted by @tausbn 🎉
 2021-07-19 10:19:23 +02:00
thank_you
9e01338500 Query only vulnerable methods 2021-07-18 17:13:10 -04:00
Taus
4f3f93f267 Python: Autoformat 2021-07-16 12:22:24 +00:00
Taus
3fd0ec74f0 Python: Deprecate importNode 
Unsurprisingly, the only thing affected by this was the `import-helper`
tests. These have lost all of the results relating to `ImportMember`s,
but apart from that the underlying behaviour should be the same.

I also limited the test to only `CfgNode`s, as a bunch of `EssaNode`s
suddenly appeared when I switched to API graphs.

Finally, I used `API::moduleImport` with a dotted name in the type
tracking tests. This goes against the API graphs interface, but I think
it's more correct for this use case, as these type trackers are doing
the "module attribute lookup" bit manually.
 2021-07-16 11:38:30 +00:00
Rasmus Wriedt Larsen
5e193ee8da Python: Add more snippets 2021-07-15 18:56:49 +02:00
Rasmus Wriedt Larsen
a07de3faae Merge branch 'main' into emptyRedos 2021-07-15 18:21:29 +02:00
jorgectf
6f09b95019 Update .expected 2021-07-15 17:16:29 +02:00
CodeQL CI
d282f6a356 Merge pull request #6218 from tausbn/python-add-typetrackingnode 
Approved by RasmusWL
 2021-07-15 07:04:50 -07:00
Taus
dd03d8102b Merge pull request #6300 from RasmusWL/redos-tests 
Python: Fix `py/polynomial-redos`
 2021-07-15 15:59:01 +02:00
Rasmus Wriedt Larsen
900cbc9a2f Merge pull request #6265 from tausbn/python-performance-fixes 
Python: Fix a few performance issues.
 2021-07-15 14:19:37 +02:00
Rasmus Wriedt Larsen
a5834c4d78 Python: Fix py/polynomial-redos 2021-07-15 14:16:19 +02:00
Rasmus Wriedt Larsen
76caf43b54 Python: Add tests for py/polynomial-redos 2021-07-15 14:15:44 +02:00
Rasmus Wriedt Larsen
1be0dc0876 Python: Move test for ReDoS 2021-07-15 14:15:24 +02:00
Anders Schack-Mulligen
8ccdd4fb9f Merge pull request #6211 from aschackmull/dataflow/refactor-call-context-check 
Dataflow: Refactor call context check
 2021-07-15 12:27:23 +02:00
Erik Krogh Kristensen
383b5f2ff2 implement RegExpSubPattern.getOperand in the Python regexp implementation 2021-07-15 09:41:53 +02:00
Erik Krogh Kristensen
de8f64c5be sync with python 2021-07-14 23:40:06 +02:00
Taus
fb57c5f6f0 Merge pull request #6143 from RasmusWL/concepts-private-import-python 
Python: Make `import python` private in Concepts.qll
 2021-07-14 17:49:06 +02:00
Taus
5c5ee85332 Merge pull request #6122 from RasmusWL/mention-mysqlclient 
Python: Mention modeling of `mysqlclient` PyPI package
 2021-07-14 17:48:40 +02:00
Taus
30d61045d2 Python: Mention nameIndicatesSensitiveData 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-14 17:33:39 +02:00
Taus
2bb44d49d9 Python: Perform more deduplication 
This cut the evaluation time on `django` down from 1.2 seconds to ~0.8
seconds (but the impact will likely be greater on bigger projects).
 2021-07-14 13:38:05 +00:00
Taus
09993406f1 Python: Add explanatory QLDoc comment 2021-07-14 10:42:07 +00:00
Anders Schack-Mulligen
0ccb213ec5 Dataflow: Sync. 2021-07-14 10:36:09 +02:00
CodeQL CI
f6f7020388 Merge pull request #6250 from erik-krogh/python-redos-unicode 
Approved by RasmusWL
 2021-07-14 01:09:26 -07:00
Taus
c3789811c8 Python: Support import * in API graphs 2021-07-13 18:22:51 +00:00
Taus
8b6b4dde69 Python: Refactor built-ins logic 
This will make it possible to reuse for names defined in `import *`.
 2021-07-13 18:20:25 +00:00
${sleep,5}
51a6140258 Change variable name to correct sanitized input variable 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-13 14:04:06 -04:00
Taus
df8a6b984a Python: Add import * tests 
Moves the current test out of `test.py`, as otherwise any unknown global
(like, say, `sink`) would _also_ be considered to be something
potentially defined in `unknown`.
 2021-07-13 17:46:59 +00:00
Taus
6aec7f2c49 Merge pull request #6264 from RasmusWL/customization-files-for-path-problems 
Python: Provide proper source/sink customization for most path queries
 2021-07-13 15:09:33 +02:00
Rasmus Wriedt Larsen
6f8969a55e Python: Add change-note 2021-07-13 14:39:44 +02:00
Rasmus Wriedt Larsen
9ed61e7663 Python: Port py/polynomial-redos to use proper source/sink customization 
I noticed the configuration/customization files are in the `performance`
folder in JS, but I just kept them in place, since that seems correct to
me.
 2021-07-13 14:39:44 +02:00