907 Commits

Author	SHA1	Message	Date
Taus Brock-Nannestad	8d774cd354	Merge branch 'master' into python-unsafe-use-of-mktemp	2019-02-26 13:23:38 +01:00
Mark Shannon	26c5ebde54	Python: Basic support for TurboGears: requests and responses.	2019-02-26 10:15:36 +00:00
Mark Shannon	c1b8f500c7	Python: Make sure packages have locations, so they can be displayed, even if those locations are meaningless.	2019-02-21 12:53:59 +00:00
Mark Shannon	aab0a243dc	Python: Add redirects to bottle framework support.	2019-02-12 14:26:06 +00:00
Mark Shannon	8d525e5295	Python: Add support for bottle framework routing and requests.	2019-02-12 14:26:06 +00:00
Taus	90eccbdf76	Merge pull request #836 from markshannon/python-mutating-descriptor ... Python: Fix up mutating-descriptor query	2019-02-08 15:10:30 +01:00
Taus Brock-Nannestad	895b237e3c	Python: Make "Modification of parameter with default" flow-sensitive.	2019-02-04 19:05:04 +01:00
Mark Shannon	24d678b869	Python: Points-to; let values with no boolean constant value flow through pi-nodes.	2019-01-31 15:15:49 +00:00
Taus Brock-Nannestad	edd4468d08	Fix tests by stubbing relevant os functions.	2019-01-29 17:27:14 +01:00
Taus	6f7c96db54	Merge branch 'master' into python-unsafe-use-of-mktemp	2019-01-29 16:12:53 +01:00
Taus Brock-Nannestad	9a9d902cfb	Add support for os.tempnam and os.tmpnam.	2019-01-29 16:08:32 +01:00
Mark Shannon	7fe3c3d516	Merge branch 'master' into python-mutating-descriptor	2019-01-29 14:46:33 +00:00
Taus	9adb19f3a9	Merge branch 'master' into python-incomplete-url-sanitize	2019-01-29 14:17:37 +01:00
Taus	0f5b21e392	Merge pull request #807 from markshannon/python-insecure-file-permission ... Python: Weak file permissions query.	2019-01-28 23:21:10 +01:00
Mark Shannon	6d553ae2be	Python: Check os.open as well as os.chmod for weak file permissions.	2019-01-28 14:26:16 +00:00
Mark Shannon	3992346add	Python: Fix up mutating-descriptor query to only flag mutation when they occur during descriptor protocol.	2019-01-28 12:57:18 +00:00
Mark Shannon	5da209f876	Python: add failing test for comparison using 'is' and enum members.	2019-01-28 12:19:54 +00:00
Taus	fc00e0a64a	Merge pull request #796 from markshannon/python-import-used-in-doctest ... Python: Fix 'unused import' for doctests and typehints.	2019-01-25 16:14:08 +01:00
Mark Shannon	88d8cb514c	Python: Two new queries for URL and hostname sanitization (CWE-020).	2019-01-24 12:57:14 +00:00
Mark Shannon	547b3eb973	Python: Fix 'unused import' to no longer give alerts for imported modules used in typehints.	2019-01-22 17:38:09 +00:00
Mark Shannon	a3b5769c2c	Python: Weak file permissions query.	2019-01-22 11:33:19 +00:00
Mark Shannon	261cd36b8c	Merge pull request #781 from kevinbackhouse/HashedButNoHash ... Python: fix false positive result.	2019-01-18 21:56:12 +00:00
Mark Shannon	9f93bf8d17	Python: Fix 'unused import' to no longer give alerts for imported modules used in doctests.	2019-01-18 11:08:53 +00:00
Kevin Backhouse	5fc056beb3	Add regression test for false positive result.	2019-01-17 16:22:19 +00:00
Taus Brock-Nannestad	ad429f5ae1	Add tests.	2019-01-17 14:45:25 +01:00
Taus Brock-Nannestad	e8c092ad72	Python: Support the dill pickling library.	2019-01-16 14:53:42 +01:00
Mark Shannon	65337ef835	Merge pull request #564 from taus-semmle/python-insecure-ssl-version ... Python: Check for insecure versions of SSL and TLS.	2019-01-16 12:32:30 +00:00
Mark Shannon	c9a929fb23	Python tests: Increase import depth to ensure sre_constants module is imported.	2019-01-14 11:18:36 +00:00
Taus Brock-Nannestad	46973f4305	Support from ssl import PROTOCOL_....	2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad	dfe3fc6d5c	Pass pyOpenSSL method as parameter instead of keyword argument.	2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad	a893dca06e	Add support for ssl.SSLContext.	2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad	0a839f8468	Python: Check for insecure versions of SSL and TLS.	2019-01-07 15:24:15 +01:00
Mark Shannon	a5b79e92a5	Python: Fix off-by-one error in regex parsing.	2018-12-03 16:50:47 +00:00
Mark Shannon	b3eaa46f14	Python: Use consistent abbreviations in weak-crypto query message.	2018-11-28 16:58:22 +00:00
Mark Shannon	1065ad0ce7	Python: Weak crypto query.	2018-11-28 16:57:34 +00:00
Mark Shannon	eefb45c94b	Python: jinja2-without-escaping query: Clean up query and account for Template class in tests.	2018-11-28 10:46:44 +00:00
Mark Shannon	1080525d7d	Python: Add missing test stub.	2018-11-28 10:45:48 +00:00
Mark Shannon	243280dc00	Python: New query to check for use of jinja2 templates without auto-escaping.	2018-11-28 10:45:19 +00:00
Mark Shannon	31ac33e723	Merge pull request #528 from taus-semmle/python-flask-debug ... Python: Implement check for flask debug mode.	2018-11-27 19:42:26 +00:00
Taus	2b340b4804	Merge pull request #530 from markshannon/python-no-cert-validation ... New query to check for making a request without cert verification.	2018-11-27 19:01:10 +01:00
Taus Brock-Nannestad	6ebf504d97	Update test results after stub change.	2018-11-27 16:59:19 +01:00
Taus Brock-Nannestad	8d341ab467	Fix stub file.	2018-11-27 16:56:09 +01:00
Taus Brock-Nannestad	a4da245809	Python: Implement check for flask debug mode.	2018-11-27 15:14:38 +01:00
Taus	f0fbed76e7	Merge pull request #539 from markshannon/python-path-fix-siblings ... Python: Fix parents relation for path queries.	2018-11-23 17:59:04 +01:00
Mark Shannon	3190b12544	Python: Fix parent relation for path-queries.	2018-11-23 15:04:01 +00:00
Mark Shannon	6588606739	Python: Account for other 'falsey' values in query.	2018-11-23 14:42:45 +00:00
Mark Shannon	45e864a395	Python: New query to test for requests without validation.	2018-11-23 14:42:45 +00:00
Mark Shannon	f0206a2ff4	Python: Tests for new query: requests called with verify=False.	2018-11-23 14:42:45 +00:00
Mark Shannon	b94493aec3	Python: Add extra sinks for command-injection query.	2018-11-23 14:29:02 +00:00
Mark Shannon	61bd8682df	Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly.	2018-11-23 12:32:14 +00:00