hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-08 03:01:10 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,812 Commits 1,691 Branches 160 Tags
codeql-cli/v2.10.3
Commit Graph

41812 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
08f6d1ab80 Python: Clearer sourceType for client response body 2021-12-13 11:24:38 +01:00
Rasmus Wriedt Larsen
5de79b4ffe Python: Add HTTP::Client::Request concept 
Taken from Ruby, except that `getURL` member predicate was changed to
`getUrl` to keep consistency with the rest of our concepts, and stick
to our naming convention.
 2021-12-13 11:09:09 +01:00
Michael Nebel
f32d464c0f C#: Ensure bi-directional import for External flow. 2021-12-13 10:50:49 +01:00
Michael Nebel
327cf444f4 C#: Convert Newtonsoft.JSon.Linq.JObject and Newtonsoft.JSon.Linq.JToken flow to CSV format. 2021-12-13 10:50:49 +01:00
Michael Nebel
f3c0eadbce C#: Fix the existing callableFlow for JObject to target the inherited ToString methods from JToken. 2021-12-13 10:50:49 +01:00
Michael Nebel
58f36e4b31 C#: Convert NewtonSoft.Json.JSonSerializer flow to CSV format. 2021-12-13 10:50:49 +01:00
Michael Nebel
90e49508a3 C#: Convert Newtonsoft.Json.JsonConvert flow to CSV format. 2021-12-13 10:50:48 +01:00
Michael Nebel
a4bea05fa7 Merge pull request #7342 from michaelnebel/csharp-mad-as-csv3 
C#: More Flow summaries in CSV format.
 2021-12-13 10:32:28 +01:00
Rasmus Wriedt Larsen
1e45fa9ed4 JS/Py/Ruby: Add more CWEs to bad-tag-filter queries 
CWE-185: Incorrect Regular Expression

The software specifies a regular expression in a way that causes data to
be improperly matched or compared.

https://cwe.mitre.org/data/definitions/185.html

CWE-186: Overly Restrictive Regular Expression

> A regular expression is overly restrictive, which prevents dangerous values from being detected.
>
> (...) [this CWE] is about a regular expression that does not match all
> values that are intended. (...)

https://cwe.mitre.org/data/definitions/186.html

From my understanding,
CWE-625: Permissive Regular Expression, is not applicable. (since this
is about accepting a regex match where there should not be a match).
 2021-12-13 10:23:24 +01:00
Tom Hvitved
6f65f22db6 Update creating-codeql-databases.rst 
Always use `/p:UseSharedCompilation=false` for `msbuild` / `dotnet build`.
 2021-12-13 10:15:42 +01:00
Michael Nebel
be1e75471e C#: Ensure bi-directional import for external flow. 2021-12-13 09:23:11 +01:00
Michael Nebel
1cab177f8a C#: Convert System.Web.HttpUtility flow to CSV format. 2021-12-13 09:19:41 +01:00
Michael Nebel
0e0c3e3937 C#: Convert System.Web.HttpServerUtility flow to CSV format. 2021-12-13 09:19:41 +01:00
Michael Nebel
6301e726ee C#: Update HttpServerUtility stub with HtmlEncode method and update flow summaries test. 2021-12-13 09:19:41 +01:00
Michael Nebel
1cd37dddf5 C#: Convert System.Net.WebUtility flow to CSV format. 2021-12-13 09:19:41 +01:00
Michael Nebel
07a4f5f748 C#: Update FlowSummaries test as the bogus flow summaries for the KeyValuePair default constructor has been removed. 2021-12-13 09:19:41 +01:00
Michael Nebel
679aad138e C#: Convert System.Collections.Generic.KeyValuePair flow to CSV format. 2021-12-13 09:19:36 +01:00
Michael Nebel
42bf866fb3 C#: Convert System.Web.UI.WebControls.Textbox flow to CSV format. 2021-12-13 09:18:34 +01:00
Michael Nebel
9604ed883c C#: Convert System.NET.IPHostEntry flow to CSV format. 2021-12-13 09:17:27 +01:00
Michael Nebel
d804893a49 C#: Convert System.Net.Cookie flow to CSV format. 2021-12-13 09:16:05 +01:00
Michael Nebel
03fb244545 C#: Convert System.Web.HttpCookie flow to CSV format. 2021-12-13 09:13:14 +01:00
Michael Nebel
a6360215f3 Merge pull request #7304 from michaelnebel/csharp-mad-as-csv2 
C#: Convert flow summaries to CSV format.
 2021-12-13 08:56:06 +01:00
Harry Maclean
0ca9852cc8 Merge pull request #7325 from github/hmac/action-controller-private-methods 
Ruby: Don't count private methods as Rails actions
 2021-12-13 20:47:22 +13:00
Harry Maclean
6223b166c2 Update test fixtures 
At the same time, rename some classes in `private.rb` so they don't
interact with identically-named modules in `calls.rb`.
 2021-12-13 16:24:25 +13:00
Harry Maclean
e1d290d4c0 Ruby: Don't count private methods as Rails actions 
Private instance methods on ActionController classes aren't valid
request handlers. Routing to them will raise an exception.
 2021-12-13 15:36:55 +13:00
Owen Mansel-Chan
ce27b0da52 Fix incorrect type name in database/sql model 
This error seems to have been introduced in
36bbf1eeb9
 2021-12-12 17:47:52 -05:00
Owen Mansel-Chan
353aa8d603 Refactor isVariadic helper functions 
Store information more naturally for built-in functions.
 2021-12-12 16:56:26 -05:00
liangjinhuang
77b5f422ba change PasswordFnSink to RandomFnSink 2021-12-11 12:31:20 +08:00
Aditya Sharad
1857de1f33 JS: Speed up detection of jQuery marker comments 
Combine two regexes into a single one.
This saves up to 5s on large databases by reducing the number
of separate scans of the comments table before regex matching.

The combined regex is slightly more permissive than the
original two, since it allows a combination of the two
matched formats. A string that matches one of the original
regexes will match the combined regex.
 2021-12-10 15:30:02 -08:00
Dave Bartolomeo
b57d3296f1 Merge pull request #620 from github/aeisenberg/version-policies 
Add version policies
 2021-12-10 17:39:15 -05:00
Nick Rolfe
b80a84c156 Merge pull request #7341 from github/nickrolfe/cookies 2021-12-10 19:52:23 +00:00
Aditya Sharad
6a1aea740f JS: Avoid scanning individual comment lines to find generated code markers 
Some subclasses of GeneratedCodeMarkerComment regex match against `getLine(_)`.
When evaluated, this results in multiple scans (one per subclass that uses it)
of all comment lines in the database, before regex matching against those lines.

To make these scans smaller, regex match against the entire comment text
without splitting them into lines.
This is achieved using `?m` (multiline) and line boundaries in the regexes.
 2021-12-10 11:41:54 -08:00
Aditya Sharad
c9a87234ef JS: Factor helper predicate to improve SensitiveWrite performance 2021-12-10 11:41:53 -08:00
Andrew Eisenberg
3cc48fea6a Merge pull request #622 from github/post-release/v2.7.3 
Post release/v2.7.3
 2021-12-10 10:00:11 -08:00
Andrew Eisenberg
66c1629974 Merge pull request #7285 from github/post-release-prep-2.7.3-ddd4ccbb 
Post-release preparation 2.7.3
 2021-12-10 09:59:45 -08:00
Tony Torralba
43a10457dd [Java] Query for Log4j JNDI Injection 2021-12-10 17:37:43 +01:00
Nick Rolfe
b6c5b4d213 Ruby: define ActionViewCookiesCall 2021-12-10 16:36:26 +00:00
yoff
d8857c7ce8 Merge pull request #7246 from tausbn/python/import-star-flow 
Python: Support flow through `import *`
 2021-12-10 16:34:32 +01:00
Henry Mercer
a46787ea07 Merge pull request #7351 from github/henrymercer/js-atm-heuristic-sinks-improvements 
JS: Improve handling of heuristic sinks in endpoint filters
 2021-12-10 14:56:45 +00:00
Rasmus Wriedt Larsen
bd9b96e154 Merge pull request #7331 from tausbn/python-fix-bad-callsite-points-to-join 
Python: Fix bad `callsite_points_to` join
 2021-12-10 15:39:49 +01:00
Rasmus Wriedt Larsen
8ee020f79c Merge pull request #7332 from tausbn/python-fix-bad-scope-entry-points-to-join 
Python: Fix bad `scope_entry_points_to` join
 2021-12-10 15:33:13 +01:00
Esben Sparre Andreasen
13288be7fc make ATM anti sink model for dojo.require 2021-12-10 15:07:51 +01:00
Esben Sparre Andreasen
9ffc02944d add file write model for express-fileupload mv 2021-12-10 15:05:34 +01:00
Esben Sparre Andreasen
cfd2dcffa0 recognize more modelled database accesses 2021-12-10 14:54:59 +01:00
Esben Sparre Andreasen
b0f6cf1491 expose more marsdb calls as database accesses 2021-12-10 13:46:19 +01:00
Esben Sparre Andreasen
9df1ac7f75 treat redis and ioredis usage as database access 2021-12-10 13:26:26 +01:00
Chris Smowton
e9e4f5a687 Improve performance: join-order AllocationSizeOverflow's source and use matches not regexpFind 
The join order fix takes 10 seconds off that predicate; the get-a-flag changes take about 25% off compared to using regexes.
 2021-12-10 12:23:50 +00:00
Esben Sparre Andreasen
10498c3643 treat jQuery as fully modelled 2021-12-10 12:51:45 +01:00
Nick Rolfe
a4da528812 Ruby: query to find user-controlled bypass of sensitive actions 2021-12-10 11:41:09 +00:00
Esben Sparre Andreasen
a1ee900f50 treat Base64 manipulations as non-sinks 2021-12-10 12:37:44 +01:00