4008 Commits

Author	SHA1	Message	Date
Mark Shannon	21299493c9	Python tests: Hide special ESSA variables in tests, to ease transition from '*' to '$' variable.	2019-01-22 11:02:36 +00:00
Mark Shannon	61d8319b4e	Fix compilation warning in test.	2019-01-21 14:38:12 +00:00
Mark Shannon	5e8ab92cc6	Add test for attribute points-to extension.	2019-01-21 14:38:12 +00:00
Mark Shannon	01a2add73b	Python: Internal points-to extension enhancement. Use it handle re module constants.	2019-01-21 14:38:07 +00:00
Mark Shannon	5dd0123f0d	Python tests: Remove useless duplicate test.	2019-01-21 14:31:15 +00:00
Mark Shannon	261cd36b8c	Merge pull request #781 from kevinbackhouse/HashedButNoHash ... Python: fix false positive result.	2019-01-18 21:56:12 +00:00
Taus	8d99186d74	Merge pull request #795 from markshannon/remove-builtin-class-test ... Python: Remove fragile and unnecessary test.	2019-01-18 15:17:39 +01:00
Taus	92d2e18bf2	Merge pull request #712 from markshannon/python-fix-odasa-7307 ... Python: Detect a wider range of generated files.	2019-01-18 14:38:08 +01:00
Mark Shannon	9f93bf8d17	Python: Fix 'unused import' to no longer give alerts for imported modules used in doctests.	2019-01-18 11:08:53 +00:00
Kevin Backhouse	5fc056beb3	Add regression test for false positive result.	2019-01-17 16:22:19 +00:00
Taus Brock-Nannestad	ad429f5ae1	Add tests.	2019-01-17 14:45:25 +01:00
Mark Shannon	801d8cb3a5	Python: Remove fragile and unnecessary test.	2019-01-17 12:31:19 +00:00
Mark Shannon	73095c53b8	Python: Add another AST test.	2019-01-17 11:24:41 +00:00
Taus Brock-Nannestad	e8c092ad72	Python: Support the dill pickling library.	2019-01-16 14:53:42 +01:00
Mark Shannon	65337ef835	Merge pull request #564 from taus-semmle/python-insecure-ssl-version ... Python: Check for insecure versions of SSL and TLS.	2019-01-16 12:32:30 +00:00
Mark Shannon	7b8468d81b	Python: Add bulk regression test for CFG successors.	2019-01-16 11:48:58 +00:00
Mark Shannon	e506bf85e8	Python: Add some regression tests for CFG of comparisons.	2019-01-16 11:45:20 +00:00
Mark Shannon	d1d898efac	Python: Add regression test for code that proved problematic with the new parser.	2019-01-16 11:44:11 +00:00
Mark Shannon	bc4301f7b1	Python: Add an extra test for import parsing.	2019-01-16 11:32:59 +00:00
Mark Shannon	b8a91d4b1e	Python tests: Add a few tests to check parsing and location of comparisons.	2019-01-16 11:27:57 +00:00
Mark Shannon	c9a929fb23	Python tests: Increase import depth to ensure sre_constants module is imported.	2019-01-14 11:18:36 +00:00
Mark Shannon	33a2315ba0	Python tests: Increase import depth to ensure sre_constants module is imported.	2019-01-11 12:15:56 +00:00
Taus Brock-Nannestad	46973f4305	Support from ssl import PROTOCOL_....	2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad	dfe3fc6d5c	Pass pyOpenSSL method as parameter instead of keyword argument.	2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad	a893dca06e	Add support for ssl.SSLContext.	2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad	0a839f8468	Python: Check for insecure versions of SSL and TLS.	2019-01-07 15:24:15 +01:00
Mark Shannon	6b5ad0d928	Python: Detect a wider range of generated files.	2018-12-27 15:01:10 +00:00
Taus	cb93017d98	Merge pull request #606 from markshannon/python-fix-regex-fp ... Python: Fix off-by-one error in regex parsing.	2018-12-06 12:59:44 +01:00
Taus	8493518135	Merge pull request #599 from markshannon/python-fix-essa-nonlocal ... Python ESSA: Fix definition of ESSA non-local variables.	2018-12-04 17:06:30 +01:00
Mark Shannon	a5b79e92a5	Python: Fix off-by-one error in regex parsing.	2018-12-03 16:50:47 +00:00
Mark Shannon	d32e6b8501	Python tests: Make sure stdlib can be found.	2018-12-03 11:55:57 +00:00
Mark Shannon	fb90d2a5a6	Python points-to: Update test results for fixed ESSA computation.	2018-12-03 11:13:18 +00:00
Mark Shannon	b3eaa46f14	Python: Use consistent abbreviations in weak-crypto query message.	2018-11-28 16:58:22 +00:00
Mark Shannon	1065ad0ce7	Python: Weak crypto query.	2018-11-28 16:57:34 +00:00
Mark Shannon	eefb45c94b	Python: jinja2-without-escaping query: Clean up query and account for Template class in tests.	2018-11-28 10:46:44 +00:00
Mark Shannon	1080525d7d	Python: Add missing test stub.	2018-11-28 10:45:48 +00:00
Mark Shannon	243280dc00	Python: New query to check for use of jinja2 templates without auto-escaping.	2018-11-28 10:45:19 +00:00
Mark Shannon	31ac33e723	Merge pull request #528 from taus-semmle/python-flask-debug ... Python: Implement check for flask debug mode.	2018-11-27 19:42:26 +00:00
Taus	2b340b4804	Merge pull request #530 from markshannon/python-no-cert-validation ... New query to check for making a request without cert verification.	2018-11-27 19:01:10 +01:00
Taus Brock-Nannestad	6ebf504d97	Update test results after stub change.	2018-11-27 16:59:19 +01:00
Taus Brock-Nannestad	8d341ab467	Fix stub file.	2018-11-27 16:56:09 +01:00
Taus Brock-Nannestad	a4da245809	Python: Implement check for flask debug mode.	2018-11-27 15:14:38 +01:00
Taus	f0fbed76e7	Merge pull request #539 from markshannon/python-path-fix-siblings ... Python: Fix parents relation for path queries.	2018-11-23 17:59:04 +01:00
Mark Shannon	3190b12544	Python: Fix parent relation for path-queries.	2018-11-23 15:04:01 +00:00
Mark Shannon	6588606739	Python: Account for other 'falsey' values in query.	2018-11-23 14:42:45 +00:00
Mark Shannon	45e864a395	Python: New query to test for requests without validation.	2018-11-23 14:42:45 +00:00
Mark Shannon	f0206a2ff4	Python: Tests for new query: requests called with verify=False.	2018-11-23 14:42:45 +00:00
Mark Shannon	b94493aec3	Python: Add extra sinks for command-injection query.	2018-11-23 14:29:02 +00:00
Mark Shannon	61bd8682df	Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly.	2018-11-23 12:32:14 +00:00
Mark Shannon	c01db23f58	Python: Fix up expected results of SqlInjection.ql	2018-11-22 11:05:09 +00:00