hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Python : Add Xpath injection query

Browse Source 
This PR adds support for detecting XPATH injection in Python.
I have included the ql files as well as the tests with this.
This commit is contained in:
Porcupiney Hairs
2020-05-13 18:38:08 +05:30
parent 593d4c0f32
commit 8c5a97170d
14 changed files with 324 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
python/ql/test/query-tests/Security/lib/lxml/__init__.py Normal file
View File

37
python/ql/test/query-tests/Security/lib/lxml/etree/__init__.py Normal file
View File

@@ -0,0 +1,37 @@
class _ElementTree(object):
def xpath(self, _path, namespaces=None, extensions=None, smart_strings=True, **_variables):
pass
def xslt(self, _xslt, extensions=None, access_control=None, **_kw):
pass
class ETXPath(object):
def __init__(self, path, extensions=None, regexp=True, smart_strings=True):
pass
class XPath(object):
def __init__(self, path, namespaces=None, extensions=None, regexp=True, smart_strings=True):
pass
class XSLT(object):
def __init__(self, xslt_input, extensions=None, regexp=True, access_control=None):
pass
def parse(self, parser=None, base_url=None):
return _ElementTree()
def fromstring(self, text, parser=None, base_url=None):
pass
def fromstringlist(self, strings, parser=None):
pass
def XML(self, text, parser=None, base_url=None):
pass