Alex Ford
16ab4da812
Update ql/lib/codeql/ruby/security/XSS.qll
...
Co-authored-by: Harry Maclean <hmac@github.com >
2021-10-07 20:03:07 +01:00
Alex Ford
fb5cfcc9b0
OrmTracking goes through or expressions
2021-10-07 15:30:36 +01:00
Alex Ford
6065e29aba
Fix performance issues related to a x-product between ActiveRecordModelInstantiation and MethodCall
2021-10-07 15:30:36 +01:00
Alex Ford
b2434950d3
abstract away some ActiveRecord specific parts of XSS.qll
2021-10-07 15:30:36 +01:00
Alex Ford
6dc3ce335b
make rb/stored-xss track ActiveRecord db accesses
2021-10-07 15:30:36 +01:00
Alex Ford
a2084f813e
rb/stored-xss structure and initial implementation (FileSystemReadAccess sources)
2021-10-07 15:30:36 +01:00
Harry Maclean
4f9518a9c6
Merge pull request #293 from github/hmac-code-injection
...
Add query for Code Injection
2021-09-23 13:50:48 +01:00
Harry Maclean
41608ef47b
Address review comments
2021-09-23 12:26:54 +01:00
Tom Hvitved
08dc6d79ef
Add support for flow summaries
2021-09-21 11:04:53 +02:00
Nick Rolfe
6f7d4fef70
Merge pull request #287 from github/unsafe-deserialization
...
rb/unsafe-deserialization query
2021-09-20 14:23:30 +01:00
Harry Maclean
95e50cedad
Add query for Code Injection
...
This query finds cases where user input flows to an argument to `eval`
or `send`, which can execute arbitrary Ruby code.
2021-09-20 11:35:45 +01:00
Harry Maclean
916b844557
Merge pull request #280 from github/hmac-cli-injection
...
Add CLI Injection query
2021-09-20 08:54:01 +01:00
Harry Maclean
739661eb10
Test that KernelMethodCall is specific enough
...
Calls to `UnknownModule.system`, where `UnknownModule` is a module that
we know nothing about, should not be identified as instances of
`KernelMethodCall`.
2021-09-17 17:02:17 +01:00
Harry Maclean
f8359767bc
Exclude non-shell interpreted args
...
Update the CommandInjection query to only consider sinks where the
argument is interpreted by a shell. If the argument is passed directly
to a subprocess then it's not vulnerable to shell injection.
2021-09-17 17:02:17 +01:00
Harry Maclean
799ef4e4c9
Add barrier guards for CLI injection
2021-09-17 17:02:17 +01:00
Harry Maclean
8f65d78cb5
Add Shellwords.escape as CLI injection sanitizer
2021-09-17 17:02:17 +01:00
Harry Maclean
4a0d7c528a
Add top-level CLI injection query and tests
2021-09-17 17:02:17 +01:00
Harry Maclean
8440fe2ba9
Add CommandInjection dataflow config
2021-09-17 17:02:17 +01:00
Alex Ford
773291e4c3
Put exprNodeReturnedFrom predicate in DataFlowDispatch.qll
2021-09-15 20:50:46 +01:00
Alex Ford
e80faa017c
Fix rb/reflected-xss flow from helper method return values
2021-09-15 20:50:46 +01:00
Alex Ford
35da921deb
format
2021-09-15 20:50:46 +01:00
Alex Ford
50b0bb8b36
Restrict rb/reflected-xss instance variable taint edges
2021-09-15 20:50:46 +01:00
Alex Ford
0689e6095e
make a type more specific
2021-09-15 20:50:46 +01:00
Alex Ford
205b141482
format
2021-09-15 20:50:46 +01:00
Alex Ford
76864a82be
remove an incorrect test case
2021-09-15 20:50:46 +01:00
Alex Ford
3445a6a5e7
fix flow steps from controller instance var assignement to view read access
2021-09-15 20:50:46 +01:00
Alex Ford
b993723595
remove spurious ivar -> locals hash mapping (actionview/controller)
2021-09-15 20:50:46 +01:00
Alex Ford
3430a46440
fix some local variable mappings between view and controller
2021-09-15 20:50:46 +01:00
Alex Ford
b264a05288
Update ql/lib/codeql/ruby/security/ReflectedXSSCustomizations.qll
...
Co-authored-by: Harry Maclean <hmac@github.com >
2021-09-15 20:50:46 +01:00
Alex Ford
d71dd3f6c7
rb/reflected-xss
2021-09-15 20:50:46 +01:00
Nick Rolfe
9b9fc18605
Add taint step for Base64.decode64
2021-09-08 17:49:23 +01:00
Nick Rolfe
adceb0a2a1
Add query rb/unsafe-deserialization
2021-09-08 17:49:23 +01:00
Harry Maclean
87253032e2
Add a query for URL redirect vulnerabilities
...
This query finds instances of CWE-601: Redirection to Untrusted Site.
The structure is copied from a query of the same name in the Python
library. We add customisations specific to `ActionController`.
2021-09-03 13:17:14 +01:00
