4694 Commits

Author	SHA1	Message	Date
Felicity Chapman	fcb2b5730f	Update CookieInjection.ql to remove period	2024-08-15 13:17:13 +01:00
Alexander Eyers-Taylor	ffd811a55d	Merge pull request #17182 from github/post-release-prep/codeql-cli-2.18.2 ... Post-release preparation for codeql-cli-2.18.2	2024-08-08 16:28:03 +01:00
github-actions[bot]	cc6d87c276	Post-release preparation for codeql-cli-2.18.2	2024-08-08 12:56:21 +00:00
github-actions[bot]	019da8c287	Release preparation for version 2.18.2	2024-08-07 14:02:38 +00:00
Alexander Eyers-Taylor	46577b585e	Revert "Release preparation for version 2.18.2"	2024-08-07 14:24:37 +01:00
Joe Farebrother	62c2fe6b17	Merge pull request #16933 from joefarebrother/python-cookie-concept-promote ... Python: Promote the insecure cookie query from experimental	2024-08-07 09:06:05 +01:00
github-actions[bot]	c14ba0e4bd	Release preparation for version 2.18.2	2024-08-06 12:46:15 +00:00
yoff	251036c6b4	Merge pull request #17080 from sylwia-budzynska/streamlit ... Python: Add Streamlit models	2024-07-31 18:20:11 +02:00
Joe Farebrother	1127b08635	Merge branch 'main' into python-cookie-concept-promote	2024-07-29 10:26:03 +01:00
Joe Farebrother	58689c90fb	Merge pull request #16893 from joefarebrother/python-cookie-injectio-promote ... Python: Promote cookie injection query from experimental	2024-07-29 10:17:01 +01:00
Sylwia Budzynska	6d1c00742f	Add tests and change note	2024-07-26 14:15:43 +02:00
Joe Farebrother	ebeb187fd9	Remove unneeded experimental file	2024-07-25 23:16:48 +01:00
Joe Farebrother	8f714c631f	Code reveiw suggestions. correction in changenote + style in example ... Co-authored-by: yoff <lerchedahl@gmail.com>	2024-07-24 21:37:12 +01:00
Joe Farebrother	44271813a5	Add change note	2024-07-23 10:15:28 +01:00
Joe Farebrother	93f70b3ad9	Add unit tests	2024-07-23 10:15:23 +01:00
Joe Farebrother	a73d675e6e	Remove experimental query versions	2024-07-23 10:14:55 +01:00
Joe Farebrother	226e4eb8a5	Use a 3-valued newtype for hasSameSiteAttribute	2024-07-23 10:14:45 +01:00
Joe Farebrother	df5569fda9	Add documentation	2024-07-23 10:14:40 +01:00
Joe Farebrother	6a7bdaf284	Fix experimental query compilation	2024-07-23 10:14:29 +01:00
Joe Farebrother	033dd9f8a6	Promote insecure cookie query	2024-07-23 10:14:22 +01:00
Joe Farebrother	9ad6c8c5eb	Implement cookie attributes for cases in which a raw header is set	2024-07-23 10:14:16 +01:00
Joe Farebrother	2df09f6194	Change flag predicates to boolean parameters rather than boolean results	2024-07-23 10:14:08 +01:00
Joe Farebrother	6f7b2a2d20	Add cookie flags to cookie write concept, and alter experimental queries to use them	2024-07-23 10:14:00 +01:00
github-actions[bot]	49cc8f8ff8	Post-release preparation for codeql-cli-2.18.1	2024-07-22 22:00:48 +00:00
github-actions[bot]	368bcb684a	Release preparation for version 2.18.1	2024-07-22 21:30:50 +00:00
Chuan-kai Lin	23320b6e5e	Revert "Release preparation for version 2.18.1"	2024-07-22 13:22:49 -07:00
github-actions[bot]	55935fc123	Release preparation for version 2.18.1	2024-07-22 14:56:15 +00:00
Joe Farebrother	661a4126ac	Add change note	2024-07-19 09:23:33 +01:00
Joe Farebrother	baf51334e4	Update documentation	2024-07-19 09:13:30 +01:00
Joe Farebrother	070d67816d	Remove experimental version	2024-07-16 16:50:10 +01:00
Joe Farebrother	8d93c3a852	Move to cwe-20	2024-07-16 16:50:08 +01:00
Joe Farebrother	e885f1f8c4	Add documentation	2024-07-16 16:50:05 +01:00
Joe Farebrother	983bdb92a1	Add test cases + remove redundant import	2024-07-16 16:50:00 +01:00
Joe Farebrother	123214cb2b	Promoto cookie injection query	2024-07-16 16:49:56 +01:00
Rasmus Wriedt Larsen	f41d2a896c	Merge pull request #16771 from porcupineyhairs/js2py ... Python : Arbitrary code execution due to Js2Py	2024-07-11 15:31:57 +02:00
github-actions[bot]	ae3aba061b	Post-release preparation for codeql-cli-2.18.0	2024-07-08 13:30:13 +00:00
github-actions[bot]	b0d6778652	Release preparation for version 2.18.0	2024-07-08 09:10:51 +00:00
Rasmus Wriedt Larsen	0a32f9fed6	Python: Update query metadata	2024-07-04 14:09:37 +02:00
Rasmus Wriedt Larsen	8d1113cdaf	Python: Fixup qhelp	2024-07-04 14:01:30 +02:00
Porcupiney Hairs	808af28618	Python : Arbitrary codde execution due to Js2Py ... Js2Py is a Javascript to Python translation library written in Python. It allows users to invoke JavaScript code directly from Python. The Js2Py interpreter by default exposes the entire standard library to it's users. This can lead to security issues if a malicious input were directly. This PR includes a CodeQL query along with a qhelp and testcases to detect cases where an untrusted input flows to an Js2Py eval call. This query successfully detects CVE-2023-0297 in `pyload/pyload`along with it's fix. The databases can be downloaded from the links bellow. ``` https://file.io/qrMEjSJJoTq1 https://filetransfer.io/data-package/a02eab7V#link ```	2024-07-03 19:06:34 +05:30
Rasmus Wriedt Larsen	ce177c3450	Merge pull request #15655 from yoff/python/support-model-editor ... Python: Support model editor	2024-07-02 16:28:58 +02:00
Rasmus Wriedt Larsen	2b2c381bf0	Merge pull request #16876 from GeekMasher/py-hardcoded-creds-mad ... Python: Add Hardcoded Credentials MaD support	2024-07-01 17:25:13 +02:00
Mathew Payne	96048f962e	Update python/ql/src/Security/CWE-798/HardcodedCredentials.ql ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2024-07-01 14:29:00 +01:00
Arthur Baars	b12b33c8f9	Merge remote-tracking branch 'upstream/main' into 'rc/3.14'	2024-06-28 19:50:35 +02:00
Mathew Payne	ed314b1799	docs: Add Change Notes	2024-06-28 14:42:35 +01:00
Mathew Payne	1cf9714272	feat(python): Add Hardcoded Credentials MaD support	2024-06-28 14:30:36 +01:00
Rasmus Lerchedahl Petersen	27301edc28	Python: address more review comments	2024-06-27 16:05:21 +02:00
Rasmus Lerchedahl Petersen	b261145f43	Python: fix compilation	2024-06-26 10:46:38 +02:00
github-actions[bot]	fd385736e6	Post-release preparation for codeql-cli-2.17.6	2024-06-25 06:39:45 +00:00
github-actions[bot]	e32a587078	Release preparation for version 2.17.6	2024-06-24 14:33:10 +00:00