1288 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	40feb1fb8d	Python: SPURIOUS results for httpx	2022-03-04 11:03:32 +01:00
yoff	d0a393e8d1	Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-03-04 10:56:53 +01:00
Rasmus Lerchedahl Petersen	143e9ee954	Merge branch 'main' of github.com:github/codeql into python/promote-xpath-injection	2022-03-02 13:14:08 +01:00
Rasmus Lerchedahl Petersen	80be767a7a	python: implement stdlib xpath support	2022-03-02 12:59:34 +01:00
Rasmus Lerchedahl Petersen	06e0f140c5	python: add tests for stdlib xpath	2022-03-02 12:58:37 +01:00
Rasmus Wriedt Larsen	27d5349a74	Python: ORM: Remove imports from test code ... These are no longer needed, as data-flow now has this import by default	2022-03-01 15:39:52 +01:00
Rasmus Lerchedahl Petersen	f55d7d627e	python: model XPathEvaluator	2022-03-01 14:40:13 +01:00
Rasmus Lerchedahl Petersen	3bb17be389	python: add concept and library tests	2022-03-01 14:39:28 +01:00
Rasmus Wriedt Larsen	cd58c12bbe	Merge branch 'main' into orm	2022-03-01 12:01:54 +01:00
Arthur Baars	5ce6b847d1	Merge pull request #8166 from aibaars/regex-char-sequence-1 ... Ruby/Python: regex parser: group sequences of 'normal' characters	2022-02-28 17:47:53 +01:00
Rasmus Wriedt Larsen	8afd560c64	Python: ORM: Handle load of PolymorphicModels	2022-02-28 16:38:41 +01:00
Rasmus Wriedt Larsen	48fba87273	Python: ORM: add flow to base-class	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	6b9dd49499	Python: ORM: Model polymorphic.models.PolymorphicModel as Django ORM class	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	e1191cf63c	Python: ORM: Add tests for inheritance	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	092cfceb18	Python: Add dataflow consistency checks to ORM tests ... Luckily they passed :phew:	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	ed36ff1570	Python: ORM: Handle <Model>.objects.[<QuerySet>].update()	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	fea46b642d	Python: ORM: Handle <Model>.objects.create and friends	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	9b458b54aa	Python: ORM: Add flow to collection/dict queries	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	9cff4cbd1c	Python: ORM: Add a few more tests ... There were a few methods I had overlooked	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	ae057c74cc	Python: ORM: Store step for constructor	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	f8a51bb994	Python: ORM: Add data-flow steps for Django ORM ... Added dummy-whitespace to `orm_security_tests.py` so it would be possible to see what the reflected XSS results are in the diff	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	d3f07cdc10	Python: ORM: Add qltests ... Which shows that there is no flow yet, which is not really a surprise :D	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	c78fed6594	Python: ORM: Add raw python test files ... no ql test files yet though, will come in next commit.	2022-02-28 16:38:40 +01:00
Rasmus Wriedt Larsen	f89fb50eb5	Python: ORM: Add boilerplate django project ... By doing ``` django-admin startproject testproj django-admin startapp testapp ```	2022-02-28 16:38:40 +01:00
haby0	be40b54b9f	add test	2022-02-28 20:34:58 +08:00
Arthur Baars	5044f89105	Ruby/Python re-introduce normalCharacterSequence	2022-02-25 18:43:43 +01:00
Arthur Baars	69ed121ecb	Ruby/Python: regex parser: group sequences of 'normal' characters	2022-02-22 16:15:33 +01:00
Rasmus Wriedt Larsen	d2cd77aefb	Merge branch 'main' into dataflow-improvements	2022-02-21 14:49:40 +01:00
Rasmus Wriedt Larsen	2e788ea86e	Python: Accept deprecation warnings for old tests	2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen	b2ce0fcb72	Python: Add post-update nodes to args of unresolved calls ... Besides solving the problem with `setattr`, it also solved some old problems with json library modeling (yay).	2022-02-04 11:51:53 +01:00
Erik Krogh Kristensen	5e23da813f	rename named-parameters to keyword-parameters	2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen	3801a158a8	remove module exporst nodes from API graphs	2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen	3be3da2eb6	add recursive API-graph test	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	ef5818e243	support import * in ApiGraphs	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	16774ba285	add support for named parameters in API graphs	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	095c73f1fe	redo the ApiGraph testing framework	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	66fd43fc3b	add def edge for function returns	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	d8eea7ba4c	property writes are def nodes	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	a908b219e9	more backtracking of def nodes, and lots of tests	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	038b032a43	get basic module exports to work in API-graphs	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	df9efbe778	get mimimal def nodes to work in python	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	52ca0d168b	move API-graph tests out of the experimental test folder	2022-02-03 23:10:37 +01:00
Rasmus Wriedt Larsen	f962d8e72c	Python: Move test to correct location	2022-01-28 11:33:21 +01:00
Rasmus Wriedt Larsen	4338c06b0d	Python: Support Django FileField.upload_to	2022-01-27 17:20:16 +01:00
Rasmus Wriedt Larsen	301318020f	Merge pull request #7455 from haby0/py/add-shutil-module-path-injection-sinks ... Python: Add shutil module sinks for path injection query	2022-01-24 20:06:36 +01:00
Erik Krogh Kristensen	ddfc3bc00f	use set literals instead of big disjunctions	2022-01-21 11:46:33 +01:00
Rasmus Wriedt Larsen	95e935e9c1	Python: Support SQLAlchemy scoped_session	2022-01-18 14:34:31 +01:00
haby0	759ec31508	Delete shutil_path_injection.py file	2022-01-06 21:38:35 +08:00
haby0	05b0daa0b7	Add the test of shutil module in FileSystemAccess.py	2022-01-06 14:14:42 +08:00
Rasmus Wriedt Larsen	6ce1524192	Python: Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2021-12-16 15:19:37 +01:00