hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-08 08:34:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
1,210 Commits 1,731 Branches 164 Tags
ed708c1903edb96fa04e85646041350a82251ac6
Commit Graph

1210 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alex Ford
ed708c1903 Update ql/src/queries/security/cwe-079/ReflectedXSS.qhelp 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
eed87b3319 Apply suggestions from code review 
Co-authored-by: Nick Rolfe <nickrolfe@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
205b141482 format 2021-09-15 20:50:46 +01:00
Alex Ford
76864a82be remove an incorrect test case 2021-09-15 20:50:46 +01:00
Alex Ford
3445a6a5e7 fix flow steps from controller instance var assignement to view read access 2021-09-15 20:50:46 +01:00
Alex Ford
b993723595 remove spurious ivar -> locals hash mapping (actionview/controller) 2021-09-15 20:50:46 +01:00
Alex Ford
3430a46440 fix some local variable mappings between view and controller 2021-09-15 20:50:46 +01:00
Alex Ford
b264a05288 Update ql/lib/codeql/ruby/security/ReflectedXSSCustomizations.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-09-15 20:50:46 +01:00
Alex Ford
dbb239b04e reorder and format rb/reflected-xss qhelp 2021-09-15 20:50:46 +01:00
Alex Ford
d71dd3f6c7 rb/reflected-xss 2021-09-15 20:50:46 +01:00
Tom Hvitved
d3a1d0a62a Merge pull request #294 from github/bump-codeql 
Bump `codeql` submodule
 2021-09-15 16:24:04 +02:00
Tom Hvitved
9e67382f06 Bump codeql submodule 2021-09-15 14:59:42 +02:00
Harry Maclean
12723f0f13 Merge pull request #288 from github/hmac-barrier-guard-checks 
Make barrier guards more specific
 2021-09-14 16:16:20 +01:00
Tom Hvitved
f4e2c30d86 Merge pull request #291 from github/hvitved/regexp-multiples 
Speedup `RegExp::multiples`
 2021-09-14 14:22:20 +02:00
Tom Hvitved
8ac3dc29e0 Speedup RegExp::multiples 
Use regexps to perform matching to avoid constructing sub strings.
 2021-09-14 13:58:24 +02:00
Harry Maclean
4763312e55 Merge ConditionBlock and BarrierGuard 2021-09-14 11:11:12 +01:00
Harry Maclean
6f32401e5c Add unless x != test to barrier guards 
This tests that the following call to `foo bar` is guarded:

    unless bar != "bar"
      foo bar
    end
 2021-09-13 11:58:17 +01:00
Harry Maclean
800e18349f Add != to StringConstCompare 
This means we treat != comparisons against strings as taint tracking guards:

    if foo != "A"
      foo         # still tainted
    else
      foo         # not tainted, because we know foo == "A"
    end
 2021-09-10 16:42:45 +01:00
Harry Maclean
8f36b0d7fe Simplify guard in SQL injection tests 
We don't (yet) properly sanitize taint in cases like this

    foo = "A" unless foo == "B"

So for now, use a simpler guard in the SQL injection test.
We can resurrect the old, more idiomatic guard when we can support it.
 2021-09-10 16:27:57 +01:00
Harry Maclean
56983565fe Update ReDoS length guard 
Changes to barrier guards in a previous commit mean we need to update
this guard to match.
 2021-09-10 16:21:17 +01:00
Nick Rolfe
b51e741439 Merge pull request #289 from github/rust_warnings 
Fix 'unused borrow that must be used' warnings.
 2021-09-09 17:27:05 +01:00
Nick Rolfe
cf72bada3d Fix 'unused borrow that must be used' warnings. 
I don't remember seeing this warning before upgrading to Rust 1.55
 2021-09-09 17:03:10 +01:00
Nick Rolfe
6dbf6d7e82 Merge pull request #278 from github/aibaars/revert-hotfix 
Revert "Use hotfixed version of `codeql/suite-helpers` with workaround for bug in released CLI"
 2021-09-09 11:21:20 +01:00
Harry Maclean
b4c29425ea Make barrier guards more specific 
Following examples from the other libraries, this change introduces a
member predicate `checks(CfgNode expr, boolean branch)` to
`BarrierGuard`, which holds if the guard validates `expr` for a
particular value of `branch`, which represents the value of the
condition in the guard.

For example, in the following guard...

    if foo == "foo"
      do_something foo
    else
      do_something_else foo
    end

...the variable `foo` is validated when the condition `foo == "foo"` is
true.

We also introduce the concept that a guard "controls" a code block based
on the value of `branch`. In the example above, the "then" branch of the
if statement is controlled when `branch` is true. The else branch is
not controlled because `foo` can take (almost) any value in that branch.

Based on these concepts, we define a guarded node to be a read of a
validated variable in a controlled block.

In the above example, the `foo` in `do_something foo` is guarded, but
the `foo` in `do_something_else foo` is not.
 2021-09-09 11:04:52 +01:00
Nick Rolfe
a62aa2b1b2 Merge pull request #269 from github/polynomial_redos 
Polynomial ReDoS query
 2021-09-07 18:31:04 +01:00
Nick Rolfe
414362db8d Rename .qll to match our naming scheme for other dataflow queries. 2021-09-07 17:38:08 +01:00
Nick Rolfe
7666d856b7 Merge remote-tracking branch 'origin/main' into polynomial_redos 2021-09-07 17:35:07 +01:00
Nick Rolfe
4d5928ae5a Add @security-severity tag 2021-09-07 12:15:44 +01:00
Nick Rolfe
8fbe5c0adf Merge pull request #261 from github/getPrimaryQlClasses 
Implement getPrimaryQlClasses
 2021-09-07 12:02:15 +01:00
Tom Hvitved
8ce7fdc59a Merge pull request #284 from github/hvitved/instanceof-test 
Use `instanceof` base classes
 2021-09-07 13:01:43 +02:00
Nick Rolfe
060060bc0b Merge remote-tracking branch 'origin/main' into getPrimaryQlClasses 2021-09-06 19:34:34 +01:00
Tom Hvitved
3594794875 Use instanceof base classes in range patterns 2021-09-06 16:15:52 +02:00
Tom Hvitved
9b3b9a731f Move instanceof check from charpred in CfgScope 2021-09-06 10:31:16 +02:00
Calum Grant
51d729a086 Merge pull request #282 from github/add-coc 
Create CODE_OF_CONDUCT.md
 2021-09-03 14:25:44 +01:00
Harry Maclean
36d5fda400 Merge pull request #260 from github/hmac-url-redirect 
Add URLRedirect query
 2021-09-03 13:36:54 +01:00
Pierre
12c1f43ceb Create CODE_OF_CONDUCT.md 
Add COC based on the latest template.
 2021-09-03 14:27:04 +02:00
Harry Maclean
87253032e2 Add a query for URL redirect vulnerabilities 
This query finds instances of CWE-601: Redirection to Untrusted Site.

The structure is copied from a query of the same name in the Python
library. We add customisations specific to `ActionController`.
 2021-09-03 13:17:14 +01:00
Calum Grant
799c0ff252 Merge pull request #281 from github/add-license 
Add LICENSE
 2021-09-03 13:14:15 +01:00
Pierre
bc85a1b825 Add LICENSE file 
Required step for open-sourcing. This uses the same license at `codeql-ruby`.
 2021-09-03 13:10:54 +02:00
Nick Rolfe
47e5a8fd09 Add test for polynomial ReDoS query 2021-09-02 17:57:56 +01:00
Nick Rolfe
cbe23661ed Rename exponential ReDoS test directory 2021-09-02 17:57:56 +01:00
Nick Rolfe
d62b41bdf4 Add query for polynomial ReDoS 2021-09-02 17:57:56 +01:00
Alex Ford
86073776b7 Merge pull request #249 from github/erb-lib 
Add codeql_ruby.ast.Erb library
 2021-09-02 16:26:52 +01:00
Arthur Baars
ab4cc753b0 Revert "Use hotfixed version of codeql/suite-helpers with workaround for bug in released CLI" 
This reverts commit 9d7b77496e.
 2021-09-02 16:01:51 +02:00
Tom Hvitved
b8ec5d7d31 Merge pull request #276 from github/hvitved/api-graphs-comment-typo 
Fix typo in comment
 2021-09-02 12:50:25 +02:00
Tom Hvitved
2d0febeb04 Fix typo in comment 2021-09-02 10:24:37 +02:00
Tom Hvitved
c176d344ab Merge pull request #274 from github/hvitved/cfg/may-raise 
CFG: Model calls that may raise an exception
 2021-09-01 17:42:13 +02:00
Tom Hvitved
6e23a9ae7a Merge pull request #275 from github/hvitved/api-graphs-fix 
API graphs: Fix bug for resolvable modules
 2021-09-01 17:10:27 +02:00
Tom Hvitved
03e91a22bc API graphs: Performance fixes 2021-09-01 16:57:56 +02:00
Tom Hvitved
ae70af01cd API graphs: Fix bug for resolvable modules 2021-09-01 16:57:52 +02:00