Erik Krogh Kristensen
365b4d722d
backtrack string-concatenations from shell-execution sinks
2021-04-07 15:34:54 +02:00
Taus
903f364dab
Python: Improve CallCfgNode interface
...
Call nodes are always local sources (specifically sources of the return
value of the call), and so inheriting from `LocalSourceNode` will have
no effect on results, but _should_ make it a bit more smooth to use the
API.
2021-04-07 13:31:12 +00:00
CodeQL CI
073a43ce74
Merge pull request #5606 from erik-krogh/shellInput
...
Approved by esbena
2021-04-07 14:30:31 +01:00
Shati Patel
461d4e45af
Merge pull request #5608 from shati-patel/docs/telemetry-settings
...
Docs: Mention telemetry in "customizing settings"
2021-04-07 13:44:32 +01:00
Erik Krogh Kristensen
c9f54ea1ad
update expected output
2021-04-07 12:37:17 +00:00
Asger Feldthaus
ee13ff71d6
JS: Add another change note
2021-04-07 12:29:06 +01:00
Asger Feldthaus
26cddc7d04
JS: Update test output
2021-04-07 12:28:45 +01:00
Taus
6c69c1aeeb
Python: Minor cleanup
2021-04-07 10:47:21 +00:00
Asger Feldthaus
69973d0fa2
JS: Autoformat
2021-04-07 11:24:11 +01:00
ihsinme
cbf158ea6b
Add files via upload
2021-04-07 13:12:30 +03:00
ihsinme
36de496d47
Add files via upload
2021-04-07 13:12:29 +03:00
ihsinme
ed2a8db8c9
Add files via upload
2021-04-07 13:10:01 +03:00
ihsinme
9c3b7e81c7
Add files via upload
2021-04-07 13:10:00 +03:00
Erik Krogh Kristensen
a66083d685
change "Uncontrolled path" to "Path concatenation"
2021-04-07 08:23:07 +00:00
CodeQL CI
fd4e8f8282
Merge pull request #5526 from erik-krogh/quotedShell
...
Approved by esbena
2021-04-07 08:39:01 +01:00
CodeQL CI
61880ba90a
Merge pull request #5530 from erik-krogh/moreFS
...
Approved by esbena
2021-04-07 08:37:23 +01:00
Rasmus Lerchedahl Petersen
a006a92f8d
Python: Expand commentary
2021-04-07 08:32:40 +02:00
Rasmus Lerchedahl Petersen
f22db2a30b
Python: One family to rule them all...
2021-04-07 08:32:21 +02:00
Rasmus Lerchedahl Petersen
a0e3e3afaf
Python: adjust test expectations
2021-04-07 08:22:36 +02:00
Rasmus Lerchedahl Petersen
fb95c488e8
Python: format
2021-04-07 08:20:52 +02:00
Robert Marsh
e22ec50dee
Merge pull request #5613 from github/hmakholm/pr/fix-redos
...
Fix ReDOS in cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
2021-04-06 15:54:27 -07:00
Geoffrey White
a8193dac08
C++: Reintroduce the exprMightOverflowNegatively bit.
2021-04-06 22:36:59 +01:00
Geoffrey White
60e4faba4c
C++: Add linear expression logic.
2021-04-06 22:28:36 +01:00
Geoffrey White
48ff8e237c
C++: Rewrite the range analysis exclusion to be recursive and more robust.
2021-04-06 22:26:55 +01:00
Geoffrey White
3ecd13531f
C++: Improve isGuarded.
2021-04-06 22:21:59 +01:00
Geoffrey White
59ff3f315b
C++: Add test cases exploring issues and potential issues with the query (especially related to simple range analysis).
2021-04-06 22:21:25 +01:00
Rasmus Lerchedahl Petersen
094d2f3b7d
Python: clean up tests
2021-04-06 22:59:58 +02:00
Rasmus Lerchedahl Petersen
a44490b470
Python: remove unused file
2021-04-06 22:56:07 +02:00
Rasmus Lerchedahl Petersen
0626684442
Python: small cleanups enabled by review
2021-04-06 22:55:32 +02:00
yoff
acf8fd0f03
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-04-06 22:45:03 +02:00
Taus
a93132daae
Merge branch 'python-allow-absolute-imports-from-source-directory' of https://github.com/tausbn/codeql into python-allow-absolute-imports-from-source-directory
2021-04-06 19:58:57 +00:00
Taus
43ae7462b4
Python: Only track modules that are imported
...
This greatly restricts the set of modules that have a new name under
this scheme.
One change to the tests was needed, which reflects the fact that the
two `main.py` files no longer have the name `main` (which makes sense,
since they're never imported under this name).
2021-04-06 21:56:12 +02:00
Taus
b44db460f6
Python: Only track modules that are imported
2021-04-06 19:55:43 +00:00
Henning Makholm
2d615ef503
Fix ReDOS in cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
...
The sub-regex `(\s|.)*` aims to capture arbitrary string content
(in contrast to `.*` which doesn't match newlines), but it is
unsafe, since non-newline whitespace can match both alternatives.
This caused an evaluator crash in the wild.
Replace with `[\s\S]*`, which matches everything in a safe way.
2021-04-06 20:10:57 +02:00
thank_you
4e98348411
Remove comment
2021-04-06 13:57:03 -04:00
thank_you
dc274ecf36
Improve sentence structure and grammar
2021-04-06 13:51:59 -04:00
thank_you
520e65e3c3
Remove unnecessary example code
2021-04-06 13:46:51 -04:00
thank_you
ac31260fed
Made grammar changes
2021-04-06 13:42:57 -04:00
yo-h
cc63563a88
Merge remote-tracking branch 'upstream-public/main' into yo-h/java16
2021-04-06 13:16:02 -04:00
Taus Brock-Nannestad
8e11abca40
Revert "Merge pull request #5552 from RasmusWL/revert-import-change"
...
This reverts commit 49d1937dc4d4877a9038
2021-04-06 17:39:41 +02:00
Tamas Vajk
ffcb345916
C#: Add Dapper support to SQL injection queries
2021-04-06 17:06:20 +02:00
Shati Patel
9a41c80626
Merge pull request #5574 from github/smowton/admin/update-supported-go-version
...
Update supported Go version to 1.16
2021-04-06 14:54:36 +01:00
jorgectf
bfd4280d35
Fix imports and begin refactor
2021-04-06 15:51:37 +02:00
jorgectf
2f874c5c0b
Precision warn and Remove CWE (broken) reference
2021-04-06 15:47:42 +02:00
jorgectf
809bf2377e
Move to experimental folder
2021-04-06 15:47:41 +02:00
jorgectf
8715d29a44
Upload LDAP Improper authentication query, qhelp and tests
2021-04-06 15:47:41 +02:00
Arthur Baars
50b8b6b257
Also resolve constants with respect to the ancestors
...
of the enclosing module.
2021-04-06 15:47:13 +02:00
jorgectf
1bcb9cd7c0
Simplify query
2021-04-06 15:42:56 +02:00
Shati Patel
695b02a94c
Docs: Mention telemetry in "customizing settings"
2021-04-06 14:30:17 +01:00
Erik Krogh Kristensen
2c1cc9ead6
use local variable instead of module.exports in example
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2021-04-06 15:17:31 +02:00
