codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Taus	25e88ed585	Merge pull request #4588 from yoff/python-pep-249 Python: Model PEP 249	2020-11-02 18:57:15 +01:00
Rasmus Lerchedahl Petersen	ea74c7f12b	Python: add tests	2020-11-02 17:59:51 +01:00
Rasmus Wriedt Larsen	66f5d0d9d5	Python: Model encoding/decoding with base64 module	2020-11-02 14:44:53 +01:00
Mathias Vorreiter Pedersen	6d0783a3bd	Python: Make sure that expected values with tag mimetype is wrapped in quotes if the value contains a space.	2020-10-31 18:13:12 +01:00
Mathias Vorreiter Pedersen	870ed0039b	Python: Allow single quote strings and accept test changes.	2020-10-31 18:01:55 +01:00
Mathias Vorreiter Pedersen	0bc4d52d66	Python: Update more tests annotations. It looks like we need to allow single-quote strings to support the existing Python use-cases, but let's do that in the next commit.	2020-10-31 17:40:19 +01:00
Mathias Vorreiter Pedersen	ed9ad8b5e3	Merge branch 'main' into better-syntax-for-false-positives-and-negatives-inline-expectation	2020-10-31 16:52:16 +01:00
Rasmus Lerchedahl Petersen	80360450de	Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss	2020-10-30 17:56:36 +01:00
Rasmus Lerchedahl Petersen	ef9999a4a1	Python: fix test annotation	2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen	37ad59a92a	Python: subclas of known subclasses	2020-10-30 17:37:54 +01:00
Mathias Vorreiter Pedersen	45b24a9bc8	Python: Update inline-expectation tests	2020-10-30 16:53:33 +01:00
Rasmus Lerchedahl Petersen	e7c9bc388b	Python: support some custom subclasses	2020-10-30 14:16:48 +01:00
Rasmus Lerchedahl Petersen	e69349791a	Python: django.http.response.HttpRequest.write	2020-10-30 12:51:23 +01:00
Rasmus Lerchedahl Petersen	ffe10d1b7c	Python: test `HttpResponse.write`	2020-10-30 12:16:12 +01:00
Rasmus Lerchedahl Petersen	fa3a7e6686	Python: Known subclasses of HttpResponse	2020-10-30 11:53:24 +01:00
Rasmus Lerchedahl Petersen	c962377ef4	Python: test for subclasses	2020-10-30 10:37:40 +01:00
Rasmus Lerchedahl Petersen	08af839757	Python: django.http.response.HttpResponseRedirect	2020-10-30 01:29:49 +01:00
Rasmus Lerchedahl Petersen	52be896666	Python: django.http.response.JsonResponse It s possible this class is not relevant to XSS	2020-10-30 01:05:36 +01:00
Rasmus Lerchedahl Petersen	0f9b8595d1	Python: rename functions by vulnerability	2020-10-30 00:51:09 +01:00
Rasmus Lerchedahl Petersen	97153b56ad	Python: add false negatives to test	2020-10-30 00:48:19 +01:00
Rasmus Lerchedahl Petersen	2ca86f5ea7	Python: django.http.response.HttpResponse	2020-10-30 00:22:53 +01:00
Rasmus Lerchedahl Petersen	6658ee9dc8	Merge branch 'python-port-reflected-xss' of https://github.com/RasmusWL/codeql into RasmusWL-python-port-reflected-xss	2020-10-29 12:46:44 +01:00
Rasmus Lerchedahl Petersen	9fd1bf60fa	Merge branch 'main' of github.com:github/codeql into python-port-path-injection	2020-10-28 10:24:23 +01:00
Rasmus Lerchedahl Petersen	2baed20067	Python: Test false negative from review	2020-10-27 08:30:16 +01:00
Rasmus Lerchedahl Petersen	b6313dddb9	Python: Add concept tests	2020-10-27 08:26:00 +01:00
Rasmus Wriedt Larsen	aa9f15af76	Python: Fix typo Co-authored-by: Taus <tausbn@github.com>	2020-10-23 15:39:38 +02:00
Rasmus Wriedt Larsen	d295c64ccd	Python: Add example of flask response .set_data	2020-10-23 14:31:36 +02:00
Rasmus Wriedt Larsen	d2cfa91155	Python: Add some tricky tests of return in flask route handler In these cases the `return` might end up creating a new HTTP response, so they need to be modeled as such. Initially I created a very naive solution that didn't handle either tricky_return1 or tricky_return2. The interaction in tricky_return2/helper highlighted for me that to handle this properly, due to the fact that the flow is across functions, we either need to use a global dataflow/taint-tracking configuration, or some clever use of type-trackers. In the end, this extra effort for not modeling all returns in a flask route handler as a creation of a HTTP response doesn't really seem to be worth it (at least not right now). Sicne we use it with taint-tracking for the Reflected XSS query, and use a HTTP response _creation_ as the sink (without propagating taint to the HTTP response), we won't get into trouble where we report a path to BOTH `make_response(...)` and the `return` ``` resp = make_response(...) return resp ``` If we change this setup in the future, we will probably need to do something to avoid this double-path reporting.	2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen	d60221b168	Python: Model return from flask handler as HTTP response When dealing with ``` resp = make_response(...) return resp ``` ideally we don't want to mark the return as a creation of a HTTP response. I'll deal with this in a second commit, to show off how annoying it looks in the tests right now :D	2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen	44ba3469db	Python: Model response_class attribute of Flask class	2020-10-23 14:31:34 +02:00
Rasmus Wriedt Larsen	082e35c2c7	Python: Model mimetype instead of content-type for HTTP Response Since that's really what we're after (at least for now)	2020-10-23 14:31:33 +02:00
Rasmus Wriedt Larsen	81a42b73a8	Python: Model flask.Response I think I'll rework how we model content-type, since what we _actually_ want to know is the mimetype	2020-10-23 14:31:32 +02:00
Rasmus Wriedt Larsen	7894d01248	Python: Add test for mimetype/headers priority	2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen	35334cf630	Python: Remove status code modeling I'm not even trying to model it properly right now, and don't have a specific use-case for it RIGHT NOW. I think we could want this in the future, but I think it's probably better to model it when we know what we want to use it for.	2020-10-23 14:31:31 +02:00
Rasmus Wriedt Larsen	19dc04de3c	Python: Handle make_response on flask app	2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen	e38ac18e46	Python: Add (only) basic $HttpResponse tag to other tests files This seems really nice to me, but you might disagree	2020-10-23 14:31:30 +02:00
Rasmus Wriedt Larsen	8b0b87ae62	Python: Model flask.make_response	2020-10-23 14:31:29 +02:00
Rasmus Wriedt Larsen	bfc29bb349	Python: Add annotations for flask response tests The fact that we need to add routeSetup and routeHandler annotations is sort of annoying :\|	2020-10-23 14:31:27 +02:00
Rasmus Wriedt Larsen	47dcc09992	Python: Add tests for creating HTTP responses in flask Which is runnable, if you have flask installed locally	2020-10-23 14:31:26 +02:00
Rasmus Wriedt Larsen	b3e53f8d0a	Python: Model django.conf.urls.url (v 1.x)	2020-10-23 14:26:37 +02:00
Rasmus Wriedt Larsen	be166d9c02	Python: Expand Django 2/3 routing tests with 1.x way Added it to the `testapp` so it's easy to run the server to SEE that it works. Added it to `routing_test` so it's obvious this is supported by our modeling when we _know_ it's running Django 2/3.	2020-10-23 13:43:27 +02:00
Rasmus Wriedt Larsen	ae60ac211b	Python: Annotate django v1 routing tests Again need to remove trailing $, since inline-expectation tests still don't handle $	2020-10-23 12:05:05 +02:00
Rasmus Wriedt Larsen	78ab637b54	Python: Port django v1 tests	2020-10-23 12:00:27 +02:00
yoff	ee5221abb4	Apply suggestions from code review Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2020-10-21 15:08:16 +02:00
Rasmus Lerchedahl Petersen	53ff1a32c1	Merge branch 'main' of github.com:github/codeql into python-port-sql-injection	2020-10-21 14:38:02 +02:00
Rasmus Lerchedahl Petersen	3a416bce2d	Python: Move test annotation	2020-10-21 14:18:16 +02:00
Rasmus Lerchedahl Petersen	4571b3188c	Python: Fix false negative	2020-10-21 14:16:35 +02:00
Rasmus Lerchedahl Petersen	03c62fd267	Python: Fix typo in test case	2020-10-21 14:03:46 +02:00
yoff	75357727c4	Merge pull request #4490 from RasmusWL/python-model-django-sources Python: model Django HttpRequest as RemoteFlowSource	2020-10-21 13:46:51 +02:00
Rasmus Lerchedahl Petersen	e49c7d64bd	Python: test for keyword arguments to extra	2020-10-21 13:28:12 +02:00

... 3 4 5 6 7

339 Commits