hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,671 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

2229 Commits

Author SHA1 Message Date
yoff
0240631510 Merge pull request #6782 from RasmusWL/fastapi 
Python: Model FastAPI
 2021-11-02 14:16:12 +01:00
Rasmus Wriedt Larsen
8ee804a8c2 Python: Add toml modeling 2021-11-02 11:57:15 +01:00
Rasmus Wriedt Larsen
14bc297946 Python: Add toml encode/decode test 2021-11-02 11:57:06 +01:00
Rasmus Wriedt Larsen
a7e4e5ef83 Python: Add rest_framework Response modeling 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
62d30630aa Python: Add rest_framework Request taint modeling 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
5d77e62f3a Python: Add basic rest_framework Request modeling 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
57e13c6066 Python: rest_framework.decorators.api_view handling 
Had to expose even more things, and had to make the `DjangoRouteHandler`
modeling more flexible so I could extend the char-pred in a different
file.
 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
222db37c0d Python: Add initial rest_framework modeling 
I had to make the Django and PrivateDjango modeling non-private :O
 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
a64e939d71 Python: Add note about .method 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
75e2555a8a Python: Add rest_framework taint tests 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
095f896f95 Python: Add examples of class/function based views 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
9bbf08ddcf Python: Add simple Django REST framework code 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
9d843153d4 Python: Set up test for Django REST framework 
this is just pure Django project for now, (and very much a copy of the
one in `django-v2-v3`), to make it easier to see the changes needed to
set up Django REST framework.
 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
b7b9120724 Python: Better handling of Pydantic models 2021-11-02 10:29:17 +01:00
Rasmus Wriedt Larsen
c207580ed9 Python: Add extra FastAPI taint tests 2021-11-02 10:20:09 +01:00
yoff
1c78c792ff Merge pull request #6991 from RasmusWL/flask-blueprints 
Python: Support `flask.blueprints.Blueprint`
 2021-10-29 14:06:43 +02:00
Rasmus Wriedt Larsen
85f00fda19 Merge pull request #6776 from yoff/python/model-asyncpg 
Python: Model `asyncpg`
 2021-10-29 13:54:44 +02:00
Rasmus Lerchedahl Petersen
0f2f68bcbb Python: rename file 2021-10-28 19:14:02 +02:00
Rasmus Lerchedahl Petersen
8536f5f5a2 Python: remember to update refs... 2021-10-28 14:32:53 +02:00
Rasmus Lerchedahl Petersen
c92249525b Python: update test expectations 2021-10-28 14:03:09 +02:00
Rasmus Wriedt Larsen
a33a8fd518 Python: Support flask.blueprints.Blueprint 
Thanks to @haby0 who originally proposed this as part of
https://github.com/github/codeql/pull/6977
 2021-10-28 14:02:03 +02:00
Rasmus Wriedt Larsen
8c3349f40f Python: Properly model flask.send_from_directory 
To not include `filename` as path-injection sink.
 2021-10-28 13:41:39 +02:00
Rasmus Wriedt Larsen
6648a695eb Python: Add flask specific path-injection test 2021-10-28 13:34:18 +02:00
jorgectf
3dec222922 Merge remote-tracking branch 'origin/main' into jorgectf/python/jwt-queries 2021-10-28 13:11:46 +02:00
Rasmus Wriedt Larsen
436152a46d Python: Refactor flask file sending tests 2021-10-28 12:37:07 +02:00
Rasmus Wriedt Larsen
6d09334cba Merge pull request #6330 from porcupineyhairs/pyPathTraversal 
Python : Add Flask sinks for path injection query
 2021-10-28 11:39:40 +02:00
Rasmus Wriedt Larsen
3fa66519f5 Merge branch 'main' into fastapi 2021-10-28 11:37:40 +02:00
Rasmus Wriedt Larsen
358663ffbb Python: Fix tests 2021-10-28 11:14:41 +02:00
yoff
9478faf040 Merge pull request #6967 from RasmusWL/ruamel.yaml 
Python: Model `ruamel.yaml` PyPI package
 2021-10-28 10:19:08 +02:00
Rasmus Lerchedahl Petersen
cca675a161 Python: Add test for async taint 
(which we belive we have just broken)
 2021-10-28 09:47:04 +02:00
Porcuiney Hairs
4fd3f212f8 Python : Add Flask sinks for path injection query 2021-10-28 02:12:11 +05:30
Rasmus Lerchedahl Petersen
06586a13a3 Python: merge tests files 2021-10-27 11:55:04 +02:00
Rasmus Lerchedahl Petersen
826f44d98e Python: Share implementation of awaited 2021-10-27 11:41:18 +02:00
Rasmus Wriedt Larsen
cd6d73d553 Python: Handle kwarg in PyYAML 
Really surprised that we didn't already :|
 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
6c0083e584 Python: Add PoC for PyYAML code execution 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
1ce09afa08 Python: Add modeling of ruamel.yaml PyPI package 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
29e3abc977 Python: FastAPI: Add HTTP header taint example 2021-10-26 15:34:16 +02:00
Erik Krogh Kristensen
44afa34e37 Merge branch 'main' of github.com:github/codeql into htmlReg 2021-10-26 14:46:27 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
Rasmus Lerchedahl Petersen
8a81d42e6f Python: more logic adjustment 
Not sure why the missing result is missing. There is
and edge with label `getAwaited` from `pkg.async_func` on line 22
to `coro` on line 23.
 2021-10-26 10:57:27 +02:00
Rasmus Lerchedahl Petersen
f91e43c068 Python: Add more honest test for awaited 2021-10-26 10:43:06 +02:00
Rasmus Lerchedahl Petersen
a8a181a32f Python: adjust logic and add tests 
Due to the way paths a re printed, the tests look surprising
 2021-10-26 09:55:47 +02:00
Rasmus Wriedt Larsen
7619d0fc33 Python: FastAPI: Model WebSocket usage 2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen
b69977b37a Python: FastAPI: Ignore scheme as tainted 
reasoning highlighted in the comment
 2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen
bd8eec8475 Python: FastAPI: Add websocket test 2021-10-25 15:23:33 +02:00
Rasmus Wriedt Larsen
7e7a6464ec Python: FastAPI: Model extra-taint for pydantic models 
It feels a bit strange to add it to `frameworks.rst` since we only
support a little bit of it, but if I don't do it now, we will most
likely forget to do it later on (since it has already been added to
`frameworks.qll`).
 2021-10-25 15:22:50 +02:00
Rasmus Lerchedahl Petersen
5a02b3880e Python: use SqlConstruction in SqlAlchemy and 
`SqlInjection`
 2021-10-25 13:30:14 +02:00
Rasmus Lerchedahl Petersen
e5b68d68cb Python: Use SqlConstruction in Asyncpg.qll 2021-10-25 13:15:09 +02:00
Rasmus Lerchedahl Petersen
03ada6e97a Python: Add concept test for SqlConstruction 2021-10-25 13:09:43 +02:00
Rasmus Wriedt Larsen
f5464b79e4 Merge branch 'main' into fastapi 2021-10-25 09:49:42 +02:00