hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,991 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.4
Commit Graph

2210 Commits

Author SHA1 Message Date
yoff
5aee715931 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-11 13:00:21 +02:00
haby0
c2d0fcfbe6 Update python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:46:02 +08:00
haby0
29ddc76e2f Update python/ql/test/experimental/query-tests/Security/CWE-117/LogInjection.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:43:30 +08:00
Rasmus Wriedt Larsen
8444388ec7 Python: Update .expected 2021-10-11 09:48:56 +02:00
Rasmus Lerchedahl Petersen
64b1aeaecd Python: Shorten toString for module vars 2021-10-10 15:59:31 +02:00
Rasmus Lerchedahl Petersen
0aa632d149 Python: Move writing of module vars 
into runtime jump steps.
 2021-10-10 15:49:33 +02:00
Rasmus Wriedt Larsen
a50b193c40 Python: Model data-flow for x or y and x and y 2021-10-08 18:32:30 +02:00
Rasmus Wriedt Larsen
15476c2513 Python: Add data-flow tests for BoolExp 
> 6.11. Boolean operations

> The expression x and y first evaluates x; if x is false, its value is
> returned; otherwise, y is evaluated and the resulting value is
> returned.

> The expression x or y first evaluates x; if x is true, its value is
> returned; otherwise, y is evaluated and the resulting value is
> returned.
 2021-10-08 18:29:06 +02:00
Rasmus Lerchedahl Petersen
705970cedd Python: Update tests to use correct tag 2021-10-08 16:57:36 +02:00
Rasmus Lerchedahl Petersen
8ba01abcd6 Merge branch 'python-dataflow/init-time' of github.com:yoff/codeql into python-dataflow/init-time 2021-10-08 16:53:08 +02:00
Rasmus Lerchedahl Petersen
4807f50c00 Merge branch 'main' of github.com:github/codeql into python-dataflow/init-time 2021-10-08 14:55:01 +02:00
Rasmus Wriedt Larsen
5e6f042f6e Python: Model pickle.Unpickler 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
75b06d8a25 Python: Model dill.load 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
4820be3b10 Python: Model keyword arguments to dill.loads 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
f9333fc551 Python: Expand dill tests 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
42980a1ab4 Python: Model shelve.open 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
a81d359669 Python: Model marshal.load 2021-10-07 21:27:51 +02:00
Rasmus Wriedt Larsen
1b61296ea5 Python: Model pickle.load 2021-10-07 21:25:48 +02:00
Rasmus Wriedt Larsen
27c368a444 Python: Model keyword arguments to pickle.loads 2021-10-07 21:24:12 +02:00
Rasmus Wriedt Larsen
3592b09d56 Python: Expand stdlib decoding tests 
The part about claiming there is decoding of the input to `shelve.open`
is sort of an odd one, since it's not the filename, but the contents of
the file that is decoded.

However, trying to only handle this problem through path injection is
not enough -- if a user is able to upload and access files through
`shelve.open` in a path injection safe manner, that still leads to code
execution.

So right now the best way we have of modeling this is to treat the
filename argument as being deserialized...
 2021-10-07 21:11:51 +02:00
yoff
933412eb8d Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-07 17:45:07 +02:00
Owen Mansel-Chan
938d003e5e Fix example to use space after $ for consistency 2021-10-02 08:11:49 +01:00
Owen Mansel-Chan
25792b2a45 Change class name to avoid clash with Go and Javascript libraries 2021-10-02 08:04:17 +01:00
Rasmus Wriedt Larsen
2d5c6e2723 Python: FastAPI: Add taint test 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
c839f35485 Python: FastAPI: Proper modeling of implicit returns 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
50147708bf Python: FastAPI: Model response classes 
Figuring out how to do the `media_type` tracking was quite difficult.
 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
eef946a0c8 Python: FastAPI: Add test for custom response annotation 
It really is rather contrived, but it also _does_ work.
 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
c9895b54fe Python: FastAPI: Add tests for direct response construction 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
c50c805f5f Python: FastAPI: Model Cookie Writes 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
d34c5fd72f Python: FastAPI: Add tests with response parameter 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
285de2b4c8 Python: FastAPI: Add support for APIRouter 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
b1f8b5352b Python: FastAPI: Add support for api_route 
Note that `route` did not actually work (that also comes from the
underlying web framework library Starlette)
 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
3661ff3bd8 Python: Add basic FastAPI support 2021-09-30 19:14:14 +02:00
Rasmus Lerchedahl Petersen
cc1c32cf0e Python: model file accesses 2021-09-29 16:53:25 +02:00
Rasmus Lerchedahl Petersen
3c1206f873 Python: Model more awaiting construcs 
in API graphs.
Some unsatisfactory lack of understanding here.
 2021-09-27 16:41:01 +02:00
Rasmus Lerchedahl Petersen
f6311bf051 Python: model other awaiting constructs 2021-09-27 14:32:55 +02:00
Rasmus Lerchedahl Petersen
15b07bfcc0 Python: Model sql executions 2021-09-27 14:15:58 +02:00
Rasmus Wriedt Larsen
ded3088529 Python/JS: Recognize SHA-3 hash functions 
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 2021-09-27 12:08:40 +02:00
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00
Rasmus Wriedt Larsen
d39df18544 Python: Minor test cleanup 2021-09-24 16:11:27 +02:00
Rasmus Wriedt Larsen
26d2fbd217 Python: Fix new XPath injection query 
Fixes the typo `ETXpath` => `ETXPath`
 2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen
913a679ef5 Python: Replace old XPath injection query 2021-09-24 15:10:41 +02:00
Rasmus Lerchedahl Petersen
520a2da8ab Python: Add tests for asyncpg 2021-09-24 14:41:50 +02:00
Rasmus Lerchedahl Petersen
f2fbeed490 Python: Model os.path-functions 2021-09-23 15:30:00 +02:00
Rasmus Lerchedahl Petersen
81adb7dd2a Python: Add tests for os.path-functions 2021-09-23 15:28:05 +02:00
Rasmus Wriedt Larsen
f14e3f6007 Merge pull request #5445 from jorgectf/jorgectf/python/ldapinsecureauth 
Python: Add LDAP Insecure Authentication query
 2021-09-23 11:08:13 +02:00
Rasmus Wriedt Larsen
ef6e502ff0 Python: Make LDAP global options test better 
Before it didn't really showcase that we know it can make connections
secure.
 2021-09-23 10:18:18 +02:00
Rasmus Wriedt Larsen
70489b2fc2 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-23 10:05:56 +02:00
Rasmus Wriedt Larsen
8badba26b8 Python: Minor SQLALchemy comment fixes 2021-09-22 13:58:29 +02:00
Rasmus Wriedt Larsen
a83bb39d0f Python: Merge SQLAlchemy TextClause injection into py/sql-injection 
As discussed in a meeting today, this will end up presenting an query
suite that's easier to use for customers.

Since https://github.com/github/codeql/pull/6589 has JUST been merged,
if we get this change in fast enough, no end-user will ever have run
`py/sqlalchemy-textclause-injection` as part of LGTM.com or Code
Scanning.
 2021-09-21 20:21:42 +02:00