hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,738 Commits 1,672 Branches 157 Tags
tausbn/python-add-models-for-zstd-compression
Commit Graph

4065 Commits

Author SHA1 Message Date
Ahmed Farid
3b8c7e8944 Update ZipSlip.expected 2022-03-07 10:11:34 +01:00
Ahmed Farid
8402d661df Update zipslip_bad.py 2022-03-07 10:11:00 +01:00
haby0
7e6666bc63 Merge branch 'main' into py/add-ssrf-sinks 2022-03-07 12:09:14 +08:00
Ahmed Farid
35a1c80ceb Update zipslip_bad.py 2022-03-07 00:24:45 +01:00
Ahmed Farid
6233309028 Update ZipSlip.expected 2022-03-07 00:23:48 +01:00
Ahmed Farid
e8449d8f40 Update zipslip_bad.py 2022-03-07 00:23:03 +01:00
Ahmed Farid
b7d4715c4e Create ZipSlip.expected 2022-03-07 00:06:24 +01:00
Ahmed Farid
908db6a05f Update zipslip_bad.py 2022-03-07 00:01:09 +01:00
Ahmed Farid
7f2d242702 Update zipslip_good.py 2022-03-06 23:59:11 +01:00
Rasmus Wriedt Larsen
f620e2599d Merge branch 'main' into py/add-ssrf-sinks 2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen
02a97b08bb Python: Move urllib and urllib2 to be part of stdlib modeling 2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen
c65839bb77 Python: improve urllib3 modeling 2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen
7d6d8be179 Python: Fix httpx modeling 2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen
40feb1fb8d Python: SPURIOUS results for httpx 2022-03-04 11:03:32 +01:00
yoff
d0a393e8d1 Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-03-04 10:56:53 +01:00
Rasmus Wriedt Larsen
1a9620a87a Python: Add conditional assignment check for sax parser 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
f0131afc54 Python: Fix huge_tree modeling 2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
d6cbfec434 Python: huge_tree tests were wrong 
Nice spotted @jorgectf!
 2022-03-04 10:16:28 +01:00
Ahmed Farid
be7c619ca8 Update zipslip_bad.py 2022-03-04 00:48:45 +01:00
Rasmus Wriedt Larsen
3f6c55e8ae Python: Rename vulnerable predicate => vulnerableTo 2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen
c0a6f9f3fd Python: Restructure lxml modeling 
and handle parser being passed as positional argument
 2022-03-03 22:00:55 +01:00
Rasmus Wriedt Larsen
c0a2c25f5a Python: Restructure modeling of xml.etree parsers 2022-03-03 21:59:34 +01:00
Rasmus Wriedt Larsen
46238d5ea0 Python: Add test for XMLPullParser 
But handling this in a nice way will require some restructuring
 2022-03-03 21:28:46 +01:00
Rasmus Wriedt Larsen
33ebcdf437 Python: Support feed method of lxml/xml.etree Parsers 2022-03-03 21:26:24 +01:00
Rasmus Wriedt Larsen
f72f673e7e Python: Update XmlEntityInjection.expected 
I had forgotten about this, but better late than never... also added a
small representative test
 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
3278793972 Python: Handle more functions and kw-args 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
2451123c67 Python: Move XML PoC to new test dir 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
c739ae40b6 Python: Port xmltodict tests 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
0b12d91817 Python: Port xml.sax tests 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
5fb4c4d152 Python: Port xml.etree tests 2022-03-03 20:51:02 +01:00
Rasmus Wriedt Larsen
a7134cac2e Python: Port xml.dom tests 2022-03-03 20:39:56 +01:00
Rasmus Wriedt Larsen
faebaee141 Python: Use concept tests for XML Parsing 
I was loosing my mind from looking through those .expected files

Just going to take it one file at time, to make reviewing easier
 2022-03-03 20:36:51 +01:00
Rasmus Wriedt Larsen
4b03f5c724 Python: Rename xml.sax test for consistency 2022-03-03 19:39:32 +01:00
Rasmus Wriedt Larsen
7cda901da2 Python: Add separate query for SimpleXMLRPCServer 
This was a rough quick-n-dirty query, and should get some qhelp as well at some point.
 2022-03-03 19:35:33 +01:00
Rasmus Wriedt Larsen
9406a972cd Python: Fix vuln detection for xml.minidom with parser arg 2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1 Python: Annotate xml.dom tests 2022-03-03 17:37:25 +01:00
Rasmus Wriedt Larsen
c4d08db62a Python: Expand XML PoC with minidom/pulldom/expat 2022-03-03 17:30:16 +01:00
Rasmus Wriedt Larsen
3affa6cf3a Python: Annotate xmltodict tests 2022-03-03 15:08:56 +01:00
Rasmus Wriedt Larsen
61291936bf Python: Properly model xml.etree 2022-03-03 15:06:55 +01:00
Rasmus Wriedt Larsen
703e3e8a0f Python: Handle DTD retrieval vuln in lxml 2022-03-03 14:46:48 +01:00
Rasmus Wriedt Larsen
e295399f70 Python: Properly handle huge_tree in lxml 2022-03-03 14:43:37 +01:00
Rasmus Wriedt Larsen
124c03c15c Python: Expand lxml tests 
And add annotations, see PoC.py for reference

Some of these needs fixing though
 2022-03-03 14:40:45 +01:00
Rasmus Wriedt Larsen
52891cb476 Python: Add PoC for XML vulns 2022-03-03 13:48:46 +01:00
Rasmus Wriedt Larsen
661d8bf553 Python: Better handling of resolve_entities arg in lxml 2022-03-03 10:05:57 +01:00
Rasmus Wriedt Larsen
515b824b3c Python: Add lxml positive test 2022-03-03 09:42:19 +01:00
jorgectf
3159d8e211 Correlate SendGridMail declaration with its predicates 2022-03-03 04:33:10 +01:00
Ahmed Farid
c45b67c316 Create zipslip_good.py 2022-03-02 18:10:24 +01:00
Ahmed Farid
aef1df122b Create zipslip_bad.py 2022-03-02 18:09:45 +01:00
Ahmed Farid
c8f73ec845 Create ZipSlip.qlref 2022-03-02 18:08:32 +01:00
Rasmus Wriedt Larsen
7f7758b83d Python: rewrite xml sax modeling 2022-03-02 15:22:11 +01:00