codeql

mirror of https://github.com/github/codeql.git synced 2026-03-21 06:57:09 +01:00

Author	SHA1	Message	Date
Chris Smowton	1549993565	Update test results to account for changed model structure (Models now have internal nodes in order to allow field flow through them)	2021-06-17 11:41:05 +01:00
Chris Smowton	8d70e3d22e	Fix casing of change note	2021-06-17 11:41:05 +01:00
Chris Smowton	9138d2b8f5	Improve comment casing Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2021-06-17 11:41:05 +01:00
Chris Smowton	b25e8671b9	Java SSRF query: comment on sanitizing regex	2021-06-17 11:41:05 +01:00
Chris Smowton	a665d5d111	Improve RequestForgery.qhelp recommendation	2021-06-17 11:41:05 +01:00
Chris Smowton	0d9a6e2b61	Update java/ql/src/semmle/code/java/security/RequestForgery.qll SpringRestTemplateUrlMethods -> SpringRestTemplateUrlMethod	2021-06-17 11:41:05 +01:00
Chris Smowton	fb2989c16b	Copyedit comments and function names Co-authored-by: Felicity Chapman <felicitymay@github.com>	2021-06-17 11:41:04 +01:00
Chris Smowton	960a903185	Java SSRF query: document RequestForgeryAdditionalTaintStep and use Unit not string for a supertype.	2021-06-17 11:41:04 +01:00
Chris Smowton	575198a0e4	Java SSRF query: Server Side -> Server-Side everywhere.	2021-06-17 11:41:04 +01:00
Chris Smowton	7899e17f3a	Java SSRF query: move RequestForgery qll file into semmle/code hierarchy This makes it importable by people wishing to extend the query.	2021-06-17 11:41:04 +01:00
Chris Smowton	532a10bfdf	Java SSRF query: Provide hook for custom taint-propagating steps; make all default sinks/sanitizers/steps private.	2021-06-17 11:41:04 +01:00
Chris Smowton	5bdd9da27a	Java SSRF query: credit original author	2021-06-17 11:41:04 +01:00
Chris Smowton	e8613367e8	Java SSRF query: copyedit qhelp	2021-06-17 11:41:04 +01:00
Chris Smowton	3333e7d186	Java SSRF query: sanitize primitives Even 'char' isn't a realistic vector for an exploit, unless somebody is copying out a string char by char.	2021-06-17 11:41:04 +01:00
Chris Smowton	93a9f471ce	Add change note	2021-06-17 11:41:04 +01:00
Chris Smowton	77904d9597	Remove failing test The case where something might be exactly a constant is general across all queries, and not handled yet, particularly in the case where the result of `getParameter("uri")` might have changed between the check and the use.	2021-06-17 11:41:04 +01:00
Chris Smowton	6933d06a46	Add exactly the string '/' as a sanitizing prefix. Usually this is ignored for suspicion that it could be taken for a protocol specifier, but on balance the context `(something) + "/" + tainted()` is more likely to be taken for a user-controlled location within a host the user does not control.	2021-06-17 11:41:03 +01:00
Chris Smowton	bc43b6d760	Fix typo	2021-06-17 11:41:03 +01:00
Chris Smowton	e6249eed79	Add doc comments	2021-06-17 11:41:03 +01:00
Chris Smowton	26e10f3ad5	SSRF: don't consider results of fetches we initiated to be untrustworthy	2021-06-17 11:41:03 +01:00
Chris Smowton	c63d5986cf	Sanitize StringBuilder appends that follow directly from a constructor. Note that some of this logic ought to be incorporated into StringBuilderVar once that code can be reviewed.	2021-06-17 11:41:03 +01:00
Chris Smowton	b5a450b881	SSRF query: add sanitizer looking for a variety of ways of prepending a sanitizing prefix, such as one that restricts the hostname a URI will refer to.	2021-06-17 11:41:03 +01:00
Chris Smowton	487c1db6ed	Promote SSRF query to main query set	2021-06-17 11:41:01 +01:00
Anders Schack-Mulligen	6ca8d69b26	Merge pull request #5881 from haby0/java/UnsafeDeserialization Java: CWE-502 Add UnsafeDeserialization sinks	2021-06-17 12:36:34 +02:00
Anders Schack-Mulligen	8fe2f4a554	Merge pull request #6034 from owen-mc/java/jax-rs Improve JAX-WS and JAX-RS models	2021-06-17 12:35:34 +02:00
Anders Schack-Mulligen	b173b4141d	Merge pull request #6096 from smowton/smowton/fix/inline-expectations-missing-prefix Inline expectation tests: accept // $MISSING: and // $SPURIOUS:	2021-06-17 11:41:15 +02:00
haby0	363ad5b470	Fix error	2021-06-17 17:36:35 +08:00
Owen Mansel-Chan	945db01f56	Address review comments	2021-06-17 10:29:33 +01:00
Owen Mansel-Chan	b9bc1f978c	Update style of inline expectation comments	2021-06-17 10:04:15 +01:00
Tom Hvitved	41ed9f3e1b	Data flow: Fix inconsistencies	2021-06-17 10:48:32 +02:00
Chris Smowton	558813acf7	Inline expectation tests: accept // $MISSING: and // $SPURIOUS: Previously there had to be a space after the $ token, unlike ordinary expectations (i.e., // $xss was already accepted)	2021-06-17 09:44:39 +01:00
Owen Mansel-Chan	0987425f94	Reinstate failing tests with MISSING: prefix	2021-06-17 09:36:51 +01:00
Tom Hvitved	00e544189e	Data flow: Add consistency queries	2021-06-17 10:26:56 +02:00
Tom Hvitved	ad54f2e1f4	Bump `codeql` submodule	2021-06-17 10:24:19 +02:00
Tom Hvitved	0febf5a592	Merge pull request #6094 from hvitved/dataflow/consistency-compiler-too-smart Data flow: Workaround for too clever compiler in consistency queries	2021-06-17 10:23:31 +02:00
edvraa	ac777d237d	autoformat	2021-06-17 09:23:26 +01:00
edvraa	0456d4793a	Fix path tracking	2021-06-17 09:23:26 +01:00
edvraa	4576b16f30	Use dataflow gettype	2021-06-17 09:23:26 +01:00
edvraa	062acedd49	Unify and make getValueForFieldWrite private	2021-06-17 09:23:26 +01:00
edvraa	236b623f60	Get rid of NetHttpCookieTrackingConfiguration	2021-06-17 09:23:26 +01:00
edvraa	031a79b8f5	Gorilla Store Save sink	2021-06-17 09:23:26 +01:00
edvraa	8110c3d059	Use HasFlow	2021-06-17 09:23:26 +01:00
edvraa	d60d18a8d0	Stay on dataflow level	2021-06-17 09:23:26 +01:00
edvraa	ed8d025bdf	Dedicated types	2021-06-17 09:23:26 +01:00
edvraa	cba4f0448e	Use package	2021-06-17 09:23:26 +01:00
edvraa	167496edff	Use MethodCallNode and hasQualifiedName	2021-06-17 09:23:26 +01:00
edvraa	5929f66efb	No need for Function f	2021-06-17 09:23:26 +01:00
edvraa	06c328c5aa	Fix comment	2021-06-17 09:23:26 +01:00
edvraa	3ac1b4ba0b	Use CallNode	2021-06-17 09:23:26 +01:00
edvraa	d06f4ca21e	Fix argumnt nr	2021-06-17 09:23:26 +01:00

... 475 476 477 478 479 ...

50816 Commits