hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,671 Branches 157 Tags
remove-javascript
Commit Graph

3955 Commits

Author SHA1 Message Date
yoff
a23d8deb10 Merge pull request #5483 from RasmusWL/minor-fixup-django 
Python: Better text for getSourceType in Django
 2021-04-06 08:30:58 +02:00
thank_you
6ade120983 Add check for mongoengine raw queries 
After initial research on our end, we believe that the only vulnerability within the objects() method is passing a query into the __raw__ keyword argument. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 20:44:16 -04:00
thank_you
759fa2cd01 Update query to search for more pymongo sink methods 2021-04-05 20:42:18 -04:00
thank_you
3f0c758622 Add required __raw__ keyword 
This __raw__ keyword is required for the actual mongoengine vulnerability. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 19:07:13 -04:00
Your Name
80216f6974 Rename classes 2021-04-05 14:41:08 -04:00
Your Name
be9a3a95b1 Add relevant PyMongo sink methods 2021-04-05 14:23:56 -04:00
Your Name
9072d19cda Update qhelp file 2021-04-05 13:56:43 -04:00
jorgectf
15e176a3b8 Polish query select 2021-04-01 13:00:12 +02:00
jorgectf
f980d0694b Fix taint configs 2021-04-01 12:50:25 +02:00
jorgectf
c8740a2031 Update naming 2021-04-01 12:41:11 +02:00
jorgectf
9b430310b4 Improve Sanitizer calls 2021-03-31 23:19:56 +02:00
jorgectf
4328ff3981 Remove attrs feature 2021-03-31 22:26:08 +02:00
jorgectf
3a47a45e47 Attempt to apply TaintTracking2 2021-03-31 18:49:41 +02:00
jorgectf
f0a50eb67a Polish up configs 2021-03-31 17:58:18 +02:00
jorgectf
017a826b30 Remove unused class variables 2021-03-31 17:52:03 +02:00
jorgectf
5a1dc48e48 Fix Mongoengine test 2021-03-31 17:50:31 +02:00
jorgectf
7a4dc46341 Fix Sinks 2021-03-31 17:50:05 +02:00
Rasmus Wriedt Larsen
95ac2c8edd Python: Add another dynamic __all__ test 2021-03-31 17:31:55 +02:00
Rasmus Wriedt Larsen
ab3edf37d7 Python: Handle __all__ assigned to a tuple 
Examples where this is used in real code:

- 76c0b32f82/django/core/files/temp.py (L24)
- 76c0b32f82/django/contrib/gis/gdal/__init__.py (L44-L49)
 2021-03-31 17:25:19 +02:00
Rasmus Wriedt Larsen
43306f4700 Python: Add tests for Module.declaredInAll 2021-03-31 17:24:17 +02:00
jorgectf
01f9d4a1b0 Fix MongoEngine Sink 2021-03-31 15:50:45 +02:00
Rasmus Wriedt Larsen
51c27de049 Merge branch 'main' into revert-import-change 2021-03-30 21:51:53 +02:00
jorgectf
ccd57bea7a Fix imports 2021-03-30 21:17:11 +02:00
jorgectf
4579132f22 Add left tests 2021-03-30 21:14:33 +02:00
jorgectf
d856f160c8 Adapt query configs and custom classes 2021-03-30 21:14:21 +02:00
jorgectf
bd5ff01ebb PyMongo and Mongoengine sinks 2021-03-30 21:13:43 +02:00
jorgectf
aea7546cf9 Add Concepts 2021-03-30 21:13:15 +02:00
jorgectf
517a9202ce PR init 2021-03-30 17:51:17 +02:00
jorgectf
8faafb6961 Update Sink 2021-03-30 16:58:02 +02:00
jorgectf
3cda2e5207 Polish up ldap3 tests 2021-03-29 23:39:49 +02:00
jorgectf
8223539f0c Add a test without attributes 2021-03-29 23:28:28 +02:00
Calum Grant
c26d05b1d5 Merge pull request #5532 from RasmusWL/python-cleanup 
Python: Delete filter queries, code duplication library, and precision tag from metric queries
 2021-03-29 17:16:43 +01:00
Rasmus Wriedt Larsen
96a66fa4ee Python: Apply suggestions from code review 2021-03-29 17:02:56 +02:00
CodeQL CI
3613ceb07f Merge pull request #5535 from tausbn/python-prevent-bad-TCs 
Approved by yoff
 2021-03-29 12:03:08 +01:00
jorgectf
ad36bea9d4 Refactor LDAP3 stuff (untested) 2021-03-29 09:14:35 +02:00
jorgectf
85ec82a389 Refactor in progress 2021-03-28 21:07:08 +02:00
jorgectf
95a1dae315 Precision warn and Remove CWE reference 2021-03-28 18:33:17 +02:00
jorgectf
719b48cbaf Move to experimental folder 2021-03-28 18:33:17 +02:00
jorgectf
799d509f26 Upload LDAP Injection query, qhelp and tests 2021-03-28 18:33:16 +02:00
Rasmus Wriedt Larsen
92e0e195a4 Revert "Merge pull request #5506 from tausbn/python-allow-absolute-imports-from-source-directory" 
This reverts commit 8d15680af4, reversing
changes made to 63831cc62b.

This PR caused performance problems, so reverting now to clear up immediate
problems.
 2021-03-27 18:08:20 +01:00
Rasmus Lerchedahl Petersen
6d72b4fd39 Python: Limit pretty printing to relevant nodes 2021-03-27 03:10:43 +01:00
Rasmus Lerchedahl Petersen
16902c2f56 Python: handle default argument 2021-03-27 02:40:13 +01:00
Rasmus Lerchedahl Petersen
7a511c5682 Python: update naming 2021-03-27 02:20:59 +01:00
Rasmus Lerchedahl Petersen
bd86388447 Python: Add typetracker to constrain attribute. 2021-03-27 01:07:15 +01:00
Rasmus Lerchedahl Petersen
bf81122fc6 Python: fix typo and add linebreaks 2021-03-26 23:37:19 +01:00
Rasmus Lerchedahl Petersen
e0352fe763 Python: remove deprecated section of qhelp file 2021-03-26 23:26:24 +01:00
Rasmus Lerchedahl Petersen
44d62df3f7 Python: Fix model of TLS and add reference 2021-03-26 17:51:18 +01:00
Rasmus Lerchedahl Petersen
470b4d8658 Python: Add missing qldoc 2021-03-26 17:35:36 +01:00
Rasmus Lerchedahl Petersen
98dfe1a00a Python: Elaborate qldoc and renames to match 2021-03-26 17:27:43 +01:00
Taus Brock-Nannestad
f17bbd9982 Python: Fix another bad TC. 
This one is a bit awkward, since the previous version was supposed to
improve indexing. Unfortunately this is vastly outweighed by the slow
convergence of the TC. Right now we pay the cost of inverting the
`hasFlowSource` relation, but this is still cheaper.
 2021-03-26 16:38:13 +01:00