Rasmus Wriedt Larsen
d948e103fa
Python: Move experimental HeaderInjection to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
53e57dad5c
Python: Move experimental InsecureRandomness to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
3bf2705668
Python: Move experimental TimingAttackAgainstHeaderValue to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c88a0ccb7c
Python: Move experimental TimingAttackAgainstHash to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a779547515
Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
8abd3430a2
Python: Move experimental TimingAttackAgainstSensitiveInfo to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
1a4e8d9464
Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5fd3594f5f
Python: Move TimingAttack.qll to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5d8329d9c8
Python: Move experimental ZipSlip to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
67cc3a3935
Python: Move experimental ReflectedXSS to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a0d26741d0
Python: Move experimental TarSlipImprov to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3cdd875e9f
Python: Move experimental UnsafeUnpack to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3edb9d1011
Python: Move experimental TokenBuiltFromUUID to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
acde1920e7
Python: Move UntrustedDataToExternalAPI to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
657b1997cc
Python: Move FullServerSideRequestForgery and PartialServerSideRequestForgery to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dbfe517555
Python: Move HardcodedCredentials to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
46322b717a
Python: Move XmlBomb to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
add1077532
Python: Move RegexInjection to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
c6caf83dfe
Python: Move PolynomialReDoS to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
4c336990e5
Python: Move XpathInjection to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
60e45335dd
Python: Move Xxe to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
4c76ca6127
Python: Move UrlRedirect to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
6f08e73dbc
Python: Move UnsafeDeserialization to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dd074173d2
Python: Move WeakSensitiveDataHashing to new dataflow API
...
I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
9d6b96dfd2
Python: Move CleartextStorage to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
70095446b6
Python: Move CleartextLogging to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
cca78f31ff
Python: Move PamAuthorization to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dcd96083e8
Python: Move StackTraceExposure to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
f75e65c67d
Python: Move LogInjection to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
88cf9c99b0
Python: Move CodeInjection to new dataflow API
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
05573904a5
Python: Move LdapInjection to new dataflow API
...
We could have switched to a stateful config, but I tried to keep changes
as straight forward as possible.
2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
c360346e9e
Python: Move ReflectedXss to new dataflow API
2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
b30142c1d7
Python: Move CommandInjection to new dataflow API
2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
700841e9b0
Python: Move UnsafeShellCommandConstruction to new dataflow API
2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
d4e4e2d426
Python: Move TarSlip to new dataflow API
2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
e97032909a
Python: Move PathInjection to new dataflow API
2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
245c24077d
Python: Move SqlInjection to new dataflow API
2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
0f242475f2
Merge branch 'main' into experimental-cleanup
2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
0dca8a5d86
Python: Remove old points-to modeling file
...
Since all of this was ported already
2023-08-28 10:40:45 +02:00
Rasmus Wriedt Larsen
39e2b133e9
Python: Fix naming
2023-08-28 10:40:33 +02:00
yoff
00c0ebe9e4
Merge pull request #13738 from RasmusWL/path-steps
...
Python: Include all assignments in data flow paths
2023-08-22 11:58:11 +02:00
github-actions[bot]
098dfb4242
Release preparation for version 2.14.3
2023-08-18 14:48:15 +00:00
Rasmus Wriedt Larsen
4c693b4fc3
Python: Port py/xslt-injection to new data-flow
2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
779fe6498c
Python: Rename to XsltInjection.ql
2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
91edde72c4
Python: Port py/template-injection to new data-flow
...
I kept all the modeling in _one_ file, since that makes it easy to work
with such an external contribution... and I would certainly propose this
file setup for the future 👍
2023-08-17 15:44:26 +02:00
Rasmus Wriedt Larsen
4277be5819
Python: Add change-note
2023-08-17 10:46:36 +02:00
Rasmus Wriedt Larsen
24f9f13790
Python: Fix tests
2023-08-17 10:15:36 +02:00
amammad
eb5529eac5
sanitize resutls exist in test/demo/example/sample directories
2023-08-14 23:48:03 +10:00
Rasmus Wriedt Larsen
1c3cc1fa29
Python: Remove flow through stdlib
...
This means tests can pass on any machine now 👍
2023-08-14 11:55:22 +02:00
Rasmus Wriedt Larsen
6e168ff7d8
Python: Only interested in StrConst
2023-08-14 11:46:21 +02:00
