hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,334 Commits 1,672 Branches 157 Tags
ginsbach/OverlayLocalJava
Commit Graph

611 Commits

Author SHA1 Message Date
amammad
1fe565a46f cherrypy framework file system access Sinks are added 2023-10-21 19:47:30 +02:00
Mathew Payne
a24e168ec0 Merge branch 'main' into py-restframework 2023-10-20 11:39:07 +01:00
Rasmus Wriedt Larsen
2d947a4f53 Merge pull request #13781 from maikypedia/maikypedia/python-unsafe-deserialization 
Python: Add unsafe deserialization sinks (CWE-502)
 2023-10-10 13:30:38 +02:00
amammad
6c8cc79b4d v1 2023-10-08 21:24:54 +02:00
Mathew Payne
a23904ca39 Add taint tests 2023-10-02 15:09:11 +01:00
Rasmus Wriedt Larsen
3162033d56 Python: Make tests run for django rest framework 2023-09-29 16:21:04 +02:00
Mathew Payne
19c93b0228 Add RestFramework tests 2023-09-29 14:41:57 +01:00
Rasmus Wriedt Larsen
db7b1eea55 Merge branch 'main' into maikypedia/python-unsafe-deserialization 2023-09-25 10:29:18 +02:00
Rasmus Wriedt Larsen
a45e10d64f Python: Slight rewrite of numpy test 
To use positional argument for allow_pickle
 2023-09-25 10:25:11 +02:00
Rasmus Wriedt Larsen
d1caa75053 Python: Fix format for pandas.read_pickle 2023-09-25 10:24:27 +02:00
Maiky
6d0ba5f97b Add allow_pickle to tests 
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com>
 2023-09-17 18:53:18 +02:00
Tom Hvitved
d3558f8579 Python: Update expected test output 2023-09-12 21:18:31 +02:00
Peter Stöckli
7aa5d2dc8a Python: move asyncio CMDi related tests to stdlib tests 2023-09-06 16:54:18 +02:00
Rasmus Wriedt Larsen
0b2458d065 Python: Improve modeling of Flask jsonify 
I also tested whether `Flask.jsonify` or `Flask().jsonify` worked, but
they do not.
 2023-08-29 11:11:32 +02:00
yoff
6e05246daa Merge pull request #13935 from yoff/python/mad-on-externals 
Python: MaD on externals
 2023-08-28 14:04:54 +02:00
yoff
00c0ebe9e4 Merge pull request #13738 from RasmusWL/path-steps 
Python: Include all assignments in data flow paths
 2023-08-22 11:58:11 +02:00
yoff
7f2f6f14e7 Merge pull request #13729 from yoff/python/model-aws-lambdas 
Python/JavaScript: Shared module for serverless functions
 2023-08-16 15:14:08 +02:00
Rasmus Lerchedahl Petersen
e6943ce98e Python: use standard test format 2023-08-15 15:26:18 +02:00
Rasmus Wriedt Larsen
ca93f4d223 Python: Accept .expected changes 2023-08-11 10:36:05 +02:00
Rasmus Lerchedahl Petersen
168a1e01a4 Python: move test to data extensions 
For this test, we can simply use the convention,
that a file called `[ql-file-stem].ext.yml` will be used
as data extensions exactly for the test represented by `ql-file`.
 2023-08-09 21:22:17 +02:00
Rasmus Wriedt Larsen
51a05286fa Merge pull request #13731 from pwntester/py/aiohttp_improvements 
Python: Aiohttp improvements
 2023-08-09 16:37:20 +02:00
Rasmus Wriedt Larsen
4f47461f60 Python: Add requested test 2023-08-08 10:44:48 +02:00
Maiky
a1782182dd Python: Add unsafe deserialization sinks (CWE-502) 2023-07-20 03:26:22 +02:00
Asger F
eb5c600a6b Python: fix some whitespace 2023-07-13 15:42:34 +02:00
Asger F
2b0a8097e6 Python: implement Fuzzy for Python 2023-07-13 15:42:34 +02:00
Rasmus Wriedt Larsen
991d5cc54b Python: Fix test of HttpResponse.getBody() 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
64a7206f3e Python: Improve aiohttp FileResponse/StreamResponse modeling 
However, notice that the concepts tests use the HttpResponse location
for the `responseBody` tag, which seems a little odd in this situation,
where they are actually separate. Will fix in next commit.
 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
15269c9166 Python: Add StreamResponse test 2023-07-13 13:57:08 +02:00
Rasmus Wriedt Larsen
0f9ab8f53e Python: Fixup tests 
But notice that keyword argument is not handled yet
 2023-07-13 13:57:08 +02:00
Alvaro Muñoz
ee1ba71e5d add tests 2023-07-13 13:07:12 +02:00
Rasmus Lerchedahl Petersen
4d2ce6b2e0 python: create shared serverless module and use it 
Modelled on the javascript serverless module, but
- The predicate that reports YAML files is now public
  so languages can implement their own file conventions.
- It also reports framework and runtime.
- The conveninece predicates with files still exist,
  but they only report the path.
- Handler mapping conventions are now documented.
- Use parameterised serverless module in Python,
  tests now pass.
 2023-07-12 16:42:01 +02:00
Rasmus Lerchedahl Petersen
a892e83c8e python: add simple test for AWS lambda 
made space for other serverless frameworks in the directory `serverless`
 2023-07-12 16:42:00 +02:00
Jeroen Ketema
8cee4f37a4 Merge branch 'main' into inline-5 2023-07-11 10:30:11 +02:00
Rasmus Wriedt Larsen
a850a481d0 Merge pull request #13676 from RasmusWL/aiohttp-ssrf-sink 
Python: Relax restriction of flow through `async with`
 2023-07-07 14:55:57 +02:00
Rasmus Wriedt Larsen
64a86e8fd7 Python: Update inline expectations 2023-07-07 11:32:05 +02:00
Rasmus Wriedt Larsen
1f93e5b58d Python: Relax restriction of flow through async with 2023-07-06 11:51:58 +02:00
Rasmus Wriedt Larsen
43af8d7ac5 Python: Fix test to use async with 
It doesn't work if just using plain `with`
 2023-07-06 11:34:05 +02:00
Rasmus Wriedt Larsen
79039dc7b8 Python: Wrap aiohttp client request in async def 
And I added `await` before all the `resp` assignments
 2023-07-06 11:29:14 +02:00
Jeroen Ketema
abe06e5b95 Python: Update remaining inline expectation tests to use the paramterized module 2023-07-03 10:22:35 +02:00
Jeroen Ketema
dba4460526 Python: Update more inline expectation tests to use the paramterized module 2023-06-20 10:16:15 +02:00
Rasmus Lerchedahl Petersen
4b4b9bf9da python: add missing summaries 
For append/add:
The new results in the experimental tar slip query
show that we do not recognize the sanitisers.
 2023-06-13 20:22:21 +02:00
Rasmus Lerchedahl Petersen
b72c93ff4f python: remove remaining explicit taint steps 2023-06-13 20:22:20 +02:00
yoff
4056358863 Merge pull request #13438 from RasmusWL/flask-render-string 
Python: Add modeling of `flask.render_template_string`
 2023-06-13 14:56:43 +02:00
Rasmus Wriedt Larsen
6526364045 Python: Add modeling of flask.render_template_string 2023-06-12 21:18:31 +02:00
Jeroen Ketema
8f599faf85 Python: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:29 +02:00
Mathias Vorreiter Pedersen
e650df810d Python: Accept consistency changes. 2023-05-03 20:33:00 +01:00
Rasmus Wriedt Larsen
7b3f710e91 Python: Model aiosqlite 2023-03-22 15:51:47 +01:00
Rasmus Wriedt Larsen
2b4ebf7377 Python: Add support for .executescript 2023-03-22 15:20:06 +01:00
Rasmus Wriedt Larsen
5930499f1d Python: Add test for missing .executescript SQL method 2023-03-22 14:57:08 +01:00
Rasmus Wriedt Larsen
170a93cc4f Python: Model cassandra-driver PyPI package 2023-03-22 10:28:04 +01:00