hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 18:33:42 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,418 Commits 1,693 Branches 161 Tags
codeql-cli/v2.10.2
Commit Graph

41418 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Chris Smowton
026dc5c97f Add changelog notes regarding added library support 2020-07-28 14:57:14 +01:00
Chris Smowton
0e6feb923c Add test for json-iterator package, and support more of its API 
Specifically the top-level functions Unmarshal and UnmarshalFromString are just convenience wrappers around the type API, which is the usual documented way to use the library.
 2020-07-28 14:52:10 +01:00
Chris Smowton
e19f476341 Add test for Sqlx 2020-07-28 14:52:10 +01:00
Chris Smowton
f5caf7e9e2 Add test for Gorm 2020-07-28 14:52:10 +01:00
Chris Smowton
a813607a76 go-restful model: Add support for ReadEntity method 2020-07-28 14:52:10 +01:00
Chris Smowton
3c4a1b90fe Add test for Go-restful 2020-07-28 14:52:10 +01:00
Chris Smowton
b96546b0f8 Improve style of library models 2020-07-28 14:40:48 +01:00
Max Schaefer
e9ae697d0d Merge pull request #251 from gagliardetto/standard-lib-pt-1 
Add taint-tracking for archive/tar and archive/zip
 2020-07-28 14:27:02 +01:00
Shati Patel
a79f09f1de Add basic query for Go 2020-07-28 15:25:59 +02:00
Chris Smowton
88cb435843 Split security flags into more distinct categories 
There are now three categories: general security or option flags, those related to TLS version selection, and those related to certificate configuration. The TLS and disabled-certificate-check queries use two categories each.
 2020-07-28 13:54:37 +01:00
Chris Smowton
3c244e2235 Insecure-TLS: remove obsolete TODO 
The case noted works fine.
 2020-07-28 13:04:16 +01:00
Shati Patel
8e8c43a25b Add basic query for JavaScript 2020-07-28 13:54:06 +02:00
luchua-bc
7f911f00ee Rename to insecure basic auth 2020-07-28 11:40:21 +00:00
Chris Smowton
9b4e189374 Insecure-TLS: Use DataFlow::Node::getRoot, and factor getEnclosingFunction 2020-07-28 11:55:58 +01:00
Chris Smowton
2751552cbe Insecure-TLS: Reintroduce tests for InsecureCipherSuites() 
These stopped producing an alert because they used a variable name that acknowledges an insecure setup
 2020-07-28 11:55:58 +01:00
Chris Smowton
db9760082d Insecure-TLS: simplify warning message 2020-07-28 11:55:58 +01:00
Chris Smowton
2a0642b67b Insecure-TLS: remove is-test-file filter 2020-07-28 11:55:58 +01:00
Chris Smowton
5c8534f56e EXCUSED -> OK 2020-07-28 11:55:58 +01:00
Chris Smowton
d0c76187da Fix comment 2020-07-28 11:55:58 +01:00
Chris Smowton
a10db25b7d Remove redundant constraint 2020-07-28 11:55:58 +01:00
Chris Smowton
779901cdbd Reference Mozilla's TLS advice in qhelp 2020-07-28 11:55:58 +01:00
Chris Smowton
718c4e8531 Add change note for insecure-TLS query 2020-07-28 11:55:58 +01:00
Chris Smowton
db27f8477a Update CWE-327 test 
This now checks various carve-outs for probable feature / compatibility flags
 2020-07-28 11:55:58 +01:00
Chris Smowton
21d107e0e9 Check for suspected feature-flags more uniformly 
These are now checked of all source *and* sink nodes, and the checks are factored with similar paths for is-insecure and is-old flags.
 2020-07-28 11:55:58 +01:00
Chris Smowton
7d294c5d81 Factor and generalise InsecureFeatureFlag 
The same path is now used to classify flags relating to old/legacy versions.
 2020-07-28 11:21:51 +01:00
Chris Smowton
34c8cc5019 Improve documentation and function naming 2020-07-28 11:21:51 +01:00
Shati Patel
9edf1646c9 Add basic queries for C#, Java, and Python 2020-07-28 12:18:45 +02:00
Shati Patel
0f3599039f Update docs/language/learn-ql/cpp/basic-query-cpp.rst 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-07-28 11:49:17 +02:00
Chris Smowton
17200a8569 Use SsaWithFields to find similar good-tls-version flows 
Note: if accepted, merge this into a previous commit before submitting the PR
 2020-07-28 10:31:45 +01:00
Chris Smowton
a7e549e771 Exclude TLS version sources accompanied by a non-nil error 
It is common to return 0 has a dummy value with an error; these are very likely not going to be used as a real TLS version.
 2020-07-28 10:31:44 +01:00
Chris Smowton
af960ed2cd Exclude more hits whose context suggests an intentionally old TLS configuration 2020-07-28 10:31:44 +01:00
Chris Smowton
8afa0c51d9 Filter out bad TLS versions where there is a converging flow supplying a good version 
I'm supposing these usually indicate something configurable, rather than a hard-coded insecure choice. The *default* being insecure is still a problem, but probably not amenable to automated analyses.
 2020-07-28 10:31:44 +01:00
Chris Smowton
b66a91bd5f Exclude InsecureTLS problems guarded by feature flags 2020-07-28 10:31:44 +01:00
Chris Smowton
6058c90485 Factor predicates for identifying security-related feature flags from DisabledCertificateCheck 2020-07-28 10:31:44 +01:00
Chris Smowton
a6ab92bbca Supress paths that extend beyond the first sink 
For this particular query it's hardly ever interesting to complain about a bad cipher suite being configured, then read from the list and re-added elsewhere. In such a case the longer path will be detected when the shorter one is fixed in any case.
 2020-07-28 10:31:44 +01:00
Chris Smowton
08ec017e4c Cleanup: disjunction -> set literal 2020-07-28 10:31:44 +01:00
Tom Hvitved
ce2368de96 C#: Add tests for null-coalescing assignment 2020-07-28 11:07:47 +02:00
luchua-bc
248628b11e Enhance basic auth string search with a recursive method 2020-07-27 20:31:07 +00:00
luchua-bc
3a23451395 Enhance the query 2020-07-27 18:50:47 +00:00
Rasmus Lerchedahl Petersen
38acea633f Python: Dataflow, expand callable to classes 2020-07-27 17:58:21 +02:00
Tom Hvitved
c5a4a6be05 Merge pull request #3871 from hvitved/csharp/autobuilder/dotnet-delegate 
C#: Introduce delegate type in autobuilder
 2020-07-27 16:51:24 +02:00
Taus
f40242dc3f Merge pull request #3396 from porcupineyhairs/python-ssti 
Python : Add query to detect Server Side Template Injection
 2020-07-27 14:43:39 +02:00
Max Schaefer
91762ec274 JavaScript: Add partial model for opener. 
3.5M weekly downloads.

Note that we do not treat the first argument as a command-injection sink. While it is possible to inject commands that way, it is more likely to cause false positives where the user input is concatenated with some prefix that makes the opening heuristic decide to treat it as a URL.
 2020-07-27 11:42:32 +01:00
Max Schaefer
9aa26fa4bc JavaScript: Add model for foreground-child. 
>1M weekly downloads, so seems worth doing.
 2020-07-27 11:37:06 +01:00
Max Schaefer
2f842042ea JavaScript: Model another execa function relevant for command injection. 2020-07-27 11:34:04 +01:00
Tom Hvitved
f5c1de8a17 Merge pull request #3960 from calumgrant/cs/tag-inefficient-containskey 
C#: Fix tags typo
 2020-07-27 11:44:58 +02:00
Calum Grant
09f45ac9fe Merge pull request #3877 from calumgrant/cs/autobuilder-alerts 
C#: Make fields readonly
 2020-07-27 10:43:04 +01:00
Shati Patel
db09ca7b68 Update queries + outdated note 2020-07-27 11:42:10 +02:00
Owen Mansel-Chan
6dbed5e848 Address review comments 2020-07-27 10:19:48 +01:00