diff --git a/.codeqlversion b/.codeqlversion index 29690d10..28e81542 100644 --- a/.codeqlversion +++ b/.codeqlversion @@ -1 +1 @@ -2.24.3 +2.25.6 diff --git a/.release.yml b/.release.yml index 4fde080e..1497be2d 100644 --- a/.release.yml +++ b/.release.yml @@ -1,6 +1,6 @@ name: "CodeQL Community Packs" repository: "githubsecuritylab/codeql-community-packs" -version: "0.5.1" +version: "0.6.0" prerelease: false ecosystem: CodeQL diff --git a/cpp/lib/codeql-pack.lock.yml b/cpp/lib/codeql-pack.lock.yml index 51cf27b7..86c8018c 100644 --- a/cpp/lib/codeql-pack.lock.yml +++ b/cpp/lib/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/cpp-all: - version: 8.0.0 + version: 10.2.0 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/quantum: - version: 0.0.21 + version: 0.0.29 codeql/rangeanalysis: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typeflow: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/cpp/lib/qlpack.yml b/cpp/lib/qlpack.yml index e5b024e9..7ff345d9 100644 --- a/cpp/lib/qlpack.yml +++ b/cpp/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-cpp-libs -version: 0.5.1 +version: 0.6.0 dependencies: - codeql/cpp-all: '8.0.0' + codeql/cpp-all: '10.2.0' diff --git a/cpp/src/codeql-pack.lock.yml b/cpp/src/codeql-pack.lock.yml index 04bd0c8a..a8be7629 100644 --- a/cpp/src/codeql-pack.lock.yml +++ b/cpp/src/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/cpp-all: - version: 8.0.0 + version: 10.2.0 codeql/cpp-queries: - version: 1.5.12 + version: 1.6.4 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/quantum: - version: 0.0.21 + version: 0.0.29 codeql/rangeanalysis: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/suite-helpers: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typeflow: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/cpp/src/qlpack.yml b/cpp/src/qlpack.yml index 6bd94a7e..a2030787 100644 --- a/cpp/src/qlpack.yml +++ b/cpp/src/qlpack.yml @@ -1,9 +1,9 @@ library: false name: githubsecuritylab/codeql-cpp-queries -version: 0.5.1 +version: 0.6.0 suites: suites defaultSuiteFile: suites/cpp.qls dependencies: - codeql/cpp-all: '8.0.0' - codeql/cpp-queries: '1.5.12' + codeql/cpp-all: '10.2.0' + codeql/cpp-queries: '1.6.4' githubsecuritylab/codeql-cpp-libs: '*' diff --git a/cpp/test/codeql-pack.lock.yml b/cpp/test/codeql-pack.lock.yml index 04bd0c8a..a8be7629 100644 --- a/cpp/test/codeql-pack.lock.yml +++ b/cpp/test/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/cpp-all: - version: 8.0.0 + version: 10.2.0 codeql/cpp-queries: - version: 1.5.12 + version: 1.6.4 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/quantum: - version: 0.0.21 + version: 0.0.29 codeql/rangeanalysis: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/suite-helpers: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typeflow: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/cpp/test/qlpack.yml b/cpp/test/qlpack.yml index 48d70103..d5a15910 100644 --- a/cpp/test/qlpack.yml +++ b/cpp/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-cpp-tests groups: [cpp, test] dependencies: - codeql/cpp-all: '8.0.0' - codeql/cpp-queries: '1.5.12' + codeql/cpp-all: '10.2.0' + codeql/cpp-queries: '1.6.4' githubsecuritylab/codeql-cpp-queries: '*' githubsecuritylab/codeql-cpp-libs: '*' extractor: cpp diff --git a/csharp/ext-library-sources/qlpack.yml b/csharp/ext-library-sources/qlpack.yml index 0ca26cd1..5a606ed2 100644 --- a/csharp/ext-library-sources/qlpack.yml +++ b/csharp/ext-library-sources/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-csharp-library-sources -version: 0.5.1 +version: 0.6.0 extensionTargets: - codeql/csharp-all: '5.4.8' + codeql/csharp-all: '6.0.2' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/csharp/ext/qlpack.yml b/csharp/ext/qlpack.yml index 43867eb4..ab9b9b67 100644 --- a/csharp/ext/qlpack.yml +++ b/csharp/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-csharp-extensions -version: 0.5.1 +version: 0.6.0 extensionTargets: - codeql/csharp-all: '5.4.8' + codeql/csharp-all: '6.0.2' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/csharp/lib/codeql-pack.lock.yml b/csharp/lib/codeql-pack.lock.yml index 316713e2..66e94d4f 100644 --- a/csharp/lib/codeql-pack.lock.yml +++ b/csharp/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/csharp-all: - version: 5.4.8 + version: 6.0.2 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/csharp/lib/qlpack.yml b/csharp/lib/qlpack.yml index 824a274e..e1c32b80 100644 --- a/csharp/lib/qlpack.yml +++ b/csharp/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-csharp-libs -version: 0.5.1 +version: 0.6.0 dependencies: - codeql/csharp-all: "5.4.8" + codeql/csharp-all: "6.0.2" diff --git a/csharp/src/codeql-pack.lock.yml b/csharp/src/codeql-pack.lock.yml index 1955b2f0..d7d2a1b8 100644 --- a/csharp/src/codeql-pack.lock.yml +++ b/csharp/src/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/csharp-all: - version: 5.4.8 + version: 6.0.2 codeql/csharp-queries: - version: 1.6.3 + version: 1.7.4 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/suite-helpers: - version: 1.0.43 + version: 1.0.51 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/csharp/src/qlpack.yml b/csharp/src/qlpack.yml index de65fc6b..fdde8ef7 100644 --- a/csharp/src/qlpack.yml +++ b/csharp/src/qlpack.yml @@ -1,9 +1,9 @@ library: false name: githubsecuritylab/codeql-csharp-queries -version: 0.5.1 +version: 0.6.0 suites: suites defaultSuiteFile: suites/csharp.qls dependencies: - codeql/csharp-all: "5.4.8" - codeql/csharp-queries: "1.6.3" # Required for Dependencies.ql + codeql/csharp-all: "6.0.2" + codeql/csharp-queries: "1.7.4" # Required for Dependencies.ql githubsecuritylab/codeql-csharp-libs: "*" diff --git a/csharp/src/security/CWE-1004/CookieWithoutHttpOnly.ql b/csharp/src/security/CWE-1004/CookieWithoutHttpOnly.ql index 1195d950..01cfe013 100644 --- a/csharp/src/security/CWE-1004/CookieWithoutHttpOnly.ql +++ b/csharp/src/security/CWE-1004/CookieWithoutHttpOnly.ql @@ -21,7 +21,7 @@ import security.dataflow.flowsources.AuthCookie from Expr httpOnlySink where exists(Assignment a, Expr val | - httpOnlySink = a.getRValue() and + httpOnlySink = a.getRightOperand() and val.getValue() = "false" and ( exists(ObjectCreation oc | @@ -53,8 +53,8 @@ where MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions ) and pw.getProperty().getName() = "HttpOnly" and - a.getLValue() = pw and - DataFlow::localExprFlow(val, a.getRValue()) + a.getLeftOperand() = pw and + DataFlow::localExprFlow(val, a.getRightOperand()) ) ) ) diff --git a/csharp/src/security/CWE-614/CookieWithoutSecure.ql b/csharp/src/security/CWE-614/CookieWithoutSecure.ql index 2f99d000..61870a69 100644 --- a/csharp/src/security/CWE-614/CookieWithoutSecure.ql +++ b/csharp/src/security/CWE-614/CookieWithoutSecure.ql @@ -69,7 +69,7 @@ where ) or exists(Assignment a, Expr val | - secureSink = a.getRValue() and + secureSink = a.getRightOperand() and ( exists(ObjectCreation oc | getAValueForProp(oc, a, "Secure") = val and @@ -95,8 +95,8 @@ where MicrosoftAspNetCoreAuthenticationCookiesCookieAuthenticationOptions ) and pw.getProperty().getName() = "SecurePolicy" and - a.getLValue() = pw and - DataFlow::localExprFlow(val, a.getRValue()) and + a.getLeftOperand() = pw and + DataFlow::localExprFlow(val, a.getRightOperand()) and val.getValue() = "2" // None ) ) diff --git a/csharp/src/security/CWE-759/HashWithoutSalt.ql b/csharp/src/security/CWE-759/HashWithoutSalt.ql index ae055acc..277b2f87 100644 --- a/csharp/src/security/CWE-759/HashWithoutSalt.ql +++ b/csharp/src/security/CWE-759/HashWithoutSalt.ql @@ -180,10 +180,10 @@ module HashWithoutSaltConfig implements DataFlow::ConfigSig { or // a salt or key is included in subclasses of `KeyedHashAlgorithm` exists(MethodCall mc, Assignment a, ObjectCreation oc | - a.getRValue() = oc and + a.getRightOperand() = oc and oc.getObjectType().getABaseType+() instanceof KeyedHashAlgorithm and mc.getTarget() instanceof HashMethod and - a.getLValue() = mc.getQualifier().(VariableAccess).getTarget().getAnAccess() and + a.getLeftOperand() = mc.getQualifier().(VariableAccess).getTarget().getAnAccess() and mc.getArgument(0) = node.asExpr() ) } diff --git a/csharp/src/security/dataflow/flowsources/AuthCookie.qll b/csharp/src/security/dataflow/flowsources/AuthCookie.qll index 401944ad..a9a5ba55 100644 --- a/csharp/src/security/dataflow/flowsources/AuthCookie.qll +++ b/csharp/src/security/dataflow/flowsources/AuthCookie.qll @@ -91,20 +91,20 @@ Expr getAValueForCookiePolicyProp(string prop) { Expr getAValueForProp(ObjectCreation create, Assignment a, string prop) { // values set in object init exists(MemberInitializer init, Expr src, PropertyAccess pa | - a.getLValue() = pa and + a.getLeftOperand() = pa and pa.getTarget().hasName(prop) and init = create.getInitializer().(ObjectInitializer).getAMemberInitializer() and - init.getLValue() = pa and - DataFlow::localExprFlow(src, init.getRValue()) and + init.getLeftOperand() = pa and + DataFlow::localExprFlow(src, init.getRightOperand()) and result = src ) or // values set on var that create is assigned to exists(Expr src, PropertyAccess pa | - a.getLValue() = pa and + a.getLeftOperand() = pa and pa.getTarget().hasName(prop) and DataFlow::localExprFlow(create, pa.getQualifier()) and - DataFlow::localExprFlow(src, a.getRValue()) and + DataFlow::localExprFlow(src, a.getRightOperand()) and result = src ) } @@ -129,15 +129,15 @@ private module OnAppendCookieTrackingConfig impl exists(PropertyWrite pw, Assignment delegateAssign, Callable c | pw.getProperty().getName() = "OnAppendCookie" and pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreBuilderCookiePolicyOptions and - delegateAssign.getLValue() = pw and + delegateAssign.getLeftOperand() = pw and ( exists(LambdaExpr lambda | - delegateAssign.getRValue() = lambda and + delegateAssign.getRightOperand() = lambda and lambda = c ) or exists(DelegateCreation delegate | - delegateAssign.getRValue() = delegate and + delegateAssign.getRightOperand() = delegate and delegate.getArgument().(CallableAccess).getTarget() = c ) ) and @@ -149,9 +149,9 @@ private module OnAppendCookieTrackingConfig impl exists(PropertyWrite pw, Assignment a | pw.getProperty().getDeclaringType() instanceof MicrosoftAspNetCoreHttpCookieOptions and pw.getProperty().getName() = getPropertyName() and - a.getLValue() = pw and + a.getLeftOperand() = pw and exists(Expr val | - DataFlow::localExprFlow(val, a.getRValue()) and + DataFlow::localExprFlow(val, a.getRightOperand()) and val.getValue() = "true" ) and sink.asExpr() = pw.getQualifier() diff --git a/csharp/test/codeql-pack.lock.yml b/csharp/test/codeql-pack.lock.yml index 1955b2f0..d7d2a1b8 100644 --- a/csharp/test/codeql-pack.lock.yml +++ b/csharp/test/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/csharp-all: - version: 5.4.8 + version: 6.0.2 codeql/csharp-queries: - version: 1.6.3 + version: 1.7.4 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/suite-helpers: - version: 1.0.43 + version: 1.0.51 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/csharp/test/qlpack.yml b/csharp/test/qlpack.yml index ad8f44c2..ec26637b 100644 --- a/csharp/test/qlpack.yml +++ b/csharp/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-csharp-tests groups: [csharp, test] dependencies: - codeql/csharp-all: "5.4.8" - codeql/csharp-queries: "1.6.3" + codeql/csharp-all: "6.0.2" + codeql/csharp-queries: "1.7.4" githubsecuritylab/codeql-csharp-extensions: "*" githubsecuritylab/codeql-csharp-library-sources: "*" githubsecuritylab/codeql-csharp-libs: "*" diff --git a/csharp/test/security/CWE-759/HashWithoutSalt.expected b/csharp/test/security/CWE-759/HashWithoutSalt.expected index d381f419..93dc0119 100644 --- a/csharp/test/security/CWE-759/HashWithoutSalt.expected +++ b/csharp/test/security/CWE-759/HashWithoutSalt.expected @@ -1,6 +1,7 @@ #select | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | $@ is hashed without a salt. | HashWithoutSalt.cs:18:70:18:77 | access to parameter password | The password | | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:38:64:38:71 | access to parameter password | The password | +| HashWithoutSalt.cs:56:53:56:61 | access to local variable rawSalted | HashWithoutSalt.cs:46:64:46:71 | access to parameter password : String | HashWithoutSalt.cs:56:53:56:61 | access to local variable rawSalted | $@ is hashed without a salt. | HashWithoutSalt.cs:46:64:46:71 | access to parameter password | The password | | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | $@ is hashed without a salt. | HashWithoutSalt.cs:70:64:70:71 | access to parameter password | The password | edges | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | HashWithoutSalt.cs:20:49:20:56 | access to local variable passBuff | provenance | | @@ -8,12 +9,18 @@ edges | HashWithoutSalt.cs:18:70:18:77 | access to parameter password : String | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | provenance | Config | | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | provenance | | | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:38:16:38:24 | access to local variable passBytes : Byte[] | provenance | | -| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:1 | +| HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | provenance | MaD:2 | +| HashWithoutSalt.cs:46:16:46:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:51:9:51:17 | access to local variable passBytes : Byte[] | provenance | | +| HashWithoutSalt.cs:46:28:46:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:46:16:46:24 | access to local variable passBytes : Byte[] | provenance | | +| HashWithoutSalt.cs:46:64:46:71 | access to parameter password : String | HashWithoutSalt.cs:46:28:46:72 | call to method GetBytes : Byte[] | provenance | MaD:2 | +| HashWithoutSalt.cs:51:9:51:17 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:51:26:51:34 | [post] access to local variable rawSalted : Byte[] [element] : Object | provenance | MaD:1 | +| HashWithoutSalt.cs:51:26:51:34 | [post] access to local variable rawSalted : Byte[] [element] : Object | HashWithoutSalt.cs:56:53:56:61 | access to local variable rawSalted | provenance | | | HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | HashWithoutSalt.cs:71:48:71:56 | access to local variable passBytes | provenance | | | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | provenance | | -| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | MaD:1 | +| HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | provenance | MaD:2 | models -| 1 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual | +| 1 | Summary: System.Collections; ICollection; true; CopyTo; (System.Array,System.Int32); ; Argument[this].Element; Argument[0].Element; value; manual | +| 2 | Summary: System.Text; Encoding; true; GetBytes; (System.String); ; Argument[0]; ReturnValue; taint; manual | nodes | HashWithoutSalt.cs:18:17:18:24 | access to local variable passBuff : IBuffer | semmle.label | access to local variable passBuff : IBuffer | | HashWithoutSalt.cs:18:28:18:105 | call to method ConvertStringToBinary : IBuffer | semmle.label | call to method ConvertStringToBinary : IBuffer | @@ -23,6 +30,12 @@ nodes | HashWithoutSalt.cs:38:28:38:72 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] | | HashWithoutSalt.cs:38:64:38:71 | access to parameter password : String | semmle.label | access to parameter password : String | | HashWithoutSalt.cs:39:51:39:59 | access to local variable passBytes | semmle.label | access to local variable passBytes | +| HashWithoutSalt.cs:46:16:46:24 | access to local variable passBytes : Byte[] | semmle.label | access to local variable passBytes : Byte[] | +| HashWithoutSalt.cs:46:28:46:72 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] | +| HashWithoutSalt.cs:46:64:46:71 | access to parameter password : String | semmle.label | access to parameter password : String | +| HashWithoutSalt.cs:51:9:51:17 | access to local variable passBytes : Byte[] | semmle.label | access to local variable passBytes : Byte[] | +| HashWithoutSalt.cs:51:26:51:34 | [post] access to local variable rawSalted : Byte[] [element] : Object | semmle.label | [post] access to local variable rawSalted : Byte[] [element] : Object | +| HashWithoutSalt.cs:56:53:56:61 | access to local variable rawSalted | semmle.label | access to local variable rawSalted | | HashWithoutSalt.cs:70:16:70:24 | access to local variable passBytes : Byte[] | semmle.label | access to local variable passBytes : Byte[] | | HashWithoutSalt.cs:70:28:70:72 | call to method GetBytes : Byte[] | semmle.label | call to method GetBytes : Byte[] | | HashWithoutSalt.cs:70:64:70:71 | access to parameter password : String | semmle.label | access to parameter password : String | diff --git a/go/ext/qlpack.yml b/go/ext/qlpack.yml index dc2a9461..1fdb83be 100644 --- a/go/ext/qlpack.yml +++ b/go/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-go-extensions -version: 0.5.1 +version: 0.6.0 extensionTargets: - codeql/go-all: '7.0.1' + codeql/go-all: '7.1.2' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/go/lib/codeql-pack.lock.yml b/go/lib/codeql-pack.lock.yml index 213af3bc..baa24848 100644 --- a/go/lib/codeql-pack.lock.yml +++ b/go/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/go-all: - version: 7.0.1 + version: 7.1.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 compiled: false diff --git a/go/lib/qlpack.yml b/go/lib/qlpack.yml index 63f47960..9b21126b 100644 --- a/go/lib/qlpack.yml +++ b/go/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-go-libs -version: 0.5.1 +version: 0.6.0 dependencies: - codeql/go-all: '7.0.1' + codeql/go-all: '7.1.2' diff --git a/go/src/codeql-pack.lock.yml b/go/src/codeql-pack.lock.yml index 213af3bc..baa24848 100644 --- a/go/src/codeql-pack.lock.yml +++ b/go/src/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/go-all: - version: 7.0.1 + version: 7.1.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 compiled: false diff --git a/go/src/qlpack.yml b/go/src/qlpack.yml index 09e2284e..d462749b 100644 --- a/go/src/qlpack.yml +++ b/go/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-go-queries -version: 0.5.1 +version: 0.6.0 suites: suites defaultSuiteFile: suites/go.qls dependencies: - codeql/go-all: '7.0.1' + codeql/go-all: '7.1.2' githubsecuritylab/codeql-go-libs: '*' diff --git a/go/test/codeql-pack.lock.yml b/go/test/codeql-pack.lock.yml index 213af3bc..baa24848 100644 --- a/go/test/codeql-pack.lock.yml +++ b/go/test/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/go-all: - version: 7.0.1 + version: 7.1.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 compiled: false diff --git a/go/test/qlpack.yml b/go/test/qlpack.yml index 9c4f25f2..70b69ad1 100644 --- a/go/test/qlpack.yml +++ b/go/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecurtylab/codeql-go-tests groups: [go, test] dependencies: - codeql/go-all: '7.0.1' + codeql/go-all: '7.1.2' # codeql/go-queries: '*' githubsecuritylab/codeql-go-queries: '*' githubsecuritylab/codeql-go-libs: '*' diff --git a/go/test/security/CWE-078/cmdi.expected b/go/test/security/CWE-078/cmdi.expected index 93224d71..cdc0ead3 100644 --- a/go/test/security/CWE-078/cmdi.expected +++ b/go/test/security/CWE-078/cmdi.expected @@ -1,6 +1,6 @@ edges -| main.go:20:14:20:20 | selection of URL | main.go:20:14:20:28 | call to Query | provenance | Src:MaD:1925 MaD:1986 | -| main.go:20:14:20:28 | call to Query | main.go:27:22:27:28 | cmdName | provenance | Sink:MaD:1996 | +| main.go:20:14:20:20 | selection of URL | main.go:20:14:20:28 | call to Query | provenance | Src:MaD:1932 MaD:1993 | +| main.go:20:14:20:28 | call to Query | main.go:27:22:27:28 | cmdName | provenance | Sink:MaD:2003 | nodes | main.go:20:14:20:20 | selection of URL | semmle.label | selection of URL | | main.go:20:14:20:28 | call to Query | semmle.label | call to Query | diff --git a/java/ext-library-sources/qlpack.yml b/java/ext-library-sources/qlpack.yml index b9b2f58e..85592865 100644 --- a/java/ext-library-sources/qlpack.yml +++ b/java/ext-library-sources/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-java-library-sources -version: 0.5.1 +version: 0.6.0 extensionTargets: - codeql/java-all: '8.1.1' + codeql/java-all: '9.1.2' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/java/ext/qlpack.yml b/java/ext/qlpack.yml index 79c9fd93..23952823 100644 --- a/java/ext/qlpack.yml +++ b/java/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-java-extensions -version: 0.5.1 +version: 0.6.0 extensionTargets: - codeql/java-all: '8.1.1' + codeql/java-all: '9.1.2' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/java/lib/codeql-pack.lock.yml b/java/lib/codeql-pack.lock.yml index 27a0468d..f26fa1ca 100644 --- a/java/lib/codeql-pack.lock.yml +++ b/java/lib/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/java-all: - version: 8.1.1 + version: 9.1.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/quantum: - version: 0.0.21 + version: 0.0.29 codeql/rangeanalysis: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typeflow: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/java/lib/qlpack.yml b/java/lib/qlpack.yml index 168a599a..9d5a9236 100644 --- a/java/lib/qlpack.yml +++ b/java/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-java-libs -version: 0.5.1 +version: 0.6.0 dependencies: - codeql/java-all: '8.1.1' + codeql/java-all: '9.1.2' diff --git a/java/src/audit/CWE-079/XSSJSPLenient.ql b/java/src/audit/CWE-079/XSSJSPLenient.ql index cc87adf9..a88ac3f3 100644 --- a/java/src/audit/CWE-079/XSSJSPLenient.ql +++ b/java/src/audit/CWE-079/XSSJSPLenient.ql @@ -147,7 +147,7 @@ module LiteralConfig { module LiteralConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof StringLiteral } - predicate isSink(DataFlow::Node sink) { exists(ReturnStmt rs | rs.getResult() = sink.asExpr()) } + predicate isSink(DataFlow::Node sink) { exists(ReturnStmt rs | rs.getExpr() = sink.asExpr()) } } module LiteralFlow = TaintTracking::Global; @@ -172,7 +172,7 @@ class RedirectToJsp extends ReturnStmt { exists(DataFlow::Node strLit, DataFlow::Node retVal | strLit.asExpr().(StringLiteral).getValue().splitAt("/") + "_jsp.java" = jsp.getBaseName() | - retVal.asExpr() = this.getResult() and LiteralConfig::LiteralFlow::flow(strLit, retVal) + retVal.asExpr() = this.getExpr() and LiteralConfig::LiteralFlow::flow(strLit, retVal) ) } diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml index 27a0468d..f26fa1ca 100644 --- a/java/src/codeql-pack.lock.yml +++ b/java/src/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/java-all: - version: 8.1.1 + version: 9.1.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/quantum: - version: 0.0.21 + version: 0.0.29 codeql/rangeanalysis: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typeflow: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml index 3ac68ff1..6a349688 100644 --- a/java/src/qlpack.yml +++ b/java/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-java-queries -version: 0.5.1 +version: 0.6.0 suites: suites defaultSuiteFile: suites/java.qls dependencies: - codeql/java-all: '8.1.1' + codeql/java-all: '9.1.2' githubsecuritylab/codeql-java-libs: '*' diff --git a/java/src/security/CWE-079/XSSJSP.ql b/java/src/security/CWE-079/XSSJSP.ql index bf40203b..f625fa6f 100644 --- a/java/src/security/CWE-079/XSSJSP.ql +++ b/java/src/security/CWE-079/XSSJSP.ql @@ -64,7 +64,7 @@ module LiteralConfig { module LiteralConfig implements DataFlow::ConfigSig { predicate isSource(DataFlow::Node source) { source.asExpr() instanceof StringLiteral } - predicate isSink(DataFlow::Node sink) { exists(ReturnStmt rs | rs.getResult() = sink.asExpr()) } + predicate isSink(DataFlow::Node sink) { exists(ReturnStmt rs | rs.getExpr() = sink.asExpr()) } } module LiteralFlow = TaintTracking::Global; @@ -77,7 +77,7 @@ class RedirectToJsp extends ReturnStmt { exists(DataFlow::Node strLit, DataFlow::Node retVal | strLit.asExpr().(StringLiteral).getValue().splitAt("/") + "_jsp.java" = jsp.getBaseName() | - retVal.asExpr() = this.getResult() and LiteralConfig::LiteralFlow::flow(strLit, retVal) + retVal.asExpr() = this.getExpr() and LiteralConfig::LiteralFlow::flow(strLit, retVal) ) } diff --git a/java/src/security/CWE-094/SpringViewManipulationLib.qll b/java/src/security/CWE-094/SpringViewManipulationLib.qll index 0771db5e..eb009c7a 100644 --- a/java/src/security/CWE-094/SpringViewManipulationLib.qll +++ b/java/src/security/CWE-094/SpringViewManipulationLib.qll @@ -124,10 +124,10 @@ private class StringFormatMethod extends StringCombiningMethod { class SpringViewManipulationSink extends DataFlow::ExprNode { SpringViewManipulationSink() { exists(ReturnStmt r, SpringRequestMappingMethod m | - r.getResult() = this.asExpr() and + r.getExpr() = this.asExpr() and m.getBody().getAStmt() = r and not m.isResponseBody() and - r.getResult().getType() instanceof TypeString + r.getExpr().getType() instanceof TypeString ) or exists(ConstructorCall c | c.getConstructedType() instanceof ModelAndView | diff --git a/java/src/security/CWE-295/JxBrowserWithoutCertValidation.ql b/java/src/security/CWE-295/JxBrowserWithoutCertValidation.ql index c65af2eb..10995366 100644 --- a/java/src/security/CWE-295/JxBrowserWithoutCertValidation.ql +++ b/java/src/security/CWE-295/JxBrowserWithoutCertValidation.ql @@ -47,7 +47,7 @@ private class JxBrowserLoadHandler extends RefType { private predicate isOnCertificateErrorMethodSafe(Method m) { forex(ReturnStmt rs | rs.getEnclosingCallable() = m | - rs.getResult().(CompileTimeConstantExpr).getBooleanValue() = true + rs.getExpr().(CompileTimeConstantExpr).getBooleanValue() = true ) } diff --git a/java/src/security/CWE-470/LoadClassNoSignatureCheck.ql b/java/src/security/CWE-470/LoadClassNoSignatureCheck.ql index bbec0c77..573083b1 100644 --- a/java/src/security/CWE-470/LoadClassNoSignatureCheck.ql +++ b/java/src/security/CWE-470/LoadClassNoSignatureCheck.ql @@ -41,9 +41,9 @@ class CheckSignaturesGuard extends Guard instanceof EqualityTest { } predicate signatureChecked(Expr safe) { - exists(CheckSignaturesGuard g, SsaVariable v | - v.getAUse() = g.getCheckedExpr() and - safe = v.getAUse() and + exists(CheckSignaturesGuard g, SsaDefinition v | + v.getARead() = g.getCheckedExpr() and + safe = v.getARead() and g.controls(safe.getBasicBlock(), g.(EqualityTest).polarity()) ) } diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml index 27a0468d..f26fa1ca 100644 --- a/java/test/codeql-pack.lock.yml +++ b/java/test/codeql-pack.lock.yml @@ -2,31 +2,31 @@ lockVersion: 1.0.0 dependencies: codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/java-all: - version: 8.1.1 + version: 9.1.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/quantum: - version: 0.0.21 + version: 0.0.29 codeql/rangeanalysis: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typeflow: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/java/test/qlpack.yml b/java/test/qlpack.yml index 6f110187..aa5b6e4d 100644 --- a/java/test/qlpack.yml +++ b/java/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecurtylab/codeql-java-tests groups: [java, test] dependencies: - codeql/java-all: '8.1.1' + codeql/java-all: '9.1.2' githubsecuritylab/codeql-java-queries: '*' githubsecuritylab/codeql-java-libs: '*' githubsecuritylab/codeql-java-library-sources: '*' diff --git a/java/test/security/CWE-073/FilePathInjection.expected b/java/test/security/CWE-073/FilePathInjection.expected index 84860adb..39194f38 100644 --- a/java/test/security/CWE-073/FilePathInjection.expected +++ b/java/test/security/CWE-073/FilePathInjection.expected @@ -15,8 +15,8 @@ edges | FilePathInjection.java:209:24:209:31 | filePath : String | FilePathInjection.java:209:15:209:32 | new File(...) : File | provenance | MaD:6 | | FilePathInjection.java:217:19:217:22 | file : File | FilePathInjection.java:177:50:177:58 | file : File | provenance | | models -| 1 | Sink: java.io; File; true; exists; (); ; Argument[this]; path-injection; manual | -| 2 | Sink: java.io; FileInputStream; true; FileInputStream; (File); ; Argument[0]; path-injection; ai-manual | +| 1 | Sink: java.io; File; true; exists; (); ; Argument[this]; path-injection[read]; manual | +| 2 | Sink: java.io; FileInputStream; true; FileInputStream; (File); ; Argument[0]; path-injection[read]; ai-manual | | 3 | Sink: java.io; FileOutputStream; false; FileOutputStream; ; ; Argument[0]; path-injection; manual | | 4 | Source: com.jfinal.core; Controller; true; getPara; ; ; ReturnValue; remote; manual | | 5 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | diff --git a/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected b/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected index f6a11ac6..605aca10 100644 --- a/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected +++ b/java/test/security/CWE-295/jxbrowser-6.23.1/JxBrowserWithoutCertValidation.expected @@ -1,2 +1 @@ -WARNING: predicate 'getResult' has been deprecated and may be removed in future (JxBrowserWithoutCertValidation.ql:50,8-17) | JxBrowserWithoutCertValidationV6_23_1.java:17:27:17:39 | new Browser(...) | This JxBrowser instance may not check HTTPS certificates. | diff --git a/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected b/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected index d678610d..e69de29b 100644 --- a/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected +++ b/java/test/security/CWE-295/jxbrowser-6.24/JxBrowserWithoutCertValidation.expected @@ -1 +0,0 @@ -WARNING: predicate 'getResult' has been deprecated and may be removed in future (JxBrowserWithoutCertValidation.ql:50,8-17) diff --git a/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected b/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected index a7b053bb..67bde63c 100644 --- a/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected +++ b/java/test/security/CWE-470/LoadClassNoSignatureCheck.expected @@ -1,6 +1,3 @@ -WARNING: predicate 'getAUse' has been deprecated and may be removed in future (LoadClassNoSignatureCheck.ql:45,7-14) -WARNING: predicate 'getAUse' has been deprecated and may be removed in future (LoadClassNoSignatureCheck.ql:46,14-21) -WARNING: type 'SsaVariable' has been deprecated and may be removed in future (LoadClassNoSignatureCheck.ql:44,34-45) #select | BadClassLoader.java:18:37:18:47 | classLoader | BadClassLoader.java:15:42:16:75 | createPackageContext(...) : Context | BadClassLoader.java:18:37:18:47 | classLoader | Class loaded from a $@ without signature check | BadClassLoader.java:15:42:16:75 | createPackageContext(...) | third party library | edges diff --git a/javascript/lib/codeql-pack.lock.yml b/javascript/lib/codeql-pack.lock.yml index 8aba5a52..fd2051e9 100644 --- a/javascript/lib/codeql-pack.lock.yml +++ b/javascript/lib/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/javascript-all: - version: 2.6.23 + version: 2.7.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 codeql/yaml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/javascript/lib/qlpack.yml b/javascript/lib/qlpack.yml index 48511b45..d0ecf6f6 100644 --- a/javascript/lib/qlpack.yml +++ b/javascript/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-javascript-libs -version: 0.5.1 +version: 0.6.0 dependencies: - codeql/javascript-all: '2.6.23' + codeql/javascript-all: '2.7.2' diff --git a/javascript/src/codeql-pack.lock.yml b/javascript/src/codeql-pack.lock.yml index 8aba5a52..fd2051e9 100644 --- a/javascript/src/codeql-pack.lock.yml +++ b/javascript/src/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/javascript-all: - version: 2.6.23 + version: 2.7.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 codeql/yaml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/javascript/src/qlpack.yml b/javascript/src/qlpack.yml index 9b9cba44..44d0415e 100644 --- a/javascript/src/qlpack.yml +++ b/javascript/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-javascript-queries -version: 0.5.1 +version: 0.6.0 suites: suites defaultSuiteFile: suites/javascript.qls dependencies: - codeql/javascript-all: '2.6.23' + codeql/javascript-all: '2.7.2' githubsecuritylab/codeql-javascript-libs: '*' diff --git a/javascript/test/codeql-pack.lock.yml b/javascript/test/codeql-pack.lock.yml index 8aba5a52..fd2051e9 100644 --- a/javascript/test/codeql-pack.lock.yml +++ b/javascript/test/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/javascript-all: - version: 2.6.23 + version: 2.7.2 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 codeql/yaml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/javascript/test/qlpack.yml b/javascript/test/qlpack.yml index 57cdb7dc..c0ee3063 100644 --- a/javascript/test/qlpack.yml +++ b/javascript/test/qlpack.yml @@ -1,7 +1,7 @@ name: githubsecuritylab/codeql-javascript-tests groups: [javascript, test] dependencies: - codeql/javascript-all: "2.6.23" + codeql/javascript-all: "2.7.2" githubsecuritylab/codeql-javascript-queries: "*" extractor: javascript diff --git a/javascript/test/security/CWE-079/XSSReact.expected b/javascript/test/security/CWE-079/XSSReact.expected index adafef39..bd545e5d 100644 --- a/javascript/test/security/CWE-079/XSSReact.expected +++ b/javascript/test/security/CWE-079/XSSReact.expected @@ -1,16 +1,16 @@ edges -| app.jsx:12:11:12:27 | [query, setQuery] | app.jsx:12:11:16:6 | query | provenance | | -| app.jsx:12:11:16:6 | query | app.jsx:17:49:17:53 | query | provenance | | +| app.jsx:12:11:12:27 | [query, setQuery] | app.jsx:12:12:12:16 | query | provenance | | +| app.jsx:12:12:12:16 | query | app.jsx:17:49:17:53 | query | provenance | | | app.jsx:12:31:16:6 | useQuer ... \\n }) | app.jsx:12:11:12:27 | [query, setQuery] | provenance | | -| app.jsx:17:11:17:45 | { x: nu ... lters } | app.jsx:17:11:17:53 | searchQuery | provenance | | -| app.jsx:17:11:17:53 | searchQuery | app.jsx:26:52:26:62 | searchQuery | provenance | | +| app.jsx:17:11:17:45 | { x: nu ... lters } | app.jsx:17:24:17:34 | searchQuery | provenance | | +| app.jsx:17:24:17:34 | searchQuery | app.jsx:26:52:26:62 | searchQuery | provenance | | | app.jsx:17:49:17:53 | query | app.jsx:17:11:17:45 | { x: nu ... lters } | provenance | | nodes | app.jsx:12:11:12:27 | [query, setQuery] | semmle.label | [query, setQuery] | -| app.jsx:12:11:16:6 | query | semmle.label | query | +| app.jsx:12:12:12:16 | query | semmle.label | query | | app.jsx:12:31:16:6 | useQuer ... \\n }) | semmle.label | useQuer ... \\n }) | | app.jsx:17:11:17:45 | { x: nu ... lters } | semmle.label | { x: nu ... lters } | -| app.jsx:17:11:17:53 | searchQuery | semmle.label | searchQuery | +| app.jsx:17:24:17:34 | searchQuery | semmle.label | searchQuery | | app.jsx:17:49:17:53 | query | semmle.label | query | | app.jsx:26:52:26:62 | searchQuery | semmle.label | searchQuery | subpaths diff --git a/javascript/test/security/CWE-329/InsecureIV.expected b/javascript/test/security/CWE-329/InsecureIV.expected index 5cc47dd3..e8f770e3 100644 --- a/javascript/test/security/CWE-329/InsecureIV.expected +++ b/javascript/test/security/CWE-329/InsecureIV.expected @@ -1,20 +1,20 @@ edges -| examples/secure_iv_tainted.js:11:7:11:76 | randomIV | examples/secure_iv_tainted.js:14:54:14:61 | randomIV | provenance | | -| examples/secure_iv_tainted.js:11:7:11:76 | randomIV [ArrayElement] | examples/secure_iv_tainted.js:14:54:14:61 | randomIV | provenance | | +| examples/secure_iv_tainted.js:11:7:11:14 | randomIV | examples/secure_iv_tainted.js:14:54:14:61 | randomIV | provenance | | +| examples/secure_iv_tainted.js:11:7:11:14 | randomIV [ArrayElement] | examples/secure_iv_tainted.js:14:54:14:61 | randomIV | provenance | | | examples/secure_iv_tainted.js:11:18:11:58 | crypto. ... ase64') | examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) | provenance | | | examples/secure_iv_tainted.js:11:18:11:58 | crypto. ... ase64') | examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) [ArrayElement] | provenance | | -| examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) | examples/secure_iv_tainted.js:11:7:11:76 | randomIV | provenance | | -| examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) [ArrayElement] | examples/secure_iv_tainted.js:11:7:11:76 | randomIV [ArrayElement] | provenance | | -| examples/static_iv.js:11:7:11:34 | fixedIV | examples/static_iv.js:14:54:14:60 | fixedIV | provenance | | -| examples/static_iv.js:11:17:11:34 | "0123456789abcdef" | examples/static_iv.js:11:7:11:34 | fixedIV | provenance | | +| examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) | examples/secure_iv_tainted.js:11:7:11:14 | randomIV | provenance | | +| examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) [ArrayElement] | examples/secure_iv_tainted.js:11:7:11:14 | randomIV [ArrayElement] | provenance | | +| examples/static_iv.js:11:7:11:13 | fixedIV | examples/static_iv.js:14:54:14:60 | fixedIV | provenance | | +| examples/static_iv.js:11:17:11:34 | "0123456789abcdef" | examples/static_iv.js:11:7:11:13 | fixedIV | provenance | | nodes -| examples/secure_iv_tainted.js:11:7:11:76 | randomIV | semmle.label | randomIV | -| examples/secure_iv_tainted.js:11:7:11:76 | randomIV [ArrayElement] | semmle.label | randomIV [ArrayElement] | +| examples/secure_iv_tainted.js:11:7:11:14 | randomIV | semmle.label | randomIV | +| examples/secure_iv_tainted.js:11:7:11:14 | randomIV [ArrayElement] | semmle.label | randomIV [ArrayElement] | | examples/secure_iv_tainted.js:11:18:11:58 | crypto. ... ase64') | semmle.label | crypto. ... ase64') | | examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) | semmle.label | crypto. ... eysize) | | examples/secure_iv_tainted.js:11:18:11:76 | crypto. ... eysize) [ArrayElement] | semmle.label | crypto. ... eysize) [ArrayElement] | | examples/secure_iv_tainted.js:14:54:14:61 | randomIV | semmle.label | randomIV | -| examples/static_iv.js:11:7:11:34 | fixedIV | semmle.label | fixedIV | +| examples/static_iv.js:11:7:11:13 | fixedIV | semmle.label | fixedIV | | examples/static_iv.js:11:17:11:34 | "0123456789abcdef" | semmle.label | "0123456789abcdef" | | examples/static_iv.js:14:54:14:60 | fixedIV | semmle.label | fixedIV | subpaths diff --git a/python/ext/qlpack.yml b/python/ext/qlpack.yml index fa52a1a2..bd64d456 100644 --- a/python/ext/qlpack.yml +++ b/python/ext/qlpack.yml @@ -1,8 +1,8 @@ library: true name: githubsecuritylab/codeql-python-extensions -version: 0.5.1 +version: 0.6.0 extensionTargets: - codeql/python-all: '7.0.0' + codeql/python-all: '7.1.2' dataExtensions: - 'manual/*.yml' - 'manual/**/*.yml' diff --git a/python/lib/codeql-pack.lock.yml b/python/lib/codeql-pack.lock.yml index 95fc12fc..8a2a1ee0 100644 --- a/python/lib/codeql-pack.lock.yml +++ b/python/lib/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/python-all: - version: 7.0.0 + version: 7.1.2 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 codeql/yaml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/python/lib/qlpack.yml b/python/lib/qlpack.yml index a48fa63c..9a956f7b 100644 --- a/python/lib/qlpack.yml +++ b/python/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-python-libs -version: 0.5.1 +version: 0.6.0 dependencies: - codeql/python-all: '7.0.0' + codeql/python-all: '7.1.2' diff --git a/python/src/codeql-pack.lock.yml b/python/src/codeql-pack.lock.yml index 95fc12fc..8a2a1ee0 100644 --- a/python/src/codeql-pack.lock.yml +++ b/python/src/codeql-pack.lock.yml @@ -2,29 +2,29 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/python-all: - version: 7.0.0 + version: 7.1.2 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 codeql/yaml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/python/src/qlpack.yml b/python/src/qlpack.yml index 58f09b78..eb6543d6 100644 --- a/python/src/qlpack.yml +++ b/python/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-python-queries -version: 0.5.1 +version: 0.6.0 suites: suites defaultSuiteFile: suites/python.qls dependencies: - codeql/python-all: '7.0.0' + codeql/python-all: '7.1.2' githubsecuritylab/codeql-python-libs: '*' diff --git a/python/test/codeql-pack.lock.yml b/python/test/codeql-pack.lock.yml index 160978db..38c6d997 100644 --- a/python/test/codeql-pack.lock.yml +++ b/python/test/codeql-pack.lock.yml @@ -2,33 +2,33 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/python-all: - version: 7.0.0 + version: 7.1.2 codeql/python-queries: - version: 1.7.8 + version: 1.8.4 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/suite-helpers: - version: 1.0.43 + version: 1.0.51 codeql/threat-models: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 codeql/xml: - version: 1.0.43 + version: 1.0.51 codeql/yaml: - version: 1.0.43 + version: 1.0.51 compiled: false diff --git a/python/test/qlpack.yml b/python/test/qlpack.yml index 20705b7e..9899de86 100644 --- a/python/test/qlpack.yml +++ b/python/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-python-tests groups: [python, test] dependencies: - codeql/python-all: '7.0.0' - codeql/python-queries: '1.7.8' + codeql/python-all: '7.1.2' + codeql/python-queries: '1.8.4' githubsecuritylab/codeql-python-queries: '*' githubsecuritylab/codeql-python-libs: '*' extractor: python diff --git a/python/test/security/CWE-078/CommandInjectionLocal.expected b/python/test/security/CWE-078/CommandInjectionLocal.expected index 69b8b10f..bb5ec4f7 100644 --- a/python/test/security/CWE-078/CommandInjectionLocal.expected +++ b/python/test/security/CWE-078/CommandInjectionLocal.expected @@ -1,7 +1,7 @@ edges | cmdi.py:4:1:4:1 | ControlFlowNode for i | cmdi.py:7:17:7:17 | ControlFlowNode for i | provenance | | | cmdi.py:4:1:4:1 | ControlFlowNode for i | cmdi.py:9:17:9:30 | ControlFlowNode for Fstring | provenance | | -| cmdi.py:4:5:4:28 | ControlFlowNode for input() | cmdi.py:4:1:4:1 | ControlFlowNode for i | provenance | Src:MaD:20 | +| cmdi.py:4:5:4:28 | ControlFlowNode for input() | cmdi.py:4:1:4:1 | ControlFlowNode for i | provenance | Src:MaD:58 | | cmdi.py:14:1:14:2 | ControlFlowNode for e1 | cmdi.py:15:17:15:43 | ControlFlowNode for BinaryExpr | provenance | | | cmdi.py:14:6:14:29 | ControlFlowNode for Subscript | cmdi.py:14:1:14:2 | ControlFlowNode for e1 | provenance | | | cmdi.py:17:1:17:2 | ControlFlowNode for e2 | cmdi.py:18:17:18:43 | ControlFlowNode for BinaryExpr | provenance | | diff --git a/python/test/security/CWE-094/CodeInjectionLocal.expected b/python/test/security/CWE-094/CodeInjectionLocal.expected index 9c8857a2..6b4ef380 100644 --- a/python/test/security/CWE-094/CodeInjectionLocal.expected +++ b/python/test/security/CWE-094/CodeInjectionLocal.expected @@ -1,6 +1,6 @@ edges | codei.py:3:1:3:1 | ControlFlowNode for i | codei.py:6:6:6:6 | ControlFlowNode for i | provenance | | -| codei.py:3:5:3:28 | ControlFlowNode for input() | codei.py:3:1:3:1 | ControlFlowNode for i | provenance | Src:MaD:20 | +| codei.py:3:5:3:28 | ControlFlowNode for input() | codei.py:3:1:3:1 | ControlFlowNode for i | provenance | Src:MaD:58 | | codei.py:9:1:9:2 | ControlFlowNode for e1 | codei.py:10:6:10:7 | ControlFlowNode for e1 | provenance | | | codei.py:9:6:9:29 | ControlFlowNode for Subscript | codei.py:9:1:9:2 | ControlFlowNode for e1 | provenance | | | codei.py:12:1:12:2 | ControlFlowNode for e2 | codei.py:13:6:13:7 | ControlFlowNode for e2 | provenance | | diff --git a/python/test/security/CWE-502/UnsafeDeserializationLocal.expected b/python/test/security/CWE-502/UnsafeDeserializationLocal.expected index 1b1bbc7c..94749481 100644 --- a/python/test/security/CWE-502/UnsafeDeserializationLocal.expected +++ b/python/test/security/CWE-502/UnsafeDeserializationLocal.expected @@ -1,6 +1,6 @@ edges | unsafe.py:5:1:5:1 | ControlFlowNode for i | unsafe.py:7:14:7:14 | ControlFlowNode for i | provenance | | -| unsafe.py:5:5:5:11 | ControlFlowNode for input() | unsafe.py:5:1:5:1 | ControlFlowNode for i | provenance | Src:MaD:20 | +| unsafe.py:5:5:5:11 | ControlFlowNode for input() | unsafe.py:5:1:5:1 | ControlFlowNode for i | provenance | Src:MaD:58 | | unsafe.py:10:1:10:1 | ControlFlowNode for e | unsafe.py:12:14:12:14 | ControlFlowNode for e | provenance | | | unsafe.py:10:5:10:32 | ControlFlowNode for Attribute() | unsafe.py:10:1:10:1 | ControlFlowNode for e | provenance | | nodes diff --git a/ruby/lib/codeql-pack.lock.yml b/ruby/lib/codeql-pack.lock.yml index d30e1240..0a9ce166 100644 --- a/ruby/lib/codeql-pack.lock.yml +++ b/ruby/lib/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ruby-all: - version: 5.1.11 + version: 5.2.2 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 compiled: false diff --git a/ruby/lib/qlpack.yml b/ruby/lib/qlpack.yml index 7da5d721..7d51dd4c 100644 --- a/ruby/lib/qlpack.yml +++ b/ruby/lib/qlpack.yml @@ -1,5 +1,5 @@ library: true name: githubsecuritylab/codeql-ruby-libs -version: 0.5.1 +version: 0.6.0 dependencies: - codeql/ruby-all: '5.1.11' + codeql/ruby-all: '5.2.2' diff --git a/ruby/src/codeql-pack.lock.yml b/ruby/src/codeql-pack.lock.yml index d30e1240..0a9ce166 100644 --- a/ruby/src/codeql-pack.lock.yml +++ b/ruby/src/codeql-pack.lock.yml @@ -2,23 +2,23 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ruby-all: - version: 5.1.11 + version: 5.2.2 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 compiled: false diff --git a/ruby/src/qlpack.yml b/ruby/src/qlpack.yml index 66252c52..4feb6efd 100644 --- a/ruby/src/qlpack.yml +++ b/ruby/src/qlpack.yml @@ -1,8 +1,8 @@ library: false name: githubsecuritylab/codeql-ruby-queries -version: 0.5.1 +version: 0.6.0 suites: suites defaultSuiteFile: suites/ruby.qls dependencies: - codeql/ruby-all: '5.1.11' + codeql/ruby-all: '5.2.2' githubsecuritylab/codeql-ruby-libs: '*' diff --git a/ruby/test/codeql-pack.lock.yml b/ruby/test/codeql-pack.lock.yml index 0dfcc28d..f6d4383d 100644 --- a/ruby/test/codeql-pack.lock.yml +++ b/ruby/test/codeql-pack.lock.yml @@ -2,27 +2,27 @@ lockVersion: 1.0.0 dependencies: codeql/concepts: - version: 0.0.17 + version: 0.0.25 codeql/controlflow: - version: 2.0.27 + version: 2.0.35 codeql/dataflow: - version: 2.0.27 + version: 2.1.7 codeql/mad: - version: 1.0.43 + version: 1.0.51 codeql/regex: - version: 1.0.43 + version: 1.0.51 codeql/ruby-all: - version: 5.1.11 + version: 5.2.2 codeql/ruby-queries: - version: 1.5.8 + version: 1.6.4 codeql/ssa: - version: 2.0.19 + version: 2.0.27 codeql/suite-helpers: - version: 1.0.43 + version: 1.0.51 codeql/tutorial: - version: 1.0.43 + version: 1.0.51 codeql/typetracking: - version: 2.0.27 + version: 2.0.35 codeql/util: - version: 2.0.30 + version: 2.0.38 compiled: false diff --git a/ruby/test/qlpack.yml b/ruby/test/qlpack.yml index 9ed047b8..23eec656 100644 --- a/ruby/test/qlpack.yml +++ b/ruby/test/qlpack.yml @@ -1,8 +1,8 @@ name: githubsecurtylab/codeql-ruby-tests groups: [ruby, test] dependencies: - codeql/ruby-all: '5.1.11' - codeql/ruby-queries: '1.5.8' + codeql/ruby-all: '5.2.2' + codeql/ruby-queries: '1.6.4' githubsecuritylab/codeql-ruby-queries: '*' githubsecuritylab/codeql-ruby-libs: '*' extractor: ruby