Skip to content

Commit d2f15cd

Browse files
mbaludambaluda
authored
Merge branch 'main' into mbaluda/type_sanitizer
2 parents 8495980 + bd55222 commit d2f15cd

271 files changed

Lines changed: 8627 additions & 24564 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/actions/install-codeql/action.yml

Lines changed: 0 additions & 109 deletions
This file was deleted.

.github/actions/install-qlt/action.yml

Lines changed: 0 additions & 86 deletions
This file was deleted.

.github/codeql/codeql-config.yaml

Lines changed: 1 addition & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -2,12 +2,9 @@ name: "My CodeQL config"
22

33
queries:
44
- uses: security-extended
5-
# for ui5/cap queries
65
- uses: ./javascript/frameworks/ui5/src/codeql-suites/javascript-security-extended.qls
76
- uses: ./javascript/frameworks/cap/src/codeql-suites/javascript-security-extended.qls
7+
- uses: ./javascript/frameworks/xsjs/src/codeql-suites/javascript-security-extended.qls
88

9-
paths:
10-
- "**/*.xml"
11-
- "**/*.json"
129
paths-ignore:
1310
- "**/frameworks/*/test/models"

.github/workflows/code_scanning.yml

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,10 +12,10 @@ on:
1212

1313
env:
1414
LGTM_INDEX_XML_MODE: all
15-
LGTM_INDEX_FILTERS: "include:**/*.json"
15+
LGTM_INDEX_FILETYPES: ".json:JSON"
1616

1717
jobs:
18-
analyze:
18+
analyze-javascript:
1919
name: Analyze
2020
runs-on: 'ubuntu-latest'
2121
permissions:
@@ -55,12 +55,16 @@ jobs:
5555
-o "$cds_file.json"
5656
done
5757
58-
# Initializes the CodeQL tools for scanning.
58+
- name: Extract CodeQL bundle version from qlt.conf.json
59+
run: |
60+
echo "BUNDLE_VERSION=$(jq .CodeQLCLIBundle qlt.conf.json -r)" >> $GITHUB_ENV
61+
5962
- name: Initialize CodeQL
6063
uses: github/codeql-action/init@v3
6164
with:
6265
languages: javascript
6366
config-file: ./.github/codeql/codeql-config.yaml
67+
tools: https://github.com/github/codeql-action/releases/download/${{env.BUNDLE_VERSION}}/codeql-bundle-linux64.tar.gz
6468
debug: true
6569

6670
- name: Perform CodeQL Analysis

.github/workflows/javascript.sarif.expected

Lines changed: 1 addition & 23596 deletions
Large diffs are not rendered by default.

.github/workflows/run-codeql-unit-tests-javascript.yml

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -18,11 +18,11 @@ jobs:
1818
matrix: ${{ steps.export-unit-test-matrix.outputs.matrix }}
1919
steps:
2020
- name: Checkout repository
21-
uses: actions/checkout@v3
21+
uses: actions/checkout@v4
2222

2323
- name: Install QLT
2424
id: install-qlt
25-
uses: ./.github/actions/install-qlt
25+
uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
2626
with:
2727
qlt-version: 'latest'
2828
add-to-path: true
@@ -43,11 +43,11 @@ jobs:
4343

4444
steps:
4545
- name: Checkout repository
46-
uses: actions/checkout@v3
46+
uses: actions/checkout@v4
4747

4848
- name: Install QLT
4949
id: install-qlt
50-
uses: ./.github/actions/install-qlt
50+
uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
5151
with:
5252
qlt-version: 'latest'
5353
add-to-path: true
@@ -104,7 +104,7 @@ jobs:
104104
CODEQL_STDLIB_IDENT: ${{matrix.codeql_standard_library_ident}}
105105
RUNNER_TMP: ${{ runner.temp }}
106106
LGTM_INDEX_XML_MODE: all
107-
LGTM_INDEX_FILTERS: "include:**/*.json"
107+
LGTM_INDEX_FILETYPES: ".json:JSON"
108108

109109
shell: bash
110110
run: >
@@ -116,7 +116,7 @@ jobs:
116116
--work-dir $RUNNER_TMP
117117
118118
- name: Upload test results
119-
uses: actions/upload-artifact@v2
119+
uses: actions/upload-artifact@v4
120120
with:
121121
name: test-results-${{ runner.os }}-${{ matrix.codeql_cli }}-${{ matrix.codeql_standard_library_ident }}
122122
path: |
@@ -130,20 +130,21 @@ jobs:
130130
steps:
131131

132132
- name: Checkout repository
133-
uses: actions/checkout@v3
133+
uses: actions/checkout@v4
134134

135135
- name: Install QLT
136136
id: install-qlt
137-
uses: ./.github/actions/install-qlt
137+
uses: advanced-security/codeql-development-toolkit/.github/actions/install-qlt@main
138138
with:
139139
qlt-version: 'latest'
140140
add-to-path: true
141141

142142

143143
- name: Collect test results
144-
uses: actions/download-artifact@v2
144+
uses: actions/download-artifact@v4
145145

146146
- name: Validate test results
147147
run: |
148148
qlt test run validate-unit-tests --pretty-print --results-directory . >> $GITHUB_STEP_SUMMARY
149149
qlt test run validate-unit-tests --results-directory .
150+

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -69,3 +69,4 @@ tmp/
6969
.cache/
7070
**.testproj
7171
dbs
72+
*.cds.json

README.md

Lines changed: 5 additions & 38 deletions
Original file line numberDiff line numberDiff line change
@@ -1,38 +1,5 @@
1-
# SAP UI5 with CodeQL
2-
3-
CodeQL queries and supporting models for the SAP UI5 JavaScript framework
4-
5-
### Queries
6-
- [XSS](javascript/frameworks/UI5/src/UI5Xss/UI5Xss.ql)
7-
- [Log Injection](javascript/frameworks/UI5/src/UI5LogInjection/UI5LogInjection.ql)
8-
- [Clickjacking](javascript/frameworks/UI5/src/UI5Clickjacking/UI5Clickjacking.ql)
9-
10-
### Modeled UI5 framework elements
11-
- UI5 AMD-style components (also via jQuery)
12-
- MVC elements:
13-
- UI5 Controllers and Data Models (literal/external JSON models)
14-
- UI5 [declarative Views](DeclarativeApp.png) (XML/JSON/HTML/JS)
15-
- Library/custom UI5 Controls
16-
- Project naming conventions (e.g. Control-Renderer)
17-
- Source/Sink definition via [ModelAsData extensions](javascript/frameworks/UI5/ext/ui5-data-extensions.yml#L61-L97)
18-
- Controls inheritance via [ModelAsData extensions](javascript/frameworks/UI5/ext/ui5-data-extensions.yml#L42-L59)
19-
20-
### Supported Features with tests
21-
The following tables list the main supported features with corresponding test cases
22-
#### Detecting XSS and Log injection vulnerabilities
23-
|test | library controls | [MaD sources sinks](javascript/frameworks/UI5/ext/ui5-data-extensions.yml#L61-L97) | custom controls | UI5View | JS dataflow | HTML APIs | sanitizer | acc.path via handler |
24-
| - | :-: | :-: | :-: | :-: | :-: | :-: | :-: | :-: |
25-
| [xss-html-control](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/1033) | ✅︎ | ✅︎ | | XMLView |
26-
| [xss-custom-control-api1](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/1051)| ✅︎ | ✅︎ | ✅︎ | XMLView | | classic |
27-
| [xss-custom-control-api2](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/250)| ✅︎ | ✅︎ | ✅︎ | XMLView | | DOM |
28-
| [xss-json-view](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/247)<br/>[xss-html-view](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/245)<br/>[xss-js-view](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/246) | ✅︎ | ✅︎ | | JsonView<br/>HTMLView<br/>JSView |
29-
| [log-html-control-df](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/275) | ✅︎ | ✅︎ | |XMLView| ✅︎ |
30-
| [sanitized](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/277)| ✅︎ | ✅︎ | ✅︎ | XMLView | ✅︎ | DOM | ✅︎ |
31-
| [xss-event-handlers](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/335)| ✅︎ | ✅︎ | ✅︎ | XMLView | | | | ✅︎ |
32-
33-
#### Detecting Clickjacking vulnerabilities
34-
| test | secure | insecure frameOptions | missing frameOptions |
35-
| - | :-: | :-: | :-: |
36-
| [clickjacking-deny-all](javascript/frameworks/UI5/test/queries/UI5Clickjacking/clickjacking-deny-all/index.html#L10) | ✅︎ | |
37-
| [clickjacking-allow-all:l9](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/240)<br/>[clickjacking-allow-all:l28](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/241) | | ✅︎ |
38-
| [clickjacking-default-all](https://github.com/advanced-security/codeql-sap-js/security/code-scanning/330) | | | ✅︎ |
1+
# Overview
2+
[CodeQL](https://codeql.github.com/) models and queries for the SAP frameworks:
3+
- [CAP](javascript/frameworks/cap) (https://cap.cloud.sap/)
4+
- [UI5](javascript/frameworks/ui5) (https://sapui5.hana.ondemand.com/)
5+
- [XSJS](javascript/frameworks/xsjs) (https://www.npmjs.com/package/@sap/async-xsjs)

javascript/frameworks/cap/README.md

Lines changed: 15 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,15 @@
1+
# SAP CAP with CodeQL
2+
3+
CodeQL queries and supporting models for the SAP CAP JavaScript framework
4+
5+
### Queries
6+
- [CQL Injection](src/cqlinjection)
7+
- [Log Injection](src/loginjection)
8+
- [Sensitive Data Exposure](src/sensitive-exposure)
9+
- [Authentication Issues](src/bad-authn-authz)
10+
11+
### Modeled CAP framework elements
12+
- CQL (CAP Query Language) fluent API
13+
- CDS (Core Data Services) declarative service specification
14+
- Service composition API
15+
- Event handlers

javascript/frameworks/cap/ext/qlpack.yml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,9 +1,7 @@
11
---
22
library: true
33
name: advanced-security/javascript-sap-cap-models
4-
version: 0.2.0
4+
version: 0.3.0
55
extensionTargets:
6-
codeql/javascript-all: "^0.8.7"
7-
codeql/javascript-queries: "^0.8.7"
8-
dataExtensions:
9-
- "*.model.yml"
6+
codeql/javascript-all: "^1.1.1"
7+
codeql/javascript-queries: "^1.1.0"

0 commit comments

Comments
 (0)