hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 11:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,697 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.0
Commit Graph

40697 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tony Torralba
6f2d91a8ad Sinks for CloseableThreadContext 2021-12-17 09:17:04 +01:00
Mathias Vorreiter Pedersen
d840796494 C++: Fix join-order in 'phi_node' predicate. 2021-12-17 07:50:04 +00:00
github-actions[bot]
6c57cbba2b Add changed framework coverage reports 2021-12-17 00:09:41 +00:00
Andrew Eisenberg
50ee4ab330 Solorigate: Extract to separate qlpack 
Extracts solorigate to separate qlpacks in preparation for
publishing them to the registry.
 2021-12-16 16:09:20 -08:00
Rasmus Wriedt Larsen
1d00730753 Python: Allow http[s]:// prefix for SSRF 2021-12-17 00:27:18 +01:00
Rasmus Wriedt Larsen
8d9a797b75 Python: Add tricky .format SSRF tests 2021-12-17 00:24:51 +01:00
Rasmus Wriedt Larsen
6f297f4e9c Python: Fix SSRF sanitizer tests 
They were very misleading before, because a sanitizer that happened
early, would remove taint from the rest of the cases by use-use flow :|
 2021-12-16 23:24:08 +01:00
Rasmus Wriedt Larsen
4b5599fe17 Python: Improve full/partial SSRF split 
Now full-ssrf will only alert if **all** URL parts are fully
user-controlled.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
cb934e17b1 Python: Adjust SSRF location to request call 
Since that might not be the same place where the vulnerable URL part is.
 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
b1bca85162 Python: Add interesting test-case 2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen
5a7efd0fee Python: Minor adjustments to QLDoc of HTTP::Client::Request 2021-12-16 22:48:51 +01:00
Erik Krogh Kristensen
2626b0b3dc QL: fix test workflow 2021-12-16 22:26:42 +01:00
Erik Krogh Kristensen
be076dc2c8 add Erik and Taus as QL-for-QL reviewers 2021-12-16 21:47:42 +01:00
Owen Mansel-Chan
da8f8e2eef Refactor to use SummarizedCallable, sourceElement and sinkElement 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan
ec3dd1e1c0 Revert "Update tests for no flow through receivers when no function body" 
This reverts commit 06f889fce6.
 2021-12-16 19:35:54 +00:00
Owen Mansel-Chan
9b2f29bbcd Allow data flow through receiver for modelled methods 2021-12-16 19:35:54 +00:00
Mathias Vorreiter Pedersen
53a1f935b7 C++: Fix join-order in 'HttpStringLiteral' charpred. 2021-12-16 17:12:50 +00:00
Chris Gavin
8fabbd697e Merge pull request #7422 from github/todo-comment-kind 
Add `kind` metadata to example query.
 2021-12-16 16:36:15 +00:00
Chris Smowton
e3b2eed2d2 Merge pull request #7423 from github/atorralba/log4j-CVE-2021-45046 
Java: Cover CVE-2021-45046 in the Log4jJndiInjection query
 2021-12-16 16:00:45 +00:00
Nick Rolfe
dba26a92e9 Merge remote-tracking branch 'origin/main' into nickrolfe/user-controlled-bypass 2021-12-16 15:05:01 +00:00
Erik Krogh Kristensen
8eda061d2f add dbscheme and codeql version to query hash 2021-12-16 15:49:07 +01:00
Tom Hvitved
579b58b8fa Merge pull request #7402 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2021-12-16 15:42:10 +01:00
Arthur Baars
3ef707e358 Address comment 2021-12-16 15:38:41 +01:00
Arthur Baars
cdbd8b27d3 Ruby: SimpleParameter is not an Expr 2021-12-16 15:38:40 +01:00
Rasmus Wriedt Larsen
6ce1524192 Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-12-16 15:19:37 +01:00
Chris Gavin
4a1e2ed408 Add a severity and select the correct number of columns. 2021-12-16 14:02:36 +00:00
Tom Hvitved
e9ef53c31b Merge pull request #7390 from hvitved/ruby/deprecate-pattern-classes 
Ruby: Deprecate `Pattern` classes
 2021-12-16 14:36:13 +01:00
Tony Torralba
7d6cba77a0 Add tests 2021-12-16 13:44:01 +01:00
Tony Torralba
2e0ca6ce2b Add stubs 2021-12-16 13:44:01 +01:00
Tony Torralba
7d70b77141 Add new sinks and taint steps 2021-12-16 13:43:58 +01:00
Chris Smowton
ede57b6527 Merge pull request #637 from smowton/smowton/fix/log-injection-sanitizers 
Fix sanitization by strings.Replace[All] in go/unsafe-quoting and go/log-injection
 2021-12-16 12:28:40 +00:00
Chris Gavin
407c265daf Add kind metadata to example query. 2021-12-16 12:12:36 +00:00
Michael Nebel
95d175e9e0 Merge pull request #7406 from michaelnebel/csharp-system-threading-csv 
C#: Convert more flow summaries to CSV format.
 2021-12-16 12:56:44 +01:00
Michael Nebel
d777ba8a25 C#: Cleanup private imports in LibraryTypeDataFlow. 2021-12-16 11:24:24 +01:00
Michael Nebel
a26403b359 Convert System.Tuple and friends flow to CSV format. 2021-12-16 11:20:04 +01:00
Asger Feldthaus
0e9c2377e3 JS: Use a field in RouterHandlerParameter 2021-12-16 10:26:35 +01:00
Michael Nebel
348e3b74f3 C#: Convert System.Text.Encoding flow to CSV format. 2021-12-16 10:03:12 +01:00
CodeQL CI
f274f06d9b Merge pull request #7409 from asgerf/js/track-functions-with-methods 
Approved by erik-krogh
 2021-12-16 09:01:42 +00:00
CodeQL CI
acbf7913b2 Merge pull request #7408 from asgerf/js/trusted-types-sinks 
Approved by esbena
 2021-12-16 08:59:51 +00:00
Michael Nebel
a5c055581e C#: Convert System.Runtime.CompilerServices.ConfiguredTaskAwaitable<>.ConfiguredTaskAwaiter flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
ddb7d722bc C#: Convert System.Runtime.CompilerServices.TaskAwaiter<> flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
bdd44c1c46 C#: Convert System.Runtime.CompilerServices.ConfiguredTaskAwaitable flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
034d45ddc0 C#: Convert System.Threading.Tasks.TaskFactory flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
440976fe63 C#: Convert System.Threading.Tasks.Task<> flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
cde98c7799 C#: Convert System.Threading.Tasks.Task flow to CSV format. 2021-12-16 09:36:39 +01:00
Michael Nebel
90d7b94b8a Merge pull request #7413 from hvitved/csharp/fix-test 
C#: Fix broken `FlowSummariesFiltered` test
 2021-12-16 09:31:33 +01:00
Rasmus Wriedt Larsen
1cc5e54357 Python: Add SSRF queries 
I've added 2 queries:

- one that detects full SSRF, where an attacker can control the full URL,
  which is always bad
- and one for partial SSRF, where an attacker can control parts of an
  URL (such as the path, query parameters, or fragment), which is not a
  big problem in many cases (but might still be exploitable)

full SSRF should run by default, and partial SSRF should not (but makes
it easy to see the other results).

Some elements of the full SSRF queries needs a bit more polishing, like
being able to detect `"https://" + user_input` is in fact controlling
the full URL.
 2021-12-16 01:48:34 +01:00
github-actions[bot]
18489c0ded Add changed framework coverage reports 2021-12-16 00:09:34 +00:00
Dave Bartolomeo
d5ef1cf28d Update docs/change-notes.md 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-12-15 15:58:14 -05:00
Rasmus Wriedt Larsen
579de0c3f0 Python: Remove getResponse and do manual taint steps 2021-12-15 21:55:04 +01:00