9 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	5924e88a86	Python: Support read on Django file	2022-05-27 11:18:26 +02:00
Rasmus Wriedt Larsen	6e9d9fcbbd	Python: Improve taint steps in for & iterable unpacking ... These were written way before the ones in DataFlowPrivate, but apparently didn't cover quite as much :|	2021-07-22 14:16:17 +02:00
Rasmus Wriedt Larsen	4f4dec50f2	Python: Model ResovlerMatch in Django ... Like before, omitted ClassInstantiation	2021-07-22 10:43:13 +02:00
Rasmus Wriedt Larsen	7dc6518350	Python: Add FileLikeObject modeling ... Such that the result of `request.FILES["key"].file.read()` is tainted	2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen	18c0d13efd	Python: Model most of UploadedFile in Django	2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen	5ec5557203	Python: Model MultiValueDict in Django	2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen	51b543c67c	Python: Model taint for django request methods	2021-07-21 16:35:09 +02:00
Rasmus Wriedt Larsen	3e7dc12246	Python: Port taint tests to use inline expectations ... The meat of this PR is described in the new python/ql/test/experimental/meta/InlineTaintTest.qll file: > Defines a InlineExpectationsTest for checking whether any arguments in > `ensure_tainted` and `ensure_not_tainted` calls are tainted. > > Also defines query predicates to ensure that: > - if any arguments to `ensure_not_tainted` are tainted, their annotation is marked with `SPURIOUS`. > - if any arguments to `ensure_tainted` are not tainted, their annotation is marked with `MISSING`. > > The functionality of this module is tested in `ql/test/experimental/meta/inline-taint-test-demo`.	2021-04-15 18:00:33 +02:00
Rasmus Wriedt Larsen	d9079e34e3	Python: Move framework tests out of experimental ... Since they are not experimental anymore 😄	2021-03-19 15:51:54 +01:00