hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 08:06:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
19,087 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.2
Commit Graph

19087 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yoff
15167753c6 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 16:52:13 +02:00
Rasmus Lerchedahl Petersen
d6e9b351e5 Python: Add qldocs 2020-10-23 16:39:38 +02:00
Rasmus Lerchedahl Petersen
821b0c918a Python: Additional taintstep for normpath 
Is it ok to have this in general?
 2020-10-23 16:35:10 +02:00
CodeQL CI
6218a48e88 Merge pull request #4545 from RasmusWL/python-model-django-v1 
Approved by tausbn
 2020-10-23 15:27:42 +01:00
Rasmus Lerchedahl Petersen
6317db1622 Python: Reword explanation (slightly) 2020-10-23 15:54:52 +02:00
toufik-airane
e87790b828 Add ElectronShellOpenExternalSink class 
Add ElectronShellOpenExternalSink class to detect untrusted input
interpreted by `openExternal` function call in `electron` module.

Based on the #14 Electron Security checklist:
https://www.electronjs.org/docs/tutorial/security#14-do-not-use-openexternal-with-untrusted-content
 2020-10-23 15:41:03 +02:00
Rasmus Wriedt Larsen
aa9f15af76 Python: Fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 15:39:38 +02:00
Cornelius Riemenschneider
a82cf74161 C++: Improve performance of definitions.qll. 2020-10-23 15:16:53 +02:00
Rasmus Lerchedahl Petersen
9eda84debb Python: PathCheck -> Path::SafeAccessCheck 2020-10-23 15:01:43 +02:00
Rasmus Lerchedahl Petersen
cf8462fa58 Python: Simplify chained configs 2020-10-23 14:52:47 +02:00
Rasmus Lerchedahl Petersen
f87845b1ec Python: Copy old test 2020-10-23 14:52:07 +02:00
Rasmus Wriedt Larsen
7993a83750 Merge pull request #4544 from tausbn/python-fix-bad-join-in-use-use-ssa 
Python: Fix bad join order in `adjacentUseUseSameVar`
 2020-10-23 14:37:27 +02:00
Rasmus Wriedt Larsen
d295c64ccd Python: Add example of flask response .set_data 2020-10-23 14:31:36 +02:00
Rasmus Wriedt Larsen
eb545204ec Python: Show that reflected XSS works now 
Also did autoformatting, but the important part is the change to the .expected file
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d2cfa91155 Python: Add some tricky tests of return in flask route handler 
In these cases the `return` might end up creating a new HTTP response, so they
need to be modeled as such.

Initially I created a very naive solution that didn't handle either
tricky_return1 or tricky_return2.

The interaction in tricky_return2/helper highlighted for me that to handle this
properly, due to the fact that the flow is across functions, we either need to
use a global dataflow/taint-tracking configuration, or some clever use of
type-trackers.

In the end, this extra effort for not modeling all returns in a flask route
handler as a creation of a HTTP response doesn't really seem to be worth it (at
least not right now). Sicne we use it with taint-tracking for the Reflected XSS
query, and use a HTTP response _creation_ as the sink (without propagating taint
to the HTTP response), we won't get into trouble where we report a path to BOTH
`make_response(...)` and the `return`

```
resp = make_response(...)
return resp
```

If we change this setup in the future, we will probably need to do something to
avoid this double-path reporting.
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d60221b168 Python: Model return from flask handler as HTTP response 
When dealing with

```
resp = make_response(...)
return resp
```

ideally we don't want to mark the return as a creation of a HTTP response. I'll
deal with this in a second commit, to show off how annoying it looks in the
tests right now :D
 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
44ba3469db Python: Model response_class attribute of Flask class 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
082e35c2c7 Python: Model mimetype instead of content-type for HTTP Response 
Since that's really what we're after (at least for now)
 2020-10-23 14:31:33 +02:00
Rasmus Wriedt Larsen
81a42b73a8 Python: Model flask.Response 
I think I'll rework how we model content-type, since what we _actually_ want to
know is the mimetype
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
1f99bbf744 Python: Model flask.Response 
I kept `Response::instance()` predicate even though we don't need it for
anything right now, I thought it could be nice to keep for the future.
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
7894d01248 Python: Add test for mimetype/headers priority 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
35334cf630 Python: Remove status code modeling 
I'm not even trying to model it properly right now, and don't have a specific
use-case for it RIGHT NOW. I think we could want this in the future, but I think
it's probably better to model it when we know what we want to use it for.
 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
19dc04de3c Python: Handle make_response on flask app 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
e38ac18e46 Python: Add (only) basic $HttpResponse tag to other tests files 
This seems really nice to me, but you might disagree
 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
8b0b87ae62 Python: Model flask.make_response 2020-10-23 14:31:29 +02:00
Rasmus Wriedt Larsen
e93c20a7a8 Python: You can supply defaults for HTTP Response properties 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
87f31a96d7 Python: Add flask_attr helper 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
bfc29bb349 Python: Add annotations for flask response tests 
The fact that we need to add routeSetup and routeHandler annotations is sort of
annoying :|
 2020-10-23 14:31:27 +02:00
Rasmus Wriedt Larsen
47dcc09992 Python: Add tests for creating HTTP responses in flask 
Which is runnable, if you have flask installed locally
 2020-10-23 14:31:26 +02:00
Rasmus Wriedt Larsen
8aaa36bd99 Python: Port ReflectedXss query (and tests) 2020-10-23 14:31:25 +02:00
Rasmus Wriedt Larsen
df6fd53a7e Python: Add HttpResponse concept 
We might need to rework this a bit when we also start to handle redirects. I
could see a world where we simply allow http redirects to be subclasses of http
responses, and need to manually exclude them from queries (or create
HttpContentResponse to model the HttpResponses that will contain a body). Let us
see where the wind will take us.

I looked through JS and Go libraries, but I didn't feel their modeling would map
very well to Python.
 2020-10-23 14:31:25 +02:00
Rasmus Wriedt Larsen
0d6165883c Python: Fix spelling for Server::RouteSetup documentation 2020-10-23 14:31:24 +02:00
CodeQL CI
bbda22c769 Merge pull request #4534 from RasmusWL/python-update-flask-modeling 
Approved by tausbn
 2020-10-23 13:28:19 +01:00
Rasmus Wriedt Larsen
b3e53f8d0a Python: Model django.conf.urls.url (v 1.x) 2020-10-23 14:26:37 +02:00
Taus Brock-Nannestad
6d81ca12c4 Python: Fix bad join order in adjacentUseUseSameVar 2020-10-23 14:08:45 +02:00
Rasmus Wriedt Larsen
ed0fe29d7d Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 13:53:16 +02:00
Rasmus Wriedt Larsen
be166d9c02 Python: Expand Django 2/3 routing tests with 1.x way 
Added it to the `testapp` so it's easy to run the server to SEE that it works.

Added it to `routing_test` so it's obvious this is supported by our modeling
when we _know_ it's running Django 2/3.
 2020-10-23 13:43:27 +02:00
yoff
462e839a83 Update python/ql/src/experimental/Security-new-dataflow/CWE-022/PathInjection.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-23 13:35:13 +02:00
luchua-bc
f5f7259937 Revamp the query to implement AdditionalTaintStep 2020-10-23 12:00:36 +01:00
luchua-bc
3c5c8494b1 Refine the query to check intents coming from outside only 2020-10-23 11:58:16 +01:00
luchua-bc
f86413a9b5 text changes 2020-10-23 11:58:12 +01:00
Bt2018
2ddeb0b169 Add method access qualifier as source 2020-10-23 11:57:02 +01:00
luchua-bc
f5ca459795 Add remote source of Android intent extra 2020-10-23 11:57:01 +01:00
Jonas Jensen
08bf464437 Merge pull request #4540 from criemen/printast-performance 
C++: Improve PrintAST performance if only individual files are printed
 2020-10-23 12:46:34 +02:00
Rasmus Wriedt Larsen
ae60ac211b Python: Annotate django v1 routing tests 
Again need to remove trailing $, since inline-expectation tests still don't
handle $
 2020-10-23 12:05:05 +02:00
Rasmus Wriedt Larsen
78ab637b54 Python: Port django v1 tests 2020-10-23 12:00:27 +02:00
Rasmus Lerchedahl Petersen
f88cc3c98e Python: Use custom PathGraph 2020-10-23 01:10:21 +02:00
Rasmus Wriedt Larsen
41ec4f8166 Python: Use FlaskModel as workaround name 
As suggested by Taus 👍
 2020-10-22 19:13:26 +02:00
Dave Bartolomeo
99072483b8 Fix PR feedback 2020-10-22 12:55:40 -04:00
Dave Bartolomeo
b62bda6c3a Fix regression due to primary instructions for side effects not being computed correctly in the presence of synthetic temporary objects. 2020-10-22 12:55:30 -04:00