10 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	9b73bbfc31	Python: Add keyword argument support ... and a fair bit of refactoring	2023-09-29 13:54:21 +02:00
Rasmus Lerchedahl Petersen	4ec8b3f02f	Python: Model map_reduce	2023-09-20 15:44:12 +02:00
Rasmus Lerchedahl Petersen	7c085ecc61	Python: Add test for map_reduce ... Also log requirement for old versions of `pymongo`	2023-09-20 15:23:18 +02:00
Rasmus Lerchedahl Petersen	30c37ca8cb	Python: model §accumulator ... also slightly rearrange the modelling	2023-09-19 22:21:14 +02:00
Rasmus Lerchedahl Petersen	5611bda7ee	Python: add test for $accumulator	2023-09-19 17:04:28 +02:00
Rasmus Lerchedahl Petersen	a063d7d510	Python: sinks -> decodings ... Query operators that interpret JavaScript are no longer considered sinks. Instead they are considered decodings and the output is the tainted dictionary. The state changes to `DictInput` to reflect that the user now controls a dangerous dictionary. This fixes the spurious result and moves the error reporting to a more logical place.	2023-09-11 16:33:20 +02:00
Rasmus Lerchedahl Petersen	d9f63e1ed3	Python: Split modelling of query operators ... `$where` and `$function` behave quite differently.	2023-09-11 15:54:00 +02:00
Rasmus Lerchedahl Petersen	154a36934d	Python: Add test for function	2023-09-11 14:49:03 +02:00
Rasmus Lerchedahl Petersen	c0b3245a53	Python: Enrich the NoSql concept ... This allows us to make more precise modelling The query tests now pass. I do wonder, if there is a cleaner approach, similar to `TaintedObject` in JavaScript. I want the option to get this query in the hands of the custumors before such an investigation, though.	2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen	114984bd8c	Python: Added tests based on security analysis ... currently we do not: - recognize the pattern `{'author': {"$eq": author}}` as protected - recognize arguements to `$where` (and friends) as vulnerable	2023-09-07 10:22:37 +02:00