Skip to content

Commit 1f5a466

Browse files
committed
Playframework test cases & review fixes
2 parents 27c554c + b230868 commit 1f5a466

File tree

2,109 files changed

+195656
-96567
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

2,109 files changed

+195656
-96567
lines changed
Lines changed: 60 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,60 @@
1+
name: Generate CodeQL query help documentation using Sphinx
2+
3+
on:
4+
workflow_dispatch:
5+
inputs:
6+
description:
7+
description: A description of the purpose of this job. For human consumption.
8+
required: false
9+
push:
10+
branches:
11+
- 'lgtm.com'
12+
pull_request:
13+
paths:
14+
- '.github/workflows/generate-query-help-docs.yml'
15+
- 'docs/codeql/query-help/**'
16+
17+
jobs:
18+
build:
19+
runs-on: ubuntu-latest
20+
steps:
21+
- name: Clone github/codeql
22+
uses: actions/checkout@v2
23+
with:
24+
path: codeql
25+
- name: Clone github/codeql-go
26+
uses: actions/checkout@v2
27+
with:
28+
repository: 'github/codeql-go'
29+
path: codeql-go
30+
- name: Set up Python 3.8
31+
uses: actions/setup-python@v2
32+
with:
33+
python-version: 3.8
34+
- name: Download CodeQL CLI
35+
uses: dsaltares/fetch-gh-release-asset@aa37ae5c44d3c9820bc12fe675e8670ecd93bd1c
36+
with:
37+
repo: "github/codeql-cli-binaries"
38+
version: "latest"
39+
file: "codeql-linux64.zip"
40+
token: ${{ secrets.GITHUB_TOKEN }}
41+
- name: Unzip CodeQL CLI
42+
run: unzip -d codeql-cli codeql-linux64.zip
43+
- name: Set up query help docs folder
44+
run: |
45+
cp -r codeql/docs/codeql/** .
46+
- name: Query help to markdown
47+
run: |
48+
PATH="$PATH:codeql-cli/codeql" python codeql/docs/codeql/query-help-markdown.py
49+
- name: Run Sphinx for query help
50+
uses: ammaraskar/sphinx-action@8b4f60114d7fd1faeba1a712269168508d4750d2 # v0.4
51+
with:
52+
docs-folder: "query-help/"
53+
pre-build-command: "python -m pip install --upgrade recommonmark"
54+
build-command: "sphinx-build -b dirhtml . _build"
55+
- name: Upload HTML artifacts
56+
uses: actions/upload-artifact@v2
57+
with:
58+
name: query-help-html
59+
path: query-help/_build
60+

CONTRIBUTING.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -38,6 +38,8 @@ If you have an idea for a query that you would like to share with other CodeQL u
3838

3939
- The queries and libraries must be autoformatted, for example using the "Format Document" command in [CodeQL for Visual Studio Code](https://help.semmle.com/codeql/codeql-for-vscode/procedures/about-codeql-for-vscode.html).
4040

41+
If you prefer, you can use this [pre-commit hook](misc/scripts/pre-commit) that automatically checks whether your files are correctly formatted. See the [pre-commit hook installation guide](docs/install-pre-commit-hook.md) for instructions on how to install the hook.
42+
4143
4. **Compilation**
4244

4345
- Compilation of the query and any associated libraries and tests must be resilient to future development of the [supported](docs/supported-queries.md) libraries. This means that the functionality cannot use internal libraries, cannot depend on the output of `getAQlClass`, and cannot make use of regexp matching on `toString`.

change-notes/1.26/analysis-csharp.md

Lines changed: 0 additions & 35 deletions
This file was deleted.

change-notes/1.26/analysis-java.md

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,4 +18,3 @@ The following changes in version 1.26 affect Java analysis in all applications.
1818

1919
## Changes to libraries
2020

21-
* The QL class `Block`, denoting the `{ ... }` statement, is renamed to `BlockStmt`.

change-notes/1.26/analysis-javascript.md

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,19 @@
44

55
* Angular-specific taint sources and sinks are now recognized by the security queries.
66

7+
* Support for React has improved, with better handling of react hooks, react-router path parameters, lazy-loaded components, and components transformed using `react-redux` and/or `styled-components`.
8+
9+
* Dynamic imports are now analyzed more precisely.
10+
711
* Support for the following frameworks and libraries has been improved:
812
- [@angular/*](https://www.npmjs.com/package/@angular/core)
913
- [AWS Serverless](https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/sam-resource-function.html)
1014
- [Alibaba Serverless](https://www.alibabacloud.com/help/doc-detail/156876.htm)
1115
- [debounce](https://www.npmjs.com/package/debounce)
1216
- [bluebird](https://www.npmjs.com/package/bluebird)
1317
- [call-limit](https://www.npmjs.com/package/call-limit)
18+
- [classnames](https://www.npmjs.com/package/classnames)
19+
- [clsx](https://www.npmjs.com/package/clsx)
1420
- [express](https://www.npmjs.com/package/express)
1521
- [fast-json-stable-stringify](https://www.npmjs.com/package/fast-json-stable-stringify)
1622
- [fast-safe-stringify](https://www.npmjs.com/package/fast-safe-stringify)
@@ -27,7 +33,13 @@
2733
- [needle](https://www.npmjs.com/package/needle)
2834
- [object-inspect](https://www.npmjs.com/package/object-inspect)
2935
- [pretty-format](https://www.npmjs.com/package/pretty-format)
36+
- [react](https://www.npmjs.com/package/react)
37+
- [react-router-dom](https://www.npmjs.com/package/react-router-dom)
38+
- [react-redux](https://www.npmjs.com/package/react-redux)
39+
- [redis](https://www.npmjs.com/package/redis)
40+
- [redux](https://www.npmjs.com/package/redux)
3041
- [stringify-object](https://www.npmjs.com/package/stringify-object)
42+
- [styled-components](https://www.npmjs.com/package/styled-components)
3143
- [throttle-debounce](https://www.npmjs.com/package/throttle-debounce)
3244
- [underscore](https://www.npmjs.com/package/underscore)
3345

change-notes/1.26/analysis-python.md

Lines changed: 25 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,19 +4,34 @@ The following changes in version 1.26 affect Python analysis in all applications
44

55
## General improvements
66

7-
8-
## New queries
9-
10-
| **Query** | **Tags** | **Purpose** |
11-
|-----------------------------|-----------|--------------------------------------------------------------------|
12-
13-
147
## Changes to existing queries
158

169
| **Query** | **Expected impact** | **Change** |
1710
|----------------------------|------------------------|------------------------------------------------------------------|
18-
19-
11+
|`py/unsafe-deserialization` | Different results. | The underlying data flow library has been changed. See below for more details. |
12+
|`py/path-injection` | Different results. | The underlying data flow library has been changed. See below for more details. |
13+
|`py/command-line-injection` | Different results. | The underlying data flow library has been changed. See below for more details. |
14+
|`py/reflective-xss` | Different results. | The underlying data flow library has been changed. See below for more details. |
15+
|`py/sql-injection` | Different results. | The underlying data flow library has been changed. See below for more details. |
16+
|`py/code-injection` | Different results. | The underlying data flow library has been changed. See below for more details. |
2017
## Changes to libraries
21-
18+
* Some of the security queries now use the shared data flow library for data flow and taint tracking. This has resulted in an overall more robust and accurate analysis. The libraries mentioned below have been modelled in this new framework. Other libraries (e.g. the web framework `CherryPy`) have not been modelled yet, and this may lead to a temporary loss of results for these frameworks.
19+
* Improved modelling of the following serialization libraries:
20+
- `PyYAML`
21+
- `dill`
22+
- `pickle`
23+
- `marshal`
24+
* Improved modelling of the following web frameworks:
25+
- `Django` (Note that modelling of class-based response handlers is currently incomplete.)
26+
- `Flask`
27+
* Support for Werkzeug `MultiDict`.
28+
* Support for the [Python Database API Specification v2.0 (PEP-249)](https://www.python.org/dev/peps/pep-0249/), including the following libraries:
29+
- `MySQLdb`
30+
- `mysql-connector-python`
31+
- `django.db`
32+
* Improved modelling of the following command execution libraries:
33+
- `Fabric`
34+
- `Invoke`
35+
* Improved modelling of security-related standard library modules, such as `os`, `popen2`, `platform`, and `base64`.
36+
* The original versions of the updated queries have been preserved [here](https://github.com/github/codeql/tree/main/python/ql/src/experimental/Security-old-dataflow).
2237
* Added taint tracking support for string formatting through f-strings.

config/identical-files.json

Lines changed: 30 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -19,15 +19,17 @@
1919
"csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl3.qll",
2020
"csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl4.qll",
2121
"csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImpl5.qll",
22-
"python/ql/src/experimental/dataflow/internal/DataFlowImpl.qll",
23-
"python/ql/src/experimental/dataflow/internal/DataFlowImpl2.qll"
22+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl.qll",
23+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl2.qll",
24+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl3.qll",
25+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImpl4.qll"
2426
],
2527
"DataFlow Java/C++/C#/Python Common": [
2628
"java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplCommon.qll",
2729
"cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplCommon.qll",
2830
"cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplCommon.qll",
2931
"csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplCommon.qll",
30-
"python/ql/src/experimental/dataflow/internal/DataFlowImplCommon.qll"
32+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplCommon.qll"
3133
],
3234
"TaintTracking::Configuration Java/C++/C#/Python": [
3335
"cpp/ql/src/semmle/code/cpp/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
@@ -41,14 +43,17 @@
4143
"csharp/ql/src/semmle/code/csharp/dataflow/internal/tainttracking5/TaintTrackingImpl.qll",
4244
"java/ql/src/semmle/code/java/dataflow/internal/tainttracking1/TaintTrackingImpl.qll",
4345
"java/ql/src/semmle/code/java/dataflow/internal/tainttracking2/TaintTrackingImpl.qll",
44-
"python/ql/src/experimental/dataflow/internal/tainttracking1/TaintTrackingImpl.qll"
46+
"python/ql/src/semmle/python/dataflow/new/internal/tainttracking1/TaintTrackingImpl.qll",
47+
"python/ql/src/semmle/python/dataflow/new/internal/tainttracking2/TaintTrackingImpl.qll",
48+
"python/ql/src/semmle/python/dataflow/new/internal/tainttracking3/TaintTrackingImpl.qll",
49+
"python/ql/src/semmle/python/dataflow/new/internal/tainttracking4/TaintTrackingImpl.qll"
4550
],
4651
"DataFlow Java/C++/C#/Python Consistency checks": [
4752
"java/ql/src/semmle/code/java/dataflow/internal/DataFlowImplConsistency.qll",
4853
"cpp/ql/src/semmle/code/cpp/dataflow/internal/DataFlowImplConsistency.qll",
4954
"cpp/ql/src/semmle/code/cpp/ir/dataflow/internal/DataFlowImplConsistency.qll",
5055
"csharp/ql/src/semmle/code/csharp/dataflow/internal/DataFlowImplConsistency.qll",
51-
"python/ql/src/experimental/dataflow/internal/DataFlowImplConsistency.qll"
56+
"python/ql/src/semmle/python/dataflow/new/internal/DataFlowImplConsistency.qll"
5257
],
5358
"SsaReadPosition Java/C#": [
5459
"java/ql/src/semmle/code/java/dataflow/internal/rangeanalysis/SsaReadPositionCommon.qll",
@@ -345,10 +350,22 @@
345350
"csharp/ql/src/experimental/ir/implementation/raw/gvn/internal/ValueNumberingImports.qll",
346351
"csharp/ql/src/experimental/ir/implementation/unaliased_ssa/gvn/internal/ValueNumberingImports.qll"
347352
],
353+
"C# ControlFlowReachability": [
354+
"csharp/ql/src/semmle/code/csharp/dataflow/internal/ControlFlowReachability.qll",
355+
"csharp/ql/src/semmle/code/csharp/dataflow/internal/rangeanalysis/ControlFlowReachability.qll"
356+
],
348357
"Inline Test Expectations": [
349358
"cpp/ql/test/TestUtilities/InlineExpectationsTest.qll",
350359
"python/ql/test/TestUtilities/InlineExpectationsTest.qll"
351360
],
361+
"C++ ExternalAPIs": [
362+
"cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll",
363+
"cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll"
364+
],
365+
"C++ SafeExternalAPIFunction": [
366+
"cpp/ql/src/Security/CWE/CWE-020/SafeExternalAPIFunction.qll",
367+
"cpp/ql/src/Security/CWE/CWE-020/ir/SafeExternalAPIFunction.qll"
368+
],
352369
"XML": [
353370
"cpp/ql/src/semmle/code/cpp/XML.qll",
354371
"csharp/ql/src/semmle/code/csharp/XML.qll",
@@ -400,5 +417,12 @@
400417
"java/ql/src/Metrics/Files/CommentedOutCodeReferences.qhelp",
401418
"javascript/ql/src/Comments/CommentedOutCodeReferences.qhelp",
402419
"python/ql/src/Lexical/CommentedOutCodeReferences.qhelp"
420+
],
421+
"IDE Contextual Queries": [
422+
"cpp/ql/src/IDEContextual.qll",
423+
"csharp/ql/src/IDEContextual.qll",
424+
"java/ql/src/IDEContextual.qll",
425+
"javascript/ql/src/IDEContextual.qll",
426+
"python/ql/src/analysis/IDEContextual.qll"
403427
]
404-
}
428+
}
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* The `cpp/wrong-type-format-argument` and `cpp/non-portable-printf` queries have been hardened so that they do not produce nonsensical results on databases that contain errors (specifically the `ErroneousType`).
Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* Two issues causing the 'Unused local variable' query (`cpp/unused-local-variable`) to produce false positive results have been fixed.
Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
lgtm,codescanning
2+
* `FormattingFunction.getOutputParameterIndex` now has a parameter identifying whether the output at that index is a buffer or a stream.
3+
* `FormattingFunction` now has a predicate `isOutputGlobal` indicating when the output is to a global stream.
4+
* The `primitiveVariadicFormatter` and `variadicFormatter` predicates have more parameters exposing information about the function.

0 commit comments

Comments
 (0)