hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 02:24:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,266 Commits 1,740 Branches 164 Tags
cdc359527ab4e84bf138a3c828666fa637f8ff32
Commit Graph

700 Commits

Author SHA1 Message Date
Tom Hvitved
08dc6d79ef Add support for flow summaries 2021-09-21 11:04:53 +02:00
Nick Rolfe
6f7d4fef70 Merge pull request #287 from github/unsafe-deserialization 
rb/unsafe-deserialization query
 2021-09-20 14:23:30 +01:00
Harry Maclean
916b844557 Merge pull request #280 from github/hmac-cli-injection 
Add CLI Injection query
 2021-09-20 08:54:01 +01:00
Harry Maclean
4ecc78effc Kernel#system -> Kernel.system 2021-09-17 17:02:17 +01:00
Harry Maclean
fe8fc0697b Add qhelp for CLI Injection query 2021-09-17 17:02:17 +01:00
Harry Maclean
4a0d7c528a Add top-level CLI injection query and tests 2021-09-17 17:02:17 +01:00
Alex Ford
98fd0e1c24 Update ql/src/queries/security/cwe-079/ReflectedXSS.qhelp 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
ed708c1903 Update ql/src/queries/security/cwe-079/ReflectedXSS.qhelp 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
eed87b3319 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
dbb239b04e reorder and format rb/reflected-xss qhelp 2021-09-15 20:50:46 +01:00
Alex Ford
d71dd3f6c7 rb/reflected-xss 2021-09-15 20:50:46 +01:00
Nick Rolfe
6dbf6d7e82 Merge pull request #278 from github/aibaars/revert-hotfix 
Revert "Use hotfixed version of `codeql/suite-helpers` with workaround for bug in released CLI"
 2021-09-09 11:21:20 +01:00
Nick Rolfe
2ddca2c0db Document and test YAML.safe_load 2021-09-08 18:22:31 +01:00
Nick Rolfe
adceb0a2a1 Add query rb/unsafe-deserialization 2021-09-08 17:49:23 +01:00
Nick Rolfe
414362db8d Rename .qll to match our naming scheme for other dataflow queries. 2021-09-07 17:38:08 +01:00
Nick Rolfe
7666d856b7 Merge remote-tracking branch 'origin/main' into polynomial_redos 2021-09-07 17:35:07 +01:00
Nick Rolfe
4d5928ae5a Add @security-severity tag 2021-09-07 12:15:44 +01:00
Harry Maclean
87253032e2 Add a query for URL redirect vulnerabilities 
This query finds instances of CWE-601: Redirection to Untrusted Site.

The structure is copied from a query of the same name in the Python
library. We add customisations specific to `ActionController`.
 2021-09-03 13:17:14 +01:00
Nick Rolfe
d62b41bdf4 Add query for polynomial ReDoS 2021-09-02 17:57:56 +01:00
Arthur Baars
ab4cc753b0 Revert "Use hotfixed version of codeql/suite-helpers with workaround for bug in released CLI" 
This reverts commit 9d7b77496e.
 2021-09-02 16:01:51 +02:00
Harry Maclean
3490e328e1 codeql_ruby -> codeql.ruby 2021-08-31 15:43:02 +01:00
Harry Maclean
d3f683e573 Minor refactor of constantQualifiedName 2021-08-31 15:42:06 +01:00
Harry Maclean
34f02ee622 Fix constantQualifiedName 
Exclude partial results

Co-authored-by: Alex Ford <alexrford@users.noreply.github.com>
 2021-08-31 15:42:06 +01:00
Harry Maclean
91d56cd802 Use dataflow to find method call targets 
This includes both local and non-local methods, and is also simpler than
the previous definition.
 2021-08-31 15:42:06 +01:00
Harry Maclean
cd3192e8f1 Fix ordering for definitionOf 
Actually select the lexicographically least location, not the greatest.
 2021-08-31 15:42:06 +01:00
Harry Maclean
8901eba978 Include constants in jump-to-def query 
The previous version of this query inadvertently excluded constants
which weren't classes or modules. This version includes them, by
introducing a laxer version of `resolveScopeExpr` that doesn't require
the result to be a `TResolved`.
 2021-08-31 15:42:06 +01:00
Harry Maclean
155b385981 Simplify LocalVariable constraint in jump-to-def 2021-08-31 15:42:06 +01:00
Harry Maclean
e72f1399cb Include class variables in jump-to-def query 2021-08-31 15:42:06 +01:00
Harry Maclean
e84ebe2b94 Include instance variables in jump-to-def query 
By convention, instance variables are considered to be "defined" in the
`#initialize` method of their containing class. If an instance variable
is written to in `#initialize` and then read elsewhere in the program,
we will point from the read to the write. If it is not written to in
`#initialize` then we won't provide any jump-to-definition information
for it.
 2021-08-31 15:42:06 +01:00
Harry Maclean
a16cd8967b Ignore synthesised reads for jump-to-definition 
We synthesise variables for things like tuple patterns. For example,
this Ruby code:

    a, b = ...

becomes:

    __synth__0 = ...
    a = __synth__0[0]
    b = __synth__0[1]

The `__synth__` variables should be ignored when calculating
jump-to-definition information, since they don't appear in the original
source code.
 2021-08-31 15:42:05 +01:00
Harry Maclean
a814010665 Small refactor to constantQualifiedName 2021-08-31 15:42:05 +01:00
Harry Maclean
95e2b8a4a4 Simplify jump-to-def query 
The expected output format is a tuple (a, b, k) where `a` and `b` are any
`AstNode` subclass and `k` is a string indicating the kind of
definition (e.g. variable, method, ...).

By ensuring that every value in `DefLoc` is a subclass of `Expr` (itself
a subclass of `AstNode`) we can simplify the query by removing all the
use of `getLocation()`.
 2021-08-31 15:42:05 +01:00
Harry Maclean
19e135fb6f Remove redundant imports 2021-08-31 15:42:05 +01:00
Harry Maclean
2fbbabda2d First draft of a jump-to-definition query 
TODO: flesh out this message
 2021-08-31 15:42:05 +01:00
Dave Bartolomeo
42629b969f Move initial dbscheme 2021-08-26 19:43:06 -04:00
Dave Bartolomeo
2c1620f25e Move missed library file 2021-08-26 18:59:58 -04:00
Dave Bartolomeo
9d7b77496e Use hotfixed version of codeql/suite-helpers with workaround for bug in released CLI 2021-08-26 18:50:04 -04:00
Dave Bartolomeo
11ad664bfb Updated pack versions and lock files 2021-08-26 18:50:04 -04:00
Arthur Baars
ac2c315839 Fix merge conflicts during rebase 2021-08-26 18:48:53 -04:00
Arthur Baars
17fc6ab72c Refactor into separate library and query packs 2021-08-26 18:40:06 -04:00
Alex Ford
ee6c809281 Merge pull request #262 from github/action-view-1 
Start modelling ActionView
 2021-08-26 15:22:55 +01:00
Tom Hvitved
42daf5b6d3 Add DB upgrade script check 2021-08-26 15:55:18 +02:00
Alex Ford
9571e7bccc drop ViewComponent parts from the ActionView library 2021-08-26 14:45:47 +01:00
Alex Ford
a3ae5bcec4 improve ActionControllerHelperMethod doc 2021-08-26 14:12:27 +01:00
Erik Krogh Kristensen
ff27a0c894 use toUnicode in ReDoSUtil.qll 2021-08-26 08:46:51 +00:00
Alex Ford
4a4b2445dc Clean up how we map between Rails actions and default associated template files 2021-08-26 04:57:15 +01:00
Alex Ford
abc283ee8a remove ErbFile refs 2021-08-24 17:22:35 +01:00
Alex Ford
d628716c42 extend ActionController tests 2021-08-24 17:21:22 +01:00
Alex Ford
41ff10c908 extend modelling of ActionController, and start modelling ActionView 2021-08-24 17:21:22 +01:00
Nick Rolfe
9c17e00645 Merge pull request #256 from github/syncRedos 
sync ReDoSUtil.qll with python/JS
 2021-08-23 10:11:16 +01:00