hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-07 16:14:02 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,252 Commits 1,732 Branches 164 Tags
f41c30e335fa9560254e943a63c7953260211722
Commit Graph

105 Commits

Author SHA1 Message Date
REDMOND\brodes
8459eec239 Moving the SsrfSink concept into Concepts.qll, and renaming to HttpClientRequestFromModel as suggested in PR review. 2026-02-06 09:26:49 -05:00
Owen Mansel-Chan
0222159df5 Specify vulnerable args instead of safe ones 2026-01-30 14:10:03 +00:00
Owen Mansel-Chan
a3885cd8b2 Replace sanitizer by exclusion from sink definition 2026-01-30 09:28:02 +00:00
Joe Farebrother
2cffb21604 Update and fix tests 2025-09-23 15:41:09 +01:00
Joe Farebrother
d28e8004fd Add sensitive data heuristic 2025-09-23 10:08:08 +01:00
Jeroen Ketema
cbde11ddc9 Properly share ConceptsShared.qll 2025-07-14 16:30:45 +02:00
Arthur Baars
d3e28772ae Rust/Python improve qldoc of SafeAccessCheck 2025-03-20 11:16:45 +01:00
Joe Farebrother
71ab82dee0 Fix qldoc, formatting, and redundant import warnings 2024-12-09 19:55:21 +00:00
Joe Farebrother
8647073433 Copy template injection to standard pack + add jinja sinks 2024-12-09 19:47:06 +00:00
Rasmus Wriedt Larsen
431a1af628 Merge branch 'main' into threat-models 2024-09-26 11:44:24 +02:00
Rasmus Wriedt Larsen
535db98823 Python: Minor simplification of ActiveThreatModelSource 
Co-authored-by: Taus <tausbn@github.com>
 2024-09-23 11:21:55 +02:00
Kevin Stubbings
c30332818f Reorder and rename 2024-09-13 00:41:55 -07:00
Kevin Stubbings
831d522025 First round feedback 2024-09-12 20:49:10 -07:00
Rasmus Wriedt Larsen
5ff7b6557f Python: Add links to threat-model docs 2024-09-10 14:32:39 +02:00
Kevin Stubbings
0420d25c13 refactor 2024-08-26 22:09:24 -07:00
Kevin Stubbings
1db7865d49 Corrections 2024-08-26 22:06:12 -07:00
Kevin Stubbings
8bf8893307 Add support for vulnerable CORS middlewares 2024-08-26 21:30:48 -07:00
Rasmus Wriedt Larsen
5ec8e5dd30 Python: Setup support for threat-models 
Naming in other languages:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and instead I came up with new names.
 2024-08-19 10:54:47 +02:00
Joe Farebrother
24df54804a Review suggestion - Add link to qldoc 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-08-06 22:59:14 +01:00
Joe Farebrother
ef3bbeacd6 Add check for kwargs in cookie attribute predicates 2024-07-29 11:17:42 +01:00
Joe Farebrother
90e87a1752 Factor each framework implementation of the cookie parameters to a common concept 2024-07-29 10:51:24 +01:00
Joe Farebrother
c7f9095739 Apply similar changes to httponly 2024-07-29 10:29:59 +01:00
Joe Farebrother
d997eee6e6 Code review suggestions - make definitions clearer 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-29 10:22:33 +01:00
Joe Farebrother
b28d79960b Update ConceptsTests and make a fix 2024-07-23 10:15:09 +01:00
Joe Farebrother
226e4eb8a5 Use a 3-valued newtype for hasSameSiteAttribute 2024-07-23 10:14:45 +01:00
Joe Farebrother
9ad6c8c5eb Implement cookie attributes for cases in which a raw header is set 2024-07-23 10:14:16 +01:00
Joe Farebrother
2df09f6194 Change flag predicates to boolean parameters rather than boolean results 2024-07-23 10:14:08 +01:00
Joe Farebrother
6f7b2a2d20 Add cookie flags to cookie write concept, and alter experimental queries to use them 2024-07-23 10:14:00 +01:00
Joe Farebrother
7704801e47 Change fastapi raw cookie header models to header write models 2024-06-24 17:27:12 +01:00
Joe Farebrother
a0201e9c4f Update tests for new cookie write from headers 2024-06-24 17:27:06 +01:00
Joe Farebrother
d11f58f768 Add cookie header write concept from experimental. 2024-06-24 17:26:56 +01:00
Joe Farebrother
b71ba7c30f Move Header Write derrived concepts to Concepts 2024-06-24 17:26:51 +01:00
Rasmus Lerchedahl Petersen
4378924785 Python: Example use of provenance for additional taint steps 2024-05-16 14:04:35 +02:00
Joe Farebrother
2b935e575a Add concept tests + fix typo 2024-04-24 14:05:41 +01:00
Joe Farebrother
eeef062f7c Implement sinks for wsgiref + allow lists in bulk header updates + local flow 2024-04-24 14:05:39 +01:00
Joe Farebrother
8636a50190 Fix qldoc + remove deprecation from experimental concepts (as they are still used in another experimental query) 2024-04-24 14:05:38 +01:00
Joe Farebrother
dbbc944f32 Correct spelling 2024-04-24 14:05:38 +01:00
Joe Farebrother
a88ad62c00 Implemented sinks for bulk header updates, and added corresponding tests. 2024-04-24 14:05:38 +01:00
Joe Farebrother
68d90918cf Add to header write concept a specification of whether the name or value arg allows newlines. 
Ported sink defenitions from Flask and Werzeug from experimental to main.
Removed experimental sink definitions for Django, as neither name nor value are vulnerable.
 2024-04-24 14:05:37 +01:00
Joe Farebrother
6021d9238c Move headers injection query and concept from experimental to main 2024-04-24 14:05:37 +01:00
Taus
1c68c987b0 Python: Change all remaining occurrences of StrConst 
Done using
```
git grep StrConst | xargs sed -i 's/StrConst/StringLiteral/g'
```
 2024-04-22 12:00:09 +00:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Rasmus Wriedt Larsen
e8f548ab52 Python: Model routed parameter flow to *args and **kwargs in Django + rest framework 2023-10-23 17:18:22 +02:00
Rasmus Wriedt Larsen
d6d13f84a9 Python: -> NoSQL in QLDocs 2023-09-29 13:54:21 +02:00
yoff
8156fa9a4d Apply naming suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-09-28 11:47:10 +02:00
Rasmus Lerchedahl Petersen
12dab88ec7 Python: rename concept 
`NoSqlQuery` -> `NoSqlExecution`
 2023-09-20 15:49:35 +02:00
Rasmus Lerchedahl Petersen
c0b3245a53 Python: Enrich the NoSql concept 
This allows us to make more precise modelling
The query tests now pass.
I do wonder, if there is a cleaner approach, similar to
`TaintedObject` in JavaScript. I want the option to
get this query in the hands of the custumors before
such an investigation, though.
 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
55707d395e Python: Make things compile in their new location 
- Move NoSQL concepts to the non-experimental concepts file
- fix references
 2023-09-07 09:28:30 +02:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
erik-krogh
d5029c94b6 changes based on review 2023-05-01 10:42:15 +02:00