1257 Commits

Author	SHA1	Message	Date
Rasmus Lerchedahl Petersen	1e9840d779	python: broaden local protection concept	2022-03-25 12:28:33 +01:00
Rasmus Lerchedahl Petersen	6c2449564a	python: add concept tests	2022-03-23 12:05:09 +01:00
Rasmus Lerchedahl Petersen	0f2c21c8bd	python: require local protection to be absent ... for CSRF to be likely	2022-03-22 13:42:52 +01:00
Rasmus Wriedt Larsen	ae1ba11d57	Merge branch 'main' into orm	2022-03-16 11:23:14 +01:00
Rasmus Wriedt Larsen	461e2f3663	Python: Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-03-16 10:43:20 +01:00
Erik Krogh Kristensen	3bf5e06d53	delete all dead code	2022-03-14 13:03:31 +01:00
Erik Krogh Kristensen	755b0bbcb9	PY: update tests to not use deleted deprecations	2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen	61e282da84	PY: delete test that mostly used deleted deprecated features	2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen	309e376c6d	PY: convert test to not use deleted deprecations	2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen	d5a76e8c98	Python: delete test that only used deprecated classes	2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen	a1769f8036	Python: add default implementation of getName() and deprecate it	2022-03-09 18:28:12 +01:00
Taus	7b877fb317	Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings ... Python: Fix a bunch of QL warnings	2022-03-09 16:31:28 +01:00
Taus	d2603884ca	Python: Fix a bunch of class QLDoc	2022-03-07 18:59:49 +00:00
Taus	af7f532212	Python: Fix up a bunch of function QLDoc	2022-03-07 18:59:49 +00:00
haby0	7e6666bc63	Merge branch 'main' into py/add-ssrf-sinks	2022-03-07 12:09:14 +08:00
Rasmus Wriedt Larsen	f620e2599d	Merge branch 'main' into py/add-ssrf-sinks	2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen	02a97b08bb	Python: Move urllib and urllib2 to be part of stdlib modeling	2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen	c65839bb77	Python: improve urllib3 modeling	2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen	7d6d8be179	Python: Fix httpx modeling	2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen	40feb1fb8d	Python: SPURIOUS results for httpx	2022-03-04 11:03:32 +01:00
yoff	d0a393e8d1	Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-03-04 10:56:53 +01:00
Rasmus Lerchedahl Petersen	143e9ee954	Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection	2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen	80be767a7a	python: implement stdlib xpath support	2022-03-02 12:59:34 +01:00
Rasmus Lerchedahl Petersen	06e0f140c5	python: add tests for stdlib xpath	2022-03-02 12:58:37 +01:00
Rasmus Wriedt Larsen	27d5349a74	Python: ORM: Remove imports from test code ... These are no longer needed, as data-flow now has this import by default	2022-03-01 15:39:52 +01:00
Rasmus Lerchedahl Petersen	f55d7d627e	python: model XPathEvaluator	2022-03-01 14:40:13 +01:00
Rasmus Lerchedahl Petersen	3bb17be389	python: add concept and library tests	2022-03-01 14:39:28 +01:00
Rasmus Wriedt Larsen	cd58c12bbe	Merge branch 'main' into orm	2022-03-01 12:01:54 +01:00
Arthur Baars	5ce6b847d1	Merge pull request #8166 from aibaars/regex-char-sequence-1 ... Ruby/Python: regex parser: group sequences of 'normal' characters	2022-02-28 17:47:53 +01:00
Rasmus Wriedt Larsen	8afd560c64	Python: ORM: Handle load of PolymorphicModels	2022-02-28 16:38:41 +01:00
Rasmus Wriedt Larsen	48fba87273	Python: ORM: add flow to base-class	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	6b9dd49499	Python: ORM: Model polymorphic.models.PolymorphicModel as Django ORM class	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	e1191cf63c	Python: ORM: Add tests for inheritance	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	092cfceb18	Python: Add dataflow consistency checks to ORM tests ... Luckily they passed :phew:	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	ed36ff1570	Python: ORM: Handle <Model>.objects.[<QuerySet>].update()	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	fea46b642d	Python: ORM: Handle <Model>.objects.create and friends	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	9b458b54aa	Python: ORM: Add flow to collection/dict queries	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	9cff4cbd1c	Python: ORM: Add a few more tests ... There were a few methods I had overlooked	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	ae057c74cc	Python: ORM: Store step for constructor	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	f8a51bb994	Python: ORM: Add data-flow steps for Django ORM ... Added dummy-whitespace to `orm_security_tests.py` so it would be possible to see what the reflected XSS results are in the diff	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	d3f07cdc10	Python: ORM: Add qltests ... Which shows that there is no flow yet, which is not really a surprise :D	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	c78fed6594	Python: ORM: Add raw python test files ... no ql test files yet though, will come in next commit.	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	f89fb50eb5	Python: ORM: Add boilerplate django project ... By doing ``` django-admin startproject testproj django-admin startapp testapp ```	2022-02-28 16:38:40 +01:00
haby0	be40b54b9f	add test	2022-02-28 20:34:58 +08:00
Arthur Baars	5044f89105	Ruby/Python re-introduce normalCharacterSequence	2022-02-25 18:43:43 +01:00
Arthur Baars	69ed121ecb	Ruby/Python: regex parser: group sequences of 'normal' characters	2022-02-22 16:15:33 +01:00
Rasmus Wriedt Larsen	d2cd77aefb	Merge branch 'main' into dataflow-improvements	2022-02-21 14:49:40 +01:00
Rasmus Wriedt Larsen	2e788ea86e	Python: Accept deprecation warnings for old tests	2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen	b2ce0fcb72	Python: Add post-update nodes to args of unresolved calls ... Besides solving the problem with `setattr`, it also solved some old problems with json library modeling (yay).	2022-02-04 11:51:53 +01:00
Erik Krogh Kristensen	5e23da813f	rename named-parameters to keyword-parameters	2022-02-03 23:10:39 +01:00