Philip Ginsbach
4518a3a3a9
Revert "Merge pull request #5829 from MathiasVP/reorder-get-instruction-opcode"
...
This reverts commit 390ee3a6b8 , reversing
changes made to f03c99ab03 .
2021-05-10 14:45:50 +01:00
Aditya Sharad
68e53054c6
Merge pull request #5840 from github/henrymercer/update-code-scanning-selectors
...
Update code scanning selectors to include summary metrics and `@kind alert` aliases
2021-05-06 11:51:12 -07:00
Shati Patel
cf80773453
Merge pull request #5830 from Marcono1234/marcono1234/guides-link-updates
...
Docs: Use GitHub links for guides, improve formatting
2021-05-06 16:44:11 +01:00
Henry Mercer
a3c57c43c8
Code Scanning selectors: Include summary metrics
2021-05-05 16:38:39 +01:00
Henry Mercer
74c9994305
Code Scanning selectors: Add alert aliases
2021-05-05 16:36:39 +01:00
Shati Patel
059a5f35fa
Merge pull request #5812 from mario-campos/patch-1
...
Add React Native to JavaScript frameworks docs
2021-05-05 16:03:41 +01:00
CodeQL CI
69cd9dfb7d
Merge pull request #5826 from erik-krogh/moreLib
...
Approved by esbena
2021-05-05 04:40:49 -07:00
Erik Krogh Kristensen
e333267e69
require that the factory function is in a main module file
2021-05-05 12:00:38 +02:00
Erik Krogh Kristensen
fc3f5adbbb
more source code examples in PackageExports.qll
2021-05-05 11:48:41 +02:00
Erik Krogh Kristensen
28eef264e5
recognize the define(..) call in PackageExports.qll
2021-05-05 11:23:25 +02:00
Jonas Jensen
390ee3a6b8
Merge pull request #5829 from MathiasVP/reorder-get-instruction-opcode
...
C++: Reorder getInstructionOpcode
2021-05-05 11:13:15 +02:00
Erik Krogh Kristensen
3ca670146e
remove outdated comment
2021-05-05 11:10:45 +02:00
Mathias Vorreiter Pedersen
066cdb55d7
C++: Add qldoc explaining column order.
2021-05-05 09:30:12 +02:00
Mathias Vorreiter Pedersen
f03c99ab03
Merge pull request #5835 from hmakholm/hmakholm/pr/blowup-fix
...
CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.q
2021-05-05 08:15:37 +02:00
Henning Makholm
4964ce347b
CPP: fix semi-unused variables in WrongInDetectingAndHandlingMemoryAllocationErrors.ql
...
The fact that `aex` and `it` was each used in just one disjunct of the
exists() body caused the optimizer to generate perfectly horrible
code, including a pointless cartesian product between them that caused
the evaluation to blow up.
Fix it such that each variable is logically scoped. That makes the
compiler much happier.
2021-05-05 02:31:11 +02:00
CodeQL CI
95f26aadd3
Merge pull request #5681 from yoff/python-support-pathlib
...
Approved by tausbn
2021-05-04 09:20:24 -07:00
Robert Marsh
5ee74d269a
Merge pull request #5822 from MathiasVP/more-cwe-tags-in-code-scanning
...
C++: Add more CWE tags to queries in the Code Scanning suite
2021-05-04 09:01:00 -07:00
Mathias Vorreiter Pedersen
d5793418f9
C++: Remove parent CWE tags.
2021-05-04 14:39:23 +02:00
CodeQL CI
b160badbf6
Merge pull request #5768 from erik-krogh/cacheMore
...
Approved by esbena
2021-05-04 04:16:15 -07:00
Tamás Vajk
05c045070e
Merge pull request #5810 from tamasvajk/feature/culture
...
C#: Use invariant culture in the extractor
2021-05-04 13:09:38 +02:00
Mathias Vorreiter Pedersen
568724bffd
C#: Fix getInstructionOpcode to make sure IRConstruction.qll compiles for C#.
2021-05-04 13:00:40 +02:00
Marcono1234
ab90fe18fd
Docs: Use GitHub links for guides, improve formatting
2021-05-04 12:35:23 +02:00
Mathias Vorreiter Pedersen
ded377bcd2
C++: Reorder getInstructionOpcode to produce better RA.
2021-05-04 12:13:34 +02:00
Tamas Vajk
c547907784
C#: Use invariant culture in the extractor
2021-05-04 11:17:33 +02:00
Anders Schack-Mulligen
5bcf810a7c
Merge pull request #5821 from JarLob/patch-1
...
Update UncaughtServletException.qhelp
2021-05-04 10:39:02 +02:00
Anders Schack-Mulligen
9ee9186a1a
Merge pull request #5825 from github/yo-h/java-diagnostic-queries
...
Java: split extractor diagnostics query into two
2021-05-04 10:12:32 +02:00
Erik Krogh Kristensen
aaf754ebf5
recognize more library input
2021-05-04 10:06:14 +02:00
CodeQL CI
6931d9a6f7
Merge pull request #5785 from edvraa/httponlyjs
...
Approved by esbena
2021-05-03 23:14:26 -07:00
yo-h
edf1a90161
Java: split extractor diagnostics query into two
2021-05-03 20:27:07 -04:00
edvraa
6fa2f1e653
update test message
2021-05-04 00:32:01 +03:00
Taus
483199878d
Merge pull request #5793 from RasmusWL/fix-qldoc
...
Python: Minor fix to Django RawSQL QLDoc
2021-05-03 18:18:02 +02:00
Mathias Vorreiter Pedersen
2912c2e7f5
C++: Add more CWE tags to queries in the code scanning suite.
2021-05-03 16:58:47 +02:00
Edwin
27c680e28b
Apply suggestions from code review
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2021-05-03 16:41:09 +03:00
Jaroslav Lobačevski
38bce39baa
Update UncaughtServletException.qhelp
...
There is no single word in https://cwe.mitre.org/data/definitions/600.html about possible DoS or unexpected state.
2021-05-03 15:06:57 +03:00
edvraa
cef845ac47
Support string expressions
2021-05-03 13:46:56 +03:00
edvraa
ea38f0d3bd
a new test for simple flow
2021-05-03 12:19:05 +03:00
edvraa
000826af11
typo
2021-05-03 12:18:43 +03:00
Tom Hvitved
bb1cb73675
Merge pull request #5795 from hvitved/csharp/implicit-constructor-inits
...
C#: Extract implicit constructor initializer calls
2021-05-03 10:21:04 +02:00
Tom Hvitved
b77b3da8d6
C#: Add change note
2021-05-03 09:40:13 +02:00
Jonas Jensen
c05ef1225c
Merge pull request #5803 from MathiasVP/no-magic-in-getUnspecifiedType
...
C++: Add nomagic to getUnspecifiedType
2021-05-03 09:03:58 +02:00
edvraa
65183cde80
Move to experimental
2021-05-03 09:59:52 +03:00
edvraa
bd99114cd6
Comments added
2021-05-03 09:55:04 +03:00
edvraa
a24c1c8114
fix comment
2021-05-03 00:36:38 +03:00
edvraa
fa94fedfc3
simple dataflow for sensitive name
2021-05-03 00:36:26 +03:00
edvraa
97bc7e38d2
check for sensitive property name
2021-05-03 00:31:29 +03:00
edvraa
7ab91bb185
Inline getOptionsArgument
2021-05-03 00:09:15 +03:00
Mario Campos
ae857db657
Add React Native to JavaScript frameworks
...
According to @asgerf, React Native is already supported 🎉
2021-04-30 10:47:08 -05:00
Chris Smowton
b2c0259197
Merge pull request #5631 from haby0/UseOfLessTrustedSource
...
[Java] CWE-348: Using a client-supplied IP address in a security check
2021-04-30 15:20:53 +01:00
haby0
fdcc517b9f
UseOfLessTrustedSource -> ClientSuppliedIpUsedInSecurityCheck"
2021-04-30 17:43:34 +08:00
haby0
f41301f8f5
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.java
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-30 16:55:17 +08:00
haby0
0691cac5ab
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-30 16:54:41 +08:00
haby0
8142810455
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-30 16:54:28 +08:00
Tom Hvitved
ecd40e5cae
Merge pull request #5808 from intrigus-lgtm/fix-lambda-typos
...
Fix typo.
2021-04-30 09:08:28 +02:00
haby0
711a74c9c9
Eliminate false positives\
2021-04-30 10:31:40 +08:00
intrigus
08731fc6cf
Fix typo.
2021-04-29 20:26:34 +02:00
Chris Smowton
ad9ea40954
Merge pull request #5597 from intrigus-lgtm/java/jwt-insecure-parse
...
[Java] JWT without signature check.
2021-04-29 14:41:11 +01:00
Geoffrey White
c4069362ce
Merge pull request #5804 from MathiasVP/improve-detect-and-handle-memory-allocation-errors
...
C++: Improve qhelp and tests for cpp/detect-and-handle-memory-allocation-errors
2021-04-29 14:34:41 +01:00
haby0
e813257431
use hardCode
2021-04-29 21:23:52 +08:00
Anders Schack-Mulligen
404a6c1506
Merge pull request #5805 from smowton/smowton/admin/spring-setter-method-docs
...
Document `SpringProperty::getSetterMethod`.
2021-04-29 15:10:58 +02:00
Anders Schack-Mulligen
c78285e557
Merge pull request #5784 from Marcono1234/marcono1234/switch-expr-stmt-parent
...
Java: Add StmtParent as superclass of SwitchExpr
2021-04-29 15:02:05 +02:00
Tom Hvitved
c3890a9435
C#: Adjust CFG for instance constructors
2021-04-29 14:05:42 +02:00
Tom Hvitved
ee62522c51
C#: Extract implicit constructor initializer calls
2021-04-29 14:05:42 +02:00
Mathias Vorreiter Pedersen
c67ab8f1f0
C++: Respond to review comments.
2021-04-29 14:01:04 +02:00
Chris Smowton
2787c2f874
Document SpringProperty::getSetterMethod.
2021-04-29 12:28:26 +01:00
Mathias Vorreiter Pedersen
e81b40978e
C++: Improve the description tag.
2021-04-29 12:10:29 +02:00
Arthur Baars
6693c5bdd0
Merge pull request #5395 from tausbn/python-share-typetracker
...
Python: Make the type tracking implementation shareable
2021-04-29 12:06:12 +02:00
Mathias Vorreiter Pedersen
9e39b08325
C++: Improve the qhelp for cpp/detect-and-handle-memory-allocation-errors.
2021-04-29 11:58:36 +02:00
Mathias Vorreiter Pedersen
44de127bff
C++: Extend and improve the testcases for cpp/detect-and-handle-memory-allocation-errors.
2021-04-29 11:57:43 +02:00
Rasmus Wriedt Larsen
af0723c185
Merge pull request #5656 from asgerf/js/files-diagnostics
...
JS: Add file diagnostics queries
2021-04-29 11:53:11 +02:00
CodeQL CI
84d43946de
Merge pull request #5755 from RasmusWL/non-alert-data-part1
...
Approved by tausbn
2021-04-29 02:51:34 -07:00
Mathias Vorreiter Pedersen
39c7816ede
C++: Dont allow magic in getUnspecifiedType.
2021-04-29 10:09:46 +02:00
Tom Hvitved
0cb826a511
Merge pull request #5797 from hvitved/cpp/has-multi-scope-node-noinline
...
C++: Do not inline `Dominance::hasMultiScopeNode`
2021-04-29 09:51:05 +02:00
CodeQL CI
3240536d0e
Merge pull request #5798 from erik-krogh/trackLoc
...
Approved by esbena
2021-04-29 00:45:21 -07:00
Aditya Sharad
4d2db08934
Merge pull request #5801 from github/aeisenberg/fix-codescanning
...
Actions: Fix code scanning workflow
2021-04-28 15:21:43 -07:00
Andrew Eisenberg
0376a13dd8
Actions: Fix code scanning workflow
2021-04-28 15:05:13 -07:00
intrigus
a8865e2fa2
Java: Cleanup jwt stubs.
2021-04-28 20:46:09 +02:00
Erik Krogh Kristensen
dfd63e5d5a
track window object to where .location is read
2021-04-28 18:52:00 +02:00
Shati Patel
d288b9216e
Merge pull request #5790 from github/cklin-find-the-thief-conditions-sync
...
Fix inconsistency in the find-the-thief exercise
2021-04-28 17:16:58 +01:00
CodeQL CI
9c5ad44e27
Merge pull request #5782 from erik-krogh/domFP
...
Approved by esbena
2021-04-28 09:12:00 -07:00
Rasmus Lerchedahl Petersen
16bde2729d
Python: add flow from methods to calls
2021-04-28 17:02:24 +02:00
Tom Hvitved
058925cca9
C++: Do not inline Dominance::hasMultiScopeNode
2021-04-28 16:50:08 +02:00
yoff
73521e22de
Merge pull request #5791 from tausbn/python-limit-absolute-imports
...
Python: Limit absolute imports
2021-04-28 16:22:08 +02:00
Rasmus Wriedt Larsen
baa926359e
Python: Minor fix to Django RawSQL QLDoc
2021-04-28 12:18:27 +02:00
Erik Krogh Kristensen
d5450f1df6
use isWildcardLike in MetacharEscapeSanitizer
2021-04-28 11:46:50 +02:00
Erik Krogh Kristensen
d07c71c99d
unlimited repetition of a wildcard is also a wildcard
2021-04-28 11:46:35 +02:00
Erik Krogh Kristensen
160fa148f1
move InfiniteRepetitionQuantifier to Regexp.qll
2021-04-28 11:39:28 +02:00
Erik Krogh Kristensen
e60628d463
add global replacements using inverted char classes as a sanitizer for DOM based XSS
2021-04-28 11:29:30 +02:00
Rasmus Wriedt Larsen
f2b4e31e7f
Python: Make Diagnostics tests pass
...
I had comitted a bad .expected file it seems, and since the encoding for UTF-8
is named differently from Python 2 to Python 3, we're only going to run the test
for one version.
2021-04-28 10:21:59 +02:00
Tamás Vajk
310baab73f
Merge pull request #5740 from tamasvajk/feature/diag
...
C#: Add extraction error diagnostic query
2021-04-28 08:46:35 +02:00
haby0
b0f745365d
Node type restriction
2021-04-28 14:32:25 +08:00
Taus
4ae3a23089
Python: Limit absolute imports
...
Limits the behaviour of github/codeql#5614 in two ways:
First, we only consider files that are contained in the source archive.
This prevents unnecessary computation involving files in e.g. the
standard library.
Secondly, we ignore any relative imports (e.g. `from .foo import ...`),
as these only work inside packages anyway.
This fixes an observed performance regression on projects that include
`google-cloud-sdk` as part of their source code.
2021-04-27 21:47:38 +00:00
CodeQL CI
2b9fb79b1d
Merge pull request #5786 from erik-krogh/anser
...
Approved by esbena
2021-04-27 14:40:48 -07:00
Chuan-kai Lin
c27363cea5
Fix inconsistencies in information about the thief
...
The find-the-thief exercise is inconsistent. The first part lists 10 answered questions about the thief, but later discussion silently adds a new question as question 8, so there are a total of 11 answered questions.
This commit updates the first list of answered questions so that it matches later discussions and the sample solution.
2021-04-27 13:57:16 -07:00
Mathias Vorreiter Pedersen
0f141edbc3
Merge pull request #5737 from dbartol/dbartol/smart-pointers/work
...
C++: IR Alias Analysis for smart pointers
2021-04-27 21:40:14 +02:00
Tom Hvitved
37377644c9
Merge pull request #5781 from hvitved/java/predictable-seed-df6
...
Java: Use separate data-flow copy for `PredictableSeedFlowConfiguration`
2021-04-27 19:01:55 +02:00
Andrew Eisenberg
c6db90e9b7
Merge pull request #5775 from aeisenberg/aeisenberg/codeql-action-main
...
Actions: Use the main branch of the codeql action
2021-04-27 09:36:33 -07:00
Tamás Vajk
4cc88662e2
Merge pull request #5557 from tamasvajk/feature/java-sinks-csv
...
Java: convert sinks to CSV
2021-04-27 15:58:09 +02:00
Erik Krogh Kristensen
9178f4b1c5
add support for the anser library
2021-04-27 15:57:17 +02:00
Tamas Vajk
51e08d4940
Fix error severity
2021-04-27 15:47:16 +02:00
edvraa
3aec9c1a41
Cookies without HttpOnly
2021-04-27 16:28:32 +03:00
Marcono1234
05ce49adaf
Java: Add StmtParent as superclass of SwitchExpr
...
Database type `@stmtparent` already includes `@switchexpr`, this commit merely
changes the class SwitchExpr to also accordingly extend StmtParent.
2021-04-27 15:17:55 +02:00
Tamas Vajk
5b79094f34
Fix naming in HTTPS URL check
2021-04-27 14:59:52 +02:00
Rasmus Wriedt Larsen
523ed8272d
Python: Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2021-04-27 14:42:05 +02:00
yoff
0509a12790
Merge pull request #5770 from tausbn/python-small-api-graph-fix
...
Python: Use only `TApiNode` in `API::Impl`
2021-04-27 14:06:09 +02:00
Geoffrey White
afa89256c5
Merge pull request #5780 from MathiasVP/cleanup-missingGuard-predicates-after-range-analysis-fix
...
C++: Cleanup missingGuardAgainstOverflow
2021-04-27 12:56:10 +01:00
Chris Smowton
64a2320be7
Merge pull request #5757 from smowton/smowton/admin/fix-dead-qhelp-links
...
Fix all dead qhelp links
2021-04-27 12:17:08 +01:00
Tom Hvitved
2e266c7ddd
Merge pull request #5756 from hvitved/csharp/string-builder-fluent
...
C#: Add missing `StringBuilder` flow summaries
2021-04-27 11:24:56 +02:00
Tom Hvitved
fb606112fa
Merge pull request #5754 from hvitved/csharp/guards/performance
...
C#: Improve performance of guards library
2021-04-27 10:53:01 +02:00
Tamas Vajk
e08b629cb5
Add documentation for URL opening sinks
2021-04-27 10:32:41 +02:00
Tom Hvitved
017beb6786
Java: Use separate data-flow copy for PredictableSeedFlowConfiguration
2021-04-27 10:07:33 +02:00
CodeQL CI
79ed94b22c
Merge pull request #5779 from erik-krogh/updateJSAndTSVersionDoc
...
Approved by esbena
2021-04-27 00:51:58 -07:00
Mathias Vorreiter Pedersen
04a785b9fb
C++: Accept test changes.
2021-04-27 09:43:27 +02:00
Mathias Vorreiter Pedersen
a41e9055c5
C++: Delete the fix that was introduced in bb447d7174. This is no longer needed after #5678 .
2021-04-27 09:43:02 +02:00
Mathias Vorreiter Pedersen
05d693e3bb
C++: Also include the assignment versions in exprThatCanOverflow.
2021-04-27 09:41:13 +02:00
Rasmus Wriedt Larsen
37db21d269
Merge pull request #5284 from yoff/python-port-insecure-protocol
...
Python: port py/insecure-protocol
2021-04-27 09:30:18 +02:00
Erik Krogh Kristensen
0b322a3143
update JS/TS versions to reflect supported versions
2021-04-27 08:53:15 +02:00
haby0
5be9fbbc5a
Remove LogOperationSink and PrintSink
2021-04-27 14:12:33 +08:00
Andrew Eisenberg
0e53ad33f6
Actions: Add permissions block to code scanning workflow
2021-04-26 10:53:29 -07:00
Geoffrey White
0e7eeb3051
Merge pull request #5678 from MathiasVP/sound-expr-might-overflow-predicate
...
C++: Make exprMightOverflowPositively sound for unanalyzable expressions
2021-04-26 17:38:23 +01:00
Andrew Eisenberg
3670c729c0
Actions: Use the main branch of the codeql action
...
This commit switches to the bleeding edge, main branch of the
codeql action. This helps us test the action before merging all
of the new changes into main, which occurs roughly once a week.
If there are commits that introduce bugs in codeql-action, then
we will be more likely to catch it before releasing to the world
if we are using it in this extension.
2021-04-26 08:43:28 -07:00
Taus
3889c8afec
Python: Use only TApiNode in API::Impl
...
This ensures that changes to `API::Node` does not invalidate the cached
`module Impl`. At present, I don't expect this to have any effect (as
the `Node` class is also fairly static, though not explicitly cached),
but I can imagine us making some of the `Node` methods have
user-extensible behaviour, in which case we definitely do not want this
to result in reevaluation of `API::Impl`.
2021-04-26 13:10:15 +00:00
Shati Patel
a09c12acfe
Merge pull request #5537 from alexet/ambig-super
...
Docs: Update the language specification for changes to super.
2021-04-26 13:34:50 +01:00
Chris Smowton
d717fc7b1f
Use Microsoft archive of vijaysk's blog
2021-04-26 10:13:04 +01:00
Tom Hvitved
824c243268
C#: Add change note
2021-04-26 10:50:17 +02:00
Mathias Vorreiter Pedersen
772d5eacca
C++: Add change note.
2021-04-26 09:55:32 +02:00
Erik Krogh Kristensen
4e8ae77b6f
cache more predicates
2021-04-26 08:57:20 +02:00
intrigus
b1a3633495
Java: Remove redundant condition + docs.
2021-04-23 22:06:04 +02:00
Rasmus Lerchedahl Petersen
7cc97836a9
Python: More cleanup from reviewer suggestions
2021-04-23 20:26:13 +02:00
Chris Smowton
78b9682a4e
Fix dead links in JS externs too
2021-04-23 15:46:48 +01:00
Tamás Vajk
a7030c7fed
Merge pull request #5308 from tamasvajk/feature/flow-sources-sinks
...
C#: Add Console.Read* to local flow sources
2021-04-23 16:36:16 +02:00
Tamás Vajk
c3058f4744
Merge pull request #5749 from tamasvajk/feature/fix-fromsource
...
C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file
2021-04-23 16:35:40 +02:00
Chris Smowton
455b840712
Fix all dead qhelp links
...
For those documents with no obvious new home I've pointed the links to the Internet Archive.
2021-04-23 15:20:21 +01:00
Tom Hvitved
004450b201
C#: Add missing StringBuilder flow summaries
2021-04-23 16:17:49 +02:00
Mathias Vorreiter Pedersen
86822f6c61
C++: Exclude pointer results from cpp/integer-overflow-tainted.
2021-04-23 16:01:53 +02:00
Mathias Vorreiter Pedersen
3cf4f1f956
C++: Accept test changes.
2021-04-23 16:00:23 +02:00
Shati Patel
6f2103f312
Merge pull request #5722 from github/tamasvajk-patch-1
...
C#: Add Dapper to supported frameworks
2021-04-23 14:32:22 +01:00
Jonas Jensen
9b5bb95766
Merge pull request #5696 from jbj/reapply-inconsistency-workaround
...
Revert "Revert "C++: Work around extractor issue CPP-383""
2021-04-23 14:49:32 +02:00
Anders Schack-Mulligen
bc8c55836a
Merge pull request #5743 from aschackmull/java/flow-summary-tweaks
...
Java/C#: Move a couple of flow summary tweaks to the shared implementation.
2021-04-23 13:46:04 +02:00
Tamas Vajk
1b4c3c7415
Fix code review findings
2021-04-23 13:44:34 +02:00
Tamás Vajk
819be43ce7
Fix alphabetical order of supported frameworks
2021-04-23 13:41:59 +02:00
Tamas Vajk
b4bd7af9c8
Add change note
2021-04-23 13:40:12 +02:00
Tamas Vajk
e3f10c0e32
Cleanup DiagnosticError classes
2021-04-23 13:37:42 +02:00
Rasmus Wriedt Larsen
deb3db3f95
Python: Add non-alert data for extractor diagnostics
...
This is basically just a port of the C++/JS queries added in:
- https://github.com/github/codeql/pull/5414 (C++)
- https://github.com/github/codeql/pull/5656 (JS)
SyntaxError should capture all errors we have information about. At least in
`python/ql/src/semmlecode.python.dbscheme` the only match for `error` is
`py_syntax_error_versioned` (which `SyntaxError` is based on).
2021-04-23 13:29:44 +02:00
Rasmus Wriedt Larsen
354dee1b09
Python: Add non-alert data for lines of code
...
`py/summary/lines-of-code` is just a port of the C++/JS queries added in:
- https://github.com/github/codeql/pull/5271 (C++)
- https://github.com/github/codeql/pull/5304 (JS)
We are the first to implement the `lines-of-user-code` query, so nothing to
compare with in other languages -- but it makes a lot of sense to do for Python 👍
2021-04-23 13:22:18 +02:00
Tamás Vajk
43dc9bbc94
Merge pull request #5744 from tamasvajk/feature/java-loc
...
Java: Introduce LoC summary metric query
2021-04-23 11:39:42 +02:00
Mathias Vorreiter Pedersen
e6077127be
C++: Only unary and binary arithmetic operations and left shifts are now
...
reported as overflowing when we cannot analyze them.
2021-04-23 11:13:34 +02:00
Tom Hvitved
956507b5fa
C#: Add guards stress test
2021-04-23 10:25:31 +02:00
yoff
1954c0ba84
Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2021-04-23 10:20:18 +02:00
Tom Hvitved
4c597dd467
C#: Improve performance of guards library
2021-04-23 10:09:43 +02:00
Jonas Jensen
6de5b3021e
C++: Replace Jira ticket reference with GH issue
2021-04-23 09:58:39 +02:00
Jonas Jensen
6e059ea002
C++: Remove reference to obsolete issue CPP-383
2021-04-23 09:58:15 +02:00
Shati Patel
96a4d91a6c
Merge pull request #5731 from shati-patel/docs/unbind-pragmas
...
Docs: New "directional binding" pragmas
2021-04-23 08:37:02 +01:00
intrigus
98dcd4e52b
Java: Tighten definition of sink.
2021-04-23 00:14:48 +02:00
CodeQL CI
635fb4c25a
Merge pull request #5685 from erik-krogh/markdownIt
...
Approved by asgerf
2021-04-22 14:55:31 -07:00
intrigus
a385b30c29
Java: Factor common expr into class.
2021-04-22 23:51:27 +02:00
intrigus-lgtm
958e2fab05
Apply suggestions from code review
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-22 23:36:17 +02:00
Dave Bartolomeo
3b04bedee0
Stub out additional bits of Alias model for C#
2021-04-22 17:19:00 -04:00
Dave Bartolomeo
5d0a4cae90
C++: Add {AllAliased} side effects for smart pointers
...
Smart pointer constructors, assignments, and `reset()` can actually have fairly large side effects, especially with custom deleters, destructors for objects being destroyed, and so on. I've re-introduced `{AllAliased}` side effects for these functions. There was no immediate effect on analysis results.
2021-04-22 16:51:36 -04:00
Taus
3e4ff9e472
Merge pull request #5742 from RasmusWL/django-3.2
...
Python: Add support for new features in Django 3.2
2021-04-22 17:39:02 +02:00
Rasmus Lerchedahl Petersen
5a4e661e60
Merge branch 'main' of github.com:github/codeql into python-support-pathlib
2021-04-22 15:04:21 +02:00
CodeQL CI
bdb41423e2
Merge pull request #5748 from asgerf/js/rate-limiting-fixes
...
Approved by erik-krogh
2021-04-22 05:56:50 -07:00
Tamas Vajk
ed42c878b0
Adjust 'fromSource' to hold only on '.cs' files
2021-04-22 14:17:16 +02:00
Tamas Vajk
b36d35bf1e
Revert "C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file"
...
This reverts commit 1dab1590ea .
2021-04-22 14:16:10 +02:00
haby0
407dcea751
add String type startsWith
2021-04-22 19:20:54 +08:00
haby0
1712d01b74
Merge branch 'UseOfLessTrustedSource' of https://github.com/haby0/codeql into UseOfLessTrustedSource
2021-04-22 19:02:23 +08:00
haby0
9b4442be8b
Fix some errors
2021-04-22 19:01:55 +08:00
haby0
aaef4ef22b
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-22 18:52:55 +08:00
Tamás Vajk
cb28bc80b7
Merge branch 'main' into feature/java-sinks-csv
2021-04-22 11:41:18 +02:00
Tamas Vajk
7134eb9079
Improve documentation of csv sink models
2021-04-22 11:37:41 +02:00
Mathias Vorreiter Pedersen
2b8afe55e8
Merge pull request #5747 from rdmarsh2/rdmarsh2/cpp/deprecate-return-stack-allocated-object
...
C++: deprecate cpp/return-stack-allocated-object
2021-04-22 11:37:07 +02:00
Tamas Vajk
1caa5c4780
Adjust hostname verifier sink identifier name
2021-04-22 11:22:18 +02:00
Tamas Vajk
6c78a247f2
Revert erroneous refactoring in header splitting sink base class
2021-04-22 11:20:39 +02:00
Tamas Vajk
9b1c54e81b
Add argument indices to HTTP header splitting sinks
2021-04-22 11:17:25 +02:00
Tamas Vajk
180904e9f6
Revert "Java: Convert Google HTTP client API parseAs sink to CSV format"
...
This reverts commit 3e53484bb3 .
2021-04-22 11:14:51 +02:00
Owen Mansel-Chan
fea9f5f431
Merge pull request #5746 from owen-mc/java/refactor-exec-tainted
...
Make ExecTainted easier to extend
2021-04-22 10:14:28 +01:00
Tamas Vajk
a8a920c8f0
Add change note
2021-04-22 11:01:12 +02:00
Owen Mansel-Chan
8a01799fb8
Make imports private
...
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com >
2021-04-22 09:46:49 +01:00
Rasmus Lerchedahl Petersen
b724e51cab
Python: Improvements from review suggestions
2021-04-22 10:40:42 +02:00
Owen Mansel-Chan
4b8d4f5bbd
Update docs
2021-04-22 09:30:50 +01:00
Owen Mansel-Chan
e448dcb725
Avoid bad join order
...
We want to avoid joining on `i` first.
2021-04-22 09:30:49 +01:00
Owen Mansel-Chan
9f1704560b
Include constructors in abstract class
2021-04-22 09:30:48 +01:00
Tamas Vajk
1dab1590ea
C#: Adjust 'fromSource' to hold only on files passed to the compiler as a source file
2021-04-22 10:21:28 +02:00
Tamas Vajk
1a708affbf
Include compilation errors in diagnostic check
2021-04-22 10:08:33 +02:00
Tamas Vajk
64354bbfaa
Fix test results after rebase
2021-04-22 09:23:59 +02:00
Tamas Vajk
ff9327a035
Add diagnostic query to get correctly extracted files
2021-04-22 09:21:46 +02:00
Tamas Vajk
b05e211e21
Fix failing test
2021-04-22 09:21:45 +02:00
Tamas Vajk
353d43a039
Log model errors even in standalone extraction
2021-04-22 09:13:06 +02:00
Tamas Vajk
5149ffdd16
C#: Add extraction error diagnostic query
2021-04-22 09:13:06 +02:00
Tamás Vajk
9c936867fa
Exclude code from XML files
...
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com >
2021-04-22 09:00:31 +02:00
Tamás Vajk
a7cc9f98ef
Merge pull request #5745 from tamasvajk/feature/fix-arg-default
...
C#: Fix special case of default argument value extraction
2021-04-22 08:58:13 +02:00
haby0
454324781d
delete IfStmt
2021-04-22 11:59:33 +08:00
Robert Marsh
cac1bef6ea
C++: deprecate cpp/return-stack-allocated-object
2021-04-21 15:17:31 -07:00
Asger Feldthaus
fe8deeaf6b
JS: Autoformat
2021-04-21 23:13:57 +01:00
Dave Bartolomeo
383210096c
C++: Isolate models from AST dataflow's reference/object conflation
...
`DataFlowFunction` models treat references a pointers - an explicit level of indirection. The AST dataflow library generally treats references as if they were the referred-to object. This commit removes a workaround in the dataflow model for unary `operator*` on smart pointers, and makes the AST dataflow library adjust the results of querying the model so that a returned reference only gets flow that was modeled as going to the dereference of the return value.
This fixes some missing flow in IR dataflow, and recovers some (presumably) missing reverse taint flow in AST taint tracking as well.
2021-04-21 18:09:44 -04:00
Asger Feldthaus
e98bfe921e
JS: QLDoc
2021-04-21 22:14:50 +01:00
Asger Feldthaus
bb7934b381
JS: Change note
2021-04-21 21:20:12 +01:00
Asger Feldthaus
c113cfd8b7
JS: Autoformat
2021-04-21 21:13:07 +01:00
Dave Bartolomeo
0bc4b0421d
C++: Remove unnecessary cast
2021-04-21 12:12:01 -04:00
Rasmus Wriedt Larsen
5a9e27c6fc
Merge branch 'main' into django-3.2
2021-04-21 17:15:47 +02:00
Chris Smowton
94f0a1532d
Merge pull request #5682 from smowton/smowton/docs/fix-has-modifier-comment
...
Fix documentation of Modifier.qll
2021-04-21 15:41:29 +01:00
Tamas Vajk
a0f5e45ae9
C#: Fix special case of default argument value extraction
2021-04-21 16:34:29 +02:00
Geoffrey White
ba335089c4
Merge pull request #5601 from ihsinme/ihsinme-patch-259
...
CPP: Add query for CWE-691 Insufficient Control Flow Management After Refactoring The Code
2021-04-21 15:13:38 +01:00
Owen Mansel-Chan
9c72e73a82
Make ExecTainted easier to extend
...
To add a method that executes a command, you can now define a class
extending ExecMethod.
2021-04-21 14:55:37 +01:00
CodeQL CI
30d7f0dc98
Merge pull request #5687 from RasmusWL/inline-taint-tests
...
Approved by yoff
2021-04-21 06:24:12 -07:00
Taus
71780228ae
Python: Rename TypeTrackerPrivate.qll
2021-04-21 13:08:26 +00:00
Asger Feldthaus
2c9a6e7bef
JS: Cache function-wrapping steps in type-tracking stage
2021-04-21 13:45:58 +01:00
Tamas Vajk
e25305e3cc
Java: Introduce LoC summary metric query
2021-04-21 14:27:00 +02:00
Anders Schack-Mulligen
f9599da32d
Java/C#: Move a couple of flow summary tweaks to the shared implementation.
2021-04-21 14:24:15 +02:00
Rasmus Wriedt Larsen
be9cbd79d6
Python: Add change-note for Django 3.2 support
2021-04-21 13:58:34 +02:00
Rasmus Wriedt Larsen
59c6f76457
Python: Add test for new response.headers in Django
...
See https://docs.djangoproject.com/en/3.2/ref/request-response/#setting-header-fields
2021-04-21 13:55:22 +02:00
Rasmus Wriedt Larsen
2302c8d5fa
Python: Model new alias method on django QuerySets
2021-04-21 13:52:38 +02:00
yoff
a19373ab54
Merge pull request #5727 from tausbn/python-use-localsource-in-stepsummary
...
Python: Use `LocalSourceNode` in `StepSummary::step`
2021-04-21 13:50:31 +02:00
Tamás Vajk
205469316c
Merge pull request #5738 from tamasvajk/feature/loc
...
C# Add line of code metric query
2021-04-21 13:49:32 +02:00
Taus
489e1e94e4
Python: Prevent bad joins
...
Adds a few unbinds to prevent bad joins from occurring.
Firstly, we never want to join `StepSummary::step` with
`TypeTracker::append` on `summary` as the first join, as the resulting
relation is absolutely massive. So we decouple the two occurrences of
`summary` by unbinding each of them.
Secondly, in some cases the node we're stepping to (`nodeTo` for type
trackers, `nodeFrom` for type backtrackers) will get joined eagerly
with the typetracker one is defining, and again this produces an
uncomfortably large intermediate join. A bit of unbinding prevents this
as well.
2021-04-21 11:44:34 +00:00
Taus
9e95f6e7c1
Python: Remove typePreservingStep
...
This requires a bit of explanation, so strap in.
Firstly, because we use `LocalSourceNode`s as the start and end points
of our `StepSummary::step` relation, there's no need to include
`simpleLocalFlowStep` (via `typePreservingStep`) in `smallstep`. Indeed,
since the successor node for a `step` is a `LocalSourceNode`, and local
sources never have incoming flow, this is entirely futile -- we can find
values for `mid` and `nodeTo` that satisfy the body of `step`, but
`nodeTo` will never be a `LocalSourceNode`.
With this in mind, we can simplify `smallstep` to only refer to
`jumpStep`.
This then brings the other uses of `typePreservingStep` into question.
The only other place we use this predicate is in the `TypeTracker` and
`TypeBackTracker` `smallstep` predicates. Note, however, that here we
no longer need `jumpStep` to be part of `typeTrackingStep` (as it is
already accounted for in `StepSummary::smallstep`) so we can simplify
to `simpleLocalFlowStep`. At this point, `typePreservingStep` is unused.
Finally, because of the way `smallstep` is used in `step` (inside
`StepSummary`), `nodeTo` must always be a `LocalSourceNode`, so I have
propagated this restriction to `smallstep` as well. We can always lift
this restriction later, but for now it seems like it's likely to cause
fewer surprises to have made this explicit.
2021-04-21 11:12:06 +00:00
Tamas Vajk
2a6f979ce6
C# Add line of code metric query
2021-04-21 10:42:06 +02:00
Anders Schack-Mulligen
9362ae0687
Merge pull request #5422 from tamasvajk/feature/sink-migration-ldap
...
Java: Migrate LDAP injection sinks to CSV format
2021-04-21 10:05:28 +02:00
Rasmus Wriedt Larsen
63a2657aef
Merge branch 'main' into inline-taint-tests
2021-04-21 10:02:55 +02:00
Tom Hvitved
7080b256fb
Merge pull request #5715 from hvitved/csharp/ssa/perf-tweaks
...
C#: A few minor SSA performance tweaks
2021-04-21 09:59:12 +02:00
Tom Hvitved
def62e8c22
Merge pull request #5718 from hvitved/csharp/hardcoded-cred-remove-cp
...
C#: Remove CP from `HardcodedCredentials::getCredentialSink`
2021-04-21 09:58:56 +02:00
Tom Hvitved
1ed11b297b
Merge pull request #5725 from hvitved/csharp/dataflow/performance
...
C#: Various data-flow performance tweaks
2021-04-21 09:46:15 +02:00
haby0
84f00c21df
update IfConditionSink.
2021-04-21 15:38:41 +08:00
Dave Bartolomeo
1d0cb0407d
Merge from main
2021-04-20 23:37:04 -04:00
Dave Bartolomeo
b9da6ce04a
C++: Prepare for merge of smart pointer models
2021-04-20 23:12:05 -04:00
Dave Bartolomeo
a447b049fc
C++: Impoved alias analysis of smart pointers
2021-04-20 19:42:06 -04:00
Dave Bartolomeo
63fe4fb317
C++: More general model for pointer flow
2021-04-20 19:41:15 -04:00
Dave Bartolomeo
078d2522d2
C++: Add missing shared_ptr<T> members
2021-04-20 19:40:36 -04:00
Dave Bartolomeo
45968efd28
C++: Add shared test headers to emulate standard library types
2021-04-20 18:21:50 -04:00
intrigus
231b07795c
Java: Ignore results in test directories.
2021-04-20 23:25:13 +02:00
intrigus
fcaf5e7657
Java: Plural type name -> singular type name.
2021-04-20 23:09:44 +02:00
intrigus
3acec94773
Java: Fix typos.
2021-04-20 23:04:06 +02:00
intrigus
149c4491ce
Java: Simplify qldoc.
2021-04-20 23:03:10 +02:00
intrigus
9e4fa90f6e
Java: Refer to Java types in qldoc instead of ql types.
2021-04-20 23:02:18 +02:00
intrigus
26502881d7
Java: Consistently use this in charpred.
2021-04-20 22:56:58 +02:00
yoff
0c4181178d
Update python/ql/src/semmle/python/frameworks/Stdlib.qll
...
Co-authored-by: Taus <tausbn@github.com >
2021-04-20 22:15:09 +02:00
yoff
ef0ea247c4
Merge pull request #5679 from tausbn/python-fix-bad-points-to-joins
...
Python: Fix bad points-to joins
2021-04-20 21:19:32 +02:00
Dave Bartolomeo
5085e462b0
C++: Allow alias propagation to/from side effects (part 1)
2021-04-20 14:09:41 -04:00
Dave Bartolomeo
01a95316c2
C++: Add Instruction::getAParameterSideEffect().
2021-04-20 14:03:48 -04:00
Rasmus Lerchedahl Petersen
6408ee2eaf
Python: Fix bad join
2021-04-20 20:03:06 +02:00
Tom Hvitved
3eba5b0aac
Merge pull request #5676 from hvitved/csharp/dispatch/get-a-viable-overrider-perf
...
C#: Speedup `DispatchMethodOrAccessorCall::getAViableOverrider()`
2021-04-20 19:57:59 +02:00
Erik Krogh Kristensen
357e1c0802
Update javascript/ql/src/semmle/javascript/frameworks/Markdown.qll
...
Co-authored-by: Asger F <asgerf@github.com >
2021-04-20 19:57:47 +02:00
yo-h
00137f2905
Merge pull request #5721 from github/yo-h/java-diagnostic-queries
...
Java: add extractor `diagnostic` queries
2021-04-20 13:36:49 -04:00
Shati Patel
98a0959784
Docs: New "directional binding" pragmas
2021-04-20 18:12:35 +01:00
Rasmus Lerchedahl Petersen
fc2c62350e
Python: Fix bad join
...
Also fixed up the QLDoc
2021-04-20 18:54:03 +02:00
Taus
890f96d9b5
Python: Prevent bad joins in TypeBackTracker
...
Perhaps unsurprisingly, the join orderer was eager and willing to find
the wrong join order in this predicate as well. Applying a similar
fix to the one used in `TypeTracker::step` fixes the problem.
2021-04-20 15:01:04 +00:00
Taus
c0569da65c
Python: Move track/backtrack to LocalSourceNode
...
This is merely making explicit what was implicitly enforced. The move
to change the return type of `step` already meant that `this` and
`result` had to be `LocalSourceNode`. By moving these methods to their
rightful place, we should hopefully avoid a bit of suprising behaviour.
2021-04-20 14:39:56 +00:00
Taus
2a07441c19
Python: ModuleVariableNodes are not API uses
...
This caused some suprising test changes, where suddenly we had flow from
a `ModuleVariableNode` (as a `RemoteFlowSource`) to a sink. This of
course makes little sense, so instead we simply exclude these nodes as
uses in the first place.
2021-04-20 14:33:42 +00:00
Rasmus Lerchedahl Petersen
9c893cb0f4
Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol
2021-04-20 16:33:03 +02:00
Taus
7581cbade6
Python: Fix forgotten type tracker
...
This was the last remaining type tracker that did not use
`LocalSourceNode`.
2021-04-20 14:32:56 +00:00
Tamas Vajk
583513bafd
Fix review findings
2021-04-20 16:28:47 +02:00
Asger Feldthaus
43ca8ea5f7
JS: Fix perf issue in forwardsParameter
2021-04-20 15:15:12 +01:00
Chris Smowton
a5cfdd2cfe
Merge pull request #5467 from p0wn4j/groovy-execute
...
[Java] CWE-094: Query to detect Groovy Code Injections
2021-04-20 14:49:56 +01:00
Erik Krogh Kristensen
62dfd1fa7d
improve the markdown-it model
2021-04-20 15:23:03 +02:00
Taus
38548c9acd
Python: Simplify charpred for LocalSourceNode
...
The somewhat convoluted `comes_from_cfgnode` was originally introduced
in order to have local sources for instances of global variables. This
was needed because global variables have an implicit "scope entry" SSA
definition that flows to the first actual use of the variable (and so
would not fit the strict "has no incoming flow" definition of a local
source node).
However, a subsequent change means that we include all global variable
reads anyway, and so the old definition is no longer needed.
(See commit 3fafb47b16 for further
context.)
2021-04-20 13:19:36 +00:00
Taus
038bf612be
Python: Add change note
2021-04-20 13:06:30 +00:00
Jonas Jensen
f02c86cb22
Merge pull request #5726 from MathiasVP/fix-false-positive-in-return-stack-allocated-memory-2
...
C++: Fix false positive in return stack allocated memory (second attempt)
2021-04-20 15:05:11 +02:00
Taus
a55b43b67e
Python: Use LocalSourceNode throughout step
...
This commit does a lot of stuff all at once, so here are the main
highlights:
In `TypeTracker.qll`, we change `StepSummary::step` to step only between
source nodes. Because reads and writes of global variables happen in two
different (jump) steps, this requires the intermediate
`ModuleVariableNode` to _also_ be a `LocalSourceNode`, and we therefore
modify the charpred for that class accordingly. (This also means
changing a few of the tests to account for these new source nodes.)
In addition, we change `TypeTracker::step` to likewise step between
local source nodes.
Next, to enable the use of the `track` convenience method on nodes, we
add some pragmas to `TypeTracker::step` that prevent bad joins from
occurring. With this, we can eliminate all of the manual type tracker
join predicates.
Next, we observe that because `StepSummary::step` now uses `flowsTo`, it
automatically encapsulates all local-flow steps. In particular this
means we do not have to use `typePreservingStep` in `smallstep`, but can
use `jumpStep` directly. A similar observation applies to
`TypeTracker::smallstep`.
Having done this, we no longer need `typePreservingStep`, so we get rid
of it.
2021-04-20 12:59:33 +00:00
Taus
31bd701bd5
Python: Final LocalSourceNode fixes
2021-04-20 12:59:33 +00:00
Chris Smowton
9bfb0d93ca
Autoformat QL
2021-04-20 13:59:09 +01:00
Rasmus Wriedt Larsen
897105de02
Merge pull request #5717 from tausbn/python-use-api-graphs-in-django
...
Python: Use API graphs in Django model
2021-04-20 14:57:55 +02:00
Erik Krogh Kristensen
19c5889775
use mayHaveBooleanValue
2021-04-20 14:39:54 +02:00
Erik Krogh Kristensen
13d915927b
add change note
2021-04-20 14:39:54 +02:00
Erik Krogh Kristensen
7046f1a902
add taint-step for markdown-it when the HTML flag is set
2021-04-20 14:39:54 +02:00
Taus
76700d17d6
Merge pull request #5684 from RasmusWL/flask-more-taint-tests
...
Python: Add taint tests for .get() in flask
2021-04-20 14:08:08 +02:00
Asger Feldthaus
f8d428cb2d
JS: Use function-forwarding steps when tracking rate limiters
2021-04-20 13:00:42 +01:00
Mathias Vorreiter Pedersen
93e55e2631
C++: Fix FP in cpp/return-stack-allocated-memory.
2021-04-20 13:58:12 +02:00
Mathias Vorreiter Pedersen
1797b6c7f9
C++: Add FP test from the work on smart pointers in dataflow.
2021-04-20 13:54:57 +02:00
Asger Feldthaus
581f4ed757
JS: Generalize handling of route handler wrapper functions
2021-04-20 12:46:40 +01:00
Chris Smowton
0ec3ee29e4
Style last use of SecureASTCustomizer
2021-04-20 12:44:49 +01:00
Hayk Andriasyan
bb58a50503
Update GroovyInjection.qhelp
2021-04-20 15:41:58 +04:00
p0wn4j
f2de440886
[Java] CWE-094: Query to detect Groovy Code Injections
2021-04-20 19:18:24 +04:00
haby0
3e376f95c4
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:36:16 +08:00
haby0
b1ee864ad9
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:35:52 +08:00
haby0
9e87f4ec4e
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:35:34 +08:00
haby0
408dd31d3c
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:34:37 +08:00
haby0
9ece4dac0f
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:33:47 +08:00
haby0
d82878ac3b
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:33:06 +08:00
haby0
0b1637a409
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:32:39 +08:00
haby0
b60bffaf83
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-20 19:31:59 +08:00
Jonas Jensen
d4fdd50e2c
Merge pull request #5723 from MathiasVP/cleanup-smart-ptr-model
...
C++: Simplify smart pointer model
2021-04-20 13:25:02 +02:00
Tom Hvitved
dd1bb18938
C#: Various data-flow performance tweaks
...
- Cache `DataFlowCall::getEnclosingCallable()`.
- Cache `ParameterNode`.
- Cache `ArgumentNode`.
- Force proper join-orders for uses of `getNodeType()`.
- Inline `localFlow` to prevent calculating full TC.
2021-04-20 11:56:25 +02:00
Tom Hvitved
1f9239089f
Merge pull request #5695 from hvitved/csharp/dispose-not-called-on-exc-perf
...
C#: Improve performance of `DisposeNotCalledOnException.ql`
2021-04-20 11:52:18 +02:00
Tom Hvitved
b2a7a3ed30
Merge pull request #5674 from hvitved/csharp/ssa/call-graph-perf
...
C#: Improve performance of `SsaImpl::CallGraph::SimpleDelegateAnalysis`
2021-04-20 11:51:52 +02:00
Geoffrey White
2b7e599dc4
Merge pull request #5703 from MathiasVP/improve-access-of-memory-location-after-end-of-buffer-using-strncat
...
C++: Improve cpp/access-memory-location-after-end-buffer-strncat
2021-04-20 10:44:24 +01:00
Mathias Vorreiter Pedersen
61d4d17225
C++: Simplify smart pointer model and accept test changes.
2021-04-20 09:57:58 +02:00
Tamás Vajk
408954e4d8
C#: Add Dapper to supported frameworks
2021-04-20 09:30:47 +02:00
haby0
0053158884
update qhelp file and ql comments
2021-04-20 10:58:54 +08:00
yo-h
87cd72496c
Java: add extractor diagnostic queries
2021-04-19 15:34:16 -04:00
yo-h
cb524b6c19
Merge pull request #5611 from github/yo-h/java16
...
Java: adjust test `options` for JDK 16 upgrade
2021-04-19 15:12:23 -04:00
Taus
bc6685aa3f
Python: Fix typo
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-04-19 19:57:35 +02:00
Anders Schack-Mulligen
5458c02cc2
Merge pull request #5456 from aschackmull/java/adopt-flow-summary
...
Java: Use shared flow summary library for CSV models.
2021-04-19 16:21:10 +02:00
Anders Schack-Mulligen
33db0c13cd
Merge pull request #5689 from github/aeisenberg/rework-staleness
...
Actions: Change staleness calculation
2021-04-19 15:57:41 +02:00
Tom Hvitved
9128ec72ad
C#: A few minor SSA performance tweaks
2021-04-19 15:51:14 +02:00
Anders Schack-Mulligen
80eb0a2df6
Apply suggestions from code review
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-19 15:45:58 +02:00
CodeQL CI
437bba1e3c
Merge pull request #5716 from erik-krogh/vscodeRegress
...
Approved by esbena
2021-04-19 06:30:02 -07:00
Tom Hvitved
15e4b7f95d
C#: Remove CP from HardcodedCredentials::getCredentialSink
2021-04-19 15:03:11 +02:00
haby0
0159956fa5
Fix Modify the ql query (the qhelp part is not modified).
2021-04-19 21:03:01 +08:00
Rasmus Wriedt Larsen
d607c13ab6
Python: Taint tests: include elment for forgotten MISSING
2021-04-19 15:01:42 +02:00
haby0
8296abcea8
Fix Modify the ql query (the qhelp part is not modified).
2021-04-19 20:59:47 +08:00
Rasmus Wriedt Larsen
9585390941
Python: Taint tests, report error location first
...
To better match the standard output from inline expectation tests
2021-04-19 14:59:47 +02:00
Rasmus Wriedt Larsen
b2cb284ff2
Python: Add more examples of what is ok with new taint tests
2021-04-19 14:56:20 +02:00
Anders Schack-Mulligen
7d84cfacef
Java: Add MapKeyContent and MapValueContent.
2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
39862740e0
Java: Convert support for fluent interfaces.
2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
579c955892
Java: Adjust some tests.
2021-04-19 14:06:27 +02:00
Anders Schack-Mulligen
175c71221a
Java: Adjust some test output with more edges/nodes.
2021-04-19 14:06:27 +02:00
haby0
23b508c5e7
Merge remote-tracking branch 'upstream/main' into UseOfLessTrustedSource
2021-04-19 20:05:49 +08:00
Anders Schack-Mulligen
60965b0d8c
Java: Adjust some csv models.
2021-04-19 14:02:19 +02:00
Anders Schack-Mulligen
a27dac029f
Java: Use shared flow summary library for csv models.
2021-04-19 14:02:19 +02:00
Chris Smowton
36abf8733e
Merge pull request #5714 from aschackmull/java/add-misc-qltests
...
Java: Add a few qltests
2021-04-19 13:00:10 +01:00
Taus
9acc71a7cb
Python: Get rid of all _attr methods in Django.qll
2021-04-19 11:54:10 +00:00
Erik Krogh Kristensen
9e6f28e335
fix bad join order in Xss.qll
2021-04-19 13:17:49 +02:00
Anders Schack-Mulligen
29aec0d770
Java: Adjust expected output.
2021-04-19 13:16:46 +02:00
Anders Schack-Mulligen
c5193cf03f
Apply suggestions from code review
2021-04-19 13:14:56 +02:00
Anders Schack-Mulligen
06514159be
Java: Add XXE tests.
2021-04-19 10:58:21 +02:00
Anders Schack-Mulligen
daad62c4e0
Java: Add TaintedPath test.
2021-04-19 10:07:03 +02:00
Jonas Jensen
1ab75eb6f4
Merge pull request #5708 from github/fix-id-in-JsonpInjection-1
...
Java: Fix id in experimental JsonpInjection.ql query
2021-04-19 08:23:34 +02:00
yoff
118840dad4
Merge pull request #5690 from tausbn/python-disallow-post-update-nodes-as-local-source-nodes
...
Python: Disallow `PostUpdateNode` as `LocalSourceNode`
2021-04-19 06:56:11 +02:00
ihsinme
c2d97b98e2
Merge branch 'main' into ihsinme-patch-259
2021-04-18 21:01:56 +03:00
Mathias Vorreiter Pedersen
e36b42a03f
Java: Fix invalid id in experimental query
...
The invalid id broke CI here: https://github.com/github/codeql/pull/5703 (see https://github.slack.com/archives/CPSEA0G22/p1618602834224600 )
2021-04-17 09:47:15 +02:00
Taus
f3661c34ee
Python: Clean up Django models using API graphs
...
First sweep. Takes care of most of the models.
2021-04-16 19:53:36 +00:00
Mathias Vorreiter Pedersen
95742aec69
C++: Accept test changes for the other experimental query in the directory. This is only a change in line numbers.
2021-04-16 21:29:17 +02:00
Mathias Vorreiter Pedersen
64f8316a6d
C++: Tidy up the ql file and accept test changes.
2021-04-16 21:22:13 +02:00
Mathias Vorreiter Pedersen
1e327289b2
C++: Add false negative test.
2021-04-16 18:38:51 +02:00
Mathias Vorreiter Pedersen
50abb6e3a1
C++: Cleanup test.c
2021-04-16 17:32:44 +02:00
Shati Patel
5c2bf68a05
Merge pull request #5692 from tamasvajk/feature/doc-cs9
...
Update supported C#/.NET versions
2021-04-16 16:22:06 +01:00
Jonas Jensen
f8d45f04ed
Revert "Revert "C++: Work around extractor issue CPP-383""
...
**Revert the revert** of the workaround for CFG issues when a
`FunctionCall` has a `getTarget` that does not exist. While we've fixed
the main cause of the problem, it can apparently still happen in rare
cases as a result of extractor crashes.
This reverts commit ee5eaef5e4 .
2021-04-16 16:44:58 +02:00
Tom Hvitved
40b74167e0
C#: Improve performance of DisposeNotCalledOnException.ql
2021-04-16 14:34:16 +02:00
Rasmus Wriedt Larsen
3c8ea167c4
Merge pull request #5668 from tausbn/python-use-api-graphs-in-fabric
...
Python: Use API graphs in Fabric model
2021-04-16 14:27:55 +02:00
Rasmus Wriedt Larsen
6ed1016bb8
Merge pull request #5669 from tausbn/python-use-api-graphs-for-invoke
...
Python: Use API graphs for Invoke
2021-04-16 14:27:19 +02:00
Taus
92b4eb7f02
Python: Cleanup and more explanation
...
Goes into some detail about the intended semantics of local source nodes
and `flowsTo`.
2021-04-16 11:54:20 +00:00
Geoffrey White
e1028a2765
Merge pull request #5667 from MathiasVP/use-range-analysis-in-overflow
...
C++: Use range analysis in Overflow.qll
2021-04-16 12:00:28 +01:00
Taus
5c79ad2412
Python: Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-04-16 11:38:29 +02:00
Taus
af0c32c01d
Python: Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-04-16 11:35:12 +02:00
Anders Schack-Mulligen
605f28f741
Merge pull request #5686 from smowton/haby0/JsonHijacking
...
Java: JSONP Injection w/cleanups
2021-04-16 11:09:17 +02:00
Tom Hvitved
946fcf1c82
C#: Speedup DispatchMethodOrAccessorCall::getAViableOverrider()
...
In addition to improved performance, the analysis no longer applies a closed-world
assumption to type parameters. That is, if the type of a receiver is a type parameter,
then the call may target any method of a compatible receiver type, not just the
types that actually instantiate the type parameter.
2021-04-16 10:43:17 +02:00
Tamas Vajk
b0975bb3ea
Update supported C#/.NET versions
2021-04-16 09:15:43 +02:00
Rasmus Lerchedahl Petersen
a8280f9b12
Python: update test expectation
2021-04-16 08:25:29 +02:00
Rasmus Lerchedahl Petersen
0678745677
Python: refactor based on review suggestion
2021-04-16 08:22:00 +02:00
Rasmus Lerchedahl Petersen
341dbcef2e
Python: simplify code following review suggestion
...
also standardise on camelCase.
2021-04-16 07:41:00 +02:00
Rasmus Lerchedahl Petersen
8aa6b1a87c
Python: use standard tracking construction
2021-04-16 07:36:04 +02:00
Taus
451d36dc97
Python: Allow _some_ PostUpdateNodes
...
Specifically, allow the ones arising from calls, but not reads or
writes. This should fix the tests.
2021-04-15 21:26:12 +00:00
Taus
c9c8259ed0
Python: Disallow PostUpdateNode as LocalSourceNode
...
Previously, in cases like
```python
def foo(x):
x.bar()
x.baz()
x.quux()
```
we would have flow from the first `x` to each use _and_ flow from the
post-update node for each method call to each subsequent use, and all
of these would be `LocalSourceNode`s. For large functions with the above
pattern, this would lead to a quadratic blowup in `hasLocalSource`.
With this commit, only the first of these will count as a
`LocalSourceNode`, and the blowup disappears.
2021-04-15 17:56:14 +00:00
Andrew Eisenberg
5d827b6fc8
Actions: Change staleness calculation
...
Calculate staleness on issues that have the
`Stale` label. Leave all other issues untouched.
2021-04-15 10:14:13 -07:00
Rasmus Wriedt Larsen
3e7dc12246
Python: Port taint tests to use inline expectations
...
The meat of this PR is described in the new python/ql/test/experimental/meta/InlineTaintTest.qll file:
> Defines a InlineExpectationsTest for checking whether any arguments in
> `ensure_tainted` and `ensure_not_tainted` calls are tainted.
>
> Also defines query predicates to ensure that:
> - if any arguments to `ensure_not_tainted` are tainted, their annotation is marked with `SPURIOUS`.
> - if any arguments to `ensure_tainted` are not tainted, their annotation is marked with `MISSING`.
>
> The functionality of this module is tested in `ql/test/experimental/meta/inline-taint-test-demo`.
2021-04-15 18:00:33 +02:00
Chris Smowton
c37994089c
Revert changes to unrelated query
2021-04-15 16:24:29 +01:00
Chris Smowton
254de76078
Remove unnecessary stubs
2021-04-15 16:20:27 +01:00
haby0
dedf765542
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-15 22:59:22 +08:00
Rasmus Lerchedahl Petersen
42ae5f4f7d
Python: support / from the right
...
Will also support both operands being paths
2021-04-15 16:07:35 +02:00
Rasmus Wriedt Larsen
b359205d17
Python: Add taint tests for .get() in flask
2021-04-15 14:53:44 +02:00
CodeQL CI
578ce1e512
Merge pull request #5683 from asgerf/js/typescript-template-literal-type-crash
...
Approved by erik-krogh
2021-04-15 05:11:11 -07:00
Mathias Vorreiter Pedersen
7fbc62358e
C++: Accept test changes after making the exprMightOverFlow predicates more sound.
2021-04-15 13:57:44 +02:00
haby0
0e183ab4a4
Finish comment
2021-04-15 19:49:06 +08:00
Chris Smowton
fa36ba901a
Merge pull request #5471 from artem-smotrakov/el-injection
...
Java: Query for detecting Jakarta Expression Language injections
2021-04-15 12:39:34 +01:00
haby0
d269a7e717
CWE-598 reduction
2021-04-15 19:33:15 +08:00
haby0
216f204438
delete FilterClass
2021-04-15 19:28:25 +08:00
haby0
583d0889e2
delete tomcat-embed-core stub, update the ServletGetMethod class
2021-04-15 17:40:51 +08:00
haby0
5d05e4d224
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-15 17:28:53 +08:00
Tom Hvitved
0f24db8759
C#: Improve performance of SsaImpl::CallGraph::SimpleDelegateAnalysis
2021-04-15 11:25:27 +02:00
Asger Feldthaus
f8570bb293
JS: Update TRAP
2021-04-15 10:16:46 +01:00
Rasmus Lerchedahl Petersen
d361d999b7
Python: add some path returning functions
...
that were only listed as file sytem accesses.
2021-04-15 10:55:09 +02:00
Rasmus Lerchedahl Petersen
02e41d8018
Python: update annotations
...
This because `resolve` accesses the file system,
I am open to not include that fact in the modelling.
2021-04-15 10:49:22 +02:00
Rasmus Lerchedahl Petersen
3eb1813584
Python: update test expectations
2021-04-15 10:47:49 +02:00
Asger Feldthaus
cb736c8c82
JS: Change note
2021-04-15 09:37:57 +01:00
Tom Hvitved
972cc47f67
Merge pull request #5673 from hvitved/csharp/customizations
...
C#: Add `Customizations.qll`
2021-04-15 10:24:29 +02:00
Asger Feldthaus
b4a2a9db25
JS: Fix extraction of non-substitution template literal types
2021-04-15 09:23:45 +01:00
Chris Smowton
bd3b3178ba
Fix documentation of Modifier.qll
2021-04-15 09:16:51 +01:00
Rasmus Lerchedahl Petersen
c9b2c7885e
Python: add changenote
2021-04-15 10:14:35 +02:00
Rasmus Lerchedahl Petersen
52a9040d73
Python update tests
2021-04-15 09:46:53 +02:00
Rasmus Lerchedahl Petersen
2387dc640c
Python: Attempts at modelling pathlib-Paths
2021-04-15 09:40:23 +02:00
Rasmus Lerchedahl Petersen
8489403051
Python: Add some tests for pathlib
2021-04-15 09:40:23 +02:00
haby0
b3bdf89fc2
rm VerificationMethodFlowConfig, use springframework-5.2.3 stub
2021-04-15 10:25:40 +08:00
CodeQL CI
4be183c7f6
Merge pull request #5675 from erik-krogh/libXss
...
Approved by esbena
2021-04-14 14:34:23 -07:00
ihsinme
b30ae3980c
Update InsufficientControlFlowManagementAfterRefactoringTheCode.ql
2021-04-14 20:48:20 +03:00
Robert Marsh
fe57876fd8
Merge pull request #5643 from dbartol/smart-pointers/side-effect-refactor
...
C++: Refactor some side effect generation code
2021-04-14 09:59:41 -07:00
Taus
897d12420b
Python: Prevent bad join in isinstanceEvaluatesTo
...
In some cases, we were joining the result of `val.getClass()` against
the first argument of `Types::improperSubclass` before filtering out the
vast majority of tuples by the call to `isinstance_call`.
To fix this, we let `isinstance_call` take care of figuring out the
class of the value being tested. As a bonus, this cleans up the only
other place where `isinstance_call` is used, where we _also_ want to
know the class of the value being tested in the `isinstance` call.
2021-04-14 16:49:12 +00:00
Artem Smotrakov
97186b3d30
Added comments for tests
2021-04-14 19:30:58 +03:00
Andrew Eisenberg
56ba0f080a
Merge pull request #5659 from github/aeisenberg/mark-as-stale
...
Actions: Add workflow for marking stale questions
2021-04-14 08:37:55 -07:00
Taus
a7fcf52267
Python: Fix bad join in total_cost
...
The recent change to `appliesTo` lead to a perturbation in the join
order of this predicate, which resulted in a cartesian product between
`call` and `ctx` being created (before being filtered by `appliesTo`).
By splitting the intermediate result into its own helper predicate,
suitably marked to prevent inlining/magic, we prevent this from
happening again.
2021-04-14 15:36:01 +00:00
Andrew Eisenberg
392adf2a25
Workflows: Remove dry-run flag for labeller
2021-04-14 08:25:34 -07:00
Dave Bartolomeo
b29f35f564
Fix formatting
2021-04-14 11:15:16 -04:00
Geoffrey White
64fed4cb10
Merge pull request #5677 from MathiasVP/fix-duplicate-ids-in-experimental
...
C++: Fix duplicate names in experimental queries
2021-04-14 15:58:49 +01:00
Mathias Vorreiter Pedersen
ed64ed3d8d
C++: Make exprMightOverflowPositively/exprMightOverFlowNegatively hold for unanalyzable expressions. This hopefully means that expressions that do not satisfy these predicates will never overflow/underflow.
2021-04-14 16:45:27 +02:00
Jonas Jensen
b4f01c9afa
Merge pull request #5578 from MathiasVP/ast-flow-smart-pointers
...
C++: AST dataflow through smart pointers
2021-04-14 16:39:05 +02:00
Mathias Vorreiter Pedersen
53a320a810
C++: Fix duplicate names.
2021-04-14 16:33:18 +02:00
Mathias Vorreiter Pedersen
bb447d7174
C++: Make sure missingGuardAgainstOverflow (and underflow) holds when range analysis fails to deduce a bound.
2021-04-14 16:30:43 +02:00
yoff
447f339857
Merge pull request #5641 from tausbn/python-use-localsourcenode-in-typetrackers
...
Python: Use API graphs in PEP249 support
2021-04-14 15:39:49 +02:00
Mathias Vorreiter Pedersen
92508beb82
Merge pull request #5600 from ihsinme/ihsinme-patch-258
...
CPP: Add query for CWE-691 Insufficient Control Flow Management When Using Bit Operations
2021-04-14 14:55:30 +02:00
Anders Schack-Mulligen
f43d427875
Merge pull request #5645 from Marcono1234/marcono1234/primary-ql-class
...
Java: Override getAPrimaryQlClass() for more classes
2021-04-14 14:51:29 +02:00
Mathias Vorreiter Pedersen
bc7cc2f7ce
C++: Remove rule that wasn't needed.
2021-04-14 14:50:27 +02:00
Mathias Vorreiter Pedersen
da36508714
Revert "C++: As response to the review comments this commit adds a reference-to-pointer state to AddressFlow. A call to an unwrapper function now adds a pointer -> reference-to-pointer transition, and a ReferenceDereference adds a reference-to-pointer -> pointer transition."
...
This reverts commit 5aeaab7c6d .
2021-04-14 14:41:22 +02:00
Chris Smowton
591ac38c31
Merge pull request #5591 from Marcono1234/marcono1234/member-nested-type
...
Java: Add MemberType
2021-04-14 12:29:54 +01:00
Taus
54c79bff74
Merge pull request #5666 from RasmusWL/django-refactor
...
Python: Refactoring and exposing of Django views/fields/forms
2021-04-14 13:07:20 +02:00
Mathias Vorreiter Pedersen
2e40d01397
Update cpp/ql/src/semmle/code/cpp/security/Overflow.qll
...
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com >
2021-04-14 13:01:31 +02:00
Rasmus Wriedt Larsen
44d2bf42d7
Merge pull request #5671 from tausbn/python-use-api-graphs-in-werkzeug
...
Python: Use API graphs in Werkzeug
2021-04-14 12:57:58 +02:00
Erik Krogh Kristensen
fd23e0bdda
use more API nodes in XmlParsers, and recognize more results from parsing XML
2021-04-14 11:48:31 +02:00
Anders Schack-Mulligen
3b6cd0f681
Merge pull request #5661 from smowton/smowton/cleanup/call-is-exprparent
...
Make Call a subclass of ExprParent.
2021-04-14 10:49:33 +02:00
Rasmus Wriedt Larsen
9de8085571
Merge pull request #5665 from tausbn/python-use-api-graphs-in-tornado
...
Python: Tornado cleanup using API graphs
2021-04-14 10:22:21 +02:00
Rasmus Wriedt Larsen
2d0c9b6bf2
Merge pull request #5670 from tausbn/python-use-api-graphs-in-dill
...
Python: Use API graphs in Dill model
2021-04-14 10:08:02 +02:00
Rasmus Wriedt Larsen
55723618a9
Python: Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2021-04-14 10:05:50 +02:00
Chris Smowton
2965a1f204
Use Thread$State as an inner-class example
...
Map<>$Entry currently has odd generic notation that may be about to change.
2021-04-14 08:43:05 +01:00
Chris Smowton
5158e7964e
Add change note
2021-04-14 08:25:12 +01:00
Tom Hvitved
36fe72246b
C#: Add change note
2021-04-14 09:22:16 +02:00
Tom Hvitved
4810308b16
C#: Add Customizations.qll
2021-04-14 09:16:31 +02:00
haby0
77208bcc91
Fix the error that there is no VerificationMethodToIfFlowConfig
2021-04-14 13:14:43 +08:00
haby0
e2ed0d02b0
Delete existsFilterVerificationMethod and existsServletVerificationMethod, add from get handler to filter
2021-04-14 12:34:52 +08:00
haby0
37dae67a0d
Fix RequestResponseFlowConfig.isSink error
2021-04-14 09:55:24 +08:00
Robert Marsh
419d25cbcf
Merge pull request #5325 from ihsinme/ihsinme-patch-245
...
CPP: Add query for CWE-783 Operator Precedence Logic Error When Use Bool Type
2021-04-13 13:24:39 -07:00
Taus
981c5deb57
Merge pull request #5639 from tausbn/python-api-graphs-missing-builtins
...
Python: Add missing builtins to `API::builtin`
2021-04-13 21:27:52 +02:00
Marcono1234
d853f0c400
Java: Add MemberType
2021-04-13 18:55:20 +02:00
Taus
a6bb9ebb9f
Python: Re-introduce abstract toString
...
This seems like the easier solution in the short run.
2021-04-13 16:08:41 +00:00
Taus
079c7e089d
Python: Autoformat
2021-04-13 16:05:45 +00:00
Taus
273e8ce4ef
Python: Add change note
2021-04-13 16:04:07 +00:00
haby0
00235ed3b3
Update java/ql/src/semmle/code/java/frameworks/Servlets.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-13 23:58:52 +08:00
haby0
25b012db48
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-13 23:58:28 +08:00
Taus
5f7d3d0d36
Python: Use API graphs in Werkzeug
2021-04-13 15:57:21 +00:00
haby0
7be45e7c5e
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-13 23:56:17 +08:00
haby0
6e73d13670
Update java/ql/src/semmle/code/java/frameworks/Servlets.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-13 23:48:45 +08:00
Taus
2890fe6d61
Python: Use API graphs in Dill model
...
If only all rewrites were this smooth...
2021-04-13 15:26:54 +00:00
Taus
7ed09904b4
Python: Use API graphs for Invoke
...
A few stragglers remain, as they are modelling the use of decorators.
They will be dealt with at a later date.
2021-04-13 15:21:19 +00:00
Mathias Vorreiter Pedersen
aa52585120
C++: Add change-note.
2021-04-13 17:17:05 +02:00
Marcono1234
89a5acf6e8
Java: Revert overriding XMLFile.getAPrimaryQlClass()
...
Library file has to be kept in sync with the other languages, however except
cpp none of them have the getAPrimaryQlClass() predicate declared in a
superclass. Therefore for simplicity revert the change for Java.
2021-04-13 17:09:15 +02:00
Taus
7f131c1f35
Python: Get rid of _attr predicates
2021-04-13 14:55:44 +00:00
Taus
1008411594
Python: Use API graphs in Fabric model
2021-04-13 14:49:44 +00:00
Mathias Vorreiter Pedersen
d1457995dd
C++: Use range analysis in Overflow.qll
2021-04-13 16:39:28 +02:00
Taus
a404faa302
Python: Use American English in change note
...
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com >
2021-04-13 15:05:44 +02:00
Taus
7825a2cdfc
Python: Add change note
2021-04-13 12:48:45 +00:00
Taus
1a4845f417
Python: Restrict types a bit
...
The `CallCfgNode` restrictions are familiar and useful.
Restricting `InstanceSource` to extend `LocalSourceNode` is novel, but I
think it makes sense. It will act as a good reminder to anyone extending
`InstanceSource` that the node in question is a `LocalSourceNode`, which
will be enforced by the return type of the internal type tracker anyway.
2021-04-13 12:28:38 +00:00
Taus
f93b68d4dc
Python: Get rid of _attr methods
2021-04-13 12:25:38 +00:00
Taus
98d936d8b3
Python: Tornado cleanup using API graphs
...
I wasn't able to roll out API graphs as widely in Tornado as I had
hoped, since we're lacking the "def" part. This means most of the
`InstanceSource` machinery will have to stay.
2021-04-13 12:25:38 +00:00
CodeQL CI
f341d5010d
Merge pull request #5662 from asgerf/js/simpler-json-api
...
Approved by erik-krogh
2021-04-13 04:37:56 -07:00
Tom Hvitved
9b0ef2fe21
Merge pull request #5654 from hvitved/csharp/autobuilder/pwsh
...
C#: First try `pwsh` and then `powershell` when calling `dotnet-install.ps1`
2021-04-13 13:15:01 +02:00
Chris Smowton
58d198261e
Merge pull request #5663 from smowton/luchua/java/sensitive-cookie-not-httponly
...
Java: CWE-1004 Query to check sensitive cookies without the HttpOnly flag set w/minor corrections
2021-04-13 12:08:53 +01:00
CodeQL CI
646639bc73
Merge pull request #5460 from erik-krogh/forgery-2
...
Approved by asgerf
2021-04-13 03:57:04 -07:00
Chris Smowton
f22b11881e
Minimise stubs
...
By removing all business logic from the stubs, we better test that our analysis treats them as opaque and does not rely on their internal structure
2021-04-13 10:36:28 +01:00
Chris Smowton
45e1a61d7b
Mark test as bad-but-missed
...
This test ought ideally to be caught, but isn't by the current version of the query.
2021-04-13 10:36:27 +01:00
Rasmus Lerchedahl Petersen
30fbb8f1e7
Python: clean up interface
2021-04-13 11:34:47 +02:00
Asger Feldthaus
e77117f902
JS: Autoformat
2021-04-13 10:29:14 +01:00
Asger Feldthaus
929d9da4b4
JS: Migrate to new JSON API
2021-04-13 10:29:13 +01:00
Asger Feldthaus
7c13163413
JS: Lift JSON accessors to JSONValue
2021-04-13 10:29:13 +01:00
Rasmus Lerchedahl Petersen
178cb6c90f
Python: Bit too eager with the modernisation...
...
Lift type restrictions to recover results.
2021-04-13 11:26:05 +02:00
Rasmus Lerchedahl Petersen
7c0b0642c8
Python: Add imports to make code compile
2021-04-13 11:09:27 +02:00
Tom Hvitved
15c103e42d
C#: Remove code duplication in BuildScripts.cs
2021-04-13 10:57:15 +02:00
Chris Smowton
dee974ff2d
Make Call a subclass of ExprParent. All of its subclasses are in any case (via Expr or Stmt)
2021-04-13 09:13:47 +01:00
Marcono1234
c37dbb2e68
Java: Override getAPrimaryQlClass() for more classes
2021-04-13 08:46:01 +01:00
Mathias Vorreiter Pedersen
3cfd30ef6f
Merge pull request #5629 from hvitved/cpp/remove-unique
...
C++: Remove `unique` wrapper from `DataFlow::Node::getEnclosingCallable`
2021-04-13 09:42:34 +02:00
haby0
be39883166
Change the class name and comment,Use .(CompileTimeConstantExpr).getStringValue()
2021-04-13 14:10:10 +08:00
Dave Bartolomeo
afd2f58f9f
C++: Fix PR feedback
2021-04-12 18:21:05 -04:00
Dave Bartolomeo
697b2dcde8
C++: Add missing store step for single-field struct use
...
We have special code to handle field flow for single-field structs, but that special case was too specific. Some `Store`s to single-field structs have no `Chi` instruction, which is the case that we handled already. However, it is possible for the `Store` to have a `Chi` instruction (e.g. for `{AllAliased}`), but still have a use of the result of the `Store` directly. We now add a `PostUpdateNode` for the result of the `Store` itself in those cases, just like we already did if the `Store` had no `Chi`.
2021-04-12 18:11:41 -04:00
Rasmus Lerchedahl Petersen
b6bd782746
Python: Modernize via CallCfgNode
2021-04-12 23:55:59 +02:00
yoff
e4d74cf098
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-04-12 23:47:54 +02:00
Robert Marsh
0102d68f38
Merge pull request #5658 from MathiasVP/fix-partial-def-diff-test
...
C++: Fix performance in test
2021-04-12 13:08:30 -07:00
Andrew Eisenberg
e0fcb15739
Actions: Add workflow for marking stale questions
...
This PR adds a workflow for marking and closing issues as stale. Issues must be labeled as _question_. PRs are never marked as stale.
2021-04-12 13:05:53 -07:00
Artem Smotrakov
b96b665262
Renaming in java/ql/src/experimental/Security/CWE/CWE-094
2021-04-12 21:40:49 +03:00
Mathias Vorreiter Pedersen
037e6369ce
C++: Ensure all values are bound in both disjunctions.
2021-04-12 18:27:21 +02:00
luchua-bc
d7f26dfc18
Update stub classes and qldoc
2021-04-12 16:19:23 +00:00
Taus
fda750ef26
Merge pull request #5642 from tausbn/python-use-api-graphs-in-stdlib
...
Python: Use API graphs in `Stdlib.qll`
2021-04-12 18:05:38 +02:00
Chris Smowton
423ff32d04
Merge pull request #5384 from luchua-bc/java/insecure-spring-actuator-config
...
Java: CWE-016 Query to detect insecure configuration of Spring Boot Actuator
2021-04-12 17:04:47 +01:00
Taus
6d4ddc0329
Merge pull request #5614 from tausbn/python-allow-absolute-imports-from-source-directory
...
Python: Allow absolute imports from source directory
2021-04-12 18:02:00 +02:00
CodeQL CI
bc56d16c18
Merge pull request #5485 from RasmusWL/django-queryset-chains
...
Approved by tausbn
2021-04-12 08:49:31 -07:00
Tom Hvitved
dfc91b8331
C#: Simplify dotnet-install.ps1 invocation
...
Using the pattern from https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-install-script .
2021-04-12 17:33:33 +02:00
Chris Smowton
bb23866cec
Add missing doc comments
2021-04-12 16:33:01 +01:00
Tom Hvitved
d35a501121
Merge pull request #5583 from lcartey/cs/restrict-jump-to-def
...
C#: Exclude jump-to-def information for elements with too many locations
2021-04-12 16:52:20 +02:00
ihsinme
a43698802f
Update InsufficientControlFlowManagementWhenUsingBitOperations.ql
2021-04-12 17:36:50 +03:00
CodeQL CI
310a2c8bb3
Merge pull request #5655 from erik-krogh/cert
...
Approved by esbena
2021-04-12 07:31:04 -07:00
Chris Smowton
2656a52880
Merge pull request #5538 from luchua-bc/java/credentials-in-properties
...
Java: CWE-555 Query to detect plaintext credentials in Java properties files
2021-04-12 15:22:21 +01:00
Chris Smowton
abeefcaced
Merge pull request #4947 from porcupineyhairs/DexLoading
...
Java : add query to detect insecure loading of Dex File
2021-04-12 15:22:12 +01:00
Asger Feldthaus
d2fad180f8
JS: Add test
2021-04-12 15:07:45 +01:00
Mathias Vorreiter Pedersen
5aeaab7c6d
C++: As response to the review comments this commit adds a reference-to-pointer state to AddressFlow. A call to an unwrapper function now adds a pointer -> reference-to-pointer transition, and a ReferenceDereference adds a reference-to-pointer -> pointer transition.
2021-04-12 16:01:01 +02:00
ihsinme
58d5ad48d5
Update InsufficientControlFlowManagementAfterRefactoringTheCode.ql
2021-04-12 17:00:34 +03:00
ihsinme
d7c14775bf
Update InsufficientControlFlowManagementAfterRefactoringTheCode.qhelp
2021-04-12 16:56:48 +03:00
Chris Smowton
11bf982728
Remove superfluous linebreaks in qhelp file
2021-04-12 14:36:42 +01:00
Asger Feldthaus
24de826133
JS: Add file diagnostics errors
2021-04-12 14:11:38 +01:00
Erik Krogh Kristensen
32737a17fb
add change note
2021-04-12 15:09:13 +02:00
Erik Krogh Kristensen
172d6139e2
support all ClientRequests in js/disabling-certificate-validation
2021-04-12 15:06:10 +02:00
luchua-bc
c281e54d22
Remove unused files and update qldoc
2021-04-12 13:05:01 +00:00
Tom Hvitved
57016ddbde
C++: Remove unique wrapper from DataFlow::Node::getEnclosingCallable()
2021-04-12 14:41:52 +02:00
Tom Hvitved
7d2a60e910
Merge pull request #5640 from hvitved/dataflow/path-step-perf
...
Data flow: Prevent bad join-order in `pathStep`
2021-04-12 14:40:46 +02:00
Tamas Vajk
b4d35b52c3
C#: Add Console.Read* to local flow sources
2021-04-12 14:19:17 +02:00
Tom Hvitved
5446532e1d
C#: Update auto-builder tests
2021-04-12 14:01:55 +02:00
Anders Schack-Mulligen
acd4cf2878
Merge pull request #5636 from aschackmull/java/shared-flow-summaries
...
Java: Adopt shared flow summaries
2021-04-12 13:35:31 +02:00
CodeQL CI
e8d835b422
Merge pull request #5638 from erik-krogh/smartInliner
...
Approved by esbena
2021-04-12 04:17:25 -07:00
Tom Hvitved
c7686b1838
C#: First try pwsh and then powershell when calling dotnet-install.ps1
2021-04-12 13:01:14 +02:00
Tom Hvitved
cf5f838b13
Data flow: Remove recommendation to use unique in Node::getEnclosingCallable()
2021-04-12 12:04:23 +02:00
Anders Schack-Mulligen
e003b04061
Merge pull request #5637 from Marcono1234/marcono1234/toString-method
...
Java: Add ToStringMethod
2021-04-12 11:43:55 +02:00
Max Schaefer
cd57e61f65
Rename MkHasUnderlyingType to MkTypeUse.
2021-04-12 11:30:15 +02:00
Erik Krogh Kristensen
91d28fb8b0
cleanup in API-graphs
2021-04-12 11:30:15 +02:00
CodeQL CI
63f087a8e9
Merge pull request #5653 from erik-krogh/givenCommand
...
Approved by asgerf
2021-04-12 02:01:32 -07:00
Rasmus Wriedt Larsen
364d48948f
Merge pull request #3810 from dilanbhalla/syntaxpython
...
Python: Function/Class Naming Convention (Syntax)
2021-04-12 10:42:17 +02:00
Rasmus Lerchedahl Petersen
3ff8e010b2
Python: Refactor based on review
...
- more natural handling of default arguments
- do not assume default construction gives a family
- simplifies `UnspecificSSLContextCreation`
2021-04-12 10:00:07 +02:00
Rasmus Lerchedahl Petersen
9f91dde76f
Python: Update test expectation after comment
2021-04-12 09:58:06 +02:00
Erik Krogh Kristensen
17c4bbbc4e
allow parameters that end with "Command" in js/shell-command-constructed-from-input
2021-04-12 09:57:40 +02:00
haby0
1b948ac2e2
Combine two Configurations into one
2021-04-12 15:44:39 +08:00
Rasmus Lerchedahl Petersen
036fddfdb5
Python: Namable -> Nameable
2021-04-12 08:18:24 +02:00
yoff
02d6de81a7
Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2021-04-12 08:16:36 +02:00
ihsinme
feb3a8deb1
Update InsufficientControlFlowManagementAfterRefactoringTheCode.expected
2021-04-12 08:23:41 +03:00
ihsinme
6924c6c51c
Update test.c
2021-04-12 08:23:06 +03:00
ihsinme
3da88f2103
Update InsufficientControlFlowManagementAfterRefactoringTheCode.c
2021-04-12 08:15:36 +03:00
ihsinme
17d1c77a14
Update InsufficientControlFlowManagementAfterRefactoringTheCode.ql
2021-04-12 08:14:17 +03:00
yo-h
4f2060f96b
Merge commit '2d618d6b928d8b76ac8033b3b63d9bde71caa325' into yo-h/java16
2021-04-11 23:55:33 -04:00
Taus
10be2735ec
Python: Get rid of _attr predicates
...
Also changes all `CfgNode`s representing calls to `CallCfgNode`s.
2021-04-10 12:12:18 +00:00
intrigus
8d11bc97ca
[Java] Add "missing jwt signature check" qhelp.
2021-04-10 13:36:22 +02:00
haby0
d90527bead
JsonpInjectionExpr updated to JsonpBuilderExpr
2021-04-10 10:33:21 +08:00
Marcono1234
9349e6922d
Java: Add ToStringMethod
2021-04-10 04:00:44 +02:00
haby0
eeae91e620
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 09:48:55 +08:00
haby0
046aeaa38c
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 09:37:29 +08:00
haby0
8b756d7f1b
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 09:27:03 +08:00
haby0
650446f761
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 09:26:32 +08:00
haby0
a5ebe8c600
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 09:26:08 +08:00
porcupineyhairs
8687c5c145
Apply suggestions from code review
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:18:35 +05:30
haby0
8a7d28a2ed
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:29:49 +08:00
haby0
4c21980d4f
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:29:30 +08:00
haby0
9635a36044
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:29:06 +08:00
haby0
760231c004
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:28:17 +08:00
haby0
c77c7b0a98
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:27:16 +08:00
haby0
837f20108d
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:25:43 +08:00
haby0
157e4670fd
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:25:11 +08:00
haby0
79c1374925
Update java/ql/src/semmle/code/java/frameworks/Servlets.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:24:49 +08:00
haby0
1510048f7a
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:23:13 +08:00
haby0
d8165145c7
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:22:44 +08:00
haby0
ebd38eaf3b
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:22:08 +08:00
haby0
b8c11503f0
Update java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-10 04:21:49 +08:00
Dave Bartolomeo
0a86642056
C++: Refactor some side effect generation code
...
This change was necessary for my upcoming changes to introduce side effect instructions for indirections of smart pointers. The code to decide which parameters have which side effects appeared in both the IPA constructor for `TTranslatedSideEffect` and in `TranslatedCall`. These two versions didn't quite agree, especially once the `SideEffectFunction` model provides its own side effects instead of the defaults.
The relevant code has now been factored out into `SideEffects.qll`. This queries the model if one exists, and provides default side effects if no model exists. This fixes at least one existing issue, where we were emitting a buffer read side effect for `*this` instead of an indirect read side effect. This accounts for all of the IR diffs in the tests.
2021-04-09 16:14:03 -04:00
luchua-bc
4e3791dc0d
Remove LoadCredentialsConfiguration and update qldoc
2021-04-09 19:36:35 +00:00
Taus
720fbaf301
Python: Fix test error.
...
Somehow, having to type "Node" all day long made me turn "json" into
"node"...
Also removes some bits that weren't needed after all.
2021-04-09 19:04:49 +00:00
Mathias Vorreiter Pedersen
1510fe370d
C++: Add cases for const pointer wrapper references to AddressFlow and FlowVar.
2021-04-09 20:58:05 +02:00
Mathias Vorreiter Pedersen
2329b31601
C++: Replace the new SmartPointerPartialDefinition with additional steps in AddressFlow.qll
2021-04-09 20:49:45 +02:00
Mathias Vorreiter Pedersen
a460e3ad3d
Merge branch 'main' into ast-flow-smart-pointers
2021-04-09 19:41:10 +02:00
Taus
cc4827600b
Python: Use API graphs in Stdlib.qll
...
Eliminates _almost_ all of the bespoke type trackers found here. The
ones that remain do not fit easily inside the framework of API graphs
(at least, not yet), and I did not see any easy ways to clean them up.
They have, however, been rewritten to use `LocalSourceNode` internally,
which was the primary goal of this exercise.
I'm sure we could also clean up many of the inner modules given the more
lean presentation we have now, but this can wait for a different PR.
2021-04-09 17:11:47 +00:00
luchua-bc
04b0682bbf
Use isAdditionalTaintStep and make the query more readable
2021-04-09 16:14:51 +00:00
Tom Hvitved
fd8f745468
Java: Adopt shared flow summary library and refactor data-flow nodes.
2021-04-09 16:57:03 +02:00
Shati Patel
2d618d6b92
Merge pull request #5625 from shati-patel/docs/cli-manual
...
Docs: Link to CodeQL CLI manual from the sidebar
2021-04-09 15:30:24 +01:00
Tom Hvitved
f130616369
Data flow: Make getLocalCc private again
2021-04-09 16:22:58 +02:00
Taus
d2b874f217
Python: Use API graphs in PEP249 support
...
Because the replacement extension point now extends `API::Node`, I
modified the `toString` method of the latter to have an empty body.
The alternative would be to require everyone to provide a `toString`
predicate for their extensions, but seeing as these will usually be
pointing to already existing API graph nodes, this seems silly.
(This may be the reason why the equivalent method in the JS libs has
such an implementation.)
2021-04-09 14:19:00 +00:00
Jonas Jensen
e1d0bbb021
Merge pull request #5607 from MathiasVP/smart-pointer-ast-read-store-steps
...
C++: read and store steps for smart pointers in AST dataflow
2021-04-09 16:11:48 +02:00
CodeQL CI
6fd4a8afff
Merge pull request #5567 from asgerf/js/sql-models
...
Approved by esbena
2021-04-09 07:11:10 -07:00
CodeQL CI
be2fe6e171
Merge pull request #5630 from erik-krogh/urlStep
...
Approved by esbena
2021-04-09 07:05:43 -07:00
CodeQL CI
8d2768b2ce
Merge pull request #5634 from erik-krogh/fileSource
...
Approved by asgerf
2021-04-09 07:04:42 -07:00
Anders Schack-Mulligen
701e815368
Merge pull request #5628 from hvitved/java/remove-unique
...
Java: Remove `unique` wrapper from `DataFlow::Node::getEnclosingCallable()`
2021-04-09 15:21:26 +02:00
Mathias Vorreiter Pedersen
cd310eb9d5
C++: Remove unused import.
2021-04-09 15:08:48 +02:00
Tamás Vajk
992a4df12f
Merge pull request #5619 from tamasvajk/feature/fix-default-argument-value-extraction
...
C# Improve default argument value extraction
2021-04-09 14:58:35 +02:00
Mathias Vorreiter Pedersen
996cda9b97
C++: Fix incorrect test annotation.
2021-04-09 14:46:46 +02:00
Tom Hvitved
6874b8d4b3
Data flow: Prevent bad join-order in pathStep
2021-04-09 14:24:47 +02:00
Mathias Vorreiter Pedersen
80d5b17900
C++: Remove the dataflow rule for smart_ptr -> *smart_ptr.
2021-04-09 14:20:51 +02:00
Mathias Vorreiter Pedersen
cae0060a89
C++: Replace the new rules in DataFlowUtil with a dataflow model for pointer wrapper classes.
2021-04-09 14:06:58 +02:00
Taus
affdedd840
Python: Add missing builtins to API::builtin
...
We were missing out on `None`, `True`, and `False` as these do not
appear as actual attributes of the `builtins` module in Python 3
(because they are elevated to the status of keywords there)
The simple solution, then, is to just always include them directly.
2021-04-09 12:02:07 +00:00
Tamas Vajk
46197e6e69
Address review comments
2021-04-09 13:39:37 +02:00
Tamas Vajk
351f35d9bc
Revert "Java: Convert other sinks"
...
This reverts commit 87d42b02c0 .
2021-04-09 13:13:49 +02:00
Tamas Vajk
87d42b02c0
Java: Convert other sinks
2021-04-09 13:13:39 +02:00
Tamas Vajk
3e53484bb3
Java: Convert Google HTTP client API parseAs sink to CSV format
2021-04-09 13:10:44 +02:00
Tamas Vajk
e544faed6d
Java: Convert unsafe hostname verification sinks to CSV format
2021-04-09 13:10:44 +02:00
Tamas Vajk
17fd758df1
Java: Convert XSS sinks to CSV format
2021-04-09 13:10:44 +02:00
Erik Krogh Kristensen
595bdedb22
rename predicate to getStem, and update regexp
2021-04-09 13:07:54 +02:00
Tamas Vajk
0b7a6671dd
Java: Convert header splitting sinks to CSV format
2021-04-09 13:06:05 +02:00
Tamas Vajk
f329c3fdab
Java: Convert insecure bean validation sink to CSV format
2021-04-09 13:06:04 +02:00
Mathias Vorreiter Pedersen
0a6aef71a2
C++: Respond to review comments.
2021-04-09 12:29:13 +02:00
CodeQL CI
652e8b4872
Merge pull request #5586 from asgerf/js/tsconfig-file-inclusion-handling
...
Approved by esbena
2021-04-09 02:50:51 -07:00
Tamas Vajk
9e2832a82d
Java: Convert zipslip sinks to CSV format
2021-04-09 11:43:29 +02:00
Tamas Vajk
b9ce1aefc0
Java: Convert unsafe URL opening sinks to CSV format
2021-04-09 11:43:29 +02:00
Tom Hvitved
c9c4c067b6
Merge pull request #5633 from hvitved/csharp/get-a-source-type-perf
...
C#: Improve performance of `Dispatch::SimpleTypeDataFlow::getASourceType()`
2021-04-09 11:42:34 +02:00
Tamás Vajk
a335bb0115
Merge pull request #5609 from tamasvajk/feature/dapper
...
C#: Dapper support
2021-04-09 10:52:17 +02:00
CodeQL CI
ad267404c9
Merge pull request #5137 from asgerf/js/redux-less
...
Approved by erik-krogh
2021-04-09 01:24:19 -07:00
Tamas Vajk
d7f0b9a7fa
Add change note
2021-04-09 09:58:37 +02:00
Tamas Vajk
749db379ca
Address code review findings
2021-04-09 09:55:37 +02:00
Tamas Vajk
dbb3d3dc17
Add change note
2021-04-09 09:50:55 +02:00
Tamas Vajk
53daa7c436
Java: Migrate LDAP injection sinks to CSV format
2021-04-09 09:15:47 +02:00
luchua-bc
11304b2ae1
Update qldoc and change the wrapper method implementation
2021-04-09 02:21:59 +00:00
Erik Krogh Kristensen
7f01586bf1
fix bad join order in getDocumentedParameter
2021-04-09 01:15:46 +02:00
Erik Krogh Kristensen
e5bce548de
add nomagic on mayHaveStringValue
2021-04-09 00:08:51 +02:00
Erik Krogh Kristensen
956311457d
fixed bad SourceNode X SourceNode join in HTTP model
2021-04-08 21:15:50 +02:00
ihsinme
9b3ccade43
Update test.c
2021-04-08 22:06:35 +03:00
ihsinme
3d117243e4
Update test.c
2021-04-08 22:05:31 +03:00
ihsinme
02eb447a35
Update InsufficientControlFlowManagementWhenUsingBitOperations.expected
2021-04-08 22:04:08 +03:00
ihsinme
a6b486a448
Update InsufficientControlFlowManagementWhenUsingBitOperations.ql
2021-04-08 22:01:43 +03:00
Dilan
d73ba13b28
autoformat fix
2021-04-08 11:41:58 -07:00
Artem Smotrakov
b39a3ab12c
Added setVariable() sink
2021-04-08 20:41:43 +03:00
Tamás Vajk
8adaee05b6
Merge pull request #5453 from tamasvajk/feature/use_codeql_stubs
...
C#: Adjust make_stubs.py to use codeql instead of odasa
2021-04-08 16:16:05 +02:00
Anders Schack-Mulligen
6109ef5e88
Merge pull request #5475 from Marcono1234/marcono1234/minus-literal
...
Java: Improve documentation regarding minus in front of numeric literals
2021-04-08 16:11:14 +02:00
Asger Feldthaus
7d300b53d7
JS: Autoformat
2021-04-08 15:06:48 +01:00
Anders Schack-Mulligen
d42a01cb3a
qldoc fixup
2021-04-08 15:45:21 +02:00
Tamas Vajk
e5160929eb
Remove ODASA reference from make_stubs.py
2021-04-08 15:04:02 +02:00
Erik Krogh Kristensen
30ba69d991
treat "files" in a package.json as main modules, if "main" is not present
2021-04-08 14:42:12 +02:00
Tom Hvitved
036e181bc1
C#: Improve performance of Dispatch::SimpleTypeDataFlow::getASourceType()
2021-04-08 14:27:28 +02:00
Tom Hvitved
716568ebd1
Merge pull request #5623 from hvitved/csharp/enclosing
...
C#: Compute enclosing callable as a transitive closure
2021-04-08 14:20:09 +02:00
Tom Hvitved
9820116734
Merge pull request #5603 from hvitved/csharp/dataflow/no-unique
...
C#: Remove `unique` wrappers from `DataFlow::Node::get(EnclosingCallable|ControlFlowNode)`
2021-04-08 14:19:34 +02:00
Asger Feldthaus
52a2260dc7
JS: Rename change note file
2021-04-08 12:52:23 +01:00
Rasmus Wriedt Larsen
c738f387b1
Merge pull request #5624 from tausbn/python-make-callcfgnode-a-localsourcenode
...
Python: Improve `CallCfgNode` interface
2021-04-08 13:38:24 +02:00
haby0
1da48ed4d1
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-08 19:22:14 +08:00
haby0
bfbfe7af13
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSource.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-08 19:21:58 +08:00
haby0
21004006d6
Update java/ql/src/experimental/Security/CWE/CWE-348/UseOfLessTrustedSourceLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-04-08 19:17:04 +08:00
Taus
cf5f760ecd
Merge pull request #5582 from RasmusWL/all-tuple
...
Python: Add support for `__all__` assigned to tuple
2021-04-08 13:03:27 +02:00
Rasmus Wriedt Larsen
83477439a1
Python: Make django views/fields/forms class modeling extensible
...
This also requires that we make this part of the modeling public, which I guess
is step we want to take eventually anyway!
I'm not quite sure whether the modules `Django::Views` and `Django::Forms` are
actually helpful, or whether we should just have their modules available as
`Django::View`, `Django::Form`, and `Django::Field`...
2021-04-08 12:45:37 +02:00
Rasmus Wriedt Larsen
b7483a5394
Python: Add modeledSubclassRef for Django views/fields/forms
2021-04-08 12:45:36 +02:00
Rasmus Wriedt Larsen
322bdcb703
Python: Port Django view modeling to API graphs
2021-04-08 12:45:35 +02:00
Rasmus Wriedt Larsen
8ce5c46e05
Python: Minor refactor
...
modName/clsName _is_ shorter, but also looks way worse :D
2021-04-08 12:45:34 +02:00
Tamas Vajk
a790eb8110
Fix for unconstrained generic types
2021-04-08 12:20:01 +02:00
Tamas Vajk
a8cbdc92b9
Add more test cases
2021-04-08 12:17:19 +02:00
Tamas Vajk
551a7ce9e5
Fix expression value of struct default argument values
2021-04-08 12:14:53 +02:00
Tamas Vajk
c069c3384e
Fix tests
2021-04-08 12:07:36 +02:00
Tamas Vajk
cb9a9db356
C# Improve default argument value extraction
2021-04-08 12:07:22 +02:00
Tamas Vajk
2ac1e60406
C#: Add parameter default value tests
2021-04-08 12:04:18 +02:00
haby0
86ef2588f1
Restore @Component annotation
2021-04-08 17:55:29 +08:00
Jonas Jensen
51bab81f56
Merge pull request #5622 from MathiasVP/inline-is-before
...
C++: Inline Location::isBefore
2021-04-08 11:24:33 +02:00
haby0
3f0a3266aa
[Java] CWE-348: Use of less trusted source
2021-04-08 17:14:03 +08:00
Erik Krogh Kristensen
99dd5330c2
add taint-step for URL construction in js/request-forgery
2021-04-08 11:10:33 +02:00
CodeQL CI
a9527fd913
Merge pull request #5621 from erik-krogh/shellSink
...
Approved by esbena
2021-04-08 09:47:45 +01:00
Tom Hvitved
2faf52b6bd
Java: Remove unique wrapper from DataFlow::Node::getEnclosingCallable()`
2021-04-08 10:07:19 +02:00
Dilan
675de07c3e
autoformat ql
2021-04-07 15:04:18 -07:00
ihsinme
ed34c96357
Update InsufficientControlFlowManagementWhenUsingBitOperations.ql
2021-04-07 21:40:49 +03:00
ihsinme
eb9b41acab
Apply suggestions from code review
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2021-04-07 21:31:12 +03:00
Artem Smotrakov
a764a79090
Always bind arguments in TaintPropagatingCall
2021-04-07 21:12:21 +03:00
Artem Smotrakov
c13ee0859a
LambdaExpression should extend JakartaType
2021-04-07 21:02:21 +03:00
Shati Patel
4cf0b8e725
Merge pull request #5626 from shati-patel/docs/broken-links
...
Docs: Fix broken link to cached "RemoteFlowSource"
2021-04-07 19:01:33 +01:00
Artem Smotrakov
3d8e173c57
Removed a reference to Apache Commons EL
2021-04-07 20:59:07 +03:00
Artem Smotrakov
80ac2aff26
Fixed typos
...
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com >
2021-04-07 20:55:03 +03:00
Shati Patel
f372274857
Docs: Fix broken links
2021-04-07 18:02:29 +01:00
Shati Patel
2373bf2dfb
Docs: Link to CodeQL CLI manual from the sidebar
2021-04-07 17:55:05 +01:00
Tom Hvitved
1cf30d2a9e
C#: Compute enclosing callable as a transitive closure
2021-04-07 17:44:41 +02:00
Jonas Jensen
ab58cb3d44
Merge pull request #5604 from MathiasVP/fix-false-positive-in-assign-where-compare-meant
...
C++: Fix FP in cpp/assign-where-compare-meant
2021-04-07 16:54:45 +02:00
CodeQL CI
f0491af64c
Merge pull request #5529 from erik-krogh/socketInput
...
Approved by esbena
2021-04-07 15:03:13 +01:00
Asger F
0c724a8427
Merge pull request #5304 from asgerf/js/non-alert-data
...
JS: Implement new metric queries for line counting
2021-04-07 14:52:51 +01:00
yoff
38daeb4df2
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-04-07 15:50:51 +02:00
Mathias Vorreiter Pedersen
03b12dbc6d
C++: Inline Location::isBefore.
2021-04-07 15:45:08 +02:00
Erik Krogh Kristensen
365b4d722d
backtrack string-concatenations from shell-execution sinks
2021-04-07 15:34:54 +02:00
Taus
903f364dab
Python: Improve CallCfgNode interface
...
Call nodes are always local sources (specifically sources of the return
value of the call), and so inheriting from `LocalSourceNode` will have
no effect on results, but _should_ make it a bit more smooth to use the
API.
2021-04-07 13:31:12 +00:00
CodeQL CI
073a43ce74
Merge pull request #5606 from erik-krogh/shellInput
...
Approved by esbena
2021-04-07 14:30:31 +01:00
Shati Patel
461d4e45af
Merge pull request #5608 from shati-patel/docs/telemetry-settings
...
Docs: Mention telemetry in "customizing settings"
2021-04-07 13:44:32 +01:00
Erik Krogh Kristensen
c9f54ea1ad
update expected output
2021-04-07 12:37:17 +00:00
Asger Feldthaus
ee13ff71d6
JS: Add another change note
2021-04-07 12:29:06 +01:00
Asger Feldthaus
26cddc7d04
JS: Update test output
2021-04-07 12:28:45 +01:00
Taus
6c69c1aeeb
Python: Minor cleanup
2021-04-07 10:47:21 +00:00
Asger Feldthaus
69973d0fa2
JS: Autoformat
2021-04-07 11:24:11 +01:00
ihsinme
cbf158ea6b
Add files via upload
2021-04-07 13:12:30 +03:00
ihsinme
36de496d47
Add files via upload
2021-04-07 13:12:29 +03:00
ihsinme
ed2a8db8c9
Add files via upload
2021-04-07 13:10:01 +03:00
ihsinme
9c3b7e81c7
Add files via upload
2021-04-07 13:10:00 +03:00
Erik Krogh Kristensen
a66083d685
change "Uncontrolled path" to "Path concatenation"
2021-04-07 08:23:07 +00:00
CodeQL CI
fd4e8f8282
Merge pull request #5526 from erik-krogh/quotedShell
...
Approved by esbena
2021-04-07 08:39:01 +01:00
CodeQL CI
61880ba90a
Merge pull request #5530 from erik-krogh/moreFS
...
Approved by esbena
2021-04-07 08:37:23 +01:00
Rasmus Lerchedahl Petersen
a006a92f8d
Python: Expand commentary
2021-04-07 08:32:40 +02:00
Rasmus Lerchedahl Petersen
f22db2a30b
Python: One family to rule them all...
2021-04-07 08:32:21 +02:00
Rasmus Lerchedahl Petersen
a0e3e3afaf
Python: adjust test expectations
2021-04-07 08:22:36 +02:00
Rasmus Lerchedahl Petersen
fb95c488e8
Python: format
2021-04-07 08:20:52 +02:00
Robert Marsh
e22ec50dee
Merge pull request #5613 from github/hmakholm/pr/fix-redos
...
Fix ReDOS in cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
2021-04-06 15:54:27 -07:00
Rasmus Lerchedahl Petersen
094d2f3b7d
Python: clean up tests
2021-04-06 22:59:58 +02:00
Rasmus Lerchedahl Petersen
a44490b470
Python: remove unused file
2021-04-06 22:56:07 +02:00
Rasmus Lerchedahl Petersen
0626684442
Python: small cleanups enabled by review
2021-04-06 22:55:32 +02:00
yoff
acf8fd0f03
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-04-06 22:45:03 +02:00
Taus
a93132daae
Merge branch 'python-allow-absolute-imports-from-source-directory' of https://github.com/tausbn/codeql into python-allow-absolute-imports-from-source-directory
2021-04-06 19:58:57 +00:00
Taus
43ae7462b4
Python: Only track modules that are imported
...
This greatly restricts the set of modules that have a new name under
this scheme.
One change to the tests was needed, which reflects the fact that the
two `main.py` files no longer have the name `main` (which makes sense,
since they're never imported under this name).
2021-04-06 21:56:12 +02:00
Taus
b44db460f6
Python: Only track modules that are imported
2021-04-06 19:55:43 +00:00
Henning Makholm
2d615ef503
Fix ReDOS in cpp/ql/src/Security/CWE/CWE-428/UnsafeCreateProcessCall.ql
...
The sub-regex `(\s|.)*` aims to capture arbitrary string content
(in contrast to `.*` which doesn't match newlines), but it is
unsafe, since non-newline whitespace can match both alternatives.
This caused an evaluator crash in the wild.
Replace with `[\s\S]*`, which matches everything in a safe way.
2021-04-06 20:10:57 +02:00
yo-h
cc63563a88
Merge remote-tracking branch 'upstream-public/main' into yo-h/java16
2021-04-06 13:16:02 -04:00
Taus Brock-Nannestad
8e11abca40
Revert "Merge pull request #5552 from RasmusWL/revert-import-change"
...
This reverts commit 49d1937dc4 , reversing
changes made to d4877a9038 .
2021-04-06 17:39:41 +02:00
Tamas Vajk
ffcb345916
C#: Add Dapper support to SQL injection queries
2021-04-06 17:06:20 +02:00
Shati Patel
9a41c80626
Merge pull request #5574 from github/smowton/admin/update-supported-go-version
...
Update supported Go version to 1.16
2021-04-06 14:54:36 +01:00
Shati Patel
695b02a94c
Docs: Mention telemetry in "customizing settings"
2021-04-06 14:30:17 +01:00
Erik Krogh Kristensen
2c1cc9ead6
use local variable instead of module.exports in example
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2021-04-06 15:17:31 +02:00
Tom Hvitved
f45916efda
Merge pull request #5605 from hvitved/csharp/exclude-dependency-queries
...
C#: Remove mentions of `exclude-dependency-queries.yml`
2021-04-06 14:58:49 +02:00
Mathias Vorreiter Pedersen
8382e85901
C++: Add flow into the source of read step and out of the target of a store step for smart pointers in AST dataflow.
2021-04-06 14:05:55 +02:00
Mathias Vorreiter Pedersen
f07d844362
C++: Add a test containing missing read/store dataflow steps for smart pointers.
2021-04-06 13:59:27 +02:00
Tamas Vajk
98001c494f
C#: Add Dapper stub and new SqlInjection test cases
2021-04-06 13:30:31 +02:00
Erik Krogh Kristensen
41b89669a9
add joined paths as a sink to js/shell-command-constructed-from-input
2021-04-06 12:14:00 +02:00
Rasmus Wriedt Larsen
bc49bc7095
Python: Add variable with underscore to __all__ tests
2021-04-06 11:54:25 +02:00
Tom Hvitved
e0e58b24ea
C#: Remove mentions of exclude-dependency-queries.yml
2021-04-06 11:50:36 +02:00
Rasmus Wriedt Larsen
224d3790b5
Python: Highlight all_indirect.py is not super important
...
At least not in my mind
2021-04-06 11:50:04 +02:00
Rasmus Wriedt Larsen
b11703cc74
Python: all_dybamic2 => all_indirect
2021-04-06 11:49:55 +02:00
Mathias Vorreiter Pedersen
5eb1f8abbd
C++: Add change-note.
2021-04-06 11:47:57 +02:00
Rasmus Wriedt Larsen
0ebb24ebeb
Merge pull request #5398 from yoff/python-api-enhancements
...
Python: Add small api enhancements determined useful during documentation work
2021-04-06 11:44:51 +02:00
Tom Hvitved
667b26b5d9
Merge pull request #5540 from hvitved/csharp/ssa-impl-tweaks
...
C#: Performance tweaks in `SsaImplCommon.qll`
2021-04-06 11:43:08 +02:00
Mathias Vorreiter Pedersen
a5f4d43d61
C++: Fix false positive by adding another allow-list pattern in AssignWhereCompareMeant.
2021-04-06 11:01:38 +02:00
Mathias Vorreiter Pedersen
7045597139
C++: Add testcase with false positive from #5318 .
2021-04-06 10:58:15 +02:00
Erik Krogh Kristensen
c194598d37
recognize headers/url from the HTTP request to a server WebSocket.
2021-04-06 10:11:27 +02:00
Tom Hvitved
e852540254
C#: Remove unique wrappers from DataFlow::Node::get(EnclosingCallable|ControlFlowNode)
2021-04-06 09:56:09 +02:00
Rasmus Lerchedahl Petersen
c777f1d8d7
Merge branch 'main' of github.com:github/codeql into python-api-enhancements
2021-04-06 09:31:26 +02:00
Mathias Vorreiter Pedersen
32a8b9a857
C++: Move copy constructor to its own line and accept test changes.
2021-04-06 08:56:14 +02:00
yoff
a23d8deb10
Merge pull request #5483 from RasmusWL/minor-fixup-django
...
Python: Better text for getSourceType in Django
2021-04-06 08:30:58 +02:00
intrigus
885044e331
[Java] Add tests for jwt signature check query.
2021-04-06 01:01:57 +02:00
intrigus
b7e49c78fe
[Java] Add stubs for jwtk-jjwt-0.11.2
2021-04-06 01:01:23 +02:00
intrigus
d1462eda1c
[Java] Add "missing jwt signature check" query.
2021-04-06 00:59:31 +02:00
Asger Feldthaus
32500c834d
JS: Change note
2021-04-01 16:41:03 +01:00
Asger Feldthaus
acc28df785
JS: Bugfix in tsconfig file inclusion handling
2021-04-01 16:33:05 +01:00
Asger Feldthaus
564a6873f8
JS: Add baseUrl test
2021-04-01 16:33:05 +01:00
Asger Feldthaus
c4ab6fb7b4
JS: Add ImportGraph meta query
2021-04-01 16:33:05 +01:00
Asger Feldthaus
f07030ba97
JS: Update AdditionalFlowStep -> SharedFlowStep
2021-04-01 13:16:47 +01:00
Asger Feldthaus
a9566728b5
JS: Update an import of Unit type
2021-04-01 13:16:47 +01:00
Asger Feldthaus
7119eda009
JS: Add redux change note
2021-04-01 13:16:47 +01:00
Asger Feldthaus
86bc0eb853
JS: Autoformat
2021-04-01 13:16:47 +01:00
Asger Feldthaus
b43989e6a1
JS: Use API nodes to track dispatch/dispatched value sources
2021-04-01 13:16:47 +01:00
Asger Feldthaus
2850b8e952
JS: Fix RangeAnalysis after BasicBlock.dominates change
2021-04-01 13:16:47 +01:00
Asger Feldthaus
cbfa5ad303
JS: Change type of a parameter
2021-04-01 13:16:47 +01:00
Asger Feldthaus
cee1a12489
JS: Fix typo in qldoc
2021-04-01 13:16:47 +01:00
Asger Feldthaus
c926a47d50
JS: QLDoc and test for HeuristicConnectEntryPoint
2021-04-01 13:16:47 +01:00
Asger Feldthaus
cca38a64be
JS: Add test for flow to a closure body under a type guard
2021-04-01 13:16:46 +01:00
Asger Feldthaus
53def60e4f
JS: Add test for if-based type check
2021-04-01 13:16:46 +01:00
Asger Feldthaus
1ce7c3448f
JS: Address some review comments
2021-04-01 13:16:46 +01:00
Asger Feldthaus
fd7cbd0c96
JS: Tweak BasicBlock.dominates and friends
2021-04-01 13:16:46 +01:00
Asger Feldthaus
8fa3fb0561
JS: Redux model
2021-04-01 13:16:46 +01:00
Asger Feldthaus
314839fc09
JS: Add @reduxjs/toolkit to composed functions
2021-04-01 13:16:46 +01:00
Asger Feldthaus
c1651ad30c
JS: Factor out Unit type
2021-04-01 13:16:46 +01:00
Asger Feldthaus
125d1465c8
JS: Add DataFlow::functionForwardingStep
2021-04-01 13:16:46 +01:00
Asger Feldthaus
a3421e7ab2
JS: Add getALocalUse
2021-04-01 13:16:45 +01:00
CodeQL CI
20416ae034
Merge pull request #5585 from asgerf/js/more-metadata
...
Approved by esbena
2021-04-01 13:13:01 +01:00
Asger Feldthaus
c96ee8671e
JS: Update more query metadata
2021-04-01 12:15:54 +01:00
Luke Cartey
480ce39618
C#: Exclude jump-to-def information for elements with too many locations
...
In databases which include multiple duplicated files, we can get an
explosion of definition locations that can cause this query to produce
too many results for the CodeQL toolchain. This commit restricts the
definitions.ql query to producing definition/uses for definitions with
fewer than 10 locations. This replicates the logic used in the C++
definitions.qll library which faces similar problems.
2021-04-01 11:23:31 +01:00
CodeQL CI
a1fab8ac52
Merge pull request #5581 from asgerf/js/dependency-info
...
Approved by esbena
2021-04-01 09:07:21 +01:00
Shati Patel
36bdee0e8b
Merge pull request #5571 from github/docs/bug-fix
...
Docs: Typo fix
2021-03-31 21:59:43 +01:00
Mathias Vorreiter Pedersen
ecbce88ec7
C++: Fix comment.
2021-03-31 22:23:50 +02:00
Rasmus Wriedt Larsen
95ac2c8edd
Python: Add another dynamic __all__ test
2021-03-31 17:31:55 +02:00
CodeQL CI
f08a0e5653
Merge pull request #5580 from asgerf/js/more-metadata-fix
...
Approved by esbena
2021-03-31 16:29:33 +01:00
Rasmus Wriedt Larsen
ab3edf37d7
Python: Handle __all__ assigned to a tuple
...
Examples where this is used in real code:
- 76c0b32f82/django/core/files/temp.py (L24)
- 76c0b32f82/django/contrib/gis/gdal/__init__.py (L44-L49)
2021-03-31 17:25:19 +02:00
Rasmus Wriedt Larsen
43306f4700
Python: Add tests for Module.declaredInAll
2021-03-31 17:24:17 +02:00
Asger Feldthaus
8c8e4e6a70
JS: Add test
2021-03-31 16:17:54 +01:00
Asger Feldthaus
068a9d88e7
JS: Ensure Dependency.info() exists even if version range could not be parsed
2021-03-31 16:08:08 +01:00
Asger Feldthaus
c541390c1b
JS: Remove precision tag from ExternalDependencies.ql
2021-03-31 13:54:15 +01:00
Mathias Vorreiter Pedersen
9ff894bf83
C++: Add support for AST dataflow out of functions that take a smart pointer by value.
2021-03-31 13:54:32 +02:00
Mathias Vorreiter Pedersen
e9e93c0eea
Merge pull request #5558 from geoffw0/replace-tostring
...
Replace toString use
2021-03-31 13:50:41 +02:00
Geoffrey White
85ecfe2723
Update cpp/ql/src/experimental/Security/CWE/CWE-570/WrongInDetectingAndHandlingMemoryAllocationErrors.ql
...
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com >
2021-03-31 11:34:56 +01:00
Mathias Vorreiter Pedersen
8159098dc0
C++: Add test from issue #5190 .
2021-03-31 11:32:01 +02:00
Calum Grant
49d1937dc4
Merge pull request #5552 from RasmusWL/revert-import-change
...
Python: Revert #5506 due to bad performance
2021-03-31 09:51:39 +01:00
Asger F
d4877a9038
Merge pull request #5572 from asgerf/js/remove-flow-summary-kinds
...
JS: Change kind of summary-extraction queries to table
2021-03-31 09:28:56 +01:00
Asger Feldthaus
57784dc746
JS: Update test output
2021-03-31 09:23:47 +01:00
Chris Smowton
4f9b6d1192
Update supported Go version to 1.16
2021-03-31 08:56:27 +01:00
Asger Feldthaus
bc5b477f79
JS: Change kind of summary-extraction queries to table
2021-03-30 21:26:58 +01:00
Dave Bartolomeo
0cc8eaf3b4
Merge pull request #5543 from MathiasVP/smart-ptr-like-class
...
C++: Add a class that models wrapped pointer types
2021-03-30 16:00:13 -04:00
Rasmus Wriedt Larsen
51c27de049
Merge branch 'main' into revert-import-change
2021-03-30 21:51:53 +02:00
Shati Patel
b9788eb53c
Merge pull request #5568 from shati-patel/docs-binding-sets
...
Docs: Mention that binding sets are available for classes
2021-03-30 18:08:23 +01:00
Sarita Iyer
649286995a
Merge pull request #5562 from saritai/saritai/cli-remove-1.23-references
...
Remove Enterprise 1.23 special instructions and replace references
2021-03-30 13:07:42 -04:00
Shati Patel
fb004bacc3
Describe predicates first
2021-03-30 17:31:20 +01:00
Shati Patel
67835ee273
Address review comments
2021-03-30 17:29:43 +01:00
Shati Patel
23df459c16
remove accidental punctuation
2021-03-30 17:23:33 +01:00
Mathias Vorreiter Pedersen
fe76b0849b
Merge pull request #5569 from geoffw0/memoryfree
...
C++: Add a test of memory freed queries with strdup.
2021-03-30 17:22:18 +02:00
Mathias Vorreiter Pedersen
92839123ae
Merge pull request #5570 from geoffw0/mutextest
...
C++: Add mutex test cases.
2021-03-30 17:16:19 +02:00
Geoffrey White
a8284d5b97
C++: Add mutex test case.
2021-03-30 15:39:21 +01:00
Sarah Edwards
e0a73ce797
Merge pull request #5560 from skedwards88/patch-1
...
download LGTM database from a project slug
2021-03-30 06:58:28 -07:00
Geoffrey White
244966e216
C++: Add a test with strdup.
2021-03-30 14:49:05 +01:00
Shati Patel
62de15cd22
Docs: Mention that binding sets are available for classes
2021-03-30 14:46:59 +01:00
Asger Feldthaus
f8bbda0cdc
JS: Change note
2021-03-30 13:54:01 +01:00
Asger Feldthaus
9db235ac36
JS: Improve @google-cloud/spanner model
2021-03-30 13:54:00 +01:00
Asger Feldthaus
35f294f096
JS: Improve sequelize model
2021-03-30 13:54:00 +01:00
Mathias Vorreiter Pedersen
4b51e22bb4
Merge pull request #5565 from geoffw0/avrule79
...
C++: Test strdup with AV rule 79
2021-03-30 14:34:46 +02:00
Geoffrey White
ec952248a9
C++: Test strdup with AV Rule 79.
2021-03-30 12:58:04 +01:00
Geoffrey White
f27203cc43
C++: Test spacing.
2021-03-30 12:57:43 +01:00
luchua-bc
1349bf7b0b
Create a .qll file to reuse the code and add check of Spring properties
2021-03-30 11:25:29 +00:00
Asger Feldthaus
93500bd95a
JS: Improve mssql model
2021-03-30 11:34:01 +01:00
Asger Feldthaus
95937c9ac7
JS: Improve sqlite3 model
2021-03-30 11:34:01 +01:00
Asger Feldthaus
0b21b273ed
JS: Improve pg model
2021-03-30 11:33:59 +01:00
Asger Feldthaus
937a620f4d
JS: Improve mysql2 model
2021-03-30 11:33:42 +01:00
CodeQL CI
e8d7925084
Merge pull request #5555 from asgerf/js/misc-steps
...
Approved by esbena
2021-03-30 11:30:12 +01:00
CodeQL CI
25e26b9ac0
Merge pull request #5554 from asgerf/js/non-recursive-propref
...
Approved by esbena
2021-03-30 11:29:32 +01:00
CodeQL CI
6cceb73807
Merge pull request #5553 from asgerf/js/pg-promise
...
Approved by esbena
2021-03-30 11:28:24 +01:00
Geoffrey White
d2b991bcb5
Merge pull request #5541 from MathiasVP/definitions-for-unique_ptr
...
C++: Add shared_ptr and unique_ptr implementations
2021-03-30 09:47:56 +01:00
Mathias Vorreiter Pedersen
09ba25fe9b
C++: Accept test changes. I'm actually not sure why we lose these results (and lose the field conflation, yay) It might be due to #3364 .
2021-03-30 10:24:01 +02:00
Mathias Vorreiter Pedersen
8c95a9ae39
Merge branch 'main' into definitions-for-unique_ptr
2021-03-30 10:20:36 +02:00
Laura Coursen
2dadc752d6
Merge pull request #5563 from lecoursen/stronger-rec-to-use-lgtm.com-branch
...
Make stronger recommendations around the use of the lgtm.com branch
2021-03-29 14:29:24 -05:00
Laura Coursen
d57ec5d1ac
Merge branch 'stronger-rec-to-use-lgtm.com-branch' of https://github.com/lecoursen/codeql into stronger-rec-to-use-lgtm.com-branch
2021-03-29 14:05:46 -05:00
Laura Coursen
e3b052199a
Suggest lgtm.com branch first
2021-03-29 14:04:59 -05:00
Laura Coursen
eb01ffbdae
Use correct terminology
...
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com >
2021-03-29 14:03:30 -05:00
Ethan Palm
2f98212eca
Merge pull request #5561 from ethanpalm/fix-broken-links
...
Fix broken links
2021-03-29 14:28:49 -04:00
Laura Coursen
8f1c7c57a8
Add 💅
2021-03-29 12:53:16 -05:00
Ethan P
909dc84bb6
Update broken link
2021-03-29 13:46:45 -04:00
Laura Coursen
a18cd74756
Fix typo
2021-03-29 12:42:09 -05:00
Laura Coursen
21576387f3
Add 💅
2021-03-29 12:41:48 -05:00
Laura Coursen
50523e0ac0
Clarify use cases for lgtm.com branch
2021-03-29 12:40:31 -05:00
Ethan P
d126c0a1d3
Fix broken links
2021-03-29 13:38:04 -04:00
Sarita Iyer
3db5dd4661
removed 1.23 instructions and replaced references
...
Removed special instructions for LGTM 1.23, and replaced leftover references to 1.23 with 1.27.
2021-03-29 13:37:55 -04:00
Sarah Edwards
108bcef104
download LGTM database from a project slug
2021-03-29 10:37:00 -07:00
Henry Mercer
0f710b1981
Merge pull request #5545 from github/henrymercer/ql-pack-version-doc-update
...
CodeQL CLI Docs: Mention that QL packs use SemVer versioning
2021-03-29 18:18:45 +01:00
Calum Grant
c26d05b1d5
Merge pull request #5532 from RasmusWL/python-cleanup
...
Python: Delete filter queries, code duplication library, and precision tag from metric queries
2021-03-29 17:16:43 +01:00
Mathias Vorreiter Pedersen
5a4efab742
C++: Add tests for shared_ptr.
2021-03-29 18:04:20 +02:00
Rasmus Wriedt Larsen
96a66fa4ee
Python: Apply suggestions from code review
2021-03-29 17:02:56 +02:00
Asger Feldthaus
67ad6d9a0f
JS: Update test output
2021-03-29 15:30:29 +01:00
Asger Feldthaus
faf07dac91
JS: Autoformat
2021-03-29 14:52:37 +01:00
Asger Feldthaus
3e26236648
JS: Add recursion guard test
2021-03-29 14:32:13 +01:00
Asger Feldthaus
2770a53d38
JS: More babel.transform steps
2021-03-29 13:00:23 +01:00
Asger Feldthaus
c103939c2d
JS: Fix handling of createRequire
2021-03-29 12:47:23 +01:00
Asger Feldthaus
49ca88957c
JS: Use types
2021-03-29 12:25:15 +01:00
Asger Feldthaus
603843e698
JS: Add task tests
2021-03-29 12:05:47 +01:00
CodeQL CI
3613ceb07f
Merge pull request #5535 from tausbn/python-prevent-bad-TCs
...
Approved by yoff
2021-03-29 12:03:08 +01:00
Asger F
f1d0b50670
Update javascript/ql/src/semmle/javascript/frameworks/SQL.qll
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2021-03-29 11:54:45 +01:00
Asger Feldthaus
f453fe26c6
JS: Autoformat
2021-03-29 11:28:46 +01:00
Asger Feldthaus
b381f4826c
JS: Add change note
2021-03-29 11:25:28 +01:00
Asger Feldthaus
149af57eac
JS: Add model of pg-promise
2021-03-29 11:25:28 +01:00
Asger Feldthaus
88fee2748e
JS: Add change note
2021-03-29 11:21:03 +01:00
haby0
0775d35591
update VerificationMethodFlowConfig, add if test
2021-03-29 12:02:37 +08:00
ihsinme
3f215d0954
Update OperatorPrecedenceLogicErrorWhenUseBoolType.ql
2021-03-28 23:43:22 +03:00
ihsinme
093c63ea3b
Update OperatorPrecedenceLogicErrorWhenUseBoolType.expected
2021-03-28 23:42:36 +03:00
luchua-bc
5ce3f9d6ff
Update qldoc and enhance the query
2021-03-28 16:10:35 +00:00
Rasmus Wriedt Larsen
92e0e195a4
Revert "Merge pull request #5506 from tausbn/python-allow-absolute-imports-from-source-directory"
...
This reverts commit 8d15680af4 , reversing
changes made to 63831cc62b .
This PR caused performance problems, so reverting now to clear up immediate
problems.
2021-03-27 18:08:20 +01:00
Rasmus Lerchedahl Petersen
6d72b4fd39
Python: Limit pretty printing to relevant nodes
2021-03-27 03:10:43 +01:00
Rasmus Lerchedahl Petersen
16902c2f56
Python: handle default argument
2021-03-27 02:40:13 +01:00
Rasmus Lerchedahl Petersen
7a511c5682
Python: update naming
2021-03-27 02:20:59 +01:00
luchua-bc
a53cbc1631
Update qldoc and make the query more readable
2021-03-27 00:11:01 +00:00
Rasmus Lerchedahl Petersen
bd86388447
Python: Add typetracker to constrain attribute.
2021-03-27 01:07:15 +01:00
Rasmus Lerchedahl Petersen
bf81122fc6
Python: fix typo and add linebreaks
2021-03-26 23:37:19 +01:00
Rasmus Lerchedahl Petersen
e0352fe763
Python: remove deprecated section of qhelp file
2021-03-26 23:26:24 +01:00
Geoffrey White
c6e7b8d4fd
C++: Repair test.
2021-03-26 19:12:09 +00:00
Geoffrey White
4100d68a71
C++: Test failures.
2021-03-26 18:21:05 +00:00
Geoffrey White
725122decc
C++: Replace toString logic.
2021-03-26 17:29:05 +00:00
luchua-bc
a72b1340eb
Add a comment on how to run the query
2021-03-26 16:51:43 +00:00
Rasmus Lerchedahl Petersen
44d62df3f7
Python: Fix model of TLS and add reference
2021-03-26 17:51:18 +01:00
Rasmus Lerchedahl Petersen
470b4d8658
Python: Add missing qldoc
2021-03-26 17:35:36 +01:00
Rasmus Lerchedahl Petersen
98dfe1a00a
Python: Elaborate qldoc and renames to match
2021-03-26 17:27:43 +01:00
Taus Brock-Nannestad
f17bbd9982
Python: Fix another bad TC.
...
This one is a bit awkward, since the previous version was supposed to
improve indexing. Unfortunately this is vastly outweighed by the slow
convergence of the TC. Right now we pay the cost of inverting the
`hasFlowSource` relation, but this is still cheaper.
2021-03-26 16:38:13 +01:00
Henry Mercer
c83daa66e7
CodeQL CLI Docs: Mention that QL packs use SemVer versioning
2021-03-26 15:30:23 +00:00
Mathias Vorreiter Pedersen
b466f0515d
C++: Respond to more review comments. (1) Use getClassAndName to ensure a good join order, and (2) unify the two abstract predicates on PointerWrapper.
2021-03-26 16:16:23 +01:00
Rasmus Lerchedahl Petersen
8155334fa7
Python: More elaborate qldoc
...
also refactor code to match
2021-03-26 15:57:07 +01:00
Rasmus Lerchedahl Petersen
7d7cbc49db
Fix comments.
...
This induced fixing the code, since things were wired up wrongly.
Currently the only implementation of `insecure_connection_creation`
is `ssl.wrap_socket`,
which is also the sole target of py/insecure-default-protocol`,
so perhaps this part should be turned off?
2021-03-26 14:20:38 +01:00
Mathias Vorreiter Pedersen
0ce08617ba
C++: Respond to review comments.
2021-03-26 13:42:18 +01:00
Tom Hvitved
e345064a53
C#: Performance tweaks in SsaImplCommon.qll
2021-03-26 13:24:34 +01:00
Rasmus Lerchedahl Petersen
2e948da3b4
Python: suggested refactor
2021-03-26 13:08:45 +01:00
Rasmus Lerchedahl Petersen
1be2be843d
Python: update test expectations
2021-03-26 13:08:23 +01:00
Jonas Jensen
7f16c52217
Merge pull request #3364 from github/rdmarsh/cpp/use-taint-configuration-dtt
...
C++: use TaintTracking::Configuration in DefaultTaintTracking
2021-03-26 12:39:25 +01:00
Alexander Eyers-Taylor
b21672c81c
Apply suggestions from code review
...
Co-authored-by: Shati Patel <42641846+shati-patel@users.noreply.github.com >
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com >
2021-03-26 11:15:46 +00:00
Tom Hvitved
1dbfe2369d
Merge pull request #5542 from hvitved/csharp/update-suites
...
C#: Remove deleted queries from suites
2021-03-26 12:13:09 +01:00
CodeQL CI
f584ff9acf
Merge pull request #5533 from asgerf/js/fix-query-metadata
...
Approved by esbena
2021-03-26 11:09:54 +00:00
Mathias Vorreiter Pedersen
8dc7b6403a
C++: Add shared_ptr and unique_ptr implementations. Also add some very basic tests.
2021-03-26 12:03:59 +01:00
Mathias Vorreiter Pedersen
d20a0c9e82
C++: Add a class that models wrapped pointer types.
2021-03-26 11:50:06 +01:00
Asger Feldthaus
cc2a531684
JS: Cache PropRef.getBase
2021-03-26 10:48:25 +00:00
Tom Hvitved
9d1ef21d85
C#: Remove deleted queries from suites
2021-03-26 11:17:27 +01:00
Mathias Vorreiter Pedersen
c7c65736a9
C++: Accept test changes. These happened because of the incorrect usage of multiple configurations in 6c1ec6d96b.
2021-03-26 10:57:58 +01:00
Jonas Jensen
86755c6a98
Merge pull request #5515 from criemen/fix-query-metadata
...
C++: Fix query metadata warnings.
2021-03-26 10:19:46 +01:00
Anders Schack-Mulligen
506c95d098
Merge pull request #5372 from smowton/smowton/feature/commons-lang-models-to-csv
...
Java: Convert existing Commons Lang models to CSV
2021-03-26 10:18:23 +01:00
Tom Hvitved
d4ce42ac4f
Merge pull request #5416 from hvitved/csharp/rework-summaries
...
C#: Rework flow summary implementation
2021-03-26 09:47:15 +01:00
Tom Hvitved
e93b72d563
Merge pull request #5459 from hvitved/csharp/update-nuget
...
C#: Update more nuget packages
2021-03-26 09:28:09 +01:00
Mathias Vorreiter Pedersen
983b64a05f
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2021-03-26 09:11:12 +01:00
Tom Hvitved
57fd2e3578
C#: Rename parameter in fieldOf()
2021-03-26 08:49:06 +01:00
Rasmus Lerchedahl Petersen
e936540863
Python: remove internal import
2021-03-26 08:22:09 +01:00
Rasmus Lerchedahl Petersen
f1619f1ee8
Python: "source" -> "contextOrigin"
2021-03-26 08:18:11 +01:00
Rasmus Lerchedahl Petersen
f14fb3bf9e
Merge branch 'python-port-insecure-protocol' of github.com:yoff/codeql into python-port-insecure-protocol
2021-03-26 08:06:51 +01:00
yoff
936757b4bf
Update python/ql/src/Security/CWE-327/FluentApiModel.qll
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-03-26 08:05:51 +01:00
luchua-bc
d33b04cd96
Query to detect plaintext credentials in Java properties files
2021-03-26 02:33:40 +00:00
Rasmus Lerchedahl Petersen
9488b8bb18
Python: actually rename
2021-03-26 00:31:56 +01:00
Rasmus Lerchedahl Petersen
554404575d
Python: fix typo and name.
2021-03-26 00:29:40 +01:00
Rasmus Lerchedahl Petersen
c93e0c08fd
Merge branch 'python-port-insecure-protocol' of github.com:yoff/codeql into python-port-insecure-protocol
2021-03-26 00:26:33 +01:00
yoff
54dad57cf4
Update python/ql/test/query-tests/Security/CWE-327/pyOpenSSL_fluent.py
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-03-26 00:25:40 +01:00
Rasmus Lerchedahl Petersen
2b257318f1
Python: more precise comment
2021-03-25 23:22:24 +01:00
yoff
62a0775cf6
Update python/ql/src/Security/CWE-327/examples/secure_protocol.py
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-03-25 23:09:11 +01:00
Porcuiney Hairs
2ca95166d9
Java : add query to detect insecure loading of Dex File
2021-03-26 01:59:11 +05:30
yoff
208d5157fa
Merge pull request #5500 from RasmusWL/django-forms
...
Python: Model RemoteFlowSources on Django forms/fields
2021-03-25 20:43:19 +01:00
alexet
2576c86ebf
Docs: Update the language specification for changes to super.
2021-03-25 18:16:13 +00:00
Taus Brock-Nannestad
c2f112cb92
Python: Filter _before_ the cartesian product
...
It's always a sad thing to see a good plan go wrong:
86860032 ~0% {4} r26 = JOIN r19 WITH DataFlowPublic::TupleElementContent#class#ff CARTESIAN PRODUCT OUTPUT Lhs.0 'nodeFrom', Lhs.1 'nodeTo', Rhs.0, Rhs.1
129256 ~3% {4} r27 = SELECT r26 ON In.3 <= 7
129256 ~0% {3} r28 = SCAN r27 OUTPUT In.0 'nodeFrom', In.2 'c', In.1 'nodeTo'
Happily, now it looks like this:
129256 ~0% {3} r20 = JOIN r19 WITH DataFlowPrivate::small_tuple#f CARTESIAN PRODUCT OUTPUT Lhs.0 'nodeFrom', Rhs.0, Lhs.1 'nodeTo'
2021-03-25 19:06:05 +01:00
Erik Krogh Kristensen
5e59f6d558
Update javascript/ql/src/semmle/javascript/security/dataflow/ShellCommandInjectionFromEnvironmentCustomizations.qll
...
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com >
2021-03-25 19:03:37 +01:00
Taus Brock-Nannestad
8734df334b
Python: Slight cleanup
2021-03-25 18:35:16 +01:00
Taus Brock-Nannestad
229250dc54
Python: Limit size of TupleElementContent
...
A more principled approach is possible here, but in the short term
this will prevent an explosion.
For reference, openstack/cinder has roughly 19000 `ForTarget`s and
tuples of size up to 5300, and we were calculating the cartesian
product of these.
2021-03-25 18:28:49 +01:00
yoff
716e0f1404
Merge pull request #5517 from tausbn/python-prevent-potentially-bad-join-order
...
Python: Prevent potentially bad join order
2021-03-25 18:14:47 +01:00
Tom Hvitved
f100c8a9c0
C++: Make Windows autobuilder tests pass again
2021-03-25 17:43:48 +01:00
Tom Hvitved
ed78acb1d4
C#: Update more nuget packages
2021-03-25 17:32:12 +01:00
Taus Brock-Nannestad
dbef36cbbb
Python: Prevent bad TC and add a bit of caching
...
Using `simpleLocalFlowStep+` with the first argument specialised to
`CfgNode` was causing the compiler to turn this into a very slowly
converging manual TC computation.
Instead, we use `simpleLocalFlowStep*` (which is fast) and then join
that with a single step from any `CfgNode`. This should amount to the
same thing.
I also noticed that the charpred for `LocalSourceNode` was getting
recomputed a lot, so this is now cached. (The recomputation was
especially bad since it relied on `simpleLocalFlowStep+`, but anyway
it's a good idea not to recompute this.)
2021-03-25 17:28:37 +01:00
Chris Smowton
eaa2d4d831
Stop using wildcard Argument
...
All instances are replaced with a specific Argument or range.
2021-03-25 15:42:35 +00:00
Chris Smowton
2f34588770
Constructor models: use Argument[-1] for the result, not ReturnValue
2021-03-25 15:23:08 +00:00
Asger Feldthaus
a456458a38
JS: Add change note for code duplication library removal
2021-03-25 15:21:48 +00:00
Asger Feldthaus
446ad5ec9e
JS: Remove code duplication library
2021-03-25 15:20:59 +00:00
Asger Feldthaus
c812bd948a
JS: Add @problem.severity to an example query
2021-03-25 15:14:48 +00:00
Asger Feldthaus
7aae51c876
JS: Add change note for filter query removal
2021-03-25 15:13:51 +00:00
Anders Schack-Mulligen
28fb0edfbe
Merge pull request #4920 from luchua-bc/java/hash-without-salt
...
Java: Query to detect hash without salt
2021-03-25 16:13:26 +01:00
Asger Feldthaus
6cab85712f
JS: Delete filter queries
2021-03-25 15:12:35 +00:00
Asger Feldthaus
1c27ca610a
JS: Remove precision atags from metric queries
2021-03-25 15:12:09 +00:00
Chris Smowton
a5220bf616
Convert StrBuilder models to CSV
2021-03-25 15:11:52 +00:00
Chris Smowton
25a0e09130
Convert StringUtils models to CSV
2021-03-25 15:11:52 +00:00
Chris Smowton
1beac06236
Translate ArrayUtils models to CSV
2021-03-25 15:11:51 +00:00
Chris Smowton
7fb5bd0cab
Add tests for and slightly expand models of Commons Lang's ArrayUtils class
2021-03-25 15:11:51 +00:00
Rasmus Wriedt Larsen
9abe02f419
Python: Fix query metadata for old queries that have been ported
...
I'm not sure even I want to keep these around much longer. They seem to be
causing more problem than they are doing good.
2021-03-25 16:01:56 +01:00
Jonas Jensen
bc9682c22d
Merge pull request #5528 from MathiasVP/fix-join-order-in-avrule-79
...
C++: Fix join order in AV rule 79
2021-03-25 15:45:41 +01:00
Rasmus Wriedt Larsen
ed2cb739c5
Merge pull request #5486 from yoff/python-document-api-import-node
...
Python, doc: Note ephemeral nature of import nodes
2021-03-25 15:45:10 +01:00
Anders Schack-Mulligen
344c2d3c3d
Update java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
2021-03-25 15:42:57 +01:00
Tom Hvitved
90868a4788
Merge pull request #5524 from hvitved/csharp/cleanup
...
C#: Remove legacy queries and `@precision` tags from metric queries
2021-03-25 15:36:12 +01:00
Rasmus Wriedt Larsen
203b0e3d88
Python: Add change note
2021-03-25 15:34:09 +01:00
Tom Hvitved
cdd613358b
C#: Sync SSA files
2021-03-25 15:33:06 +01:00
Tom Hvitved
7e20829f36
Merge remote-tracking branch 'upstream/main' into csharp/rework-summaries
2021-03-25 15:32:32 +01:00
Tom Hvitved
6a3859fc83
C#: Remove unnecessary pre call in FlowSummaryImpl.qll
2021-03-25 15:31:43 +01:00
Rasmus Wriedt Larsen
bd4934380a
Python: Remove code duplication library
2021-03-25 15:27:55 +01:00
Tom Hvitved
33c990f6b0
Merge pull request #5440 from hvitved/csharp/cil/ssa
...
C#: Add CIL SSA library
2021-03-25 15:22:40 +01:00
Erik Krogh Kristensen
3d49b8cb91
consider quoted string concatenations as sanitizers for js/shell-command-injection-from-environment
2021-03-25 15:17:02 +01:00
yo-h
0fe4baec34
Merge pull request #5525 from aschackmull/java/cleanup
...
Java: Delete filter queries, code duplication library, and precision tag from metric queries.
2021-03-25 10:09:41 -04:00
Rasmus Wriedt Larsen
09fbf480db
Python: Remove precision tag from metric queries
2021-03-25 15:06:47 +01:00
Rasmus Wriedt Larsen
e3b2e0a1de
Python: Delete filter queries
2021-03-25 15:06:46 +01:00
Erik Krogh Kristensen
3b82452d76
detect fs modules that pass through a reduce call
2021-03-25 14:47:43 +01:00
Anders Schack-Mulligen
75afa011ff
Java: Add metadata to several more experimental queries.
2021-03-25 13:09:26 +01:00
CodeQL CI
e90035a5a5
Merge pull request #5439 from erik-krogh/topPack
...
Approved by esbena
2021-03-25 11:49:03 +00:00
Mathias Vorreiter Pedersen
24360d3a4c
C++: Fix join order in AV rule 79 by joining with GVN after the recursive call.
2021-03-25 12:00:49 +01:00
Erik Krogh Kristensen
77ba7b473d
Merge branch 'main' into topPack
2021-03-25 11:52:58 +01:00
CodeQL CI
0511e72520
Merge pull request #5458 from erik-krogh/shellTrue
...
Approved by asgerf
2021-03-25 10:49:24 +00:00
luchua-bc
57bd3f3c14
Optimize the taint flow source
2021-03-25 10:44:26 +00:00
Tom Hvitved
6bfc49c069
C#: Address review comments
2021-03-25 11:43:25 +01:00
yoff
32b264bdee
Apply suggestions from code review
...
Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com >
2021-03-25 10:48:59 +01:00
Anders Schack-Mulligen
d53c334488
Merge branch 'java/fix-experimental-query-metadata' into java/cleanup
2021-03-25 10:36:36 +01:00
Anders Schack-Mulligen
28ff3f412d
Java: Add severity and precision metadata to experimental queries.
2021-03-25 10:29:47 +01:00
Cornelius Riemenschneider
867471b122
C++: Delete old queries.
2021-03-25 10:23:17 +01:00
CodeQL CI
9d52db3ca7
Merge pull request #5507 from erik-krogh/joins
...
Approved by asgerf
2021-03-25 09:18:26 +00:00
Anders Schack-Mulligen
5b905cfe18
Java: Add change note for code duplication library removal.
2021-03-25 10:12:58 +01:00
Anders Schack-Mulligen
1564aee57a
Java: Add change note for filter query removal.
2021-03-25 10:11:30 +01:00
Anders Schack-Mulligen
c82b5eb040
Java: Remove code duplication library.
2021-03-25 10:06:10 +01:00
Asger Feldthaus
dbc6cf63c2
JS: Fix bad join order in PropertyProjection
2021-03-25 09:00:10 +00:00
Asger Feldthaus
bd3f6d1234
JS: Add o[o.length] = y taint step
2021-03-25 09:00:10 +00:00
Asger Feldthaus
51f489211b
JS: Support react-native-base64
2021-03-25 09:00:10 +00:00
Asger Feldthaus
5d9778c64d
JS: Step through babel.transform
2021-03-25 09:00:10 +00:00
Asger Feldthaus
3e67ebacb0
JS: Support lodash-es
2021-03-25 09:00:10 +00:00
Erik Krogh Kristensen
3b6b40489f
Merge branch 'main' into topPack
2021-03-25 09:58:15 +01:00
Anders Schack-Mulligen
4b7440d4d5
Java: Remove precision tag from metric queries.
2021-03-25 09:52:05 +01:00
Tom Hvitved
419fbe77ab
C#: Remove @precision tags from metric queries
2021-03-25 09:50:24 +01:00
Tom Hvitved
b83da2255c
C#: Add change note
2021-03-25 09:50:24 +01:00
Tom Hvitved
b94c189946
C#: Remove VulnerablePackage.ql query
2021-03-25 09:50:24 +01:00
Tom Hvitved
7e33b571c9
C#: Add change note
2021-03-25 09:50:24 +01:00
Tom Hvitved
eeb8c74666
C#: Remove filter and external queries
...
These are legacy queries that are no longer used.
2021-03-25 09:50:01 +01:00
Anders Schack-Mulligen
70824b3f0b
Java: Delete filter queries.
2021-03-25 09:47:31 +01:00
Esben Sparre Andreasen
801eb538db
Merge pull request #5514 from github/aibaars/fix-javascript-metadata
...
Javascript: remove bad QLDoc tag
2021-03-25 08:56:08 +01:00
luchua-bc
fe0e7f5eac
Change method check to taint flow
2021-03-25 01:45:13 +00:00
luchua-bc
08c3bf26d5
Update the query to accommodate more cases
2021-03-24 23:32:27 +00:00
Taus Brock-Nannestad
0ae8b69102
Python: Prevent joining on scope in PointsToContext::appliesTo
...
One of those cases where I _wish_ `pragma[inline]` also meant "don't
join on the stuff inside this predicate -- it's inlined for a reason".
Unsurprisingly, joining on the scope first works poorly.
2021-03-24 23:12:48 +01:00
Taus Brock-Nannestad
28d6cad3d0
Python: Prevent joining on name as the first thing
...
Many instances of `lookup` are restricted by the presence of
`attributeRequired`, but this does not work well if we join on
`name`. A few instances of `only_bind_into` prevents this.
2021-03-24 23:11:09 +01:00
yo-h
72ae902e0d
Merge pull request #5371 from aschackmull/java/framework-coverage
...
Java: Add query for CSV framework coverage.
2021-03-24 17:36:13 -04:00
Erik Krogh Kristensen
c146b27c1a
Merge branch 'main' into shellTrue
2021-03-24 20:09:23 +01:00
CodeQL CI
8ff9c98d26
Merge pull request #5449 from erik-krogh/asExec
...
Approved by esbena
2021-03-24 19:04:30 +00:00
Aditya Sharad
32dc894d54
Merge pull request #5516 from github/adityasharad/actions/remove-docs-review-workflow
...
Actions: Remove docs-review workflow
2021-03-24 11:48:03 -07:00
Aditya Sharad
a0465d20cb
Actions: Remove docs-review workflow
...
Being replaced by internal automation that polls the repo for open labelled PRs, since this workflow currently cannot tag the docs team in a comment.
2021-03-24 11:26:00 -07:00
Taus Brock-Nannestad
ed8ffab356
Python: Prevent potentially bad join order
...
This has no effect on the current compilation (indeed,
`ssa_filter_definition_bool` is not currently inlined), but will
prevent this from ever occurring, should the heuristics for inlining
ever change...
2021-03-24 19:20:19 +01:00
Cornelius Riemenschneider
47530d7526
C++: Fix query metadata warnings.
2021-03-24 18:01:21 +01:00
Arthur Baars
b25dc03dac
Javascript: remove bad QLDoc tag
2021-03-24 16:47:27 +01:00
Asger Feldthaus
e13a9c9716
JS: Avoid recursion through SourceNode::Range, again
2021-03-24 15:26:50 +00:00
Anders Schack-Mulligen
d3485cac34
Merge pull request #5512 from aschackmull/java/csv-argument-ranges
...
Java: Support argument and parameter ranges in CSV models.
2021-03-24 15:03:22 +01:00
yoff
8d15680af4
Merge pull request #5506 from tausbn/python-allow-absolute-imports-from-source-directory
...
Python: Allow absolute imports in directories with scripts
2021-03-24 14:42:14 +01:00
Anders Schack-Mulligen
4955f95f64
Apply suggestions from code review
...
Clarify documentation.
Co-authored-by: Chris Smowton <smowton@github.com >
2021-03-24 14:32:18 +01:00
Anders Schack-Mulligen
63831cc62b
Merge pull request #5099 from porcupineyhairs/javaLogInjection
...
Java : Add Log Injection Vulnerability
2021-03-24 14:30:34 +01:00
yoff
b023d73016
Merge pull request #5504 from RasmusWL/type-tracking-first-predicate-private
...
Python: Ensure first type-tracking predicate is private
2021-03-24 14:23:27 +01:00
Rasmus Wriedt Larsen
1473778bb8
Merge pull request #5493 from yoff/python-add-experimental-structure
...
Python: Add stub structure to `experimental` for external contributions
2021-03-24 14:11:13 +01:00
Rasmus Wriedt Larsen
70974ea197
Python: Fix grammar in QLDoc
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2021-03-24 14:06:06 +01:00
Taus Brock-Nannestad
47686a6e4c
Python: Disregard all files matching .py%
2021-03-24 14:03:00 +01:00
Taus Brock-Nannestad
8d30ee5c3c
Python: Include unmarked Python file in snapshot
...
Sadly, it seems we're not interpreting this as Python code, even if we
explicitly ask to have it included.
2021-03-24 14:01:13 +01:00
Anders Schack-Mulligen
a1ccbcdaf1
Merge pull request #5260 from artem-smotrakov/spring-http-invoker
...
Java: Query for detecting unsafe deserialization with Spring exporters
2021-03-24 13:57:17 +01:00
Asger Feldthaus
de879c0707
JS: Make PropRef.getBase non-recursive
2021-03-24 12:57:16 +00:00
Asger Feldthaus
2f2d72f282
JS: Improve react-router support
2021-03-24 12:53:26 +00:00
Asger Feldthaus
88932a495c
JS: Handle redux-form HOCs
2021-03-24 12:53:26 +00:00
Rasmus Wriedt Larsen
59200386a7
Python: Fix mistake in refactor
2021-03-24 13:51:29 +01:00
Tom Hvitved
f2fb26df37
C#: Document input/output stack restrictions
2021-03-24 13:48:32 +01:00
CodeQL CI
e3ab94fc6b
Merge pull request #5498 from asgerf/js/flow-through-accessors
...
Approved by erik-krogh, max-schaefer
2021-03-24 12:46:05 +00:00
Anders Schack-Mulligen
41168e2b36
Java: Support argument and parameter ranges.
2021-03-24 13:32:30 +01:00
Anders Schack-Mulligen
234f62fd05
Java: Merge packages that likely belong to the same framework.
2021-03-24 13:17:04 +01:00
Taus Brock-Nannestad
6d86239929
Python: Test all cases
...
Note that the test in `no_py_extension` isn't complete, since we're
not extracting the `main` file there.
2021-03-24 13:15:59 +01:00
Erik Krogh Kristensen
9610ed163a
remove SourceNode type to preserve behavior
2021-03-24 11:59:56 +01:00
CodeQL CI
12a6410a0a
Merge pull request #5478 from asgerf/js/shared-flow-step
...
Approved by erik-krogh
2021-03-24 10:58:30 +00:00
Tom Hvitved
c5c80204d5
C#: Rework flow summary implementation
2021-03-24 11:27:01 +01:00
Tom Hvitved
c96b8301ed
C#: Add change note
2021-03-24 09:58:44 +01:00
haby0
3df23eecb6
Merge remote-tracking branch 'upstream/main' into JsonHijacking
2021-03-24 15:52:01 +08:00
Anders Schack-Mulligen
02a5c0875e
Merge pull request #5502 from smowton/smowton/fix/less-fluent-method-inferred-edges
...
Java: partial revert: only introduce inferred taint edges from callsite-crossing value edges if an original taint edge targets the *start* of the value edge.
2021-03-24 08:41:51 +01:00
Rasmus Lerchedahl Petersen
a9af135d7e
Python: Remove getALocalTaintSource
...
and `taintFlowsTo` for now..
2021-03-24 01:22:21 +01:00
yoff
ac0430883a
Update docs/codeql/codeql-language-guides/using-api-graphs-in-python.rst
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-03-24 01:08:12 +01:00
yoff
61cff8faed
Update python/ql/src/experimental/semmle/python/Concepts.qll
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-03-24 01:06:03 +01:00
Erik Krogh Kristensen
b8bfdcc719
improve performance in ServiceDefinitions by inlining, and refactoring away a SourceNode
2021-03-23 19:13:40 +01:00
Erik Krogh Kristensen
93bcc3724a
use pragma to improve 2 join-orders in TaintTracking
2021-03-23 19:12:33 +01:00
Taus Brock-Nannestad
17d1768259
Python: Allow absolute imports in directories with scripts
...
Fixes the import logic to account for absolute imports.
We do this by classifying which files and folders may serve as the
entry point for execution, based on a few simple heuristics. If the
file `module.py` is in the same folder as a file `main.py` that may be
executed directly, then we allow `module` to be a valid name for
`module.py` so that `import module` will work as expected.
2021-03-23 18:32:17 +01:00
Taus Brock-Nannestad
4289e358bf
Python: Add module import test case
...
This one will require some explanation...
First, the file structure. This commit adds a test consisting
representing a few different kinds of imports.
- Absolute imports, from `module.py` to `main.py` when the latter is
executed directly.
- A package (contained in the `package` folder)
- A namespace package (contained in the `namespace_package` folder)
All of these are inside a folder called `code` for reasons I will
detail later.
The file `main.py` is identified as a script, by the presence of the
`!#` comment in its first line.
The files themselves are executable, and `python3 main.py` will print
out all modules in the order they are imported.
The test itself is very simple. It simply lists all modules and their
corresponding names. As is plainly visible, without modification we
only pick up `package` and its component modules as having names. This
is the bit that needs to be fixed.
Convincing the test runner to extract this test in a way that mimics
reality is, unfortunately, a bit complicated. By default, the test
runner itself includes any Python files in the test directory as
modules in the invocation of the extractor, and so we must hide
everything in the `code` subdirectory.
Secondly, a `--path` argument (set to the test directory) is
automatically added, and this would also interfere with extraction,
and hence we must prevent this. Luckily, if we supply our own `--path`
argument -- even if it doesn't make any sense -- then the other
argument is left out.
Finally, we must actually tell the extractor to extract the files (or
it would just happily pass the test with zero files extracted), so the
`-R .` argument ensures that we recurse over the files in the test
directory after all.
2021-03-23 18:21:58 +01:00
Tom Hvitved
6d6150d051
C#: Change some data-flow toString()s
2021-03-23 16:42:58 +01:00
Rasmus Wriedt Larsen
deefbefffc
Python: Minor refactor to use CallCfgNode
2021-03-23 16:42:41 +01:00
Rasmus Wriedt Larsen
1f5e52e822
Python: Cleanup "first" type-tracking predicate to be private
...
Since it's exposed nicely in the version that doesn't have a
`DataFlow::TypeTracker` parameter, these should be private.
Also found one instance where I had accidentially used DataFlow::Node instead of
LocalSourceNode
2021-03-23 16:40:56 +01:00
Asger Feldthaus
98cee7d339
JS: Update Collection step test and its output
2021-03-23 14:53:15 +00:00
Asger Feldthaus
c067d519d9
JS: Inline some public predicates in GlobalAccessPaths
2021-03-23 14:53:15 +00:00
Asger Feldthaus
61e89d4841
JS: Cache StepSummary and PropertyName
2021-03-23 14:53:14 +00:00
Asger Feldthaus
0056c39bdd
JS: Deprecate AdditionalFlowStep
2021-03-23 14:53:14 +00:00
Asger Feldthaus
9e6aac8ef4
JS: Deprecate CollectionFlowStep
2021-03-23 14:53:14 +00:00
Asger Feldthaus
f8f3770a58
JS: BadRandomness can just use type-tracking now
2021-03-23 14:53:14 +00:00
Asger Feldthaus
52c2e37aca
JS: Update CollectionStep usage in HTTP
2021-03-23 14:53:14 +00:00
Asger Feldthaus
2759d53f42
JS: SetKeys
2021-03-23 14:53:14 +00:00
Asger Feldthaus
c5ddd40dc3
JS: MapAndSetValues
2021-03-23 14:53:14 +00:00
Asger Feldthaus
9abaad65c6
JS: MapSet
2021-03-23 14:53:14 +00:00
Asger Feldthaus
530be38b84
JS: MapGet
2021-03-23 14:53:14 +00:00
Asger Feldthaus
4a45731c85
JS: SetMapForEach
2021-03-23 14:53:14 +00:00
Asger Feldthaus
c9c99464cf
JS: ForOfStep (unify with Arrays version)
2021-03-23 14:53:13 +00:00
Asger Feldthaus
1a5eede39f
JS: SetConstructor
2021-03-23 14:53:13 +00:00
Asger Feldthaus
5c9a239776
JS: SetAdd
2021-03-23 14:53:13 +00:00
Asger Feldthaus
98398a9efd
JS: add two-prop version of loadStoreStep and infer pseudo properties
...
Initial step towards migrating CollectionFlowStep to PreCallGraphStep
2021-03-23 14:53:13 +00:00
Asger Feldthaus
67ec5d325c
JS: Stop caching AdditionalFlowStep
2021-03-23 14:53:13 +00:00
Asger Feldthaus
adaf3234ec
JS: IteratorExceptionStep
2021-03-23 14:53:13 +00:00
Asger Feldthaus
7021be05c5
JS: FlowStepThroughImport
2021-03-23 14:53:13 +00:00
Asger Feldthaus
52279d4bea
JS: Rename some test predicates to reflect reality
2021-03-23 14:53:13 +00:00
Asger Feldthaus
fae907df65
JS: Update some uses in tests
2021-03-23 14:53:13 +00:00
Asger Feldthaus
bda074835e
JS: Replace uses in ExternalApiUsedWithUntrustedData
2021-03-23 14:53:12 +00:00
Asger Feldthaus
2012e97842
JS: NextJSStaticReactComponentPropsStep
2021-03-23 14:53:12 +00:00
Asger Feldthaus
64c7d4e597
JS: NextJSStaticPropsStep
2021-03-23 14:53:12 +00:00
Asger Feldthaus
0035defd72
JS: ExceptionStep
2021-03-23 14:53:12 +00:00
Asger Feldthaus
5051f10586
JS: ImmutableConstructionStep
2021-03-23 14:53:12 +00:00
Asger Feldthaus
3e54136086
JS: Rename EventEmitterFlowStep to reflect reality
2021-03-23 14:53:12 +00:00
Asger Feldthaus
5fe3c1a0a9
JS: EventEmitterTaintStep
2021-03-23 14:53:12 +00:00
Asger Feldthaus
3a2f87f0a7
JS: AdditionalTypeTrackingStep -> SharedTypeTrackingStep
2021-03-23 14:53:12 +00:00
Asger Feldthaus
b8049f19e2
JS: SharedFlowStepFromPreCallGraph
2021-03-23 14:53:12 +00:00
Asger Feldthaus
8f750d4ad3
JS: UrlSearchParamsTaintStep
2021-03-23 14:53:12 +00:00
Asger Feldthaus
f84a05526d
JS: ArraySliceStep
2021-03-23 14:53:11 +00:00
Asger Feldthaus
633152940c
JS: ArrayConcatStep
2021-03-23 14:53:11 +00:00
Asger Feldthaus
17d1e6d614
JS: ArraySpliceStep
2021-03-23 14:53:11 +00:00
Asger Feldthaus
5d6c6b4b9b
JS: ArrayCreationStep
2021-03-23 14:53:11 +00:00
Asger Feldthaus
5bfd2ad07f
JS: ArrayPopStep
2021-03-23 14:53:11 +00:00
Asger Feldthaus
36a8134490
JS: ArrayIndexingAccess
2021-03-23 14:53:11 +00:00
Asger Feldthaus
b7ae62c3a3
JS: ArrayAppendStep
2021-03-23 14:53:11 +00:00
Asger Feldthaus
1c815f12da
JS: ArrayCopySpread
2021-03-23 14:53:11 +00:00
Asger Feldthaus
151420fd0f
JS: ArrayFrom
2021-03-23 14:53:11 +00:00
Asger Feldthaus
e42f8439de
JS: Replace uses of AdditionalFlowStep with SharedFlowStep
2021-03-23 14:53:10 +00:00
Asger Feldthaus
24539dc0ee
JS: Remove unneeded default case in loadStoreStep
2021-03-23 14:53:10 +00:00
CodeQL CI
a43bb1fb6d
Merge pull request #5499 from asgerf/js/non-recursive-sourcenode
...
Approved by erik-krogh
2021-03-23 14:52:10 +00:00
Asger Feldthaus
23d2f11840
JS: Handle inheritance
2021-03-23 14:39:37 +00:00
Chris Smowton
fa90655dd0
Partial revert: only introduce inferred taint edges from callsite-crossing value edges if an original taint edge targets the *start* of the value edge.
...
Previously we would also take a taint edge targeting a result and a value-preserving edge propagating another argument to the result to imply a taint edge targeting that argument.
2021-03-23 14:35:03 +00:00
Asger Feldthaus
3d94ccf5dd
JS: Support accessor-calls in object literals via local flow
2021-03-23 14:16:06 +00:00
Mathias Vorreiter Pedersen
ce638096de
Merge pull request #5492 from geoffw0/samateissue
...
C++: Test taint regression
2021-03-23 14:01:03 +01:00
Rasmus Wriedt Larsen
f2bc413318
Python: remove single commented out line of code
2021-03-23 14:00:38 +01:00
Tom Hvitved
3c26779f40
Merge pull request #5415 from tamasvajk/feature/async-flow
...
C#: add store step for return statements inside async methods
2021-03-23 13:59:19 +01:00
Rasmus Wriedt Larsen
a4924856a2
Python: Model known form/field subclasses in Django
...
I used some ad-hoc QL queries to help me find all these extra instances, but not
quite ready to share that code yet :P
2021-03-23 13:57:39 +01:00
Rasmus Wriedt Larsen
8d0f6086af
Python: Model django forms/fields
...
I'm not feeling 100% confident about `SelfRefMixin`, but since I needed it for
both DjangoViewClass and DjangoFormClass, I wanted to avoid copy-pasting this
code around. However, I'm not so opitimistic about it that I want to add it to a
sharable utility qll file :D
2021-03-23 13:57:38 +01:00
Anders Schack-Mulligen
27408fefe2
Merge pull request #5008 from torque59/cwe-346
...
Java: Queries to detect remote source flow origins to CORS header.
2021-03-23 13:54:00 +01:00
Anders Schack-Mulligen
9a56601dd3
Merge pull request #5164 from luchua-bc/java/insecure-ldap-endpoint
...
Java: CWE-297 Query to detect insecure LDAP endpoint configuration
2021-03-23 13:53:51 +01:00
Asger Feldthaus
b5be9d07aa
JS: Add change note
2021-03-23 12:51:14 +00:00
Geoffrey White
b38a9d51e6
C++: Effect of 'Don't override getParameterSizeIndex in the model for Accept'...
2021-03-23 12:26:59 +00:00
Geoffrey White
13eb9e0833
C++: Fix the test.
2021-03-23 12:26:58 +00:00
Geoffrey White
30e1b88b7f
C++: Extend test.
2021-03-23 12:26:58 +00:00
Asger Feldthaus
6c8b4a82c1
JS: Autoformat
2021-03-23 11:55:37 +00:00
Geoffrey White
da08c6e63e
Merge pull request #5496 from MathiasVP/accept-model-getParameterSizeIndex-should-be-none
...
C++: Don't override getParameterSizeIndex in Accept
2021-03-23 11:42:50 +00:00
Asger Feldthaus
98143b071d
JS: Autoformat
2021-03-23 11:26:29 +00:00
Anders Schack-Mulligen
1e6b5391d6
Merge pull request #4994 from haby0/main
...
Java: CWE-652: Improper Neutralization of Data within XQuery Expressions ('XQuery Injection')
2021-03-23 12:05:53 +01:00
Taus
b46a3616d8
Merge pull request #5490 from RasmusWL/private-imports
...
Python: Make import private for better auto-complete
2021-03-23 12:00:35 +01:00
Mathias Vorreiter Pedersen
585606a933
C++: Respond to review comments.
2021-03-23 11:14:29 +01:00
Mathias Vorreiter Pedersen
0b4650a4c9
C++: Accept test changes.
2021-03-23 10:27:19 +01:00
Tom Hvitved
20aa05b090
C#: Add CIL SSA library
2021-03-23 10:07:36 +01:00
Mathias Vorreiter Pedersen
7d0cfc69f1
C++: Don't override getParameterSizeIndex in the model for Accept. This fixes IR construction of calls to accept.
2021-03-23 09:53:09 +01:00
Mathias Vorreiter Pedersen
0ff7cc845c
C++: Add reduced testcase that broke IR construction in #5492 .
2021-03-23 09:53:04 +01:00
yoff
921b560e89
Merge pull request #5489 from tausbn/python-make-getacall-return-a-callcfgnode
...
Python: Make `API::Node::getACall` return a `CallCfgNode`
2021-03-23 09:31:38 +01:00
Rasmus Lerchedahl Petersen
198a4ca79b
Python: Add files to experimental
2021-03-22 21:42:06 +01:00
Taus Brock-Nannestad
7cdf439b83
Python: Clean up basicStoreStep
...
Moves the `flowsTo` logic into the shared implementation, so that
`TypeTrackingPrivate` only has to define the shape of immediate store
steps.
Also cleans up the documentation to talk a bit more about what
`content` can represent, and what caveats there are.
2021-03-22 18:42:24 +01:00
Taus Brock-Nannestad
0e81fd2624
Python: Move Boolean into TypeTrackerPrivate
...
In general, this may be defined already for other languages, so moving
it in here will avoid potential clashes.
2021-03-22 18:41:22 +01:00
Marcono1234
993999f64f
Java: Add test for negative numeric literals
2021-03-22 17:43:34 +01:00
Asger Feldthaus
6b19e69d30
JS: Fix some join orders
2021-03-22 16:17:19 +00:00
Rasmus Wriedt Larsen
1890e63d4c
Python: Make import private for better auto-complete
...
With the non-private imports, auto-completing on `API::` gave ALL results
available from `import python`, as well as the ones specified in the `API`
module.
The non-private import in Attributes.qll did the same for `DataFlow::`.
2021-03-22 16:45:44 +01:00
Taus Brock-Nannestad
4a6589d0ae
Python: Make API::Node::getACall return a CallCfgNode
...
This should eliminate the need for explicit casting to
`CallCfgNode` (which does not appear in our code as far as I can see,
but was observed in an external contribution).
2021-03-22 16:37:24 +01:00
Asger Feldthaus
42e6c7eb2e
JS: Remove field from InvokeNode
2021-03-22 15:19:31 +00:00
Asger Feldthaus
c03e9d6c75
JS: Address review comments
2021-03-22 15:19:31 +00:00
Asger Feldthaus
5bfdca895b
JS: Remove recursive def of SourceNode::Range
2021-03-22 15:07:38 +00:00
Asger Feldthaus
230b9cf5d3
JS: Avoid recursion in SourceNode::Range
2021-03-22 15:07:38 +00:00
Rasmus Lerchedahl Petersen
c1e3ccfb6c
Python, doc: Note ephemeral nature of import nodes
2021-03-22 15:07:51 +01:00
Rasmus Wriedt Larsen
c8a6e837b5
Python: Model QuerySet chains in django
2021-03-22 14:38:54 +01:00
Tamas Vajk
7a0bfd1a69
Skip through any stub preamble
2021-03-22 12:29:13 +01:00
Asger Feldthaus
54a91c73b0
JS: Tweak summarizedHigherOrderCall
2021-03-22 10:56:03 +00:00
Mathias Vorreiter Pedersen
d09458a486
C++: Add another taint tracking copy to identical-files.json
2021-03-22 11:35:59 +01:00
Mathias Vorreiter Pedersen
7ec86b5e7f
C++: AdjustedConfiguration should not extend the same dataflow configuration as FromGlobalVarTaintTrackingCfg as this causes multiple configurations to be in scope for dataflow.
2021-03-22 11:35:29 +01:00
haby0
fe046ec71e
Merge remote-tracking branch 'upstream/main' into main
2021-03-22 17:25:37 +08:00
Rasmus Wriedt Larsen
3a83ecf067
Python: Add test for taint in django forms/fields
2021-03-22 10:03:32 +01:00
Rasmus Wriedt Larsen
f800bf243f
Python: Better text for getSourceType in Django
2021-03-22 01:39:19 +01:00
Rasmus Wriedt Larsen
701b935564
Python: Add example of QuerySet chain (django)
2021-03-22 00:57:43 +01:00
Marcono1234
1534b387bb
Java: Improve documentation regarding minus in front of numeric literals
2021-03-22 00:54:14 +01:00
Artem Smotrakov
6c24699403
Cover both javax.el and jakarta.el packages
2021-03-21 21:19:39 +03:00
Artem Smotrakov
adb1ed380a
Added tests for Jakarta expression injection
2021-03-21 21:19:39 +03:00
Artem Smotrakov
73e940de74
Added query for Jakarta EL injections
...
- Added JakartaExpressionInjection.ql
- Added a qhelp file with examples
2021-03-21 21:19:39 +03:00
yo-h
0200aedc2e
Java 16: adjust test options
2021-03-21 12:55:25 -04:00
ihsinme
26bac9f425
Apply suggestions from code review
...
Co-authored-by: Robert Marsh <rdmarsh2@gmail.com >
2021-03-21 15:25:29 +03:00
Asger Feldthaus
a54e810804
JS: Include accessor-calls in CallGraph.ql
2021-03-20 13:59:38 +00:00
Asger Feldthaus
f4a476ea4e
JS: Change type ValueNode -> Node
2021-03-20 09:05:04 +00:00
Dilan
1385b22642
pr fixes, typo in qhelp file and helper method for queries
2021-03-19 16:43:29 -07:00
yoff
164b383fda
Update python/ql/test/query-tests/Security/CWE-327/pyOpenSSL_fluent.py
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-03-19 19:12:13 +01:00
Asger Feldthaus
405c1f3fc7
JS: Update test suite
2021-03-19 16:45:31 +00:00
Asger Feldthaus
fa2ae1420a
JS: Rename Diagnostics folder to Summary
2021-03-19 16:43:23 +00:00
Asger Feldthaus
347cbe422d
JS: Remove the other summary queries
2021-03-19 16:42:43 +00:00
Asger Feldthaus
0c0556bb38
JS: Update LinesOfCode.ql to match the style from C++
2021-03-19 16:42:05 +00:00
Asger Feldthaus
6ca425f033
JS: Implement new metric queries for line counting
2021-03-19 16:34:29 +00:00
Asger Feldthaus
ea8c8df653
JS: Fix bad join orders in summarizedHigherOrderCall
2021-03-19 15:30:49 +00:00
Mathias Vorreiter Pedersen
6c1ec6d96b
C++: Accept test changes.
2021-03-19 16:09:05 +01:00
Erik Krogh Kristensen
8949b9eb0a
add shell interpreted arrays as sinks for js/shell-command-constructed-from-input
2021-03-19 15:59:06 +01:00
Asger Feldthaus
01fd00de56
JS: Fix join order in argumentPassing
2021-03-19 11:49:06 +00:00
Asger F
2f3d516413
JS: Track flow into ES accessors
2021-03-19 11:11:25 +00:00
Asger F
4f46908224
JS: Add test with ES getters/setters
2021-03-19 11:07:15 +00:00
Tamas Vajk
79d6731ed8
C#: Adjust make_stubs.py to use codeql instead of odasa
2021-03-19 11:01:28 +01:00
Erik Krogh Kristensen
36b0ab1de5
Apply suggestions from code review
...
Co-authored-by: Esben Sparre Andreasen <esbena@github.com >
2021-03-19 10:29:38 +01:00
Erik Krogh Kristensen
a28a36ab29
add change-note
2021-03-19 10:10:56 +01:00
Erik Krogh Kristensen
e90fb1a225
reuse classes modelling standard library functions
2021-03-19 10:09:33 +01:00
Rasmus Lerchedahl Petersen
e0e6d5724e
Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol
2021-03-18 23:34:53 +01:00
Erik Krogh Kristensen
d489d63b8e
recognize object transformations in module.exports when looking for library inputs
2021-03-18 20:54:33 +01:00
Erik Krogh Kristensen
28ad667578
add model for async-execute
2021-03-18 19:40:46 +01:00
Erik Krogh Kristensen
af5a61782c
also look for main modules in a lib folder
2021-03-18 14:51:11 +01:00
Erik Krogh Kristensen
0e98ea0c10
remove spurious import of PackageExports
2021-03-18 14:09:08 +01:00
Erik Krogh Kristensen
67a5831ac0
update expected output
2021-03-18 13:59:44 +01:00
Erik Krogh Kristensen
c0bb169342
recognize a src/index.js file as a main module for a package
2021-03-18 13:41:36 +01:00
Erik Krogh Kristensen
add0c88530
loosen the requirement that the package.json file must be the top-most package.json
2021-03-18 13:39:12 +01:00
Erik Krogh Kristensen
d998d06b94
add link to source in alert-message for js/shell-command-constructed-from-input
2021-03-18 13:37:18 +01:00
Porcuiney Hairs
a88c3682ff
remove sanitiserGuards
2021-03-18 16:12:00 +05:30
Porcuiney Hairs
84c9137152
Include suggestions from review
2021-03-18 16:12:00 +05:30
porcupineyhairs
f27d2bdf6d
Update java/ql/src/experimental/semmle/code/java/Logging.qll
...
Co-authored-by: Marcono1234 <Marcono1234@users.noreply.github.com >
2021-03-18 16:12:00 +05:30
Porcuiney Hairs
d0c82d3756
Add flogger and android logging support
2021-03-18 16:12:00 +05:30
Porcuiney Hairs
17d7ba8049
Add Log Injection Vulnerability
2021-03-18 16:12:00 +05:30
Rasmus Lerchedahl Petersen
b3ff3f7ee7
PythonÆ adjust test expectations
...
I suspect it has to do with ParameterNode being a LocalSourceNode,
but I really have no idea...
2021-03-17 15:11:17 +01:00
Rasmus Lerchedahl Petersen
8f467003d2
Python: More review suggestions
2021-03-17 15:11:17 +01:00
yoff
63b732ce1f
Apply suggestions from code review
...
Co-authored-by: Taus <tausbn@github.com >
2021-03-17 15:11:17 +01:00
Rasmus Lerchedahl Petersen
4d856d4461
Python: Add small api enhancements
...
determined useful during documentation work.
2021-03-17 15:11:17 +01:00
Mathias Vorreiter Pedersen
3914a93504
C++: Remove commonTaintStep from DefaultTaintTracking.
2021-03-17 11:56:59 +01:00
haby0
c516d69b98
Merge remote-tracking branch 'upstream/main' into main
2021-03-17 16:42:48 +08:00
Tamas Vajk
0b1705f302
C#: Adjust Callable::canReturn to handle Task-like async return types
2021-03-17 09:25:57 +01:00
haby0
15206fd2ce
JsonpInjection.ql autoformatted
2021-03-17 15:52:05 +08:00
haby0
98204a15a6
Fix the problem
2021-03-17 15:28:04 +08:00
Mathias Vorreiter Pedersen
43fbcc1c8a
C++: Convert all the dataflow configurations to taint configurations.
2021-03-16 22:36:17 +01:00
Mathias Vorreiter Pedersen
dd6b27df24
C++: Fix test annotation.
2021-03-16 22:35:47 +01:00
Tamas Vajk
cd820917bc
Remove duplicate yield return entries from global dataflow test
2021-03-16 21:28:58 +01:00
Tamas Vajk
2541e9cb6a
C#: Handle async data flow in expression bodied callables
2021-03-16 16:32:47 +01:00
Tamas Vajk
048c72a0f2
C#: Remove YieldReturnKind
2021-03-16 16:20:04 +01:00
Tamas Vajk
aa2abf76ba
Make ReturnNodes disjoint (normal, yield, async)
2021-03-16 16:17:27 +01:00
Tamas Vajk
732ef92830
C#: add store step for return statements inside async methods
2021-03-16 15:18:00 +01:00
Tamas Vajk
c684b74b3d
C#: Add async dataflow tests
2021-03-16 14:46:16 +01:00
Rasmus Lerchedahl Petersen
6fff746b16
Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol
2021-03-15 17:37:28 +01:00
Rasmus Lerchedahl Petersen
9a96230523
Python: Add changenote
2021-03-15 17:35:30 +01:00
Rasmus Lerchedahl Petersen
514a69c47a
Python: Support ssl.PROTOCOL_TLS_SERVER
...
and `ssl.PROTOCOL_TLS_CLIENT`
2021-03-15 17:30:01 +01:00
Rasmus Lerchedahl Petersen
87f3ba2684
Python: add tests for ssl.PROTOCOL_TLS_SERVER
...
and `ssl.PROTOCOL_TLS_CLIENT`
2021-03-15 17:24:39 +01:00
Rasmus Lerchedahl Petersen
731f4559b4
Python: update test expectations
2021-03-15 17:23:58 +01:00
Rasmus Lerchedahl Petersen
4094b18407
Python: Clean up tests
2021-03-15 16:28:08 +01:00
Mathias Vorreiter Pedersen
0ffb80e3b1
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2021-03-15 09:42:32 +01:00
Rasmus Lerchedahl Petersen
41c9394b4b
Python: update qhelp and example
2021-03-14 09:22:47 +01:00
Taus Brock-Nannestad
f05313435d
Python: Move typePreservingStep into Private
2021-03-12 14:06:39 +01:00
Taus Brock-Nannestad
9b8056371f
Python: Make the type tracking implementation shareable
2021-03-12 13:51:24 +01:00
luchua-bc
1a2e341b7c
Refactor the business logic of the query into a separate predicate
2021-03-12 12:19:37 +00:00
luchua-bc
c8b1bc3a89
Enhance the query
2021-03-11 21:41:34 +00:00
Mathias Vorreiter Pedersen
5667901a2a
C++: Accept test changes after merge from main (which changed the path explanations).
2021-03-11 21:16:57 +01:00
luchua-bc
0a35feef76
Exclude CSRF cookies to reduce FPs
2021-03-11 17:28:07 +00:00
luchua-bc
57953c523c
Update qldoc
2021-03-11 17:16:36 +00:00
Mathias Vorreiter Pedersen
a2d75c4fed
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2021-03-11 18:06:37 +01:00
luchua-bc
eeac7e322a
Query to detect insecure configuration of Spring Boot Actuator
2021-03-11 13:46:32 +00:00
Artem Smotrakov
4b7c57c077
Added a comment for getBeanIdentifier()
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-03-11 11:52:07 +01:00
Artem Smotrakov
0a5d58ed8a
Cover more configurations in UnsafeSpringExporterInConfigurationClass.ql
2021-03-10 21:15:19 +03:00
luchua-bc
a0a1ddee86
Update class name
2021-03-10 17:07:31 +00:00
Mathias Vorreiter Pedersen
bc36e0db43
C++: Accept more test changes.
2021-03-10 16:51:13 +01:00
Mathias Vorreiter Pedersen
cc592b124b
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2021-03-10 15:59:48 +01:00
Mathias Vorreiter Pedersen
0b6589c8be
C++: Accept test changes.
2021-03-10 15:47:06 +01:00
luchua-bc
f0ddfc9283
Minor qldoc changes
2021-03-10 12:18:55 +00:00
luchua-bc
72f28513eb
Move test check to the sink
2021-03-10 12:12:27 +00:00
Anders Schack-Mulligen
4941d9b7bf
Java: Add query for CSV framework coverage.
2021-03-10 12:03:44 +01:00
Artem Smotrakov
df60268023
Split qhelp files
2021-03-10 10:49:47 +03:00
luchua-bc
48975fa7d2
Replace sanitizers
2021-03-10 00:17:26 +00:00
Mathias Vorreiter Pedersen
19d08d7b40
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2021-03-09 12:35:44 +01:00
Artem Smotrakov
a78f2115f2
Split SpringExporterUnsafeDeserialization.ql
2021-03-09 00:06:38 +03:00
Mathias Vorreiter Pedersen
bb53780ba9
C++: Add flow through unary instructions and pointer/indirection conflation for parameters. These rules are copy/pasted from DefaultTaintTracking. The conflation rules will hopefully be removed as part of #5089 .
2021-03-08 09:42:47 +01:00
luchua-bc
0ef3eee4ed
Revamp the source and the sink of the query
2021-03-06 22:41:54 +00:00
Artem Smotrakov
891b975899
Use correct file names in SpringExporterUnsafeDeserialization.qhelp
2021-03-06 22:07:43 +01:00
Artem Smotrakov
bda223771b
Added another example for SpringExporterUnsafeDeserialization.ql
2021-03-06 22:05:00 +01:00
Artem Smotrakov
82cb4a8d68
Renamed SpringHttpInvokerUnsafeDeserialization.ql
2021-03-06 21:48:35 +01:00
Artem Smotrakov
dcabce679a
Cover beans from XML configs in SpringHttpInvokerUnsafeDeserialization.ql
2021-03-06 21:40:35 +01:00
luchua-bc
31eaa80f5b
Revamp the source
2021-03-06 00:56:15 +00:00
Rasmus Lerchedahl Petersen
7d556b354d
Python: Update test annotation and expectation
2021-03-05 09:16:35 +01:00
haby0
ecdadd1826
move the query to experimental folder
2021-03-05 14:38:04 +08:00
luchua-bc
a93aabab40
Add the toString() method
2021-03-05 03:05:49 +00:00
luchua-bc
919c6b4b0a
Optimize flow steps
2021-03-05 02:50:54 +00:00
Francis Alexander
abdebc29f9
Move to experimental and review feedback
2021-03-05 07:26:29 +05:30
Mathias Vorreiter Pedersen
23876cb581
C++: Only allow taint to a FieldAddressInstruction if it's a union type.
2021-03-04 16:29:44 +01:00
ihsinme
10cc574289
Add files via upload
2021-03-04 16:15:26 +03:00
ihsinme
01c13c4703
Add files via upload
2021-03-04 16:14:11 +03:00
haby0
c5577cb09a
Fix the problem
2021-03-04 19:54:49 +08:00
Rasmus Lerchedahl Petersen
d02c529872
Python: Update annotation
2021-03-04 00:06:36 +01:00
Rasmus Lerchedahl Petersen
de9469bbfc
Python: complete ssl.create_default_context
2021-03-04 00:01:44 +01:00
Rasmus Lerchedahl Petersen
ee03837357
Python: small refactor
2021-03-03 23:46:18 +01:00
Rasmus Lerchedahl Petersen
cbbc7b2bcd
Python: support unrestrictions
...
Also pyOpenSSL allows SSL 2 and SSL 3 on `SSLv23`
2021-03-03 23:42:48 +01:00
luchua-bc
1784c202a7
Clean up the query
2021-03-03 17:03:37 +00:00
Rasmus Lerchedahl Petersen
97d26687fe
Python: Improve logic of bit fields
2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
7a1d953fca
Python: More tests
2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
60525ec301
Python: Also track offending call
...
update test expectations at this point
2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
9e696ff0fb
Python: Add false negative to test
2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
d5171fc043
Python: Comment everything
2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
3b856010f2
Python: add TODO comment
2021-03-03 17:50:46 +01:00
Rasmus Lerchedahl Petersen
ea8c6f04e2
Python: Update old test and qlhelp
2021-03-03 17:50:46 +01:00
Rasmus Lerchedahl Petersen
87e1a062ea
Python: fluent api tests
2021-03-03 17:50:46 +01:00
Rasmus Lerchedahl Petersen
186db7f43e
Python: factor into modules and files
2021-03-03 17:50:46 +01:00
Rasmus Lerchedahl Petersen
7ed018aff6
Python: refactor into modules
...
and turn on the pyOpenSSL module
2021-03-03 17:50:46 +01:00
Rasmus Lerchedahl Petersen
72b37a5b1b
Python: factor out barrier
2021-03-03 17:50:46 +01:00
Rasmus Lerchedahl Petersen
86dde6eab1
Python: start of port
2021-03-03 17:50:46 +01:00
luchua-bc
502cf38fcc
Use concise API
2021-03-03 14:07:43 +00:00
luchua-bc
1b1c3f953b
Remove localflow from the source
2021-03-03 13:54:26 +00:00
luchua-bc
b366ffa69e
Revamp source of the query
2021-03-03 13:38:18 +00:00
Artem Smotrakov
617ba65ef5
Improved docs for SpringHttpInvokerUnsafeDeserialization.ql
2021-03-02 21:36:14 +01:00
Mathias Vorreiter Pedersen
eb4f1e1ba0
C++: Restore some of the lost test results by doing operand -> instruction taint steps in IR TaintTracking.
2021-03-02 15:45:40 +01:00
Mathias Vorreiter Pedersen
23d3109071
C++: Use taintedWithPath in more tests. This is the predicate that's currently hooked up to the new IR taint tracking library.
2021-03-02 13:40:39 +01:00
Mathias Vorreiter Pedersen
6ba35f4aac
C++: Fix function renaming and accept test change.
2021-03-02 11:31:24 +01:00
Mathias Vorreiter Pedersen
9f02c144a8
C++: Remove files that were incorrectly added when resolving merge conflicts.
2021-03-02 11:14:49 +01:00
Mathias Vorreiter Pedersen
ffc6af73b7
C++: Accept test changes.
2021-03-02 11:00:43 +01:00
Mathias Vorreiter Pedersen
748f5344ff
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2021-03-02 10:43:37 +01:00
luchua-bc
95d1994196
Query to check sensitive cookies without the HttpOnly flag set
2021-03-01 22:06:52 +00:00
Artem Smotrakov
15a43ffe36
Simplified returnsRemoteInvocationSerializingExporter()
2021-02-27 13:41:20 +01:00
haby0
f795d5e0d3
update JSONP Injection ql
2021-02-27 16:25:17 +08:00
haby0
0521ef87da
Merge remote-tracking branch 'upstream/main' into JsonHijacking
2021-02-25 16:31:14 +08:00
Artem Smotrakov
e02b51f42b
Improved SpringHttpInvokerUnsafeDeserialization.qhelp
2021-02-24 22:35:20 +01:00
Artem Smotrakov
aac0c27dcd
Added tests for SpringHttpInvokerUnsafeDeserialization.ql
2021-02-24 22:35:20 +01:00
Artem Smotrakov
95284ad71d
Added SpringHttpInvokerUnsafeDeserialization.qhelp and example
2021-02-24 22:35:20 +01:00
Artem Smotrakov
476309af6d
Added SpringHttpInvokerUnsafeDeserialization.ql
2021-02-24 22:35:20 +01:00
haby0
6fe8bafc7d
*)update
2021-02-24 20:59:51 +08:00
haby0
872a000a33
*)update to JSONP injection
2021-02-24 20:36:12 +08:00
Francis Alexander
45bdb22db8
Switch from sanitizer to tainttracking, formatting and qldoc changes
2021-02-21 16:45:48 +05:30
haby0
8119fd2ad1
*)add JsonHijacking ql query
2021-02-18 18:11:10 +08:00
Francis Alexander
2baf2aa5c1
Apply suggestions from code review - improved sanitizer checks.
...
Co-authored-by: Alvaro Muñoz <pwntester@github.com >
2021-02-17 18:58:32 +05:30
Francis Alexander
40f4e71b86
Merge branch 'main' into cwe-346
2021-02-17 18:55:31 +05:30
Francis Alexander
58971f9f4e
Switch qualified name to available CollectionType
2021-02-17 16:01:27 +05:30
Francis Alexander
520ba47293
Sanitizer improvements from code review
2021-02-17 08:35:50 +05:30
luchua-bc
e698ee77f7
Update qldoc and test method
2021-02-16 14:11:39 +00:00
haby0
2c96e6cf96
Merge remote-tracking branch 'upstream/main' into main
2021-02-16 17:54:01 +08:00
luchua-bc
5ce3af0591
Enhance the query and update qldoc
2021-02-15 21:38:54 +00:00
haby0
92c00cb741
Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-02-16 00:09:21 +08:00
haby0
f1e44bce4a
Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-02-16 00:07:44 +08:00
luchua-bc
a03e6faf37
Optimize the query and update qldoc
2021-02-15 14:10:17 +00:00
Francis Alexander
409d95c522
Sanitizer checks to decrease FP
2021-02-15 14:01:14 +05:30
luchua-bc
23f620d255
Query to detect insecure LDAP endpoint configuration
2021-02-15 05:31:29 +00:00
luchua-bc
6a6727fc80
Reduce the scope of the query to reduce FPs
2021-02-14 15:01:06 +00:00
haby0
6901cd4899
Merge branch 'main' of https://github.com/haby0/codeql into main
2021-02-12 11:18:33 +08:00
haby0
22e741c7a3
*)add XQExpression.executeCommand(0) sink
2021-02-12 11:17:42 +08:00
haby0
dbb3d458f5
*)add XQExpression.executeCommand(0) sink
2021-02-12 10:47:41 +08:00
haby0
a6a0fa28c4
*)add XQExpression.executeQuery(0) sink
2021-02-11 16:05:48 +08:00
haby0
97690b4eb7
Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.qhelp
...
Co-authored-by: Felicity Chapman <felicitymay@github.com >
2021-02-08 19:15:28 +08:00
luchua-bc
ff1ed3a012
Revamp the query to use three configurations to detect password hash without salt
2021-01-29 03:39:02 +00:00
haby0
81c56b9bed
Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-01-27 19:47:12 +08:00
haby0
31deca016f
Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.ql
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-01-27 19:46:45 +08:00
haby0
ca2e6587fe
Update java/ql/src/Security/CWE/CWE-652/XQueryInjection.qhelp
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-01-27 19:46:15 +08:00
haby0
b5ae417851
*)update CWE-652 qhelp references
2021-01-27 10:19:04 +08:00
haby0
b76854a384
*)add CWE-652 test case
2021-01-27 10:14:33 +08:00
Francis Alexander
19872e9aed
More Feedback integration
2021-01-26 17:24:17 +05:30
Francis Alexander
985d3d469a
PR feedback integration
2021-01-25 23:26:36 +05:30
haby0
42f55e1ebe
Merge pull request #1 from smowton/smowton/admin/rewrite-xquery
...
Rewrite XQuery injection to use an additional taint step instead of multiple configurations
2021-01-25 19:49:20 +08:00
Chris Smowton
d34233b44f
Rewrite XQuery injection to use an additional taint step instead of multiple configurations.
...
Also remove a needless barrier -- the method in question doesn't conduct taint by default, so excluding particular instances of that call is not necessary.
2021-01-25 11:18:45 +00:00
haby0
16308fe557
Update java/ql/src/Security/CWE/CWE-652/XQueryInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-01-25 19:16:18 +08:00
haby0
14a23eed4f
Update java/ql/src/Security/CWE/CWE-652/XQueryInjectionLib.qll
...
Co-authored-by: Chris Smowton <smowton@github.com >
2021-01-25 19:15:59 +08:00
Francis Alexander
75b79039a1
Example fixes
2021-01-24 20:46:37 +05:30
Francis Alexander
81e372d078
Formatting changes
2021-01-24 20:44:21 +05:30
Francis Alexander
a64fc2b24e
Java: Queries to detect remote source flow to CORS header
2021-01-24 18:58:39 +05:30
haby0
0b326aae20
*)update XQueryInjectionLib.qll
2021-01-23 18:27:38 +08:00
haby0
44d99f8cd4
*)update XQueryInjection.ql
2021-01-23 18:26:58 +08:00
haby0
ec4c155043
*)update XQueryInjection.qhelp
2021-01-23 18:26:15 +08:00
haby0
a56dd60baa
*)add CWE-652 XQueryInjection detection
2021-01-21 19:18:10 +08:00
luchua-bc
b9809b071e
Update the query to work with wrapper classes
2021-01-18 19:22:34 +00:00
luchua-bc
048167d39a
Revamp the query to reduce FPs introduced by wrapper calls
2021-01-18 04:23:30 +00:00
luchua-bc
3af8773dd6
Add more cases
2021-01-15 16:20:31 +00:00
luchua-bc
86c04e6971
Detect the scenario of passwords concatenated with a salt to reduce FPs
2021-01-11 16:59:57 +00:00
luchua-bc
39103af718
Remove additional taint step
2021-01-08 13:02:57 +00:00
luchua-bc
b56fe2b25f
Remove specific method name in additional taint step
2021-01-07 16:31:21 +00:00
luchua-bc
19ff00bad4
Enhance the additional step flow and update qldoc
2021-01-07 13:15:30 +00:00
luchua-bc
ce2db21f15
Query to detect hash without salt
2021-01-06 17:30:04 +00:00
Robert Marsh
77729918c1
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
...
Update for submodule pointer
2020-11-18 13:09:02 -08:00
Robert Marsh
5aed82a210
C++: Autoformat more
2020-11-17 13:44:20 -08:00
Robert Marsh
04641a3f2d
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2020-11-17 12:55:12 -08:00
Robert Marsh
c2e44fa180
C++: autoformat
2020-11-17 09:28:39 -08:00
Robert Marsh
db8766ca69
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
2020-11-16 17:46:20 -08:00
Robert Marsh
525aeb6551
C++: autoformat
2020-11-13 16:14:07 -08:00
Robert Marsh
29eacbd28b
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
...
Update for submodule bump
2020-11-13 12:22:41 -08:00
Robert Marsh
bd00988c37
C++: accept test output for DefaultTaintTracking
2020-11-12 14:38:53 -08:00
Robert Marsh
68040b717e
C++: autoformat
2020-11-12 14:32:19 -08:00
Robert Marsh
275d75295c
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
...
Fix test conflict
2020-11-12 13:28:10 -08:00
Robert Marsh
049bff09e6
Merge branch 'main' into rdmarsh/cpp/use-taint-configuration-dtt
...
Make this branch a valid taget for a submodule bump
2020-11-10 14:25:05 -08:00
Robert Marsh
2a6ba40a93
C++: Accept more test changes
2020-11-10 13:59:35 -08:00
Robert Marsh
04ad94d1cc
C++: model taint from pointers to aliased buffers
2020-11-09 13:52:08 -08:00
Robert Marsh
afbeca0d54
C++: Accept test outputs
2020-11-09 13:24:31 -08:00
Robert Marsh
95ed5465de
C++: improve handling of function arguments in DTT
2020-11-09 13:02:06 -08:00
Robert Marsh
fbe857d1fa
C++: require that other operands be predictable
...
This brings back a constraint that was lost when switching
DefaultTaintTracking to use a TaintTracking::Configuration
2020-11-09 13:00:55 -08:00
Robert Marsh
7d79be71d1
C++: taint tracking conf in DefaultTaintTracking
...
Switch from using additional flow steps with a DataFlow::Configuration
in DefaultTaintTracking to using a TaintTracking::Configuration. This
makes future improvements to TaintTracking::Configuration reflected in
DefaultTaintTracking without further effort. It also removes the
predictability constraint in DefaultTaintTracking, which increases the
number of results, with both new true positives and new false positives.
Those may need to be addressed on a per-query basis.
There are some additional regressions from losing pointer/object
conflation for arguments. Those can be worked around by adding that
conflation to TaintTracking::Configuration until precise indirect
parameter flow is ready.
2020-11-09 13:00:55 -08:00
dilanbhalla
26b030f8cc
fixed pr suggestions
2020-07-07 10:52:26 -07:00
dilanbhalla
dc73fcc4e8
moved to experimental
2020-07-01 09:54:58 -07:00
dilanbhalla
dc58f6fa87
function/class synatax
2020-06-25 11:39:09 -07:00