hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,671 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

564 Commits

Author SHA1 Message Date
erik-krogh
d4bc6e434a add test with false positive 2023-08-31 13:40:47 +02:00
Rasmus Wriedt Larsen
62c2316124 Merge pull request #14084 from RasmusWL/flask-jsonify 
Python: Remove XSS FP from use of `flask.jsonify`
 2023-08-30 13:07:54 +02:00
yoff
ae4c76c788 Merge pull request #13975 from yoff/python/parsemodechars-not-chars 2023-08-29 14:05:57 +02:00
Rasmus Wriedt Larsen
26319bfc04 Python: Fix Flask jsonify XSS regression 
The reason the result was found before, is that `jsonify(data)` was
modeled as TWO separate subclasses of `Http::Server::HttpResponse`, one
because of the implicit construction in return
(FlaskRouteHandlerReturn), and one from the `jsonify` call
(FlaskJsonifyCall). Due to the QL evaluation, we got a combination from
the two, meaning mime-type from FlaskRouteHandlerReturn and body from
FlaskJsonifyCall...
 2023-08-29 11:11:32 +02:00
Rasmus Wriedt Larsen
b36fd9fdab Python: Add jsonify XSS regression example 2023-08-29 10:38:49 +02:00
Rasmus Wriedt Larsen
5ba8e102eb Python: Adopt tests to new DataflowQueryTest 
Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
657b1997cc Python: Move FullServerSideRequestForgery and PartialServerSideRequestForgery to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dd074173d2 Python: Move WeakSensitiveDataHashing to new dataflow API 
I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊
 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
cca78f31ff Python: Move PamAuthorization to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
dcd96083e8 Python: Move StackTraceExposure to new dataflow API 2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen
e97032909a Python: Move PathInjection to new dataflow API 2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen
889cb7a95b Python: Adopt tests to new DataflowQueryTest 
Co-authored-by: Rasmus Lerchedahl Petersen <yoff@github.com>
 2023-08-28 11:44:01 +02:00
Rasmus Lerchedahl Petersen
d3c24ba110 PythonÆ fix test expectations 2023-08-24 21:21:49 +02:00
Rasmus Lerchedahl Petersen
88fc96e8d7 Python: Add test with prefix 2023-08-24 21:21:49 +02:00
Rasmus Lerchedahl Petersen
7ad1a21c2d Python: make mode characters not be characters 
They are simply considered part of the group start.
 2023-08-24 21:21:49 +02:00
yoff
a834703195 Merge pull request #13779 from geoffw0/pythonparsemode 
Python: Understand multiple parse mode flags specified in a regular expression string
 2023-08-24 21:20:45 +02:00
yoff
00c0ebe9e4 Merge pull request #13738 from RasmusWL/path-steps 
Python: Include all assignments in data flow paths
 2023-08-22 11:58:11 +02:00
Rasmus Wriedt Larsen
ca93f4d223 Python: Accept .expected changes 2023-08-11 10:36:05 +02:00
erik-krogh
92db7b047c escape unicode chars in the output for the ReDoS queries 2023-08-08 00:15:54 +02:00
jorgectf
8f8c064632 Modify test 2023-07-24 17:50:22 +02:00
jorgectf
55648ac4de Add shlex.quote as sanitizer 2023-07-20 15:34:54 +02:00
Geoffrey White
bb16731b86 Python: Fix for multiple parse mode flags. 2023-07-20 11:16:14 +01:00
Geoffrey White
dbde99df91 Python: Add test cases. 2023-07-20 11:06:00 +01:00
Maiky
a1782182dd Python: Add unsafe deserialization sinks (CWE-502) 2023-07-20 03:26:22 +02:00
Geoffrey White
cb6276e5e2 Python: Test layout. 2023-07-19 18:44:15 +01:00
jorgectf
c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
 2023-07-05 20:23:20 +02:00
Jeroen Ketema
277dbdf410 Merge pull request #13498 from jketema/inline-4 
Rework more inline expectation tests to use the parameterized module
 2023-06-22 10:01:07 +02:00
Jeroen Ketema
dba4460526 Python: Update more inline expectation tests to use the paramterized module 2023-06-20 10:16:15 +02:00
erik-krogh
3a436d1f84 do a quick-and-dirty conversion of py/hardcoded-credentials to the new dataflow library 2023-06-14 08:31:56 +02:00
yoff
1d65284011 Merge pull request #13209 from yoff/python/container-summaries-2 
python: Container summaries, part 2
 2023-06-13 18:17:09 +02:00
Jeroen Ketema
8f599faf85 Python: Rewrite inline expectation tests to use parameterized module 2023-06-09 10:42:29 +02:00
Rasmus Lerchedahl Petersen
9cb83fcdc9 python: add summaries for 
copy, pop, get, getitem, setdefault

Also add read steps to taint tracking.

Reading from a tainted collection can be done in two situations:
1. There is an acces path
    In this case a read step (possibly from a flow summary)
    gives rise to a taint step.
2. There is no access path
    In this case an explicit taint step (possibly via a flow
    summary) should exist.
 2023-05-26 14:04:15 +02:00
Rasmus Lerchedahl Petersen
8d4f9447b1 python: remove explicit steps 
copy, pop, get, popitem
 2023-05-26 13:22:54 +02:00
Rasmus Wriedt Larsen
62f0c64a03 Merge pull request #12552 from erik-krogh/py-type-trackers 
Py: refactor regex tracking to type-trackers
 2023-05-11 16:18:34 +02:00
erik-krogh
f0254fc089 introduce RegExpInterpretation instead of RegexString, and move RegexTreeView.qll into a regexp folder 2023-05-01 10:42:13 +02:00
Rasmus Wriedt Larsen
d73289ac4e Python: Accept .expected changes 2023-04-27 11:54:39 +02:00
Rasmus Wriedt Larsen
a168af349e Python: Expand modeling of paramiko 2023-04-18 11:57:20 +02:00
Rasmus Wriedt Larsen
a5a0861be0 Python: Expand test of py/paramiko-missing-host-key-validation 2023-04-18 11:56:07 +02:00
Erik Krogh Kristensen
d3c3f2dc90 Merge pull request #12628 from erik-krogh/betterReDoS 
ReDoS: better super-linear algorithm
 2023-03-27 15:26:49 +02:00
yoff
2121ed784f Merge branch 'main' into python/rewrite-InsecureContextConfiguration 2023-03-27 10:20:53 +02:00
erik-krogh
e189b36e3f materialize less strings when ranking states 2023-03-23 10:35:58 +01:00
erik-krogh
b071d3557e JS/PY/RB: add a worst-case test, that now performs OK 2023-03-22 10:13:18 +01:00
Rasmus Wriedt Larsen
b2f34ef4b1 Merge branch 'main' into import-refined 2023-03-21 15:12:11 +01:00
Rasmus Wriedt Larsen
2ee09cc5d1 Merge branch 'main' into import-refined 2023-03-20 15:42:01 +01:00
erik-krogh
b208988675 Py: add test for problematic regex 2023-03-16 12:21:00 +01:00
erik-krogh
d001cc40d3 Merge branch 'main' into py-shell 2023-03-13 14:56:04 +01:00
Rasmus Lerchedahl Petersen
072df5dbc0 python: remove protocol family 
this concept was due to my confusion between
TLS and SSL23, but they are aliases.

We might want to bring back the concept if we model DTLS.

Also, model what exactly creations allow,
bring this back from the unrestrictions they used to be.

We accept the changes regarding sources being reported differently.
 2023-03-07 14:41:13 +01:00
Rasmus Lerchedahl Petersen
f8b5a820f4 python: revert change in expected behaviour 2023-03-06 14:31:17 +01:00
Anders Schack-Mulligen
5c7f2ac7f7 Merge pull request #12186 from aschackmull/dataflow/refactor-configuration 
Data flow: Refactor configuration
 2023-03-06 13:38:59 +01:00
Anders Schack-Mulligen
34cc93846b Python: Adjust InsecureProtocol query. 2023-03-01 13:36:10 +01:00