codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	e0e405bb31	Python: replace dataflow-test location in files	2024-04-23 09:40:59 +02:00
Rasmus Wriedt Larsen	39927fa613	Python: Model `b32hexencode`/`b32hexdecode` New in Python 3.10 See - https://devdocs.io/python~3.10/library/base64#base64.b32hexencode - https://devdocs.io/python~3.10/library/base64#base64.b32hexdecode	2021-11-15 15:23:49 +01:00
Rasmus Wriedt Larsen	5e6f042f6e	Python: Model `pickle.Unpickler`	2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen	42980a1ab4	Python: Model `shelve.open`	2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen	a81d359669	Python: Model `marshal.load`	2021-10-07 21:27:51 +02:00
Rasmus Wriedt Larsen	1b61296ea5	Python: Model `pickle.load`	2021-10-07 21:25:48 +02:00
Rasmus Wriedt Larsen	27c368a444	Python: Model keyword arguments to `pickle.loads`	2021-10-07 21:24:12 +02:00
Rasmus Wriedt Larsen	3592b09d56	Python: Expand stdlib decoding tests The part about claiming there is decoding of the input to `shelve.open` is sort of an odd one, since it's not the filename, but the contents of the file that is decoded. However, trying to only handle this problem through path injection is not enough -- if a user is able to upload and access files through `shelve.open` in a path injection safe manner, that still leads to code execution. So right now the best way we have of modeling this is to treat the filename argument as being deserialized...	2021-10-07 21:11:51 +02:00
Rasmus Wriedt Larsen	51a25e45fe	Python: Use shared prettyExpr in ConceptsTest.qll This required quite some changes in the expected output. I think it's much more clear what the selected nodes are now 👍 (but it was a bit boring work to fix this up)	2021-05-19 17:10:33 +02:00
Rasmus Wriedt Larsen	d9079e34e3	Python: Move framework tests out of experimental Since they are not experimental anymore 😄	2021-03-19 15:51:54 +01:00

10 Commits