hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-31 16:16:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
20,357 Commits 1,673 Branches 157 Tags
codeql-cli/v2.4.6
Commit Graph

20357 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Hvitved
492b1141ef Merge pull request #4445 from hvitved/csharp/sign-analysis-cfg 
C#: Use CFG nodes instead of AST nodes in sign/modulus analysis
 2020-10-26 09:45:38 +01:00
Cornelius Riemenschneider
07452c0159 C++: Add comment, explaining where this query is used. 2020-10-26 09:28:24 +01:00
Cornelius Riemenschneider
fca141146b C++: Address review. 2020-10-26 09:27:29 +01:00
luchua-bc
07830aae05 Fix typo 2020-10-25 22:34:15 +00:00
Erik Krogh Kristensen
0b41a59dbf add support for imports into "outDir" from tsconfig.json 2020-10-25 22:51:21 +01:00
luchua-bc
d9c140dc6c Enhance the query to use sanitizer and null/empty array flow 2020-10-25 15:33:09 +00:00
luchua-bc
9ae5689af6 Use AndroidIntentInput source 2020-10-24 11:55:00 +00:00
Rasmus Lerchedahl Petersen
d89e985246 Python: Test showing chaining FP 2020-10-24 09:20:30 +02:00
Rasmus Lerchedahl Petersen
022cf0b2cc Python: Add test from tracking issue 
All tests pass, but there are spurious paths
due to configuration chaining.
 2020-10-24 09:07:43 +02:00
Dave Bartolomeo
3fce971f2d Fix taint propagation to qualifier objects and update test expectations 2020-10-23 17:48:37 -04:00
Dave Bartolomeo
86668058dc Avoid ODR violation in test code 2020-10-23 17:45:01 -04:00
Dave Bartolomeo
4d2f658ece Don't treat allocator argument as a string input 2020-10-23 17:44:07 -04:00
Robert Marsh
aab9797c2f Merge branch 'main' into rdmarsh2/cpp/output-iterators-2 
Resolve merge conflict in tests
 2020-10-23 13:50:15 -07:00
Dave Bartolomeo
1e96404ee0 Revert bad changes to basic_string 2020-10-23 13:46:27 -04:00
Dave Bartolomeo
35abcae5d3 Fix formatting 2020-10-23 13:43:29 -04:00
Dave Bartolomeo
bace0dca6d Handle more cases that require synthesizing temporary objects 
- Parens around qualifier expressions
- Inheritance conversions involving class prvalues
 2020-10-23 12:04:09 -04:00
toufik-airane
7d2741a287 Add newline 2020-10-23 17:42:55 +02:00
toufik-airane
3ccdc2c518 Update ElectronShellOpenExternalSink location 
Move the class ElectronShellOpenExternalSink to
ClientSideUrlRedirect.qll. It's been to be a more appropriate location.
 2020-10-23 17:39:03 +02:00
Rasmus Lerchedahl Petersen
c4d1affaf8 Python: Suggestions from reviewer 2020-10-23 16:57:11 +02:00
yoff
15167753c6 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 16:52:13 +02:00
Rasmus Lerchedahl Petersen
d6e9b351e5 Python: Add qldocs 2020-10-23 16:39:38 +02:00
Rasmus Lerchedahl Petersen
821b0c918a Python: Additional taintstep for normpath 
Is it ok to have this in general?
 2020-10-23 16:35:10 +02:00
CodeQL CI
6218a48e88 Merge pull request #4545 from RasmusWL/python-model-django-v1 
Approved by tausbn
 2020-10-23 15:27:42 +01:00
Rasmus Lerchedahl Petersen
6317db1622 Python: Reword explanation (slightly) 2020-10-23 15:54:52 +02:00
toufik-airane
e87790b828 Add ElectronShellOpenExternalSink class 
Add ElectronShellOpenExternalSink class to detect untrusted input
interpreted by `openExternal` function call in `electron` module.

Based on the #14 Electron Security checklist:
https://www.electronjs.org/docs/tutorial/security#14-do-not-use-openexternal-with-untrusted-content
 2020-10-23 15:41:03 +02:00
Rasmus Wriedt Larsen
aa9f15af76 Python: Fix typo 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-23 15:39:38 +02:00
Cornelius Riemenschneider
a82cf74161 C++: Improve performance of definitions.qll. 2020-10-23 15:16:53 +02:00
Rasmus Lerchedahl Petersen
9eda84debb Python: PathCheck -> Path::SafeAccessCheck 2020-10-23 15:01:43 +02:00
Rasmus Lerchedahl Petersen
cf8462fa58 Python: Simplify chained configs 2020-10-23 14:52:47 +02:00
Rasmus Lerchedahl Petersen
f87845b1ec Python: Copy old test 2020-10-23 14:52:07 +02:00
Rasmus Wriedt Larsen
7993a83750 Merge pull request #4544 from tausbn/python-fix-bad-join-in-use-use-ssa 
Python: Fix bad join order in `adjacentUseUseSameVar`
 2020-10-23 14:37:27 +02:00
Rasmus Wriedt Larsen
d295c64ccd Python: Add example of flask response .set_data 2020-10-23 14:31:36 +02:00
Rasmus Wriedt Larsen
eb545204ec Python: Show that reflected XSS works now 
Also did autoformatting, but the important part is the change to the .expected file
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d2cfa91155 Python: Add some tricky tests of return in flask route handler 
In these cases the `return` might end up creating a new HTTP response, so they
need to be modeled as such.

Initially I created a very naive solution that didn't handle either
tricky_return1 or tricky_return2.

The interaction in tricky_return2/helper highlighted for me that to handle this
properly, due to the fact that the flow is across functions, we either need to
use a global dataflow/taint-tracking configuration, or some clever use of
type-trackers.

In the end, this extra effort for not modeling all returns in a flask route
handler as a creation of a HTTP response doesn't really seem to be worth it (at
least not right now). Sicne we use it with taint-tracking for the Reflected XSS
query, and use a HTTP response _creation_ as the sink (without propagating taint
to the HTTP response), we won't get into trouble where we report a path to BOTH
`make_response(...)` and the `return`

```
resp = make_response(...)
return resp
```

If we change this setup in the future, we will probably need to do something to
avoid this double-path reporting.
 2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen
d60221b168 Python: Model return from flask handler as HTTP response 
When dealing with

```
resp = make_response(...)
return resp
```

ideally we don't want to mark the return as a creation of a HTTP response. I'll
deal with this in a second commit, to show off how annoying it looks in the
tests right now :D
 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
44ba3469db Python: Model response_class attribute of Flask class 2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen
082e35c2c7 Python: Model mimetype instead of content-type for HTTP Response 
Since that's really what we're after (at least for now)
 2020-10-23 14:31:33 +02:00
Rasmus Wriedt Larsen
81a42b73a8 Python: Model flask.Response 
I think I'll rework how we model content-type, since what we _actually_ want to
know is the mimetype
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
1f99bbf744 Python: Model flask.Response 
I kept `Response::instance()` predicate even though we don't need it for
anything right now, I thought it could be nice to keep for the future.
 2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen
7894d01248 Python: Add test for mimetype/headers priority 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
35334cf630 Python: Remove status code modeling 
I'm not even trying to model it properly right now, and don't have a specific
use-case for it RIGHT NOW. I think we could want this in the future, but I think
it's probably better to model it when we know what we want to use it for.
 2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen
19dc04de3c Python: Handle make_response on flask app 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
e38ac18e46 Python: Add (only) basic $HttpResponse tag to other tests files 
This seems really nice to me, but you might disagree
 2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen
8b0b87ae62 Python: Model flask.make_response 2020-10-23 14:31:29 +02:00
Rasmus Wriedt Larsen
e93c20a7a8 Python: You can supply defaults for HTTP Response properties 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
87f31a96d7 Python: Add flask_attr helper 2020-10-23 14:31:28 +02:00
Rasmus Wriedt Larsen
bfc29bb349 Python: Add annotations for flask response tests 
The fact that we need to add routeSetup and routeHandler annotations is sort of
annoying :|
 2020-10-23 14:31:27 +02:00
Rasmus Wriedt Larsen
47dcc09992 Python: Add tests for creating HTTP responses in flask 
Which is runnable, if you have flask installed locally
 2020-10-23 14:31:26 +02:00
Rasmus Wriedt Larsen
8aaa36bd99 Python: Port ReflectedXss query (and tests) 2020-10-23 14:31:25 +02:00
Rasmus Wriedt Larsen
df6fd53a7e Python: Add HttpResponse concept 
We might need to rework this a bit when we also start to handle redirects. I
could see a world where we simply allow http redirects to be subclasses of http
responses, and need to manually exclude them from queries (or create
HttpContentResponse to model the HttpResponses that will contain a body). Let us
see where the wind will take us.

I looked through JS and Go libraries, but I didn't feel their modeling would map
very well to Python.
 2020-10-23 14:31:25 +02:00