hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

319 Commits

Author SHA1 Message Date
Taus Brock-Nannestad
b620b9b7c6 Python: Fixup CWE-022 tests 
This was a bit of a mess, since there was crosstalk between the
TarSlip and PathInjection queries. (Also one of these needs the
`options` file to be in one way, and the other not). To fix this, I
split these out into separate directories.
 2020-11-02 11:46:28 +01:00
Taus Brock-Nannestad
af7626a6b3 Python: Fixup CWE-079 tests 2020-11-02 11:46:02 +01:00
Taus Brock-Nannestad
57b51090ef Python: Fixup CWE-094 tests 2020-11-02 11:45:44 +01:00
Taus Brock-Nannestad
ebb593466d Python: Fixup CWE-089 tests 2020-11-02 11:45:14 +01:00
Taus Brock-Nannestad
7a395bf7c8 Python: Fixup CWE-078 tests. 2020-11-02 11:44:42 +01:00
Taus Brock-Nannestad
52dc905037 Python: Fixup CWE-502 tests. 2020-11-02 11:44:00 +01:00
Rasmus Wriedt Larsen
4adc26eb62 Python: Fix command injection example code 
`subprocess.Popen(["ls", "-la"], shell=True)` correspond to running `sh -c "ls" -la`

So it doesn't follow the pattern of the rest of the test file.
 2020-09-30 13:38:37 +02:00
CodeQL CI
e9a36b2524 Merge pull request #4062 from tausbn/python-fix-unknown-import-star 
Approved by yoff
 2020-08-14 13:17:45 +01:00
Taus Brock-Nannestad
a1a1218f95 Python: Ignore from foo import * when foo is absent. 2020-08-13 10:50:28 +02:00
Taus Brock-Nannestad
dc5c0f8e7a Python: Add test case for missing modules 2020-08-13 10:49:11 +02:00
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
Taus Brock-Nannestad
f07a7bf8cf Python: Autoformat everything using qlformat. 
Will need subsequent PRs fixing up test failures (due to deprecated
methods moving around), but other than that everything should be
straight-forward.
 2020-07-07 15:43:52 +02:00
Rasmus Wriedt Larsen
67be45f045 Merge branch 'master' into python-fix-django-taint-sinks 2020-07-02 11:55:42 +02:00
Rasmus Wriedt Larsen
1e5eeb8009 Python: Move lxml.etree library stub to reduce clutter 2020-06-25 12:07:41 +02:00
Rasmus Wriedt Larsen
b36c23ef63 Merge pull request #3500 from yoff/UnmatchableDollar 
Python: Regexp: Handle repetions {n} (with no ,)
 2020-06-25 11:26:52 +02:00
Rasmus Wriedt Larsen
0b36cd44b8 Merge pull request #3522 from porcupineyhairs/pythonXpath 
Python : Add Xpath injection query
 2020-06-25 11:21:45 +02:00
Rasmus Lerchedahl Petersen
f6c59abcd9 Merge branch 'master' of github.com:github/codeql into UnmatchableDollar 
to make CodeScan happy
 2020-06-24 11:04:07 +02:00
Rasmus Lerchedahl Petersen
6e9c48bba7 Python: test zero iterations 2020-06-24 11:01:27 +02:00
Porcupiney Hairs
a519132407 add support for libxml2 2020-06-22 02:01:07 +05:30
Taus Brock-Nannestad
410f4781b3 Python: Fix one last reference. 
This one got lost in the big renaming somehow.
 2020-06-19 20:15:01 +02:00
Taus Brock-Nannestad
48e3e9c0b4 Python: Do all the renames. 2020-06-19 17:02:47 +02:00
Taus Brock-Nannestad
01fb1e3786 Python: Get rid of deprecated terms in code and .qhelp. 2020-06-19 16:51:09 +02:00
Rasmus Wriedt Larsen
c0043eb9db Python: Don't treat re.escape(...) as a regex 
Fixes https://github.com/github/codeql/issues/3712
 2020-06-15 11:54:14 +02:00
Rasmus Wriedt Larsen
7601bd497e Python: Add tests for re.escape FP 2020-06-15 11:34:42 +02:00
Rasmus Lerchedahl Petersen
b5703cd3f6 Python: link to FP report in test file 2020-06-11 07:14:48 +02:00
Taus
5b0d92d72b Merge pull request #3464 from yoff/UnicodeEscape 
Python: Handle more escapes in regexes
 2020-06-10 15:47:09 +02:00
Porcupiney Hairs
8c5a97170d Python : Add Xpath injection query 
This PR adds support for detecting XPATH injection in Python.
I have included the ql files as well as the tests with this.
 2020-05-28 03:15:12 +05:30
Rasmus Lerchedahl Petersen
6b168de7fc Python: re, handle \Z 2020-05-26 11:42:21 +02:00
Rasmus Wriedt Larsen
e04d1ffcd2 Python: Add test for fabric.api.execute 2020-05-26 10:20:22 +02:00
Rasmus Lerchedahl Petersen
f1efdee194 Python: re test with \Z 2020-05-26 08:07:13 +02:00
semmle-qlci
8146073c74 Merge pull request #3553 from RasmusWL/python-fix-tainttracking-import 
Approved by tausbn
 2020-05-25 14:18:54 +01:00
Rasmus Wriedt Larsen
f602f3e1c7 Python: Use proper import for semmle.python.dataflow.TaintTracking 
It was moved in 637677d515, but imports were not
updated.
 2020-05-25 13:45:49 +02:00
Rasmus Lerchedahl Petersen
3e712be431 Python: Modernise 2020-05-25 09:00:34 +02:00
Rasmus Wriedt Larsen
3774310985 Python: Reduce FPs in Django due to bad XSS taint-sinks 
Fixes https://github.com/github/codeql-python-team/issues/38
 2020-05-18 19:14:43 +02:00
Rasmus Wriedt Larsen
72ea4ff0dc Python: Add more tests of django responses 
They clearly shouldn't all be XSS sinks
 2020-05-18 16:56:47 +02:00
Rasmus Lerchedahl Petersen
b56545b236 Python: Regexp: Handle repetions {n} (with no ,) 2020-05-18 14:44:11 +02:00
Rasmus Lerchedahl Petersen
60d5ba23b3 Python: Move test into appropriate class. 
Also update test expectations with changed line numbers.
 2020-05-15 13:51:51 +02:00
Rasmus Lerchedahl Petersen
1b0687e2f2 Python: update expectations correctly 2020-05-15 13:25:20 +02:00
Rasmus Lerchedahl Petersen
81a5692935 Python: handle \uxxxx and refactor 2020-05-14 21:22:21 +02:00
Rasmus Lerchedahl Petersen
21d1ea5d96 Merge branch 'boolDefault' of github.com:yoff/codeql into boolDefault 2020-05-14 16:06:58 +02:00
Rasmus Lerchedahl Petersen
1817d2af2b Make test for wrong bool type pass 2020-05-14 15:56:57 +02:00
Rasmus Lerchedahl Petersen
7b004c3746 Python: Add test for wrong exception type 2020-05-14 15:42:52 +02:00
yoff
e5eadf9126 Update python/ql/test/query-tests/Functions/general/protocols.py 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-05-14 07:34:53 +02:00
Rasmus Lerchedahl Petersen
de50aabd60 Python: test for unicode names 2020-05-14 07:30:29 +02:00
Rasmus Lerchedahl Petersen
f9f52b0105 Python: test for unicode in raw strings 2020-05-13 18:47:36 +02:00
Rasmus Lerchedahl Petersen
6a35c6b4d4 Test: __bool__ does not raise TypeError by default 2020-05-12 15:28:12 +02:00
Rasmus Wriedt Larsen
5d5d412b78 Python: Add test of safe methods for py/modification-of-default-value 2020-05-05 11:14:37 +02:00
Rasmus Wriedt Larsen
b2b0296120 Merge pull request #3242 from BekaValentine/python-objectapi-to-valueapi-incorrectlyoverridenmethod 
Python: ObjectAPI to ValueAPI: IncorrectlyOverriddenMethod
 2020-04-24 16:28:11 +02:00
Rebecca Valentine
89752f4b55 Merge branch 'master' into python-objectapi-to-valueapi-wrongnumberargumentsincall 2020-04-22 09:52:33 -07:00
Rebecca Valentine
9cd2171fb8 Merge branch 'master' into python-objectapi-to-valueapi-incorrectlyoverridenmethod 2020-04-22 09:40:33 -07:00