hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,708 Commits 1,672 Branches 157 Tags
henrymercer/js-atm-update-api-graphs-usage
Commit Graph

51 Commits

Author SHA1 Message Date
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
67be45f045 Merge branch 'master' into python-fix-django-taint-sinks 2020-07-02 11:55:42 +02:00
Rasmus Wriedt Larsen
1e5eeb8009 Python: Move lxml.etree library stub to reduce clutter 2020-06-25 12:07:41 +02:00
Rasmus Wriedt Larsen
0b36cd44b8 Merge pull request #3522 from porcupineyhairs/pythonXpath 
Python : Add Xpath injection query
 2020-06-25 11:21:45 +02:00
Porcupiney Hairs
a519132407 add support for libxml2 2020-06-22 02:01:07 +05:30
Porcupiney Hairs
8c5a97170d Python : Add Xpath injection query 
This PR adds support for detecting XPATH injection in Python.
I have included the ql files as well as the tests with this.
 2020-05-28 03:15:12 +05:30
Rasmus Wriedt Larsen
e04d1ffcd2 Python: Add test for fabric.api.execute 2020-05-26 10:20:22 +02:00
Rasmus Wriedt Larsen
3774310985 Python: Reduce FPs in Django due to bad XSS taint-sinks 
Fixes https://github.com/github/codeql-python-team/issues/38
 2020-05-18 19:14:43 +02:00
Rasmus Wriedt Larsen
72ea4ff0dc Python: Add more tests of django responses 
They clearly shouldn't all be XSS sinks
 2020-05-18 16:56:47 +02:00
Rasmus Wriedt Larsen
b567205579 Python: Model fabric v1.x command injection sinks 2020-03-23 17:49:56 +01:00
Rasmus Wriedt Larsen
a57eadaeb6 Python: Model fabric/invoke command injection sinks 2020-03-23 17:33:41 +01:00
Rasmus Wriedt Larsen
5a0babe88b Python: Add support for Django 2.x and 3.x 
I changed the django mock to support both 1.x and 2.x routing APIs, which is not
really a nice long term solution.
 2020-02-18 11:22:35 +01:00
Rasmus Wriedt Larsen
362e7aebbb Python: Add HttpRedirectSinks test for django 2020-02-17 16:54:06 +01:00
Taus
52d231c219 Merge pull request #2469 from RasmusWL/python-modernise-twisted-library 
Python: modernise twisted library
 2019-12-18 13:55:50 +01:00
Rasmus Wriedt Larsen
4e3c183676 Python: Adapt twisted tests so they pass 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
e257ba40c4 Python: Make zope web tests pass 2019-12-17 17:42:03 +01:00
Taus
4c700882b6 Merge pull request #2190 from RasmusWL/python-modernise-tornado-library 
Python: modernise tornado library
 2019-11-19 09:36:30 +01:00
Taus
78109db243 Merge pull request #2181 from RasmusWL/python-modernise-pyramid-library 
Python: modernise pyramid library
 2019-11-15 15:05:44 +01:00
Rasmus Wriedt Larsen
8476bc7d42 Python: correctly handle flask.make_response 
Fixes https://github.com/Semmle/ql/issues/1572

Adjust mock so it's more aligned with what the flask code actually does. Tests
were passing before, even though we didn't handle the case in real code :\
 2019-11-11 17:24:36 +01:00
Rasmus Wriedt Larsen
fc851b46c3 Python: Fix Django class-based views 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
fb864b7262 Python: Consolidate tests for django 
The tests in 3/ was not Python 3 specific anymore
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
bc50e90f5b Python: Use mock for tornado tests 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
2874c54133 Python: Move pyramid tests from internal repo 
Use minimal mock instead of full library
 2019-10-23 16:28:46 +02:00
Rasmus Wriedt Larsen
12c49031e8 Python: Modernise bottle library 2019-09-26 15:03:47 +02:00
Mark Shannon
fab2cb5a32 Python: Add missing function to flask test stub. 2019-08-01 13:11:41 +01:00
Mark Shannon
90bbfd3b16 Python: Add library tests for django. 2019-04-26 16:21:46 +01:00
Taus Brock-Nannestad
52278b25d9 Python: Add query for insecure SSH host key policies in Paramiko. 2019-03-18 16:45:54 +01:00
Mark Shannon
6c82be8bda Python: CherryPy web framework support -- requests. 2019-02-28 15:24:58 +00:00
Taus
b8b4216352 Merge pull request #979 from markshannon/python-falcon 
Python: Add support for falcon web API framework.
 2019-02-28 15:47:35 +01:00
Mark Shannon
f7d7b8eef2 Merge pull request #785 from taus-semmle/python-unsafe-use-of-mktemp 
Python: Add query for unsafe use of `tempfile.mktemp`.
 2019-02-27 15:01:06 +00:00
Mark Shannon
742c1d0fa7 Python: Add test skeleton for falcon web framework. 2019-02-27 09:53:20 +00:00
Taus Brock-Nannestad
8d774cd354 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-02-26 13:23:38 +01:00
Mark Shannon
26c5ebde54 Python: Basic support for TurboGears: requests and responses. 2019-02-26 10:15:36 +00:00
Mark Shannon
aab0a243dc Python: Add redirects to bottle framework support. 2019-02-12 14:26:06 +00:00
Mark Shannon
8d525e5295 Python: Add support for bottle framework routing and requests. 2019-02-12 14:26:06 +00:00
Taus Brock-Nannestad
edd4468d08 Fix tests by stubbing relevant os functions. 2019-01-29 17:27:14 +01:00
Mark Shannon
6d553ae2be Python: Check os.open as well as os.chmod for weak file permissions. 2019-01-28 14:26:16 +00:00
Mark Shannon
a3b5769c2c Python: Weak file permissions query. 2019-01-22 11:33:19 +00:00
Taus Brock-Nannestad
e8c092ad72 Python: Support the dill pickling library. 2019-01-16 14:53:42 +01:00
Taus Brock-Nannestad
0a839f8468 Python: Check for insecure versions of SSL and TLS. 2019-01-07 15:24:15 +01:00
Mark Shannon
1065ad0ce7 Python: Weak crypto query. 2018-11-28 16:57:34 +00:00
Mark Shannon
eefb45c94b Python: jinja2-without-escaping query: Clean up query and account for Template class in tests. 2018-11-28 10:46:44 +00:00
Mark Shannon
1080525d7d Python: Add missing test stub. 2018-11-28 10:45:48 +00:00
Mark Shannon
31ac33e723 Merge pull request #528 from taus-semmle/python-flask-debug 
Python: Implement check for flask debug mode.
 2018-11-27 19:42:26 +00:00
Taus
2b340b4804 Merge pull request #530 from markshannon/python-no-cert-validation 
New query to check for making a request without cert verification.
 2018-11-27 19:01:10 +01:00
Taus Brock-Nannestad
8d341ab467 Fix stub file. 2018-11-27 16:56:09 +01:00
Taus Brock-Nannestad
a4da245809 Python: Implement check for flask debug mode. 2018-11-27 15:14:38 +01:00
Mark Shannon
f0206a2ff4 Python: Tests for new query: requests called with verify=False. 2018-11-23 14:42:45 +00:00
Mark Shannon
b94493aec3 Python: Add extra sinks for command-injection query. 2018-11-23 14:29:02 +00:00
Mark Shannon
f3fedcdf38 Python tests: Move security test stubs to correct location. 2018-11-22 11:05:09 +00:00