hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

784 Commits

Author SHA1 Message Date
thank_you
9a44020af3 Rename StdLib.qll file to NoSQL.qll file 
It makes more sense to have this file represent just the NoSQL module
 2021-05-07 15:13:30 -04:00
thank_you
8f8eff231a Fix comment description of predicate 2021-05-07 15:08:48 -04:00
Jorge
ae806cd445 Merge branch 'github:main' into jorgectf/python/ldapimproperauth 2021-05-07 20:46:09 +02:00
thank_you
1d36aa6649 Add additional querying for mongoengine Document subclassing 
After further research, it was discovered that Flask-Mongoengine has multiple ways of allowing a developer to call the Document class. One way is by directly importing the Document class from the module. Another approach is to get the Document class via a mongoengine instance.

The update to this query checks for cases where the developer gets the Document class via the MongoEngine instance.

Other misc changes include setting the various predicates to private.
 2021-05-07 14:30:50 -04:00
thank_you
c4a67e522c Rewrite query to take into account MongoClient and subscript expressions 
A couple of notes with these changes:

- Added TypeTracker pattern to handle subscript expressions. We've found that pymongo supports subscripts expressions when calling databases and collections. To resolve this, we implemented the TypeTracker pattern to catch those subscripts since CodeQL Python API modeling doesn't support subscript expressions.

- After some research, we've discovered that MongoEngine and Flask-MongoEngine utilize MongoClient under-the-hood. This requires us to rewrite the query so that instead of querying these libraries with specific queries, we are instead going to query for usages of MongoClient since all of the libraries we are targeting utilizes MongoClient under-the-hood.
 2021-05-04 19:29:31 -04:00
thank_you
56dc4d886e Add comment on BsonObjectIdCall 2021-05-04 19:11:59 -04:00
Jorge
bd4b189373 Polish documentation consistency 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-29 16:26:28 +02:00
Arthur Baars
6693c5bdd0 Merge pull request #5395 from tausbn/python-share-typetracker 
Python: Make the type tracking implementation shareable
 2021-04-29 12:06:12 +02:00
jorgectf
213d011a8c Edit code example in CompiledRegex 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-29 11:10:03 +02:00
thank_you
d85b1a2d5f Replace recursive getAMember*() method 2021-04-28 16:54:49 -04:00
jorgectf
21e01b809f Add code example in CompiledRegex 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-27 19:54:42 +02:00
jorgectf
8a800986a2 Remove unused class variables 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-27 19:54:42 +02:00
jorgectf
20b532ec5e Update to-cast sink's naming 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-27 19:54:41 +02:00
Jorge
c0c71c509c Apply suggestions from code review 
Update `RegexExecution` docs and use `flowsTo()` instead of `getALocalSource()`.

Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:41 +02:00
jorgectf
c4322848ec Polish qhelp 2021-04-27 19:54:40 +02:00
jorgectf
3fae3fd93e Take ApiGraphs out of Concepts.qll 2021-04-27 19:54:39 +02:00
jorgectf
6a20a4dcc3 Add newline to qhelp 2021-04-27 19:54:38 +02:00
jorgectf
d968eea914 Move expected to /test 2021-04-27 19:54:38 +02:00
jorgectf
81d23c066c Move tests and qlref from /src to /test 2021-04-27 19:54:37 +02:00
jorgectf
d401d18e71 Add .expected and qlref 2021-04-27 19:54:36 +02:00
jorgectf
ec85ee4537 Sink's predicate typo 2021-04-27 19:54:36 +02:00
jorgectf
03825a6052 Add comment to Sink's predicates 2021-04-27 19:54:36 +02:00
jorgectf
fc27c6c547 Fix RegexExecution ambiguity 2021-04-27 19:54:35 +02:00
jorgectf
3655514924 Fix ambiguity 2021-04-27 19:54:35 +02:00
jorgectf
b6721971dd Improve code comments 2021-04-27 19:54:35 +02:00
jorgectf
d4a89b2fd8 Fix qhelp typo while converting to python's regex injection 2021-04-27 19:54:34 +02:00
jorgectf
d49c23fe67 Improve tests' readability 2021-04-27 19:54:34 +02:00
jorgectf
0e169ba10e Format qhelp 2021-04-27 19:54:33 +02:00
jorgectf
c54f08f33a Improve qhelp 2021-04-27 19:54:33 +02:00
jorgectf
66ee67a781 Polished select statement 2021-04-27 19:54:32 +02:00
jorgectf
f75110365f Fix Sink utilization in select 2021-04-27 19:54:32 +02:00
jorgectf
a5850f4a99 Use getRegexModule to know used lib 2021-04-27 19:54:31 +02:00
jorgectf
e78e2ac266 Get rid of (get)regexMethod 2021-04-27 19:54:30 +02:00
jorgectf
18ce257fc8 Move RegexInjectionSink to query config (qll) 2021-04-27 19:54:29 +02:00
jorgectf
53d61c4fb6 Use custom Sink 2021-04-27 19:54:29 +02:00
jorgectf
36cc7b5e3f Fix CompiledRegex 2021-04-27 19:54:28 +02:00
jorgectf
35f1c45d32 Change from Attribute to DataFlow::CallCfgNode in getRegexMethod() 2021-04-27 19:54:28 +02:00
jorgectf
c127b109d0 Create re.compile().ReMethod test 2021-04-27 19:54:27 +02:00
jorgectf
be09ffec3f Create RegexEscape Range 2021-04-27 19:54:27 +02:00
jorgectf
805f86a5cf Polish RegexEscape 2021-04-27 19:54:26 +02:00
jorgectf
3d990c5950 Get back to ApiGraphs 2021-04-27 19:54:26 +02:00
jorgectf
30554a16da Format 2021-04-27 19:54:24 +02:00
jorgectf
ee1d2b645b Delete DirectRegex and CompiledRegex 2021-04-27 19:54:24 +02:00
jorgectf
ce23db2e9c Move Sanitizer to ReEscapeCall 2021-04-27 19:54:23 +02:00
jorgectf
b5ea41fcca Fix CompiledRegex 2021-04-27 19:54:22 +02:00
jorgectf
28fdeba4fa Structure development 2021-04-27 19:54:20 +02:00
jorgectf
f45307f990 Apply rebase 2021-04-27 19:54:12 +02:00
jorgectf
5dae920783 Edit filenames to match consistent naming 2021-04-27 19:54:11 +02:00
jorgectf
63f708dd57 Apply suggestions 2021-04-27 19:54:10 +02:00
Jorge
6cc714464c Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:09 +02:00