9615 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	1f285b8983	Python: Rename to XmlParsingVulnerabilityKind ... To keep up with style guide	2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen	ab59d5c786	Python: Rename to XmlParsing ... To follow our style guide	2022-04-05 11:06:22 +02:00
Tom Hvitved	57f2a74636	Python: Implement ContentSet	2022-04-04 13:51:44 +02:00
Tom Hvitved	c4fbc618a9	Data flow: Sync files	2022-04-04 13:51:44 +02:00
Tom Hvitved	50dc3820c6	Merge pull request #8589 from hvitved/regex/speedup-concretise	2022-04-03 17:56:07 +02:00
github-actions[bot]	6af568b16d	Post-release preparation for codeql-cli-2.8.5	2022-04-01 16:22:14 +00:00
Chris Smowton	3119885a9b	Merge pull request #8638 from smowton/smowton/docs/additional-flow-step-description ... Improve wording of isAdditionalFlow/TaintStep qldoc	2022-04-01 16:41:04 +01:00
Chris Smowton	28fa49dcd6	dataflow -> data-flow	2022-04-01 13:22:58 +01:00
Rasmus Wriedt Larsen	ba011fb13f	Merge pull request #8601 from zbazztian/recognize-flask-named-body-param ... Python: Flask: Identify body contents passed via named response parameter in invocations of Response constructor	2022-04-01 14:19:28 +02:00
Sebastian Bauersfeld	504e7e4a55	Update python/ql/lib/change-notes/2022-03-30-flask-recognize-body-param.md ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-04-01 18:41:27 +07:00
Erik Krogh Kristensen	eae2a6af36	update expected output for Locations.ql	2022-04-01 12:58:00 +02:00
Erik Krogh Kristensen	ed7e1206ff	rename isBeforeCode to isCommentAfterCode	2022-04-01 12:55:00 +02:00
github-actions[bot]	ee746d20df	Release preparation for version 2.8.5	2022-04-01 10:39:31 +00:00
Chris Smowton	3b0bd3bc0f	Improve wording	2022-04-01 11:31:31 +01:00
Chris Smowton	99026a6071	Improve wording of isAdditionalFlow/TaintStep qldoc	2022-04-01 11:07:27 +01:00
Rasmus Wriedt Larsen	d2b03bb480	Python: Fix SimpleXmlRpcServer.ql	2022-03-31 20:37:28 +02:00
Rasmus Wriedt Larsen	4abab22066	Python: Promote XXE and XML-bomb queries ... Need to write a change-note as well, but will do that tomorrow	2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen	b8d3c5e96f	Python: Remove last bits of experimental XML modeling	2022-03-31 18:40:26 +02:00
Rasmus Wriedt Larsen	5083023aa8	Python: Move XML parsing PoC ... Since the folder where it used to live is now empty otherwise :O	2022-03-31 18:37:47 +02:00
Rasmus Wriedt Larsen	673220b231	Python: Minor cleanup of XmlParsingTest	2022-03-31 18:18:35 +02:00
Rasmus Wriedt Larsen	b4c0065aeb	Python: Extend FileSystemAccess for xml.sax and xml.dom.* parsing	2022-03-31 18:08:47 +02:00
Rasmus Wriedt Larsen	1d7cec60ae	Python: xml.sax.parse is not a method call ... And it's not possible to provide a parser argument either	2022-03-31 17:50:23 +02:00
Rasmus Wriedt Larsen	e11269715d	Python: Promote xml.sax and xml.dom.* modeling	2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen	05bb0ef976	Python: Align xml.etree.ElementTree modeling ... I didn't find a good way to actually share the stuff, so we kinda just have 2 things that look very similar :|	2022-03-31 17:24:16 +02:00
Rasmus Wriedt Larsen	70b3eecdd5	Python: Merge xml.etree.ElementTree models ... I forgot about the existing ones when I promoted it	2022-03-31 17:13:11 +02:00
Tom Hvitved	46d69cf544	Regex: Further tweaks to concretise computations	2022-03-31 12:52:43 +02:00
Tom Hvitved	5181544790	Sync shared files	2022-03-31 12:52:42 +02:00
Tom Hvitved	0fb28f4bc9	Sync shared files	2022-03-31 12:52:42 +02:00
Rasmus Wriedt Larsen	db43d043c4	Python: Add test showing misalignment of xml.etree modeling	2022-03-31 11:55:46 +02:00
Rasmus Wriedt Larsen	543454eff2	Python: Model file access from XML parsing	2022-03-31 11:47:29 +02:00
Rasmus Wriedt Larsen	386ff53614	Python: Model lxml.iterparse	2022-03-31 11:32:22 +02:00
Rasmus Wriedt Larsen	12cbdcde28	Python: Model lxml.etree.XMLID	2022-03-31 11:21:24 +02:00
Rasmus Wriedt Larsen	6774085e7a	Python: Add note about parseid/XMLID	2022-03-31 11:19:25 +02:00
Rasmus Wriedt Larsen	a315aa84b2	Python: Add some links in QLDocs	2022-03-31 11:16:50 +02:00
Rasmus Wriedt Larsen	64aa503cc3	Python: Promote xml.etree modeling	2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen	7f5f7679f8	Python: Promote xmltodict modeling	2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen	80b5cde3a2	Python: Promote lxml parsing modeling	2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen	3040adfd9b	Python: Handle XMLParser().close() for XPath	2022-03-31 10:08:26 +02:00
Rasmus Wriedt Larsen	c4473c5f65	Python: Rename lxml XPath tests	2022-03-31 10:08:02 +02:00
Rasmus Wriedt Larsen	1ea4bcc59f	Python: Make XMLParsing a Decoding subclass	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	35ccba2ec1	Python: Promote XMLParsing concept test	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e45288e812	Python: => XMLParsingVulnerabilityKind ... Since there are other XML vulnerabilities that are not about parsing, this is more correct.	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e005a5c0ab	Python: Promote XMLParsing concept	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	9caf4be21b	Python: Add PortSwigger link to Xxe.qhelp ... I found this resource quite good myself at least :)	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	56b9c891d8	Python: Adjust XmlBomb.qhelp from JS	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	b00766b054	Python: Adjust XXE qhelp ... and remove the old copy, we don't need it anymore :)	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	c365337867	Python: Delete XmlEntityInjection.ql ... Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be used to write the new qhelp files	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	769f5691d0	Python: Add taint for StringIO and BytesIO	2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen	57b9780428	Python: XXE: Add example of exfiltrating data through dtd-retrival	2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen	a1d88e39a7	Python: Adjust XXE PoC for newer lxml versions ... Which doesn't raise that syntax error (at least not on my laptop)	2022-03-31 09:52:54 +02:00