hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,238 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.5
Commit Graph

286 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
383b5f2ff2 implement RegExpSubPattern.getOperand in the Python regexp implementation 2021-07-15 09:41:53 +02:00
Erik Krogh Kristensen
440e4b9a92 enable unicode support in the Python ReDoS query 2021-07-11 21:28:40 +02:00
Taus
e4af14638b Merge pull request #6175 from yoff/python-port-ReDoS 
Python: port ReDoS queries from Javascript
 2021-06-30 16:26:07 +02:00
Rasmus Lerchedahl Petersen
651f8abba0 Python: Avoid multiple results for toString 2021-06-30 14:39:49 +02:00
Rasmus Lerchedahl Petersen
09e71cfdfd Python: update test expectations 2021-06-30 12:25:29 +02:00
Rasmus Lerchedahl Petersen
40ac91eecd Python: Add some tests for exponential ReDoS 
- `KnownCVEs` contain the currently triaged Python CVEs
- `unittest.py` contains some tests constructed by @erik-krogh
- `redos.py` contains a port of `tst.js` from javascript
The expected file has been ported as well with some fixups by @tausbn
 2021-06-28 17:04:49 +02:00
Rasmus Wriedt Larsen
9573048ee8 Python: Port py/clear-text-logging-sensitive-data 2021-06-25 14:35:31 +02:00
Rasmus Wriedt Larsen
a9469b73d9 Python: Port py/clear-text-storage-sensitive-data 2021-06-24 17:39:08 +02:00
Rasmus Wriedt Larsen
e2facd0981 Python: Expand cleartext query tests 2021-06-23 10:50:04 +02:00
Rasmus Wriedt Larsen
5506365b0e Python: Split cleartext tests 2021-06-23 10:50:04 +02:00
Rasmus Wriedt Larsen
dee93783a2 Python: Update .expected for py/weak-sensitive-data-hashing 
Now there is a path from the _imports_ of the functions that would
return sensitive data, so we produce more alerts.

I'm not entirely happy about this "double reporting", but I'm not sure
how to get around it without either:

1. disabling the extra taint-step for calls. Not ideal since we would
   loose good sources.
2. disabling the extra sources based on function name. Not ideal since
   we would loose good sources.
3. disabling the extra sources based on function name, for those calls
   that would be handled with the extra taint-step for calls. Not ideal
   since that would require running the data-flow query initially to
   prune these out :|

So for now, I think the best approach is to accept some risk on this,
and ship to learn :)
 2021-06-11 13:56:55 +02:00
CodeQL CI
a241c114da Merge pull request #5836 from RasmusWL/ec-class-improvement 
Approved by tausbn
 2021-06-10 06:20:56 -07:00
Rasmus Wriedt Larsen
97fadd9970 Merge branch 'main' into port-weak-crypto-algorithm 2021-05-18 14:04:18 +02:00
Rasmus Wriedt Larsen
d50f22504e Python: Fix .expected 2021-05-05 14:07:15 +02:00
Rasmus Wriedt Larsen
ac83c695ad Python: Add py/weak-sensitive-data-hashing query 2021-04-22 15:23:41 +02:00
Rasmus Wriedt Larsen
56c409737d Python: Port py/weak-cryptographic-algorithm 
The other query (py/weak-sensitive-data-hashing) is added in future commit
 2021-04-22 15:23:38 +02:00
Rasmus Wriedt Larsen
cf64701bcb Python: Move weak-crypto-algorithm tests to own folder 2021-04-22 14:51:13 +02:00
Rasmus Lerchedahl Petersen
9f91dde76f Python: Update test expectation after comment 2021-04-12 09:58:06 +02:00
yoff
38daeb4df2 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-07 15:50:51 +02:00
Rasmus Lerchedahl Petersen
a0e3e3afaf Python: adjust test expectations 2021-04-07 08:22:36 +02:00
Rasmus Lerchedahl Petersen
094d2f3b7d Python: clean up tests 2021-04-06 22:59:58 +02:00
Rasmus Lerchedahl Petersen
1be2be843d Python: update test expectations 2021-03-26 13:08:23 +01:00
Rasmus Lerchedahl Petersen
c93e0c08fd Merge branch 'python-port-insecure-protocol' of github.com:yoff/codeql into python-port-insecure-protocol 2021-03-26 00:26:33 +01:00
yoff
54dad57cf4 Update python/ql/test/query-tests/Security/CWE-327/pyOpenSSL_fluent.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-26 00:25:40 +01:00
Rasmus Lerchedahl Petersen
2b257318f1 Python: more precise comment 2021-03-25 23:22:24 +01:00
yoff
164b383fda Update python/ql/test/query-tests/Security/CWE-327/pyOpenSSL_fluent.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-19 19:12:13 +01:00
Rasmus Lerchedahl Petersen
e0e6d5724e Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-18 23:34:53 +01:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
Rasmus Wriedt Larsen
315127d888 Python: Also test py/insecure-default-protocol on Python 3 2021-03-17 14:53:36 +01:00
Rasmus Wriedt Larsen
fbbec5d2b9 Merge pull request #5118 from yoff/python-port-stacktrace-exosure 
Python: Port stack trace exposure
 2021-03-16 14:52:44 +01:00
Rasmus Wriedt Larsen
50978364a6 Merge pull request #5246 from yoff/python-port-insecure-default-protocol 
Python: Port insecure default protocol
 2021-03-16 14:30:19 +01:00
Rasmus Lerchedahl Petersen
6fff746b16 Merge branch 'main' of github.com:github/codeql into python-port-insecure-protocol 2021-03-15 17:37:28 +01:00
Rasmus Lerchedahl Petersen
514a69c47a Python: Support ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:30:01 +01:00
Rasmus Lerchedahl Petersen
87f3ba2684 Python: add tests for ssl.PROTOCOL_TLS_SERVER 
and `ssl.PROTOCOL_TLS_CLIENT`
 2021-03-15 17:24:39 +01:00
Rasmus Lerchedahl Petersen
731f4559b4 Python: update test expectations 2021-03-15 17:23:58 +01:00
Rasmus Lerchedahl Petersen
4094b18407 Python: Clean up tests 2021-03-15 16:28:08 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Rasmus Lerchedahl Petersen
7142ddcb25 Python: add taint step for __traceback__ 2021-03-08 08:13:07 +01:00
Rasmus Lerchedahl Petersen
b36e0d0be7 Python: target SSA variable rather than Cfg node 
also add "INTERNAL: Do not use."
also give test functions different names
 2021-03-08 08:04:42 +01:00
Rasmus Lerchedahl Petersen
296297915c Python: add test for __traceback__ 2021-03-07 17:50:28 +01:00
yoff
d17246ce2b Merge pull request #5255 from RasmusWL/port-flask-debug 
Python: port py/flask-debug query
 2021-03-05 09:39:14 +01:00
Rasmus Lerchedahl Petersen
7d556b354d Python: Update test annotation and expectation 2021-03-05 09:16:35 +01:00
Rasmus Lerchedahl Petersen
9f8a028dfc Python: add .expected-file 2021-03-04 00:12:34 +01:00
Rasmus Lerchedahl Petersen
d02c529872 Python: Update annotation 2021-03-04 00:06:36 +01:00
Rasmus Lerchedahl Petersen
cbbc7b2bcd Python: support unrestrictions 
Also pyOpenSSL allows SSL 2 and SSL 3 on `SSLv23`
 2021-03-03 23:42:48 +01:00
Rasmus Lerchedahl Petersen
7a1d953fca Python: More tests 2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
60525ec301 Python: Also track offending call 
update test expectations at this point
 2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
9e696ff0fb Python: Add false negative to test 2021-03-03 17:50:47 +01:00
Rasmus Lerchedahl Petersen
ea8c6f04e2 Python: Update old test and qlhelp 2021-03-03 17:50:46 +01:00
Rasmus Lerchedahl Petersen
87e1a062ea Python: fluent api tests 2021-03-03 17:50:46 +01:00