Rasmus Wriedt Larsen
d8a9eacd02
Python: Remove TODO comment for popen2 module
2020-10-07 10:47:28 +02:00
Rasmus Wriedt Larsen
6c4fd7c1ff
Python: Model Python 2 only platform.popen command execution
2020-10-06 20:25:03 +02:00
Rasmus Wriedt Larsen
12e4e07cae
Python: Model Python 2 only module popen2
2020-10-06 20:25:02 +02:00
Rasmus Wriedt Larsen
8c2f55fbd0
Python: Model Python 2 only os.popen2, popen3, popen4 functions
2020-10-06 20:25:01 +02:00
Rasmus Wriedt Larsen
6ec7ab2fd9
Python: Add test of Python 2 specific SystemCommandExecution
2020-10-06 20:25:00 +02:00
Taus Brock-Nannestad
b905a3d5e3
Python: Attribute access API
2020-10-06 16:36:29 +02:00
CodeQL CI
5bc7e19c44
Merge pull request #4414 from yoff/SharedDataflow_Conditionals
...
Approved by RasmusWL
2020-10-06 05:46:24 -07:00
Rasmus Lerchedahl Petersen
f9c5b864bb
Python: Fix test of parenthesized form
2020-10-06 13:12:12 +02:00
Rasmus Wriedt Larsen
b82727d0b8
Python: Consider routed parameter if URL pattern unknown
2020-10-06 11:03:25 +02:00
Rasmus Wriedt Larsen
16bad003a0
Python: Add test for routed params with unknown url pattern
2020-10-06 10:58:46 +02:00
Rasmus Lerchedahl Petersen
0f077f5d7d
Python: Add flow inside IfExprNodes
2020-10-06 10:54:23 +02:00
Rasmus Lerchedahl Petersen
8f13d586b7
Python: More tests of conditonals
...
Also use better formatter
(better because comments are close to what they comment)
2020-10-06 10:49:15 +02:00
Rasmus Wriedt Larsen
fbe115c046
Python: Show TypeTracking doesn't work for module members
2020-10-06 03:12:39 +02:00
Rasmus Wriedt Larsen
f03a8a838b
Python: Make any routed parameter a RemoteFlowSource
...
I'm not 100% sure whether this approach makes everything too magic, but I like
the fact that you can't _forget_ to make routed params remove-flow sources.
2020-10-06 03:03:14 +02:00
Rasmus Wriedt Larsen
b78c665f34
Python: Model RouteSetup for flask
2020-10-06 03:03:13 +02:00
Rasmus Wriedt Larsen
d27e6955b4
Python: Add test setup for HTTP::Server::RouteSetup
2020-10-06 03:03:06 +02:00
Rasmus Wriedt Larsen
d7526c40ba
Python: Copy old flask tests to new dataflow setup
2020-10-06 03:02:30 +02:00
Rasmus Lerchedahl Petersen
ce18bff274
Python: Support method calls
2020-10-03 23:34:39 +02:00
Arthur Baars
78c58c2415
Merge pull request #4384 from tausbn/python-fix-package-locations
...
Python: Fix `hasLocationInfo` for packages
2020-10-02 20:48:43 +02:00
Taus
fce76e2799
Merge pull request #4354 from RasmusWL/python-command-execution-modeling
...
Python: Better command execution modeling
2020-10-02 16:14:34 +02:00
Taus
2e4a61428d
Merge pull request #4346 from RasmusWL/python-add-implicit-init-test
...
Python: add test for implicit __init__.py files
2020-10-02 16:13:25 +02:00
Rasmus Wriedt Larsen
e5b9ac8d9c
Python: Use getCommand as tag in ConceptsTest
2020-10-02 14:12:41 +02:00
Rasmus Wriedt Larsen
de07d9e5d9
Python: Highlight that os.popen is not only problem for extra alerts
2020-10-02 13:34:33 +02:00
Taus Brock-Nannestad
b5d05f99c9
Python: Fix test output
2020-10-02 12:04:43 +02:00
Rasmus Lerchedahl Petersen
bd32faf934
Python: annotate new test
2020-10-02 10:06:54 +02:00
Rasmus Lerchedahl Petersen
2a4d21a989
Python: Test method call
2020-10-02 10:02:29 +02:00
Rasmus Lerchedahl Petersen
0841e92a6b
Python: Test for method call
2020-10-01 16:26:12 +02:00
Rasmus Lerchedahl Petersen
5326125b70
Python: Handle positional construtor arguments
2020-10-01 15:28:26 +02:00
Rasmus Wriedt Larsen
3247b300ae
Python: Fix problem with missing use-use flow
2020-10-01 12:55:11 +02:00
Rasmus Wriedt Larsen
9b3509f0ba
Python: Highlight problem with missing use-use flow
2020-10-01 12:51:44 +02:00
Rasmus Lerchedahl Petersen
2187389da1
Python: Show constructor keyword arg problem
...
Also make tests runnable
2020-10-01 12:48:38 +02:00
Rasmus Lerchedahl Petersen
db23dad6ec
Python: Allow callables to connect to calls freely
2020-10-01 12:33:42 +02:00
Rasmus Lerchedahl Petersen
29a162bc9c
Python: Proper flow **arg -> **param
2020-09-30 23:55:02 +02:00
Rasmus Wriedt Larsen
428c2a3fda
Merge branch 'main' into python-command-execution-modeling
2020-09-30 17:38:59 +02:00
Rasmus Lerchedahl Petersen
b0ed7af897
Python: Approximate **arg -> **param
2020-09-30 15:54:12 +02:00
Rasmus Lerchedahl Petersen
4ae422ce16
Python: Add test for extraneous overflow arguments
2020-09-30 15:28:29 +02:00
Rasmus Wriedt Larsen
4adc26eb62
Python: Fix command injection example code
...
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`
So it doesn't follow the pattern of the rest of the test file.
2020-09-30 13:38:37 +02:00
Rasmus Wriedt Larsen
9c1253c8af
Python: Remove flow out of CommandInjection sinks
2020-09-30 13:29:40 +02:00
Rasmus Lerchedahl Petersen
00966bba0d
Python: update test expectations
2020-09-30 13:11:23 +02:00
Rasmus Wriedt Larsen
a2d12f0440
Python: Update CommandInjection.expected
2020-09-30 13:00:10 +02:00
Rasmus Lerchedahl Petersen
30d048f9d4
Python: Support unpacking of keyword arguments.
2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
e02cfbf6b0
Python: Support keyword overflow arguments
2020-09-30 11:55:27 +02:00
Rasmus Lerchedahl Petersen
27af9bbae8
Python: Support overflow positional arguments
...
Currently ignoring starred arguments
2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
8f2ef94b3e
Python: Hook up keyword arguments
2020-09-30 11:55:26 +02:00
Rasmus Lerchedahl Petersen
f5244aab8c
Python: Add testfiles
2020-09-30 11:54:40 +02:00
Rasmus Wriedt Larsen
1595fed2d6
Python: Add preliminary taint tests for pathlib
2020-09-30 11:44:37 +02:00
Rasmus Wriedt Larsen
0542c3b91e
Python: Model os.path.join and add taint-step
2020-09-30 11:42:36 +02:00
Rasmus Wriedt Larsen
efa2484718
Python: Add taint test for os.path.join
...
Surprisingly the first two just worked, due to our very general handling of any
`join` methods :D
2020-09-30 11:35:21 +02:00
Rasmus Wriedt Larsen
aa6fad558c
Python: Minor cleanup in taint-step tests
2020-09-30 11:15:53 +02:00
Rasmus Wriedt Larsen
6cb2ca63a6
Python: tests to show modeling is very syntactical
2020-09-28 11:23:06 +02:00
