Commit Graph

1366 Commits

Author SHA1 Message Date
Artem Smotrakov
c367c7e33b Merge branch 'unsafe-jackson-deserialization' of github.com:artem-smotrakov/ql into unsafe-jackson-deserialization 2021-07-16 18:26:38 +02:00
Artem Smotrakov
6d7cb48054 Refactored the query for unsafe deserialization 2021-07-16 18:25:41 +02:00
Artem Smotrakov
1b3516ab94 Apply suggestions from code review
Co-authored-by: Chris Smowton <smowton@github.com>
2021-07-13 14:53:45 +02:00
Artem Smotrakov
09ae779b21 Removed fromSource() check in looksLikeResolveClassStep() 2021-07-12 19:56:51 +02:00
Artem Smotrakov
c98f1a479e Better taint propagation in UnsafeTypeConfig 2021-07-09 10:24:15 +02:00
Artem Smotrakov
476843a278 Added comments for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
e9731cd212 Minor improvements for Jackson in UnsafeDeserialization.qll 2021-07-09 10:24:15 +02:00
Artem Smotrakov
24e4b68b9c Removed getAnAccess() calls for Jackson 2021-07-09 10:24:14 +02:00
Artem Smotrakov
aefd21075b Added tests for UnsafeDeserialization.ql and Jackson 2021-07-09 10:24:10 +02:00
Artem Smotrakov
97fca620fa Cover attacker-controlled types for deserialization with Jackson 2021-07-09 10:16:04 +02:00
Artem Smotrakov
3eb2af1bc2 First draft of sinks for unsafe deserialization with Jackson 2021-07-09 10:16:01 +02:00
Chris Smowton
a51154a8ef Deduplicate Jexl configuration 2021-07-02 10:02:28 +01:00
Chris Smowton
bbd3ecb768 Add docs to RandomQuery.qll 2021-07-02 10:02:28 +01:00
Chris Smowton
e661fc08d3 Split Android XSS sink defintions out of XSS.qll
This removes one of the routes by which XSS.qll is always in scope, and so its dataflow configuration is too -- however it is still always in scope because JaxWS.qll imports it.
2021-07-02 10:02:25 +01:00
Chris Smowton
747a8e4157 Split up JexlInjection.qll
This avoids a DataFlow2::Configuration being in scope for all queries via the import from ExternalFlow.qll
2021-07-02 10:01:51 +01:00
Chris Smowton
643f7dfb87 Split up Random.qll
This prevents bringing a dataflow config into scope from utility libraries.
2021-07-02 10:00:49 +01:00
Anders Schack-Mulligen
80124df78e Merge pull request #5487 from joefarebrother/sql-sinks
Java: Convert SQL sinks to CSV format
2021-07-02 10:51:09 +02:00
Anders Schack-Mulligen
4e1155cfd2 Merge pull request #6202 from smowton/smowton/admin/cleanup-duplicated-experimental-query
Deduplicate shared body of regular and experimental versions of `java/command-line-injection` query.
2021-07-02 09:23:50 +02:00
Anders Schack-Mulligen
f9da044e54 Merge pull request #6185 from aschackmull/java/perf-fix-request-forgery
Java: Fix bad magic.
2021-07-02 09:07:07 +02:00
Chris Smowton
8b7db8a8cc Merge pull request #5408 from p0wn4j/urlclassloader-webclient-ssrf-sinks
Java: Add URLClassLoader, WebClient SSRF sinks
2021-07-01 16:14:22 +01:00
Chris Smowton
d5a9f3d87b Deduplicate shared body of regular and experimental versions of java/command-line-injection query. 2021-07-01 14:53:56 +01:00
Joe Farebrother
160f3b4312 Remove ArrayElement from sink specifications 2021-07-01 14:41:39 +01:00
Joe Farebrother
1a06c132be Use ArrayElement of to handle arargs case in SpringJdbc.qll 2021-07-01 14:38:20 +01:00
Joe Farebrother
29f82fc81f Use ArrayElementOf in Android sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
95d8018a43 Include overrides for SQLiteQueryBuilder sinks 2021-07-01 14:38:19 +01:00
Joe Farebrother
0d4f8aedb8 Use Argument ranges in CSV rows 2021-07-01 14:38:19 +01:00
Joe Farebrother
7926d16844 Convert SQL sinks to CSV format 2021-07-01 14:38:19 +01:00
Anders Schack-Mulligen
cda5c22f6e Merge pull request #5590 from github/sauyon/java-spring-errors
Add models for Spring validation.Errors
2021-07-01 14:29:49 +02:00
Anders Schack-Mulligen
37f8794d01 Merge pull request #6165 from edoardopirovano/fix-regression
Performance: Improve join order in data flow library
2021-07-01 14:13:18 +02:00
p0wn4j
0db7496617 Add URLClassLoader and Spring WebClient SSRF sinks 2021-07-01 03:34:14 +04:00
Anders Schack-Mulligen
d8b017e6c0 Merge pull request #6036 from atorralba/atorralba/spring-beans
Java: Flow summaries for Spring's Bean Properties classes
2021-06-30 15:41:24 +02:00
Anders Schack-Mulligen
f03d460e95 Java: Fix bad join-order. 2021-06-30 13:42:45 +02:00
Tony Torralba
0bb9e464b2 Merge branch 'main' into atorralba/spring-beans 2021-06-30 12:55:10 +02:00
Anders Schack-Mulligen
e235e151f1 Java: Fix bad magic. 2021-06-30 11:09:08 +02:00
Tony Torralba
9d64cadb50 Adapt tests after applying changes from code review 2021-06-30 10:02:03 +02:00
Tony Torralba
b64b8ecec2 Apply suggestions from code review
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
2021-06-30 09:52:22 +02:00
Sauyon Lee
52d1901d6e Adjust validation models to reflect array parameters 2021-06-29 12:01:24 -07:00
Edoardo Pirovano
8354f66c29 Performance: Improve join order in data flow library 2021-06-29 18:23:22 +01:00
Sauyon Lee
b76f761e56 Import springvalidation in ExternalFlow.qll 2021-06-29 05:51:58 -07:00
Sauyon Lee
92f1c51653 fixup! Add models for Spring validation.Errors
Rename SpringErrors to SpringValidation
2021-06-29 05:51:36 -07:00
Sauyon Lee
534ab86900 Add models for Spring validation.Errors 2021-06-29 05:51:21 -07:00
Anders Schack-Mulligen
ad8bef5177 Update java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll 2021-06-29 14:08:48 +02:00
Chris Smowton
9551321592 Fix LinkedMultiValueMap models and make tests more realistic 2021-06-29 12:40:57 +01:00
Chris Smowton
d6c4325c13 Import SpringUtil from ExternalFlow.qll 2021-06-29 12:18:30 +01:00
Chris Smowton
3d270bbc50 Drop models for stringifying functions
Per default stringification isn't taint-propagating in Java
2021-06-29 12:01:08 +01:00
Chris Smowton
0441098b18 Amend models of MultiValueMap.addAll overloads 2021-06-29 11:58:46 +01:00
Chris Smowton
b202110285 Drop redundant model that can be inherited from java.util.Iterator 2021-06-29 11:47:22 +01:00
Chris Smowton
f67e9ae1cc Drop tests for protected inner classes 2021-06-29 11:45:59 +01:00
Chris Smowton
5769f4718f Add missing CollectionUtils model 2021-06-29 11:44:29 +01:00
Chris Smowton
659478cc39 Remove model for protected class
Can't be accessed outside the org.springframework.util package.
2021-06-29 11:40:19 +01:00