hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

3912 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
30c37ca8cb Python: model §accumulator 
also slightly rearrange the modelling
 2023-09-19 22:21:14 +02:00
Rasmus Lerchedahl Petersen
5611bda7ee Python: add test for $accumulator 2023-09-19 17:04:28 +02:00
Maiky
6d0ba5f97b Add allow_pickle to tests 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-09-17 18:53:18 +02:00
Erik Krogh Kristensen
cd5973764b Merge pull request #14112 from erik-krogh/pyAllowedHosts 
Py: add sanitizer guard for `url_has_allowed_host_and_scheme`
 2023-09-13 12:59:38 +02:00
Tom Hvitved
d3558f8579 Python: Update expected test output 2023-09-12 21:18:31 +02:00
Rasmus Lerchedahl Petersen
a063d7d510 Python: sinks -> decodings 
Query operators that interpret JavaScript
are no longer considered sinks.
Instead they are considered decodings
and the output is the tainted dictionary.
The state changes to `DictInput` to reflect
that the user now controls a dangerous dictionary.

This fixes the spurious result and moves the error reporting
to a more logical place.
 2023-09-11 16:33:20 +02:00
Rasmus Lerchedahl Petersen
d9f63e1ed3 Python: Split modelling of query operators 
`$where` and `$function` behave quite differently.
 2023-09-11 15:54:00 +02:00
Rasmus Lerchedahl Petersen
154a36934d Python: Add test for function 2023-09-11 14:49:03 +02:00
Rasmus Lerchedahl Petersen
d91cd21204 Python: rename file 2023-09-08 13:37:54 +02:00
Rasmus Lerchedahl Petersen
b07d085157 Python: make test PoC a proper package 2023-09-07 15:04:27 +02:00
Rasmus Lerchedahl Petersen
970e881697 Python: Follow naming convention 2023-09-07 15:03:51 +02:00
Rasmus Lerchedahl Petersen
f253f9797f Python: update test expectations 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
c0b3245a53 Python: Enrich the NoSql concept 
This allows us to make more precise modelling
The query tests now pass.
I do wonder, if there is a cleaner approach, similar to
`TaintedObject` in JavaScript. I want the option to
get this query in the hands of the custumors before
such an investigation, though.
 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
114984bd8c Python: Added tests based on security analysis 
currently we do not:
- recognize the pattern
   `{'author': {"$eq": author}}` as protected
- recognize arguements to `$where` (and friends)
   as vulnerable
 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
bf8bfd91cd Python: Add inline query test 2023-09-07 10:22:30 +02:00
Rasmus Lerchedahl Petersen
19046ea417 Python: more renames 2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen
55707d395e Python: Make things compile in their new location 
- Move NoSQL concepts to the non-experimental concepts file
- fix references
 2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen
60dc1afbc0 Python: prepare to promote NoSqlInjection 
Mostly move files, preserving authourship.
This will not compile.
 2023-09-07 09:28:29 +02:00
Peter Stöckli
7aa5d2dc8a Python: move asyncio CMDi related tests to stdlib tests 2023-09-06 16:54:18 +02:00
Peter Stöckli
8c4dccc81b Python: initial support for CMDi via asyncio 2023-09-05 15:33:29 +02:00
Rasmus Wriedt Larsen
49f5d38956 Merge pull request #14068 from RasmusWL/dataflow-config-refactor 
Python: Use new dataflow API
 2023-09-04 21:04:10 +02:00
yoff
da64ea40b9 Merge pull request #13782 from jorgectf/jorgectf/shlex-quote 
Python: Add `shlex.quote` as `py/shell-command-constructed-from-input` sanitizer
 2023-08-31 21:08:58 +02:00
erik-krogh
8dad4950a9 add sanitizer guard for url_has_allowed_host_and_scheme 2023-08-31 13:48:42 +02:00
erik-krogh
d4bc6e434a add test with false positive 2023-08-31 13:40:47 +02:00
Tom Hvitved
253f932d2a Python: Use data flow consistency checks from shared pack 2023-08-30 15:29:41 +02:00
Rasmus Wriedt Larsen
62c2316124 Merge pull request #14084 from RasmusWL/flask-jsonify 
Python: Remove XSS FP from use of `flask.jsonify`
 2023-08-30 13:07:54 +02:00
yoff
ae4c76c788 Merge pull request #13975 from yoff/python/parsemodechars-not-chars 2023-08-29 14:05:57 +02:00
Rasmus Wriedt Larsen
0b2458d065 Python: Improve modeling of Flask jsonify 
I also tested whether `Flask.jsonify` or `Flask().jsonify` worked, but
they do not.
 2023-08-29 11:11:32 +02:00
Rasmus Wriedt Larsen
26319bfc04 Python: Fix Flask jsonify XSS regression 
The reason the result was found before, is that `jsonify(data)` was
modeled as TWO separate subclasses of `Http::Server::HttpResponse`, one
because of the implicit construction in return
(FlaskRouteHandlerReturn), and one from the `jsonify` call
(FlaskJsonifyCall). Due to the QL evaluation, we got a combination from
the two, meaning mime-type from FlaskRouteHandlerReturn and body from
FlaskJsonifyCall...
 2023-08-29 11:11:32 +02:00
Rasmus Wriedt Larsen
b36fd9fdab Python: Add jsonify XSS regression example 2023-08-29 10:38:49 +02:00
Rasmus Wriedt Larsen
ce6335866b Python: Move ModificationOfParameterWithDefault to new dataflow API 2023-08-28 16:19:47 +02:00
Rasmus Wriedt Larsen
c665c21d83 Python: More style-guide renaming 
Split it into multiple commits to make it easier to review.
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
5ba8e102eb Python: Adopt tests to new DataflowQueryTest 
Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6961ca5234 Python: Rename to EmailXss 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
ed0e441567 Python: Accept missing DataflowQueryTest implementation for now 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
bfcc194b85 Python: Move experimental paramiko to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
1a4e8d9464 Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
67cc3a3935 Python: Move experimental ReflectedXSS to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a0d26741d0 Python: Move experimental TarSlipImprov to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3cdd875e9f Python: Move experimental UnsafeUnpack to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
657b1997cc Python: Move FullServerSideRequestForgery and PartialServerSideRequestForgery to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dd074173d2 Python: Move WeakSensitiveDataHashing to new dataflow API 
I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
cca78f31ff Python: Move PamAuthorization to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dcd96083e8 Python: Move StackTraceExposure to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
e97032909a Python: Move PathInjection to new dataflow API 2023-08-28 15:27:49 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
yoff
826b8e6aa5 Merge pull request #14067 from RasmusWL/modern-dataflowquerytests 
Python: Adopt tests to new `DataflowQueryTest`
 2023-08-28 13:54:34 +02:00
Rasmus Wriedt Larsen
889cb7a95b Python: Adopt tests to new DataflowQueryTest 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:44:01 +02:00
Rasmus Wriedt Larsen
9c44235782 Python: Modernize DataflowQueryTest.qll 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:40:41 +02:00
Rasmus Wriedt Larsen
7cba6cd1d8 Python: Update .expected files 
Due to change in path-graph, and including LHS of assignments
 2023-08-28 11:33:44 +02:00