hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-01 08:42:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,350 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.5
Commit Graph

20350 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Lerchedahl Petersen
d89e985246 Python: Test showing chaining FP 2020-10-24 09:20:30 +02:00
Rasmus Lerchedahl Petersen
022cf0b2cc Python: Add test from tracking issue 
All tests pass, but there are spurious paths
due to configuration chaining.
 2020-10-24 09:07:43 +02:00
Dave Bartolomeo
3fce971f2d Fix taint propagation to qualifier objects and update test expectations 2020-10-23 17:48:37 -04:00
Dave Bartolomeo
86668058dc Avoid ODR violation in test code 2020-10-23 17:45:01 -04:00
Dave Bartolomeo
4d2f658ece Don't treat allocator argument as a string input 2020-10-23 17:44:07 -04:00
Robert Marsh
aab9797c2f Merge branch 'main' into rdmarsh2/cpp/output-iterators-2 
Resolve merge conflict in tests
 2020-10-23 13:50:15 -07:00
Dave Bartolomeo
1e96404ee0 Revert bad changes to basic_string 2020-10-23 13:46:27 -04:00
Dave Bartolomeo
35abcae5d3 Fix formatting 2020-10-23 13:43:29 -04:00
Dave Bartolomeo
bace0dca6d Handle more cases that require synthesizing temporary objects 
- Parens around qualifier expressions
- Inheritance conversions involving class prvalues
 2020-10-23 12:04:09 -04:00
toufik-airane
7d2741a287 Add newline 2020-10-23 17:42:55 +02:00
toufik-airane
3ccdc2c518 Update ElectronShellOpenExternalSink location 
Move the class ElectronShellOpenExternalSink to
ClientSideUrlRedirect.qll. It's been to be a more appropriate location.
 2020-10-23 17:39:03 +02:00
Rasmus Lerchedahl Petersen
c4d1affaf8 Python: Suggestions from reviewer 2020-10-23 16:57:11 +02:00
yoff
15167753c6 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 16:52:13 +02:00
Rasmus Lerchedahl Petersen
d6e9b351e5 Python: Add qldocs 2020-10-23 16:39:38 +02:00
Rasmus Lerchedahl Petersen
821b0c918a Python: Additional taintstep for normpath 
Is it ok to have this in general?
 2020-10-23 16:35:10 +02:00
CodeQL CI
6218a48e88 Merge pull request #4545 from RasmusWL/python-model-django-v1 
Approved by tausbn
 2020-10-23 15:27:42 +01:00
Rasmus Lerchedahl Petersen
6317db1622 Python: Reword explanation (slightly) 2020-10-23 15:54:52 +02:00
toufik-airane
e87790b828 Add ElectronShellOpenExternalSink class 
Add ElectronShellOpenExternalSink class to detect untrusted input
interpreted by `openExternal` function call in `electron` module.

Based on the #14 Electron Security checklist:
https://www.electronjs.org/docs/tutorial/security#14-do-not-use-openexternal-with-untrusted-content
 2020-10-23 15:41:03 +02:00
Rasmus Wriedt Larsen
aa9f15af76 Python: Fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 15:39:38 +02:00
Cornelius Riemenschneider
a82cf74161 C++: Improve performance of definitions.qll. 2020-10-23 15:16:53 +02:00
Rasmus Lerchedahl Petersen
9eda84debb Python: PathCheck -> Path::SafeAccessCheck 2020-10-23 15:01:43 +02:00
Rasmus Lerchedahl Petersen
cf8462fa58 Python: Simplify chained configs 2020-10-23 14:52:47 +02:00
Rasmus Lerchedahl Petersen
f87845b1ec Python: Copy old test 2020-10-23 14:52:07 +02:00
Rasmus Wriedt Larsen
7993a83750 Merge pull request #4544 from tausbn/python-fix-bad-join-in-use-use-ssa 
Python: Fix bad join order in `adjacentUseUseSameVar`
 2020-10-23 14:37:27 +02:00
Rasmus Wriedt Larsen
d295c64ccd Python: Add example of flask response .set_data 2020-10-23 14:31:36 +02:00
Rasmus Wriedt Larsen
eb545204ec Python: Show that reflected XSS works now 
Also did autoformatting, but the important part is the change to the .expected file
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d2cfa91155 Python: Add some tricky tests of return in flask route handler 
In these cases the `return` might end up creating a new HTTP response, so they
need to be modeled as such.

Initially I created a very naive solution that didn't handle either
tricky_return1 or tricky_return2.

The interaction in tricky_return2/helper highlighted for me that to handle this
properly, due to the fact that the flow is across functions, we either need to
use a global dataflow/taint-tracking configuration, or some clever use of
type-trackers.

In the end, this extra effort for not modeling all returns in a flask route
handler as a creation of a HTTP response doesn't really seem to be worth it (at
least not right now). Sicne we use it with taint-tracking for the Reflected XSS
query, and use a HTTP response _creation_ as the sink (without propagating taint
to the HTTP response), we won't get into trouble where we report a path to BOTH
`make_response(...)` and the `return`

```
resp = make_response(...)
return resp
```

If we change this setup in the future, we will probably need to do something to
avoid this double-path reporting.
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d60221b168 Python: Model return from flask handler as HTTP response 
When dealing with

```
resp = make_response(...)
return resp
```

ideally we don't want to mark the return as a creation of a HTTP response. I'll
deal with this in a second commit, to show off how annoying it looks in the
tests right now :D
 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
44ba3469db Python: Model response_class attribute of Flask class 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
082e35c2c7 Python: Model mimetype instead of content-type for HTTP Response 
Since that's really what we're after (at least for now)
 2020-10-23 14:31:33 +02:00
Rasmus Wriedt Larsen
81a42b73a8 Python: Model flask.Response 
I think I'll rework how we model content-type, since what we _actually_ want to
know is the mimetype
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
1f99bbf744 Python: Model flask.Response 
I kept `Response::instance()` predicate even though we don't need it for
anything right now, I thought it could be nice to keep for the future.
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
7894d01248 Python: Add test for mimetype/headers priority 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
35334cf630 Python: Remove status code modeling 
I'm not even trying to model it properly right now, and don't have a specific
use-case for it RIGHT NOW. I think we could want this in the future, but I think
it's probably better to model it when we know what we want to use it for.
 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
19dc04de3c Python: Handle make_response on flask app 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
e38ac18e46 Python: Add (only) basic $HttpResponse tag to other tests files 
This seems really nice to me, but you might disagree
 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
8b0b87ae62 Python: Model flask.make_response 2020-10-23 14:31:29 +02:00
Rasmus Wriedt Larsen
e93c20a7a8 Python: You can supply defaults for HTTP Response properties 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
87f31a96d7 Python: Add flask_attr helper 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
bfc29bb349 Python: Add annotations for flask response tests 
The fact that we need to add routeSetup and routeHandler annotations is sort of
annoying :|
 2020-10-23 14:31:27 +02:00
Rasmus Wriedt Larsen
47dcc09992 Python: Add tests for creating HTTP responses in flask 
Which is runnable, if you have flask installed locally
 2020-10-23 14:31:26 +02:00
Rasmus Wriedt Larsen
8aaa36bd99 Python: Port ReflectedXss query (and tests) 2020-10-23 14:31:25 +02:00
Rasmus Wriedt Larsen
df6fd53a7e Python: Add HttpResponse concept 
We might need to rework this a bit when we also start to handle redirects. I
could see a world where we simply allow http redirects to be subclasses of http
responses, and need to manually exclude them from queries (or create
HttpContentResponse to model the HttpResponses that will contain a body). Let us
see where the wind will take us.

I looked through JS and Go libraries, but I didn't feel their modeling would map
very well to Python.
 2020-10-23 14:31:25 +02:00
Rasmus Wriedt Larsen
0d6165883c Python: Fix spelling for Server::RouteSetup documentation 2020-10-23 14:31:24 +02:00
CodeQL CI
bbda22c769 Merge pull request #4534 from RasmusWL/python-update-flask-modeling 
Approved by tausbn
 2020-10-23 13:28:19 +01:00
Rasmus Wriedt Larsen
b3e53f8d0a Python: Model django.conf.urls.url (v 1.x) 2020-10-23 14:26:37 +02:00
Taus Brock-Nannestad
6d81ca12c4 Python: Fix bad join order in adjacentUseUseSameVar 2020-10-23 14:08:45 +02:00
Rasmus Wriedt Larsen
ed0fe29d7d Python: Fix grammar 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 13:53:16 +02:00
Rasmus Wriedt Larsen
be166d9c02 Python: Expand Django 2/3 routing tests with 1.x way 
Added it to the `testapp` so it's easy to run the server to SEE that it works.

Added it to `routing_test` so it's obvious this is supported by our modeling
when we _know_ it's running Django 2/3.
 2020-10-23 13:43:27 +02:00
yoff
462e839a83 Update python/ql/src/experimental/Security-new-dataflow/CWE-022/PathInjection.ql 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-23 13:35:13 +02:00