Create matlab-scan.yml

.github/custom-queries/matlab/ Improper Input Handling.ql

@@ -0,0 +1,23 @@
+/**
+ * @name Improper input handling in mathematical operations
+ * @description Detects mathematical operations on untrusted inputs without proper validation or sanitization, leading to potential data integrity issues.
+ * @kind problem
+ * @problem.severity high
+ * @tags security, input-validation
+ */
+import javascript
+
+class ImproperInputInMathOp extends Expr {
+  ImproperInputInMathOp() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr mathOp |
+      mathOp.getSource() = this and
+      mathOp.toString().matches("(\\+|\\-|\\*|\\/|\\^|sqrt|log)%") and
+      not exists(Expr inputValidation |
+        inputValidation.getSource() = mathOp and inputValidation.toString().matches("(validate|sanitize)%"))
+    )
+  }
+}
+
+from ImproperInputInMathOp mathOp
+select mathOp, "Improper input handling in mathematical operations detected. Ensure inputs are validated or sanitized."

.github/custom-queries/matlab/ Improper Use of cd.ql

@@ -0,0 +1,23 @@
+/**
+ * @name Improper use of cd command
+ * @description Detects usage of `cd` to change directories without validating whether the directory exists, potentially leading to errors.
+ * @kind problem
+ * @problem.severity warning
+ * @tags security, directory-management
+ */
+import javascript
+
+class ImproperCdUsage extends Expr {
+  ImproperCdUsage() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr cdCall |
+      cdCall.getSource() = this and
+      cdCall.toString().matches("cd%") and
+      not exists(Expr check |
+        check.getSource() = cdCall and check.toString().matches("(exist|isdir)%"))
+    )
+  }
+}
+
+from ImproperCdUsage cdCall
+select cdCall, "Improper use of cd command without validating the directory path."

.github/custom-queries/matlab/ Unsafe Use of mkdir.ql

@@ -0,0 +1,23 @@
+/**
+ * @name Unsafe mkdir usage
+ * @description Detects the use of `mkdir` without checking for the directory's existence or permissions.
+ * @kind problem
+ * @problem.severity warning
+ * @tags security, resource-management
+ */
+import javascript
+
+class UnsafeMkdir extends Expr {
+  UnsafeMkdir() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr mkdirCall |
+      mkdirCall.getSource() = this and
+      mkdirCall.toString().matches("mkdir%") and
+      not exists(Expr check | 
+        check.getSource() = mkdirCall and check.toString().matches("(exist|isdir)%"))
+    )
+  }
+}
+
+from UnsafeMkdir mkdirCall
+select mkdirCall, "Unsafe use of mkdir without checking for directory existence or permissions."

.github/custom-queries/matlab/ Use of Deprecated Functions.ql

@@ -0,0 +1,21 @@
+/**
+ * @name Deprecated function usage
+ * @description Detects the use of deprecated functions in MATLAB, which might introduce vulnerabilities or break in future releases.
+ * @kind problem
+ * @problem.severity warning
+ * @tags security, deprecated
+ */
+import javascript
+
+class DeprecatedFunctionUsage extends Expr {
+  DeprecatedFunctionUsage() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr deprecatedCall |
+      deprecatedCall.getSource() = this and
+      deprecatedCall.toString().matches("(str2num|input|addpath)%")
+    )
+  }
+}
+
+from DeprecatedFunctionUsage deprecatedCall
+select deprecatedCall, "Deprecated function usage detected. Consider updating to supported alternatives."

.github/custom-queries/matlab/Hardcoded Credentials.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Hardcoded credentials
+ * @description Detects potential hardcoded credentials, such as passwords or API keys, in MATLAB scripts.
+ * @kind problem
+ * @problem.severity critical
+ * @tags security, hardcoded-credentials
+ */
+
+import javascript
+
+class MatlabHardcodedCredentials extends Expr {
+  MatlabHardcodedCredentials() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr hardcoded |
+      hardcoded.getSource() = this and
+      hardcoded.toString().matches("(password|passwd|apiKey|secret|token)\\s*=\\s*['\"]\\w+['\"]")
+    )
+  }
+}
+
+from MatlabHardcodedCredentials hardcoded
+select hardcoded, "Potential hardcoded credentials detected in MATLAB code."

.github/custom-queries/matlab/Hardcoded IP Address.ql

@@ -0,0 +1,21 @@
+/**
+ * @name Hardcoded IP address
+ * @description Detects hardcoded IP addresses in the MATLAB code, which could indicate potential misconfigurations or security vulnerabilities.
+ * @kind problem
+ * @problem.severity medium
+ * @tags security, misconfiguration
+ */
+import javascript
+
+class HardcodedIP extends Expr {
+  HardcodedIP() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr ipAddress |
+      ipAddress.getSource() = this and
+      ipAddress.toString().matches("(\\d{1,3}\\.){3}\\d{1,3}")
+    )
+  }
+}
+
+from HardcodedIP ipAddress
+select ipAddress, "Hardcoded IP address detected, consider using configuration files instead."

.github/custom-queries/matlab/Improper Use of pause Function.ql

@@ -0,0 +1,23 @@
+/**
+ * @name Improper use of pause function
+ * @description Detects improper usage of the `pause` function, which can lead to inefficient code execution or resource misuse.
+ * @kind problem
+ * @problem.severity medium
+ * @tags security, resource-management
+ */
+import javascript
+
+class ImproperPauseUsage extends Expr {
+  ImproperPauseUsage() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr pauseCall |
+      pauseCall.getSource() = this and
+      pauseCall.toString().matches("pause%") and
+      not exists(Expr timingCheck |
+        timingCheck.getSource() = pauseCall and timingCheck.toString().matches("(check|validate)%"))
+    )
+  }
+}
+
+from ImproperPauseUsage pauseCall
+select pauseCall, "Improper use of the pause function detected, which could lead to resource misuse or inefficient code execution."

.github/custom-queries/matlab/Improper Use of rmdir.ql

@@ -0,0 +1,23 @@
+/**
+ * @name Improper rmdir usage
+ * @description Detects `rmdir` calls without error handling or validation.
+ * @kind problem
+ * @problem.severity high
+ * @tags security, resource-management
+ */
+import javascript
+
+class ImproperRmdir extends Expr {
+  ImproperRmdir() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr rmdirCall |
+      rmdirCall.getSource() = this and
+      rmdirCall.toString().matches("rmdir%") and
+      not exists(Expr errorCheck | 
+        errorCheck.getSource() = rmdirCall and errorCheck.toString().matches("(exist|isdir)%"))
+    )
+  }
+}
+
+from ImproperRmdir rmdirCall
+select rmdirCall, "Improper use of rmdir without error handling or path validation."

.github/custom-queries/matlab/Improper fclose() After fopen().ql

@@ -0,0 +1,15 @@
+/**
+ * @name Missing fclose after fopen
+ * @description Detects cases where a file is opened but not closed, leading to resource leaks.
+ * @kind problem
+ * @problem.severity warning
+ * @tags security, resource-leak
+ */
+import javascript
+
+class MatlabMissingFclose extends Expr {
+  MatlabMissingFclose() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr fopenCall |
+      fopenCall.getSource() = this and
+      fopenCall.toString().

.github/custom-queries/matlab/Insecure File Permission.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Insecure file permissions
+ * @description Detects insecure file permission changes through `chmod` or `chown` commands.
+ * @kind problem
+ * @problem.severity high
+ * @tags security, file-permissions
+ */
+
+import javascript
+
+class MatlabInsecureFilePermissions extends Expr {
+  MatlabInsecureFilePermissions() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr permCall |
+      permCall.getSource() = this and
+      permCall.toString().matches("(chmod|chown)%")
+    )
+  }
+}
+
+from MatlabInsecureFilePermissions permCall
+select permCall, "Insecure file permission changes detected, review chmod/chown usage."

.github/custom-queries/matlab/Insecure Random Number Generation.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Insecure random number generation
+ * @description Detects usage of non-cryptographically secure random number generators like `rand` and `randi`.
+ * @kind problem
+ * @problem.severity warning
+ * @tags security, crypto
+ */
+
+import javascript
+
+class MatlabInsecureRandUsage extends Expr {
+  MatlabInsecureRandUsage() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr randCall |
+      randCall.getSource() = this and
+      randCall.toString().matches("rand%")
+    )
+  }
+}
+
+from MatlabInsecureRandUsage randCall
+select randCall, "Insecure random number generator used (rand or randi), consider using a secure alternative."

.github/custom-queries/matlab/Insecure Usage of save Function.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Insecure save function usage
+ * @description Detects insecure usage of the `save` function without specifying version or compression, leading to data risks.
+ * @kind problem
+ * @problem.severity warning
+ * @tags security, data-integrity
+ */
+import javascript
+
+class InsecureSaveFunction extends Expr {
+  InsecureSaveFunction() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr saveCall |
+      saveCall.getSource() = this and
+      saveCall.toString().matches("save%") and
+      not saveCall.toString().matches("-v7\\.3%")
+    )
+  }
+}
+
+from InsecureSaveFunction saveCall
+select saveCall, "Insecure save function usage detected, consider using '-v7.3' for better data integrity."

.github/custom-queries/matlab/Insecure Use of eval Function.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Insecure use of eval
+ * @description Detects insecure usage of the `eval` function, which can lead to code injection vulnerabilities.
+ * @kind problem
+ * @problem.severity critical
+ * @tags security, code-injection
+ */
+
+import javascript
+
+class MatlabInsecureEvalUsage extends Expr {
+  MatlabInsecureEvalUsage() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr evalCall |
+      evalCall.getSource() = this and
+      evalCall.toString().matches("eval%")
+    )
+  }
+}
+
+from MatlabInsecureEvalUsage evalCall
+select evalCall, "Insecure use of eval function, consider alternatives or validate input."

.github/custom-queries/matlab/Insecure Use of urlread or webread Without TLS.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Insecure URL access without TLS
+ * @description Detects `urlread` or `webread` function usage for URLs that don't enforce HTTPS, which can lead to insecure communication.
+ * @kind problem
+ * @problem.severity high
+ * @tags security, communication
+ */
+import javascript
+
+class InsecureURLAccess extends Expr {
+  InsecureURLAccess() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr urlReadCall |
+      urlReadCall.getSource() = this and
+      urlReadCall.toString().matches("(urlread|webread)%") and
+      not urlReadCall.toString().matches("https%")
+    )
+  }
+}
+
+from InsecureURLAccess urlReadCall
+select urlReadCall, "Insecure URL access detected, consider enforcing HTTPS."

.github/custom-queries/matlab/Insecure load Function.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Insecure use of load function
+ * @description Detects use of the `load` function without specifying the file format, which can lead to security risks.
+ * @kind problem
+ * @problem.severity medium
+ * @tags security, data-integrity
+ */
+import javascript
+
+class InsecureLoadUsage extends Expr {
+  InsecureLoadUsage() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr loadCall |
+      loadCall.getSource() = this and
+      loadCall.toString().matches("load%") and
+      not loadCall.toString().matches("-ascii|-mat")
+    )
+  }
+}
+
+from InsecureLoadUsage loadCall
+select loadCall, "Insecure use of the load function detected. Specify the file format to ensure data integrity."

.github/custom-queries/matlab/Potential Buffer Overflow via fscanf.ql

@@ -0,0 +1,24 @@
+/**
+ * @name Potential buffer overflow in fscanf
+ * @description Detects potential buffer overflow vulnerabilities when using `fscanf` without checking input size.
+ * @kind problem
+ * @problem.severity critical
+ * @tags security, buffer-overflow
+ */
+import javascript
+
+class BufferOverflowFscanf extends Expr {
+  BufferOverflowFscanf() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr fscanfCall |
+      fscanfCall.getSource() = this and
+      fscanfCall.toString().matches("fscanf%") and
+      not exists(Expr sizeCheck | 
+        sizeCheck.getSource() = fscanfCall and
+        sizeCheck.toString().matches("(size|length)%"))
+    )
+  }
+}
+
+from BufferOverflowFscanf fscanfCall
+select fscanfCall, "Potential buffer overflow detected in fscanf usage without input size validation."

.github/custom-queries/matlab/Unchecked System() command.ql

@@ -0,0 +1,24 @@
+/**
+ * @name Unchecked system command execution
+ * @description Detects `system()` function usage with untrusted inputs, which can lead to command injection vulnerabilities.
+ * @kind problem
+ * @problem.severity critical
+ * @tags security, command-injection
+ */
+import javascript
+
+class UncheckedSystemCommand extends Expr {
+  UncheckedSystemCommand() {
+    this.getFile().getName().endsWith(".m") and
+    exists(Expr systemCall |
+      systemCall.getSource() = this and
+      systemCall.toString().matches("system%") and
+      not exists(Expr validation |
+        validation.getSource() = systemCall and
+        validation.toString().matches("(validate|sanitize)%"))
+    )
+  }
+}
+
+from UncheckedSystemCommand systemCall
+select systemCall, "Unchecked system command execution detected. Ensure input is properly validated or sanitized."