hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,247 Commits 1,671 Branches 157 Tags
revert-update
Commit Graph

2160 Commits

Author SHA1 Message Date
Taus
eed98bd76a Merge pull request #5588 from jorgectf/jorgectf/python/jwt-queries 
Python: Add JWT security-related queries
 2021-11-16 15:40:45 +01:00
jorgectf
3fe2a08376 Update .expected file 2021-11-16 15:03:49 +01:00
Rasmus Wriedt Larsen
39927fa613 Python: Model b32hexencode/b32hexdecode 
New in Python 3.10

See
- https://devdocs.io/python~3.10/library/base64#base64.b32hexencode
- https://devdocs.io/python~3.10/library/base64#base64.b32hexdecode
 2021-11-15 15:23:49 +01:00
Rasmus Wriedt Larsen
7c3b68b7f8 Merge pull request #7091 from RasmusWL/port-request-without-validation 
Python: Port `py/request-without-cert-validation` to use API graphs
 2021-11-15 13:51:57 +01:00
yoff
5beb681580 Merge pull request #7087 from RasmusWL/path-injection-fp 
Python: Add interesting path-injection FP
 2021-11-12 15:20:19 +01:00
yoff
9f614b1d98 Merge pull request #7016 from RasmusWL/django-rest-framework 
Python: Model Django REST framework
 2021-11-12 14:27:56 +01:00
Taus
55ea715ce9 Merge pull request #7033 from RasmusWL/flask-admin 2021-11-12 12:18:56 +01:00
Rasmus Wriedt Larsen
5e4b866f2b Python: Model rest_framework.exceptions.APIException 2021-11-12 11:37:54 +01:00
yoff
d23a920ed4 Merge branch 'main' into python/model-aiomysql 2021-11-10 14:32:36 +01:00
Rasmus Lerchedahl Petersen
57e7bfbdba Python: model aiomysql 2021-11-10 14:29:39 +01:00
Rasmus Lerchedahl Petersen
047cff0749 Python: test aiomysql 2021-11-10 14:24:45 +01:00
Rasmus Wriedt Larsen
de926dc2a1 Merge pull request #7085 from yoff/python/model-aiopg 
Python: model aiopg
 2021-11-10 13:10:30 +01:00
Rasmus Lerchedahl Petersen
c6d285dd2a Python: Fix test 2021-11-10 11:06:45 +01:00
yoff
a856395d56 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-10 10:51:40 +01:00
Rasmus Wriedt Larsen
985cd1ebdb Python: Port py/request-without-cert-validation to use API graphs 2021-11-09 16:37:50 +01:00
Rasmus Wriedt Larsen
59581690fd Python: Add py/request-without-cert-validation tests 2021-11-09 16:29:57 +01:00
Rasmus Wriedt Larsen
f70e4fea55 Python: Add interesting path-injection FP 2021-11-09 14:53:32 +01:00
Rasmus Wriedt Larsen
1e31416049 Merge pull request #7031 from yoff/python/taint-through-with 
Python: Taint through `async with`
 2021-11-09 14:08:07 +01:00
Rasmus Lerchedahl Petersen
ac5a46f24f Python: split test as suggested in review 2021-11-09 13:04:52 +01:00
yoff
5f4aad40c1 Update python/ql/test/experimental/meta/InlineTaintTest.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-11-09 13:00:35 +01:00
Rasmus Lerchedahl Petersen
a58c47b07b Python: model aiopg.sa 2021-11-09 12:49:57 +01:00
Rasmus Lerchedahl Petersen
f53314019a Python: test aiopg.sa 2021-11-09 12:42:03 +01:00
Rasmus Lerchedahl Petersen
cd332a75fc Python: model aiopg 2021-11-09 12:32:21 +01:00
Rasmus Lerchedahl Petersen
cb8f1b4593 Python: Add tests for aiopg 2021-11-09 11:49:31 +01:00
Rasmus Lerchedahl Petersen
3f4c2ba24e Python: Support debugging inline taint tests 
The module `Conf` is created so that it can be imported
without importing the query predicates from the same file.
 2021-11-08 14:08:11 +01:00
Rasmus Lerchedahl Petersen
624b794980 Python: separate taint sources in with 2021-11-04 17:06:36 +01:00
Rasmus Wriedt Larsen
9e2bc41648 Python: Improve hashlib.new modeling 
By using a backwards type-tracker to find possible hashing algorithm
names.
 2021-11-04 15:36:32 +01:00
Rasmus Wriedt Larsen
9e91f3a341 Python: Highlight shortcomings of hashlib.new modeling 2021-11-04 15:29:40 +01:00
Rasmus Lerchedahl Petersen
05aa314ac9 Python: Add tests for non-async constructs 2021-11-03 10:54:36 +01:00
Rasmus Wriedt Larsen
8cd9fdebf9 Python: Model flask_admin 2021-11-02 15:43:13 +01:00
Rasmus Wriedt Larsen
ab88d945e2 Python: Add flask_admin tests 2021-11-02 15:41:57 +01:00
Rasmus Lerchedahl Petersen
768932d7b3 Python: Add tainttracking step that was removed 
when the correpsonding datadlow step was removed.
 2021-11-02 15:01:47 +01:00
Rasmus Lerchedahl Petersen
07d5086b07 Python: support user defined taint source 2021-11-02 15:00:23 +01:00
yoff
97625d7c2c Merge pull request #7023 from RasmusWL/toml 
Python: Add modeling of `toml`
 2021-11-02 14:42:06 +01:00
Rasmus Wriedt Larsen
cb6bcada4c Merge branch 'main' into django-rest-framework 2021-11-02 14:33:16 +01:00
yoff
0240631510 Merge pull request #6782 from RasmusWL/fastapi 
Python: Model FastAPI
 2021-11-02 14:16:12 +01:00
Rasmus Wriedt Larsen
8ee804a8c2 Python: Add toml modeling 2021-11-02 11:57:15 +01:00
Rasmus Wriedt Larsen
14bc297946 Python: Add toml encode/decode test 2021-11-02 11:57:06 +01:00
Rasmus Wriedt Larsen
a7e4e5ef83 Python: Add rest_framework Response modeling 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
62d30630aa Python: Add rest_framework Request taint modeling 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
5d77e62f3a Python: Add basic rest_framework Request modeling 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
57e13c6066 Python: rest_framework.decorators.api_view handling 
Had to expose even more things, and had to make the `DjangoRouteHandler`
modeling more flexible so I could extend the char-pred in a different
file.
 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
222db37c0d Python: Add initial rest_framework modeling 
I had to make the Django and PrivateDjango modeling non-private :O
 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
a64e939d71 Python: Add note about .method 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
75e2555a8a Python: Add rest_framework taint tests 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
095f896f95 Python: Add examples of class/function based views 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
9bbf08ddcf Python: Add simple Django REST framework code 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
9d843153d4 Python: Set up test for Django REST framework 
this is just pure Django project for now, (and very much a copy of the
one in `django-v2-v3`), to make it easier to see the changes needed to
set up Django REST framework.
 2021-11-02 10:55:44 +01:00
Rasmus Wriedt Larsen
b7b9120724 Python: Better handling of Pydantic models 2021-11-02 10:29:17 +01:00
Rasmus Wriedt Larsen
c207580ed9 Python: Add extra FastAPI taint tests 2021-11-02 10:20:09 +01:00