hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,405 Commits 1,672 Branches 157 Tags
remove-javascript
Commit Graph

4097 Commits

Author SHA1 Message Date
Taus
903f364dab Python: Improve CallCfgNode interface 
Call nodes are always local sources (specifically sources of the return
value of the call), and so inheriting from `LocalSourceNode` will have
no effect on results, but _should_ make it a bit more smooth to use the
API.
 2021-04-07 13:31:12 +00:00
Taus
6c69c1aeeb Python: Minor cleanup 2021-04-07 10:47:21 +00:00
Rasmus Lerchedahl Petersen
a006a92f8d Python: Expand commentary 2021-04-07 08:32:40 +02:00
Rasmus Lerchedahl Petersen
f22db2a30b Python: One family to rule them all... 2021-04-07 08:32:21 +02:00
Rasmus Lerchedahl Petersen
a0e3e3afaf Python: adjust test expectations 2021-04-07 08:22:36 +02:00
Rasmus Lerchedahl Petersen
fb95c488e8 Python: format 2021-04-07 08:20:52 +02:00
Rasmus Lerchedahl Petersen
094d2f3b7d Python: clean up tests 2021-04-06 22:59:58 +02:00
Rasmus Lerchedahl Petersen
a44490b470 Python: remove unused file 2021-04-06 22:56:07 +02:00
Rasmus Lerchedahl Petersen
0626684442 Python: small cleanups enabled by review 2021-04-06 22:55:32 +02:00
yoff
acf8fd0f03 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-04-06 22:45:03 +02:00
Taus
b44db460f6 Python: Only track modules that are imported 2021-04-06 19:55:43 +00:00
thank_you
4e98348411 Remove comment 2021-04-06 13:57:03 -04:00
thank_you
dc274ecf36 Improve sentence structure and grammar 2021-04-06 13:51:59 -04:00
thank_you
520e65e3c3 Remove unnecessary example code 2021-04-06 13:46:51 -04:00
thank_you
ac31260fed Made grammar changes 2021-04-06 13:42:57 -04:00
Taus Brock-Nannestad
8e11abca40 Revert "Merge pull request #5552 from RasmusWL/revert-import-change" 
This reverts commit 49d1937dc4, reversing
changes made to d4877a9038.
 2021-04-06 17:39:41 +02:00
jorgectf
bfd4280d35 Fix imports and begin refactor 2021-04-06 15:51:37 +02:00
jorgectf
2f874c5c0b Precision warn and Remove CWE (broken) reference 2021-04-06 15:47:42 +02:00
jorgectf
809bf2377e Move to experimental folder 2021-04-06 15:47:41 +02:00
jorgectf
8715d29a44 Upload LDAP Improper authentication query, qhelp and tests 2021-04-06 15:47:41 +02:00
jorgectf
1bcb9cd7c0 Simplify query 2021-04-06 15:42:56 +02:00
Rasmus Wriedt Larsen
bc49bc7095 Python: Add variable with underscore to __all__ tests 2021-04-06 11:54:25 +02:00
Rasmus Wriedt Larsen
224d3790b5 Python: Highlight all_indirect.py is not super important 
At least not in my mind
 2021-04-06 11:50:04 +02:00
Rasmus Wriedt Larsen
b11703cc74 Python: all_dybamic2 => all_indirect 2021-04-06 11:49:55 +02:00
Rasmus Lerchedahl Petersen
c777f1d8d7 Merge branch 'main' of github.com:github/codeql into python-api-enhancements 2021-04-06 09:31:26 +02:00
yoff
a23d8deb10 Merge pull request #5483 from RasmusWL/minor-fixup-django 
Python: Better text for getSourceType in Django
 2021-04-06 08:30:58 +02:00
thank_you
6ade120983 Add check for mongoengine raw queries 
After initial research on our end, we believe that the only vulnerability within the objects() method is passing a query into the __raw__ keyword argument. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 20:44:16 -04:00
thank_you
759fa2cd01 Update query to search for more pymongo sink methods 2021-04-05 20:42:18 -04:00
thank_you
3f0c758622 Add required __raw__ keyword 
This __raw__ keyword is required for the actual mongoengine vulnerability. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 19:07:13 -04:00
Your Name
80216f6974 Rename classes 2021-04-05 14:41:08 -04:00
Your Name
be9a3a95b1 Add relevant PyMongo sink methods 2021-04-05 14:23:56 -04:00
Your Name
9072d19cda Update qhelp file 2021-04-05 13:56:43 -04:00
jorgectf
15e176a3b8 Polish query select 2021-04-01 13:00:12 +02:00
jorgectf
f980d0694b Fix taint configs 2021-04-01 12:50:25 +02:00
jorgectf
c8740a2031 Update naming 2021-04-01 12:41:11 +02:00
jorgectf
9b430310b4 Improve Sanitizer calls 2021-03-31 23:19:56 +02:00
jorgectf
4328ff3981 Remove attrs feature 2021-03-31 22:26:08 +02:00
jorgectf
3a47a45e47 Attempt to apply TaintTracking2 2021-03-31 18:49:41 +02:00
jorgectf
f0a50eb67a Polish up configs 2021-03-31 17:58:18 +02:00
jorgectf
017a826b30 Remove unused class variables 2021-03-31 17:52:03 +02:00
jorgectf
5a1dc48e48 Fix Mongoengine test 2021-03-31 17:50:31 +02:00
jorgectf
7a4dc46341 Fix Sinks 2021-03-31 17:50:05 +02:00
Rasmus Wriedt Larsen
95ac2c8edd Python: Add another dynamic __all__ test 2021-03-31 17:31:55 +02:00
Rasmus Wriedt Larsen
ab3edf37d7 Python: Handle __all__ assigned to a tuple 
Examples where this is used in real code:

- 76c0b32f82/django/core/files/temp.py (L24)
- 76c0b32f82/django/contrib/gis/gdal/__init__.py (L44-L49)
 2021-03-31 17:25:19 +02:00
Rasmus Wriedt Larsen
43306f4700 Python: Add tests for Module.declaredInAll 2021-03-31 17:24:17 +02:00
jorgectf
01f9d4a1b0 Fix MongoEngine Sink 2021-03-31 15:50:45 +02:00
Rasmus Wriedt Larsen
51c27de049 Merge branch 'main' into revert-import-change 2021-03-30 21:51:53 +02:00
jorgectf
ccd57bea7a Fix imports 2021-03-30 21:17:11 +02:00
jorgectf
4579132f22 Add left tests 2021-03-30 21:14:33 +02:00
jorgectf
d856f160c8 Adapt query configs and custom classes 2021-03-30 21:14:21 +02:00