hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,517 Commits 1,672 Branches 157 Tags
sauyon/java-spring-stringutils
Commit Graph

226 Commits

Author SHA1 Message Date
yoff
b5d40e4c9a Merge pull request #4944 from RasmusWL/flask-class-based-handlers 
Python: Add modeling of Flask class based (HTTP) request handlers
 2021-01-14 15:17:36 +01:00
Rasmus Wriedt Larsen
4cb2f2ed1e Python: Proper models of flask MethodView classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
e327fdb317 Python: Model flask View classes 2021-01-14 13:42:18 +01:00
Rasmus Wriedt Larsen
0b1cece523 Python: Add tests for class based handlers in Flask 2021-01-14 13:42:17 +01:00
Rasmus Wriedt Larsen
812ea5dde5 Python: Tornado: Model request handlers without known route 2021-01-14 13:37:27 +01:00
Rasmus Wriedt Larsen
1849b9e771 Python: Tornado: Handle basic route setup with tuples 
The reason this becomes valueable right now, is that we can mark routed params
as taint-sources. Longer down the line, we can (hopefully) detect that a routed
param will only accept digits, and mark it safe for some of our taint-tracking
queries.
 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
39d85896a1 Python: Add basic taint modeling of tornado request 2021-01-14 13:37:26 +01:00
Rasmus Wriedt Larsen
4641150d45 Python: Basic taint-modeling of tornado.web.RequestHandler classes 2021-01-14 13:37:25 +01:00
Rasmus Wriedt Larsen
9cd8a862a0 Python: Expand Tornado tests and add annotations 
I should probably have split this up into 2 commits, so sorry that didn't happen :|
 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
b4f3399534 Python: Add reverse inheritance test for Tornado 2021-01-14 13:37:24 +01:00
Rasmus Wriedt Larsen
57d08a8523 Python: Rewrite old Tornado tests 
Now you can run them, and the examples have been adjusted so they actually work!
 2021-01-14 13:37:23 +01:00
Rasmus Wriedt Larsen
7db55906b9 Python: Copy old tornado tests 2021-01-14 13:37:22 +01:00
Rasmus Wriedt Larsen
71a6ef5b00 Python: Model RequestHandler from standard library explicitly 2020-12-21 18:02:31 +01:00
Rasmus Wriedt Larsen
d4d6f0ca0c Python: Model django request handlers without known route 2020-12-21 18:02:22 +01:00
Rasmus Wriedt Larsen
004ff38e22 Python: Add separate RequestHandler concept 
Since I really want to use our existing infrastructure to model that we can
recognize something as a request handler without it having a route, we need this
as a separate concept. All tests have been adjusted.

The early modeling was based on flask, where all request-handling is based on
handling requests from a specific route. But with the standard library handling
and handlers without routes, the naming had to change.
 2020-12-21 17:31:58 +01:00
Rasmus Wriedt Larsen
a9bbe1d087 Python: Test Django un-routed class-based route handler 2020-12-21 16:01:23 +01:00
yoff
a08eb99778 Merge pull request #4779 from RasmusWL/django-class-based-handlers 
Python: Add modeling of django class based view handlers
 2020-12-18 15:58:51 +01:00
Rasmus Wriedt Larsen
272feedb69 Merge branch 'main' into stdlib-http-source-modeling 2020-12-15 11:59:23 +01:00
CodeQL CI
0420ac7aac Merge pull request #4820 from RasmusWL/add-pymysql-modeling 
Approved by yoff
 2020-12-14 03:04:24 -08:00
Rasmus Wriedt Larsen
31d4ea77cb Python: Add modeling of PyMySQL 2020-12-14 10:56:47 +01:00
Rasmus Wriedt Larsen
e7b6400e48 Python: Add tests for PyMySQL 2020-12-14 10:55:01 +01:00
Rasmus Wriedt Larsen
8d8e92eb09 Python: Model execute on a DB connection 2020-12-14 10:33:10 +01:00
Rasmus Wriedt Larsen
36e8ef53eb Python: Model sqlite3 as SQL interface 2020-12-09 11:36:18 +01:00
Rasmus Wriedt Larsen
767a246edc Python: Add sqlite3 test 2020-12-09 11:36:17 +01:00
Rasmus Wriedt Larsen
ba1ca70858 Python: Add source modeling of stdlib HTTPRequestHandlers 2020-12-08 14:04:15 +01:00
Rasmus Wriedt Larsen
34863721f0 Python: Model cgi.FieldStorage 2020-12-08 14:03:13 +01:00
Rasmus Wriedt Larsen
43688715f5 Python: Add test of stdlib HTTP server facilities 
Just a port of the old tests, except for the fact that I learned
`cgi.FieldStorage()` _should_ be tainted when not specifying any arguments. (and
moved taint-test to own function)

Also clarified how imports of all the .*HTTPRequestHandler works in Python2
 2020-12-08 14:01:55 +01:00
Rasmus Wriedt Larsen
c7ab78f8c2 Python: Add modeling of django class based view handlers 
BUT, since MyCustomViewBaseClass.post (django-v2-v3/testapp/views.py) and
Foo.post (django-v2-v3/routing_test.py) aren't handled, this raises important
question about how to do MRO without points-to :S
 2020-12-04 14:03:59 +01:00
Rasmus Wriedt Larsen
4ead118a31 Python: Add class based route handler in django tests 
Disabled CSRF middleware for now, since it blocked my debugging curl POST requests :(
 2020-12-04 13:27:01 +01:00
Rasmus Wriedt Larsen
d88e5bdb3a Python: Model io.open as FileSystemAccess 2020-11-24 18:27:33 +01:00
Rasmus Wriedt Larsen
e39bb56078 Python: Model builtin open function better 2020-11-24 18:27:31 +01:00
Rasmus Wriedt Larsen
5af1fdd06f Python: Expand tests of open 2020-11-24 18:27:30 +01:00
Rasmus Lerchedahl Petersen
0710963fc3 Python: update test expectations 
EssaNode -> ControlFlowNode
 2020-11-10 23:58:55 +01:00
Rasmus Wriedt Larsen
353505ec6c Python: Handle content of Django redirects correctly 2020-11-04 12:10:58 +01:00
Rasmus Wriedt Larsen
92dc7dc2f3 Python: Use mimetype instead of content-type in django modeling 
This enables the XSS query to actually find results from django responses.
 2020-11-04 11:34:20 +01:00
Jonas Jensen
5680b2df13 Merge remote-tracking branch 'upstream/main' into better-syntax-for-false-positives-and-negatives-inline-expectation 
Required fixing up semantic conflicts in tests.

Conflicts:
	python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py
 2020-11-03 09:47:26 +01:00
Taus Brock-Nannestad
5dadb0f476 Python: Fix imports in tests 2020-11-02 23:02:29 +01:00
Taus
25e88ed585 Merge pull request #4588 from yoff/python-pep-249 
Python: Model PEP 249
 2020-11-02 18:57:15 +01:00
Rasmus Lerchedahl Petersen
ea74c7f12b Python: add tests 2020-11-02 17:59:51 +01:00
Rasmus Wriedt Larsen
66f5d0d9d5 Python: Model encoding/decoding with base64 module 2020-11-02 14:44:53 +01:00
Mathias Vorreiter Pedersen
6d0783a3bd Python: Make sure that expected values with tag mimetype is wrapped in quotes if the value contains a space. 2020-10-31 18:13:12 +01:00
Mathias Vorreiter Pedersen
870ed0039b Python: Allow single quote strings and accept test changes. 2020-10-31 18:01:55 +01:00
Mathias Vorreiter Pedersen
0bc4d52d66 Python: Update more tests annotations. It looks like we need to allow single-quote strings to support the existing Python use-cases, but let's do that in the next commit. 2020-10-31 17:40:19 +01:00
Mathias Vorreiter Pedersen
ed9ad8b5e3 Merge branch 'main' into better-syntax-for-false-positives-and-negatives-inline-expectation 2020-10-31 16:52:16 +01:00
Rasmus Lerchedahl Petersen
80360450de Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss 2020-10-30 17:56:36 +01:00
Rasmus Lerchedahl Petersen
ef9999a4a1 Python: fix test annotation 2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen
37ad59a92a Python: subclas of known subclasses 2020-10-30 17:37:54 +01:00
Mathias Vorreiter Pedersen
45b24a9bc8 Python: Update inline-expectation tests 2020-10-30 16:53:33 +01:00
Rasmus Lerchedahl Petersen
e7c9bc388b Python: support some custom subclasses 2020-10-30 14:16:48 +01:00
Rasmus Lerchedahl Petersen
e69349791a Python: django.http.response.HttpRequest.write 2020-10-30 12:51:23 +01:00