9547 Commits

Author	SHA1	Message	Date
Rasmus Lerchedahl Petersen	175a06fe73	Python: Fix compile error due to predicate rename	2021-10-01 10:33:42 +02:00
Rasmus Wriedt Larsen	2d5c6e2723	Python: FastAPI: Add taint test	2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen	c839f35485	Python: FastAPI: Proper modeling of implicit returns	2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen	50147708bf	Python: FastAPI: Model response classes ... Figuring out how to do the `media_type` tracking was quite difficult.	2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen	eef946a0c8	Python: FastAPI: Add test for custom response annotation ... It really is rather contrived, but it also _does_ work.	2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen	c9895b54fe	Python: FastAPI: Add tests for direct response construction	2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen	c50c805f5f	Python: FastAPI: Model Cookie Writes	2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen	d34c5fd72f	Python: FastAPI: Add tests with response parameter	2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen	285de2b4c8	Python: FastAPI: Add support for APIRouter	2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen	b1f8b5352b	Python: FastAPI: Add support for api_route ... Note that `route` did not actually work (that also comes from the underlying web framework library Starlette)	2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen	3661ff3bd8	Python: Add basic FastAPI support	2021-09-30 19:14:14 +02:00
Rasmus Lerchedahl Petersen	35d9005eae	Python: typo again..	2021-09-30 14:39:44 +02:00
Rasmus Lerchedahl Petersen	f3fc56a167	Python: typos	2021-09-30 14:39:05 +02:00
Rasmus Lerchedahl Petersen	d19d37bf9b	Python: more suggestions from review	2021-09-30 14:36:26 +02:00
yoff	c1c63d0c28	Merge pull request #6738 from RasmusWL/qldoc-getArgByName ... Python: Add QLDoc to `Function.getArgByName`	2021-09-30 14:11:18 +02:00
yoff	46e62cd963	Apply suggestions from code review ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2021-09-30 14:00:18 +02:00
Rasmus Lerchedahl Petersen	02e91b3902	Python: Model functions that will raise ... on non-existing files.	2021-09-30 13:36:24 +02:00
Rasmus Lerchedahl Petersen	fc9fb59082	Python: Add comments	2021-09-30 10:05:57 +02:00
Rasmus Lerchedahl Petersen	115113888f	Python: Add change note	2021-09-29 16:58:14 +02:00
Rasmus Lerchedahl Petersen	cc1c32cf0e	Python: model file accesses	2021-09-29 16:53:25 +02:00
Rasmus Wriedt Larsen	ba990f72f2	Another hasLocationInfo URL reference fix	2021-09-29 14:00:28 +02:00
Rasmus Wriedt Larsen	987b573709	Fix hasLocationInfo URL reference ... Follow up to https://github.com/github/codeql/pull/5830	2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen	aafae24ef2	update qhelp	2021-09-28 23:11:02 +02:00
Erik Krogh Kristensen	8d556ed1e1	Update python/ql/lib/semmle/python/security/BadTagFilterQuery.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2021-09-28 23:04:28 +02:00
Rasmus Wriedt Larsen	8df3dab121	Python: Adjust .expected with subpaths	2021-09-28 17:04:20 +02:00
Rasmus Wriedt Larsen	e472814ddd	Python: Fix XXE qhelp	2021-09-28 17:02:39 +02:00
Rasmus Wriedt Larsen	9c286a1b50	Python: fix name of .qhelp file	2021-09-28 16:57:46 +02:00
Rasmus Wriedt Larsen	67fddda6d2	Merge branch 'main' into jorgectf/python/deserialization	2021-09-28 16:49:33 +02:00
Rasmus Lerchedahl Petersen	a5912ff76d	Python: Align implementations of awaited.	2021-09-28 16:42:19 +02:00
Rasmus Lerchedahl Petersen	3c1206f873	Python: Model more awaiting construcs ... in API graphs. Some unsatisfactory lack of understanding here.	2021-09-27 16:41:01 +02:00
Rasmus Lerchedahl Petersen	f6311bf051	Python: model other awaiting constructs	2021-09-27 14:32:55 +02:00
Rasmus Lerchedahl Petersen	15b07bfcc0	Python: Model sql executions	2021-09-27 14:15:58 +02:00
Rasmus Wriedt Larsen	ded3088529	Python/JS: Recognize SHA-3 hash functions ... Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf	2021-09-27 12:08:40 +02:00
Rasmus Wriedt Larsen	547cbb6322	Merge pull request #6331 from porcupineyhairs/pythonXpath ... Python : Improve Xpath Injection Query	2021-09-24 18:11:08 +02:00
Rasmus Wriedt Larsen	d39df18544	Python: Minor test cleanup	2021-09-24 16:11:27 +02:00
Rasmus Wriedt Larsen	26d2fbd217	Python: Fix new XPath injection query ... Fixes the typo `ETXpath` => `ETXPath`	2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen	913a679ef5	Python: Replace old XPath injection query	2021-09-24 15:10:41 +02:00
Rasmus Wriedt Larsen	c9640ffdbc	Python: Minor adjustments to XPath Injection	2021-09-24 15:02:39 +02:00
Rasmus Lerchedahl Petersen	520a2da8ab	Python: Add tests for asyncpg	2021-09-24 14:41:50 +02:00
Rasmus Wriedt Larsen	289660067c	Merge branch 'main' into pythonXpath	2021-09-24 13:53:38 +02:00
haby0	9b969e15fc	Modify according to @yoff suggestion	2021-09-24 12:56:10 +08:00
Rasmus Lerchedahl Petersen	f2fbeed490	Python: Model os.path-functions	2021-09-23 15:30:00 +02:00
Rasmus Lerchedahl Petersen	81adb7dd2a	Python: Add tests for os.path-functions	2021-09-23 15:28:05 +02:00
Rasmus Wriedt Larsen	f14e3f6007	Merge pull request #5445 from jorgectf/jorgectf/python/ldapinsecureauth ... Python: Add LDAP Insecure Authentication query	2021-09-23 11:08:13 +02:00
Rasmus Wriedt Larsen	ef6e502ff0	Python: Make LDAP global options test better ... Before it didn't really showcase that we know it can make connections secure.	2021-09-23 10:18:18 +02:00
Rasmus Wriedt Larsen	70489b2fc2	Merge branch 'main' into jorgectf/python/ldapinsecureauth	2021-09-23 10:05:56 +02:00
Rasmus Wriedt Larsen	d4564d5dd1	Python: Add QLDoc to Function.getArgByName	2021-09-23 10:01:04 +02:00
Erik Krogh Kristensen	805d1d170c	do not filter away regular expressions with lookbehinds	2021-09-22 17:14:29 +02:00
Rasmus Wriedt Larsen	8badba26b8	Python: Minor SQLALchemy comment fixes	2021-09-22 13:58:29 +02:00
haby0	6c07a3e260	Apply @yoff's suggestion	2021-09-22 18:50:58 +08:00