codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00

Author	SHA1	Message	Date
Erik Krogh Kristensen	dc38aa8a96	add support for the Method[name] token	2022-05-02 12:50:29 +02:00
Erik Krogh Kristensen	ea01bcf5ec	have the Instance token be an alias for Subclass.ReturnValue	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	46acce0ad4	add support for the Subclass token	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	a02e812de8	add test for the Instance token	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	682cab3737	add test for awaited	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	48408ca45d	Add TODO list	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	8d60336396	add tests for callsite filters	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	20992af037	add test for parameter syntax	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	35b143a1a5	add tests for argument syntax	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	86a9bc6aca	add test for keyword arguments	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	d4b882519a	convert most of the asyncpg model to MaD	2022-05-02 12:45:21 +02:00
Erik Krogh Kristensen	1c2c9159a9	initial MaD implementation for Python	2022-05-02 12:45:19 +02:00
Rasmus Wriedt Larsen	5f01fc24e4	Merge branch 'main' into promote-xxe	2022-05-02 11:25:55 +02:00
Rasmus Wriedt Larsen	650d57083b	Python: Recognize path arguments to pathlib methods	2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen	bcaba45202	Python: Expand pathlib tests	2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen	059dea713d	Python: Fix `os.path.samefile` modeling	2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen	c87b3087be	Python: Add test for Django FileField upload_to The output from running the test script is: ``` 'rootdir/bar' [13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2 'rootdir/bar' [13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2 'rootdir/foo%2fbar' [13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2 'rootdir/%2e%2e%2fbar' [13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2 'rootdir/foo%c0%afbar' [13/Apr/2022 09:20:36] "POST /app/file-test/ HTTP/1.1" 200 2 ``` I didn't add a `.py` extension, so it wasn't extracted, since we don't actually care about what we model in that file.	2022-04-13 11:27:18 +02:00
Rasmus Wriedt Larsen	304713ca87	Python: Handle django v4 as well in tests	2022-04-13 11:21:44 +02:00
Rasmus Wriedt Larsen	4927f0018b	Merge branch 'main' into django-filefield-uploadto	2022-04-13 10:22:28 +02:00
Rasmus Wriedt Larsen	7728b6cf1b	Python: Change XmlBomb vulnerability kind	2022-04-07 10:56:35 +02:00
Rasmus Wriedt Larsen	23637fd691	Merge branch 'main' into promote-xxe	2022-04-06 12:56:31 +02:00
Rasmus Wriedt Larsen	b4c0065aeb	Python: Extend FileSystemAccess for `xml.sax` and `xml.dom.*` parsing	2022-03-31 18:08:47 +02:00
Rasmus Wriedt Larsen	e11269715d	Python: Promote `xml.sax` and `xml.dom.*` modeling	2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen	05bb0ef976	Python: Align `xml.etree.ElementTree` modeling I didn't find a good way to actually share the stuff, so we kinda just have 2 things that look very similar :\|	2022-03-31 17:24:16 +02:00
Rasmus Wriedt Larsen	db43d043c4	Python: Add test showing misalignment of xml.etree modeling	2022-03-31 11:55:46 +02:00
Rasmus Wriedt Larsen	543454eff2	Python: Model file access from XML parsing	2022-03-31 11:47:29 +02:00
Rasmus Wriedt Larsen	386ff53614	Python: Model `lxml.iterparse`	2022-03-31 11:32:22 +02:00
Rasmus Wriedt Larsen	12cbdcde28	Python: Model `lxml.etree.XMLID`	2022-03-31 11:21:24 +02:00
Rasmus Wriedt Larsen	64aa503cc3	Python: Promote `xml.etree` modeling	2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen	7f5f7679f8	Python: Promote `xmltodict` modeling	2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen	80b5cde3a2	Python: Promote lxml parsing modeling	2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen	c4473c5f65	Python: Rename lxml XPath tests	2022-03-31 10:08:02 +02:00
Rasmus Wriedt Larsen	769f5691d0	Python: Add taint for `StringIO` and `BytesIO`	2022-03-31 09:52:54 +02:00
Sebastian Bauersfeld	a3c3a7fe0d	Python: Identify alternative body argument in invocations of Response constructor.	2022-03-30 19:34:54 +07:00
Rasmus Lerchedahl Petersen	1e9840d779	python: broaden local protection concept	2022-03-25 12:28:33 +01:00
Rasmus Lerchedahl Petersen	6c2449564a	python: add concept tests	2022-03-23 12:05:09 +01:00
Rasmus Lerchedahl Petersen	0f2c21c8bd	python: require local protection to be absent for CSRF to be likely	2022-03-22 13:42:52 +01:00
Rasmus Wriedt Larsen	ae1ba11d57	Merge branch 'main' into orm	2022-03-16 11:23:14 +01:00
Rasmus Wriedt Larsen	461e2f3663	Python: Apply suggestions from code review Co-authored-by: yoff <lerchedahl@gmail.com>	2022-03-16 10:43:20 +01:00
haby0	7e6666bc63	Merge branch 'main' into py/add-ssrf-sinks	2022-03-07 12:09:14 +08:00
Rasmus Wriedt Larsen	f620e2599d	Merge branch 'main' into py/add-ssrf-sinks	2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen	02a97b08bb	Python: Move `urllib` and `urllib2` to be part of stdlib modeling	2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen	c65839bb77	Python: improve urllib3 modeling	2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen	7d6d8be179	Python: Fix httpx modeling	2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen	40feb1fb8d	Python: SPURIOUS results for httpx	2022-03-04 11:03:32 +01:00
yoff	d0a393e8d1	Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-03-04 10:56:53 +01:00
Rasmus Lerchedahl Petersen	143e9ee954	Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection	2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen	80be767a7a	python: implement stdlib xpath support	2022-03-02 12:59:34 +01:00
Rasmus Lerchedahl Petersen	06e0f140c5	python: add tests for stdlib xpath	2022-03-02 12:58:37 +01:00
Rasmus Wriedt Larsen	27d5349a74	Python: ORM: Remove imports from test code These are no longer needed, as data-flow now has this import by default	2022-03-01 15:39:52 +01:00

... 5 6 7 8 9 ...

620 Commits