hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 02:13:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,252 Commits 1,671 Branches 157 Tags
revert-4653-feature/csharp9-relational-pattern
Commit Graph

2489 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
247fd4f5f3 Python: Make encoding/decoding preserve taint automatically 
With the way we have set things up, there is no way to opt out of this behavior.
 2020-11-02 14:53:30 +01:00
Rasmus Lerchedahl Petersen
36e364d6ef Python: Django use PEP 249 2020-11-02 14:49:34 +01:00
Rasmus Wriedt Larsen
66f5d0d9d5 Python: Model encoding/decoding with base64 module 2020-11-02 14:44:53 +01:00
Rasmus Wriedt Larsen
eff244db71 Python: Add Encoding concept 
I wasn't able to find a good opposite of "parsing", so left that out of the list
of intended purposes.
 2020-11-02 14:19:20 +01:00
Taus Brock-Nannestad
8147ad4e0b Python: Remove irrelevant files 2020-11-02 14:08:59 +01:00
Taus Brock-Nannestad
f84ab2fa99 Python: Remove old data-flow tests 2020-11-02 14:07:04 +01:00
Taus Brock-Nannestad
9d6c07c8df Python: Add copy of old queries 2020-11-02 13:35:20 +01:00
Taus Brock-Nannestad
b620b9b7c6 Python: Fixup CWE-022 tests 
This was a bit of a mess, since there was crosstalk between the
TarSlip and PathInjection queries. (Also one of these needs the
`options` file to be in one way, and the other not). To fix this, I
split these out into separate directories.
 2020-11-02 11:46:28 +01:00
Taus Brock-Nannestad
af7626a6b3 Python: Fixup CWE-079 tests 2020-11-02 11:46:02 +01:00
Taus Brock-Nannestad
57b51090ef Python: Fixup CWE-094 tests 2020-11-02 11:45:44 +01:00
Taus Brock-Nannestad
ebb593466d Python: Fixup CWE-089 tests 2020-11-02 11:45:14 +01:00
Taus Brock-Nannestad
7a395bf7c8 Python: Fixup CWE-078 tests. 2020-11-02 11:44:42 +01:00
Taus Brock-Nannestad
52dc905037 Python: Fixup CWE-502 tests. 2020-11-02 11:44:00 +01:00
Rasmus Lerchedahl Petersen
d35bf8f446 Python: Update comments on PEP 249 module 2020-11-02 11:22:51 +01:00
Rasmus Lerchedahl Petersen
0240670d62 Python: import frameworks 2020-11-01 18:02:36 +01:00
Rasmus Lerchedahl Petersen
babcf7acd9 Python: add two implementations of PEP249 2020-11-01 16:01:05 +01:00
Mathias Vorreiter Pedersen
6d0783a3bd Python: Make sure that expected values with tag mimetype is wrapped in quotes if the value contains a space. 2020-10-31 18:13:12 +01:00
Mathias Vorreiter Pedersen
870ed0039b Python: Allow single quote strings and accept test changes. 2020-10-31 18:01:55 +01:00
Mathias Vorreiter Pedersen
0bc4d52d66 Python: Update more tests annotations. It looks like we need to allow single-quote strings to support the existing Python use-cases, but let's do that in the next commit. 2020-10-31 17:40:19 +01:00
Mathias Vorreiter Pedersen
ed9ad8b5e3 Merge branch 'main' into better-syntax-for-false-positives-and-negatives-inline-expectation 2020-10-31 16:52:16 +01:00
Rasmus Lerchedahl Petersen
ae3227fc33 Python: initial sketch 2020-10-31 00:10:49 +01:00
Rasmus Lerchedahl Petersen
63cbc01c32 Python: Use subclass pattern for Models 2020-10-30 22:29:38 +01:00
Taus Brock-Nannestad
f903e4ffbe Python: Promote experimental queries 
DO NOT MERGE

Also adds performance fix to `python.qll`.
 2020-10-30 19:40:56 +01:00
Rasmus Lerchedahl Petersen
80360450de Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss 2020-10-30 17:56:36 +01:00
Rasmus Lerchedahl Petersen
ef9999a4a1 Python: fix test annotation 2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen
37ad59a92a Python: subclas of known subclasses 2020-10-30 17:37:54 +01:00
yoff
a3cc9b6982 Update python/ql/src/experimental/semmle/python/frameworks/Flask.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-10-30 17:29:35 +01:00
Mathias Vorreiter Pedersen
45b24a9bc8 Python: Update inline-expectation tests 2020-10-30 16:53:33 +01:00
Mathias Vorreiter Pedersen
6ac740a490 Python: Sync identical file 2020-10-30 16:53:17 +01:00
Rasmus Lerchedahl Petersen
e7c9bc388b Python: support some custom subclasses 2020-10-30 14:16:48 +01:00
Rasmus Lerchedahl Petersen
e69349791a Python: django.http.response.HttpRequest.write 2020-10-30 12:51:23 +01:00
Rasmus Lerchedahl Petersen
ffe10d1b7c Python: test HttpResponse.write 2020-10-30 12:16:12 +01:00
Rasmus Lerchedahl Petersen
fa3a7e6686 Python: Known subclasses of HttpResponse 2020-10-30 11:53:24 +01:00
Rasmus Lerchedahl Petersen
c962377ef4 Python: test for subclasses 2020-10-30 10:37:40 +01:00
Rasmus Lerchedahl Petersen
08af839757 Python: django.http.response.HttpResponseRedirect 2020-10-30 01:29:49 +01:00
Rasmus Lerchedahl Petersen
52be896666 Python: django.http.response.JsonResponse 
It s possible this class is not relevant to XSS
 2020-10-30 01:05:36 +01:00
Rasmus Lerchedahl Petersen
0f9b8595d1 Python: rename functions by vulnerability 2020-10-30 00:51:09 +01:00
Rasmus Lerchedahl Petersen
97153b56ad Python: add false negatives to test 2020-10-30 00:48:19 +01:00
Rasmus Lerchedahl Petersen
2ca86f5ea7 Python: django.http.response.HttpResponse 2020-10-30 00:22:53 +01:00
Mathias Vorreiter Pedersen
acf6ffb990 Python: Sync identical file 2020-10-29 19:07:10 +01:00
Rasmus Lerchedahl Petersen
96e79a2702 Python: restrict to python files 2020-10-29 15:00:47 +01:00
Rasmus Lerchedahl Petersen
6658ee9dc8 Merge branch 'python-port-reflected-xss' of https://github.com/RasmusWL/codeql into RasmusWL-python-port-reflected-xss 2020-10-29 12:46:44 +01:00
Rasmus Lerchedahl Petersen
cf97a56844 Merge remote-tracking branch 'upstream/main' into python-port-path-injection 2020-10-28 14:43:33 +01:00
yoff
c8bb0509e5 Merge pull request #4563 from tausbn/python-remove-refersto-from-regex-libs 
Python: Remove `refersTo` from `regex.qll`
 2020-10-28 13:37:14 +01:00
Taus Brock-Nannestad
1503c5ea16 Python: Remove refersTo from regex.qll 
This was causing the old `Object` API stuff to be evaluated when using
our new library models (specifically the Django model).
 2020-10-28 12:41:17 +01:00
Rasmus Lerchedahl Petersen
9fd1bf60fa Merge branch 'main' of github.com:github/codeql into python-port-path-injection 2020-10-28 10:24:23 +01:00
Rasmus Lerchedahl Petersen
164acf4055 Python: test that aliasing is not a problem 2020-10-27 11:25:58 +01:00
Rasmus Lerchedahl Petersen
2baed20067 Python: Test false negative from review 2020-10-27 08:30:16 +01:00
Rasmus Lerchedahl Petersen
b6313dddb9 Python: Add concept tests 2020-10-27 08:26:00 +01:00
Rasmus Lerchedahl Petersen
8350d64763 Python: Add concept test definitions 2020-10-27 08:00:53 +01:00