hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

339 Commits

Author SHA1 Message Date
Rasmus Lerchedahl Petersen
d249b51a5e Python: Add test-case for indirect RawSQL 2020-10-21 13:23:19 +02:00
Rasmus Wriedt Larsen
b0af0b94d0 Python: Fix grammar 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2020-10-21 09:58:37 +02:00
Rasmus Lerchedahl Petersen
383d846396 Python: address review 
- smooth out future merge
- keyword argument for execute
 2020-10-21 00:15:05 +02:00
Rasmus Lerchedahl Petersen
e1dfbc0486 Python: address review 2020-10-20 23:59:44 +02:00
Rasmus Wriedt Larsen
6920f3012c Python: Django route handlers in different file now works 
Fixed by https://github.com/github/codeql/pull/4514
 2020-10-20 15:41:14 +02:00
Rasmus Wriedt Larsen
80adbdfbc1 Python: Mark unhandled django route handlers with f-: 
That is playing more nicely with the expected usage of the inline-tests.
 2020-10-20 13:44:34 +02:00
Rasmus Lerchedahl Petersen
5990241c8f Python: Support django models (with some caveats) 2020-10-20 03:20:00 +02:00
Rasmus Lerchedahl Petersen
d7308bddf2 Python: Add django sink with concept test 2020-10-19 21:34:55 +02:00
Rasmus Wriedt Larsen
98691fe8ec Python: Model fabric Group execution (version 2.x) 
This required some thought for how to model that we're interested in subclasses
of `fabric.group.Group`, and not so much that class itself. Some thoughts:

---

After initially using this in `module Group`

    /** A reference to a subclass of `fabric.group.Group` */
    abstract class SubclassRef extends DataFlow::Node { }

    private class SubclassInstantiation extends SubclassInstanceSource, DataFlow::CfgNode {
      override CallNode node;

      SubclassInstantiation() { node.getFunction() = any(SubclassRef ref).asCfgNode() }
    }

with this in `module SerialGroup` and `module ThreadingGroup`:

    class ClassRef extends DataFlow::Node, fabric::group::Group::SubclassRef {
      ClassRef() { this = classRef(DataFlow::TypeTracker::end()) }
    }

I wasn't too much of fan of that approach. Since we probably need the `SubclassInstanceSource` anyway, and don't really have a specific use for `SubclassRef`, I just went with concrete (QL) subclasses of `SubclassInstanceSource` in each of the modules for the Python subclasses.

I really don't know what the best approach is, so I'm very open to suggestions. I think we'll really have to flesh this out for handling Django responses, since we're interested in the fact that some subclasses provide default values for the content-type, and keeping track of that is important for XSS (since there is no XSS if response is `text/plain`)
 2020-10-19 18:09:11 +02:00
Rasmus Wriedt Larsen
f10456e35f Python: Model fabric task decorator (version 2.x) 2020-10-19 18:03:03 +02:00
Rasmus Wriedt Larsen
c671017252 Python: Model fabric Connection (version 2.x) 2020-10-19 18:03:02 +02:00
Rasmus Wriedt Larsen
f7502386e7 Python: Model fabric package (version 1.x) 2020-10-19 18:03:01 +02:00
Rasmus Wriedt Larsen
6b30198d59 Python: Port old fabric tests 
For v1 tests, just extended with explicit calls that use keyword arguments.

For v2 tests, rewrote pretty much everything to what it 100% explicit what we support
 2020-10-19 14:34:22 +02:00
Rasmus Wriedt Larsen
86798063a3 Python: Model tainted attributes of django HttpRequest 2020-10-16 11:12:20 +02:00
Rasmus Wriedt Larsen
a3cdbf2052 Python: Basic modeling of Django HttpRequest 2020-10-16 11:12:19 +02:00
Rasmus Wriedt Larsen
f547b6010b Python: Implement routed parameter for django.urls.re_path 2020-10-16 11:12:17 +02:00
Rasmus Wriedt Larsen
ff8708df67 Python: Implement routed parameter for django.urls.path 
Matching current implementation in
f07a7bf8cf/python/ql/src/semmle/python/web/django/General.qll (L125-L133)
 2020-10-16 11:12:16 +02:00
Rasmus Wriedt Larsen
44683f2959 Python: Identify route handlers for django 
Not including class based handlers
 2020-10-16 11:12:14 +02:00
Rasmus Wriedt Larsen
c0d71f767a Python: Add taint test for django v2/v3 2020-10-16 11:12:13 +02:00
Rasmus Wriedt Larsen
09a2a6cdfd Python: Fix django re_path kwarg test 
Since it was using the wrong keyword argument name before :D
 2020-10-16 11:12:12 +02:00
Rasmus Wriedt Larsen
b28d022be9 Python: Add simpel model of a django path/re_path route setup 
Also had to change the annotation to not include the `r` prefix for the
raw-string... not sure why that isn't replicated, but ¯\_(ツ)_/¯
 2020-10-16 11:12:11 +02:00
Rasmus Wriedt Larsen
979dc471ac Python: Port old routing tests 2020-10-16 11:12:09 +02:00
Rasmus Wriedt Larsen
ca60132e24 Python: Django test: Add simple route handler and annotations 2020-10-16 11:12:09 +02:00
Rasmus Wriedt Larsen
44b9b7f084 Python: Django test: Enable app 
and add a bits of use docs
 2020-10-16 11:12:08 +02:00
Rasmus Wriedt Larsen
6506e5d646 Python: Django test: Add testapp 2020-10-16 11:12:07 +02:00
Rasmus Wriedt Larsen
c71c41b759 Python: Django test: Disable DB (for now) 2020-10-16 11:12:06 +02:00
Rasmus Wriedt Larsen
f704c566b9 Python: Add real django 3.1 project as base of tests 2020-10-16 11:12:05 +02:00
Rasmus Lerchedahl Petersen
ef32488596 Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization 2020-10-15 15:45:35 +02:00
Rasmus Lerchedahl Petersen
172e058438 Python: unsafe -> mayExecuteInput 2020-10-15 12:56:29 +02:00
Rasmus Wriedt Larsen
ce967e1249 Merge branch 'main' into python-model-python2-specific-command-execution 2020-10-15 10:00:02 +02:00
Rasmus Lerchedahl Petersen
352418cb5d Python: track safe loaders 2020-10-14 16:33:55 +02:00
Rasmus Lerchedahl Petersen
b8cba381cf Merge branch 'main' of github.com:github/codeql into python-port-unsafe-deserialization 2020-10-14 15:01:30 +02:00
Rasmus Lerchedahl Petersen
3a281a1bd6 Python: Adjust comments and tests 2020-10-14 14:40:11 +02:00
Rasmus Wriedt Larsen
5db4f906d0 Merge branch 'main' into python-port-code-injection 2020-10-14 14:22:02 +02:00
yoff
ffe79f688d Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-14 14:08:16 +02:00
Taus
92ccb795fd Merge pull request #4415 from RasmusWL/python-flask-routed-parameter 
Python: Add support for routed parameters in flask
 2020-10-14 13:29:51 +02:00
Rasmus Lerchedahl Petersen
b0ebb5b6d1 Python: Adjust tag format 2020-10-14 09:51:24 +02:00
Rasmus Lerchedahl Petersen
93383747bd Python: Use more common name for concept 2020-10-14 09:28:58 +02:00
Rasmus Lerchedahl Petersen
a76d276b48 Python: Adjust getARelevantTag 2020-10-14 08:44:04 +02:00
yoff
3b9ea3a958 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-10-14 08:24:26 +02:00
Rasmus Lerchedahl Petersen
b7e8b48e9e Python: Move concept tests out 
These tests should be fleshed out at some point, but currently
they test all that we model.
 2020-10-13 13:06:47 +02:00
Rasmus Wriedt Larsen
ce85ac3ce1 Python: Remove solved TODO 2020-10-13 10:15:03 +02:00
Rasmus Wriedt Larsen
46ec7fbf6e Python: Make builtin compile function additional taint step 2020-10-07 21:17:39 +02:00
Rasmus Wriedt Larsen
c69a61bac5 Python: Model exec and eval calls as CodeExecution 2020-10-07 21:14:19 +02:00
Rasmus Wriedt Larsen
73971cff76 Python: Model exec statement (Python 2 only) as CodeExecution 2020-10-07 21:12:35 +02:00
Rasmus Wriedt Larsen
453c391bb0 Python: Add CodeExecution tests for stdlib 2020-10-07 21:12:31 +02:00
Rasmus Wriedt Larsen
c09695af7d Python: Properly handle invoke.task decorator 2020-10-07 12:29:19 +02:00
Rasmus Wriedt Larsen
ebff1794fc Python: Model invoke.context.Context 2020-10-07 12:16:53 +02:00
Rasmus Wriedt Larsen
4ef5202382 Python: Add simple model for invoke.run and invoke.sudo 
and I sorted the list in Frameworks.qll, that kinda makes sense :)
 2020-10-07 12:13:59 +02:00
Rasmus Wriedt Larsen
300a8cdf7d Python: Add tests for the 'invoke' package 2020-10-07 11:55:26 +02:00