hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-09 11:41:06 +01:00
Code Issues Packages Projects Releases Wiki Activity
33,872 Commits 1,691 Branches 160 Tags
codeql-cli/v2.8.4
Commit Graph

33872 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Rasmus Wriedt Larsen
3592b09d56 Python: Expand stdlib decoding tests 
The part about claiming there is decoding of the input to `shelve.open`
is sort of an odd one, since it's not the filename, but the contents of
the file that is decoded.

However, trying to only handle this problem through path injection is
not enough -- if a user is able to upload and access files through
`shelve.open` in a path injection safe manner, that still leads to code
execution.

So right now the best way we have of modeling this is to treat the
filename argument as being deserialized...
 2021-10-07 21:11:51 +02:00
Alex Ford
16ab4da812 Update ql/lib/codeql/ruby/security/XSS.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-10-07 20:03:07 +01:00
Rasmus Wriedt Larsen
a31bf75169 Python: Refactor pickle.loads() modeling 2021-10-07 20:28:30 +02:00
Robert Marsh
2539e3247a Merge pull request #6814 from MathiasVP/fix-qldoc-in-copy-instruction 
C++/C#: Fix QLDoc of `CopyInstruction`
 2021-10-07 11:18:38 -07:00
Aditya Sharad
2ed572095c CLI docs: Address comments on Bazel example 2021-10-07 10:51:11 -07:00
yoff
933412eb8d Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-07 17:45:07 +02:00
Nick Rolfe
eafe22ef93 Merge remote-tracking branch 'origin/main' into nickrolfe/oj 2021-10-07 16:40:36 +01:00
Tony Torralba
91efb61e97 Use synthetic fields to improve taint precision 2021-10-07 17:03:08 +02:00
Tony Torralba
0325c07bd9 Reorganize fluent models 2021-10-07 17:03:07 +02:00
Tony Torralba
ffa77f0a76 Fix QLDoc 2021-10-07 17:03:07 +02:00
Tony Torralba
588dedc265 Add stubs 2021-10-07 17:03:05 +02:00
Tony Torralba
1a04ad98bc Add Android Slice models 2021-10-07 17:01:16 +02:00
Arthur Baars
2a32b59840 Merge pull request #331 from github/aibaars/remove-unsafe 
Remove use of 'unsafe'
 2021-10-07 16:58:59 +02:00
Alex Ford
de01770612 update test output 2021-10-07 15:50:35 +01:00
Arthur Baars
439d873564 Remove use of 'unsafe' 2021-10-07 16:38:29 +02:00
Alex Ford
168e67dd6d deduplicate string constantQualifiedName(ConstantWriteAccess) as string ConstantWriteAccess#getQualifiedName 2021-10-07 15:30:36 +01:00
Alex Ford
5b38e06765 Rename ActiveRecordModelClass#methodMayAccessField() as ActiveRecordModelClass#getAPotentialFieldAccessMethod() 2021-10-07 15:30:36 +01:00
Alex Ford
3bdc680434 Drop a comment that is no longer relevant 2021-10-07 15:30:36 +01:00
Alex Ford
8262247ed7 Minor simplification of finderMethodName predicate 2021-10-07 15:30:36 +01:00
Alex Ford
eb8c48d10f Remove some unused predicates 2021-10-07 15:30:36 +01:00
Alex Ford
c9edbd98d5 Update ql/lib/codeql/ruby/frameworks/ActiveRecord.qll 
Co-authored-by: Harry Maclean <hmac@github.com>
 2021-10-07 15:30:36 +01:00
Alex Ford
e4fe1d5c13 check for superclass method definitions in ActiveRecordModelClass#methodMayAccessField 2021-10-07 15:30:36 +01:00
Alex Ford
fb5cfcc9b0 OrmTracking goes through or expressions 2021-10-07 15:30:36 +01:00
Alex Ford
be018cc97f update ActionController tests 2021-10-07 15:30:36 +01:00
Alex Ford
955080234b partial support for rails layouts 2021-10-07 15:30:36 +01:00
Alex Ford
8e1b48e607 StoredXSS.qhelp 2021-10-07 15:30:36 +01:00
Alex Ford
182a926eeb rename some example files 2021-10-07 15:30:36 +01:00
Alex Ford
1929a95e89 format 2021-10-07 15:30:36 +01:00
Alex Ford
6065e29aba Fix performance issues related to a x-product between ActiveRecordModelInstantiation and MethodCall 2021-10-07 15:30:36 +01:00
Alex Ford
43a49689d7 reorganize ActiveRecord field access heuristics 2021-10-07 15:30:36 +01:00
Alex Ford
8f81eaa79c format 2021-10-07 15:30:36 +01:00
Alex Ford
b2434950d3 abstract away some ActiveRecord specific parts of XSS.qll 2021-10-07 15:30:36 +01:00
Alex Ford
6a32c0cde0 update XSS tests 2021-10-07 15:30:36 +01:00
Alex Ford
6dc3ce335b make rb/stored-xss track ActiveRecord db accesses 2021-10-07 15:30:36 +01:00
Alex Ford
f6dd6bb00c expand ActiveRecord modelling to cover how to access fields 2021-10-07 15:30:36 +01:00
Alex Ford
eb5f26ce06 duplicate DataFlow implementation 2021-10-07 15:30:36 +01:00
Alex Ford
a2084f813e rb/stored-xss structure and initial implementation (FileSystemReadAccess sources) 2021-10-07 15:30:36 +01:00
Chris Smowton
9a80ab31c4 Merge pull request #6567 from luchua-bc/java/sensitive_android_file_leak 
Java: CWE-200 - Query to detect exposure of sensitive information from android file intent
 2021-10-07 15:19:39 +01:00
Chris Smowton
39640efc9b Remove no-longer-needed TaintPreservingCallables and update test expectations 2021-10-07 14:33:39 +01:00
Anders Schack-Mulligen
2b88a2aa0c Dataflow: Fix qldoc: s/accesspath/access path/. 2021-10-07 14:46:24 +02:00
Anders Schack-Mulligen
f885751107 Java: Add change note. 2021-10-07 14:42:19 +02:00
Tom Hvitved
764a987b09 C#: Speedup GVN string concats by pulling ranges into separate predicates 2021-10-07 13:51:05 +02:00
haby0
538bf7c321 Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-07 19:44:25 +08:00
Anders Schack-Mulligen
fc69acee46 Java: Add test. 2021-10-07 13:28:02 +02:00
Nick Rolfe
253064144b Tweak alert wording. 
This reflects the fact that the query finds results where validation is
only disabled under certain conditions.
 2021-10-07 12:06:53 +01:00
Tom Hvitved
1c08592637 Merge pull request #329 from github/hvitved/dataflow/synth-return 
Data flow: Add a synthetic return node
 2021-10-07 13:06:39 +02:00
Chris Smowton
b7448d55ed Introduce TaintInheritingContent instead of using parts of DataFlowPrivate 2021-10-07 11:20:19 +01:00
Henry Mercer
4b069d41f6 Merge pull request #6818 from github/henrymercer/js/add-classify-files-to-library-pack 
JS: Move `ClassifyFiles.qll` to library pack
 2021-10-07 11:18:20 +01:00
Tom Hvitved
c540615223 HardcodedCredentials: Add test for default parameter values 2021-10-07 11:57:57 +02:00
CodeQL CI
a0dd3d9e75 Merge pull request #6815 from asgerf/js/adjust-security-severity-scores 
Approved by erik-krogh, esbena
 2021-10-07 02:36:19 -07:00