Skip to content

Commit 1090164

Browse files
geoffw0geoffw0
committed
Merge branch 'main' into sourcemodels
2 parents bded708 + 93e7202 commit 1090164

File tree

65 files changed

+3931
-563
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

65 files changed

+3931
-563
lines changed

2024-11-25-ts57.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: majorAnalysis
3+
---
4+
* Added support for TypeScript 5.7.

cpp/ql/lib/semmle/code/cpp/models/Models.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -49,3 +49,4 @@ private import implementations.PostgreSql
4949
private import implementations.System
5050
private import implementations.StructuredExceptionHandling
5151
private import implementations.ZMQ
52+
private import implementations.Win32CommandExecution

cpp/ql/lib/semmle/code/cpp/models/implementations/Win32CommandExecution.qll

Lines changed: 56 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,56 @@
1+
private import semmle.code.cpp.models.interfaces.CommandExecution
2+
3+
/** The `ShellExecute` family of functions from Win32. */
4+
class ShellExecute extends Function {
5+
ShellExecute() { this.hasGlobalName("ShellExecute" + ["", "A", "W"]) }
6+
}
7+
8+
private class ShellExecuteModel extends ShellExecute, CommandExecutionFunction {
9+
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(2) }
10+
}
11+
12+
/** The `WinExec` function from Win32. */
13+
class WinExec extends Function {
14+
WinExec() { this.hasGlobalName("WinExec") }
15+
}
16+
17+
private class WinExecModel extends WinExec, CommandExecutionFunction {
18+
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(0) }
19+
}
20+
21+
/** The `CreateProcess` family of functions from Win32. */
22+
class CreateProcess extends Function {
23+
CreateProcess() { this.hasGlobalName("CreateProcess" + ["", "A", "W"]) }
24+
}
25+
26+
private class CreateProcessModel extends CreateProcess, CommandExecutionFunction {
27+
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(0) }
28+
}
29+
30+
/** The `CreateProcessAsUser` family of functions from Win32. */
31+
class CreateProcessAsUser extends Function {
32+
CreateProcessAsUser() { this.hasGlobalName("CreateProcessAsUser" + ["", "A", "W"]) }
33+
}
34+
35+
private class CreateProcessAsUserModel extends CreateProcessAsUser, CommandExecutionFunction {
36+
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(1) }
37+
}
38+
39+
/** The `CreateProcessWithLogonW` function from Win32. */
40+
class CreateProcessWithLogonW extends Function {
41+
CreateProcessWithLogonW() { this.hasGlobalName("CreateProcessWithLogonW") }
42+
}
43+
44+
private class CreateProcessWithLogonModel extends CreateProcessWithLogonW, CommandExecutionFunction {
45+
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(4) }
46+
}
47+
48+
/** The `CreateProcessWithTokenW` function from Win32. */
49+
class CreateProcessWithTokenW extends Function {
50+
CreateProcessWithTokenW() { this.hasGlobalName("CreateProcessWithTokenW") }
51+
}
52+
53+
private class CreateProcessWithTokenWModel extends CreateProcessWithTokenW, CommandExecutionFunction
54+
{
55+
override predicate hasCommandArgument(FunctionInput input) { input.isParameterDeref(2) }
56+
}

java/ql/lib/semmle/code/java/security/Encryption.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -247,7 +247,7 @@ string getASecureAlgorithmName() {
247247
result =
248248
[
249249
"RSA", "SHA-?256", "SHA-?512", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
250-
"Blowfish", "ECIES"
250+
"Blowfish", "ECIES", "SHA3-(256|384|512)"
251251
]
252252
}
253253

java/ql/src/change-notes/2024-11-22-sha3.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,4 @@
1+
---
2+
category: minorAnalysis
3+
---
4+
* Added SHA3 to the list of secure hashing algorithms. As a result the `java/potentially-weak-cryptographic-algorithm` query should no longer flag up uses of SHA3.

java/ql/test/query-tests/security/CWE-327/semmle/tests/WeakHashing.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,5 +25,8 @@ void hashing() throws NoSuchAlgorithmException, IOException {
2525

2626
// OK: Property does not exist and default is secure
2727
MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("hashAlg3", "SHA-256"));
28+
29+
// GOOD: Using a strong hashing algorithm
30+
MessageDigest ok3 = MessageDigest.getInstance("SHA3-512");
2831
}
29-
}
32+
}

javascript/extractor/lib/typescript/package-lock.json

Lines changed: 4 additions & 4 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

javascript/extractor/lib/typescript/package.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,7 +2,7 @@
22
"name": "typescript-parser-wrapper",
33
"private": true,
44
"dependencies": {
5-
"typescript": "5.6.2"
5+
"typescript": "^5.7.2"
66
},
77
"scripts": {
88
"build": "tsc --project tsconfig.json",

0 commit comments

Comments
 (0)