hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
29,908 Commits 1,671 Branches 157 Tags
z80coder/ATM-feature-optimisation
Commit Graph

277 Commits

Author SHA1 Message Date
Porcupiney Hairs
49df4169cf Python : Add query to detect Server Side Template Injection 2020-07-21 18:01:27 +05:30
Rasmus Wriedt Larsen
67be45f045 Merge branch 'master' into python-fix-django-taint-sinks 2020-07-02 11:55:42 +02:00
Rasmus Wriedt Larsen
1e5eeb8009 Python: Move lxml.etree library stub to reduce clutter 2020-06-25 12:07:41 +02:00
Rasmus Wriedt Larsen
0b36cd44b8 Merge pull request #3522 from porcupineyhairs/pythonXpath 
Python : Add Xpath injection query
 2020-06-25 11:21:45 +02:00
Porcupiney Hairs
a519132407 add support for libxml2 2020-06-22 02:01:07 +05:30
Taus Brock-Nannestad
01fb1e3786 Python: Get rid of deprecated terms in code and .qhelp. 2020-06-19 16:51:09 +02:00
Rasmus Wriedt Larsen
c0043eb9db Python: Don't treat re.escape(...) as a regex 
Fixes https://github.com/github/codeql/issues/3712
 2020-06-15 11:54:14 +02:00
Rasmus Wriedt Larsen
7601bd497e Python: Add tests for re.escape FP 2020-06-15 11:34:42 +02:00
Porcupiney Hairs
8c5a97170d Python : Add Xpath injection query 
This PR adds support for detecting XPATH injection in Python.
I have included the ql files as well as the tests with this.
 2020-05-28 03:15:12 +05:30
Rasmus Wriedt Larsen
e04d1ffcd2 Python: Add test for fabric.api.execute 2020-05-26 10:20:22 +02:00
Rasmus Wriedt Larsen
f602f3e1c7 Python: Use proper import for semmle.python.dataflow.TaintTracking 
It was moved in 637677d515, but imports were not
updated.
 2020-05-25 13:45:49 +02:00
Rasmus Wriedt Larsen
3774310985 Python: Reduce FPs in Django due to bad XSS taint-sinks 
Fixes https://github.com/github/codeql-python-team/issues/38
 2020-05-18 19:14:43 +02:00
Rasmus Wriedt Larsen
72ea4ff0dc Python: Add more tests of django responses 
They clearly shouldn't all be XSS sinks
 2020-05-18 16:56:47 +02:00
Taus Brock-Nannestad
87a9f51c78 Python: Autoformat all .ql files. 2020-03-30 11:59:10 +02:00
semmle-qlci
ac7c74dcee Merge pull request #3111 from RasmusWL/python-fabric-command-injection 
Approved by BekaValentine
 2020-03-25 10:07:33 +00:00
Taus
fe00d1cbf4 Merge pull request #2888 from RasmusWL/python-tarslip-sanitizer 
Python: Improve tarslip sanitizer
 2020-03-24 12:59:20 +01:00
Rasmus Wriedt Larsen
b567205579 Python: Model fabric v1.x command injection sinks 2020-03-23 17:49:56 +01:00
Rasmus Wriedt Larsen
a57eadaeb6 Python: Model fabric/invoke command injection sinks 2020-03-23 17:33:41 +01:00
Rasmus Wriedt Larsen
dcfc9a8796 Python: TarSlip sanitizer: explain tests with not 
It was a bit confusing what was meant before
 2020-03-23 12:00:59 +01:00
Rasmus Wriedt Larsen
2da1503942 Merge branch 'master' into python-support-django2 2020-03-11 11:21:47 +01:00
Rasmus Wriedt Larsen
f10a86d3ac Python: Remove --optimize: true from options files 
Tests will be run with optimizations on by default now.
 2020-02-25 15:52:00 +01:00
Rasmus Wriedt Larsen
1029f04e76 Python: TarSlip sanitizer: handle not 2020-02-20 16:27:54 +01:00
Rasmus Wriedt Larsen
3c317ed0e6 Python: TarSlip sanitizer: only clear taint on false edge 
maybe it was on purpose, will have to investigate FPs when query is good
 2020-02-20 16:11:24 +01:00
Rasmus Wriedt Larsen
2d637e1cf7 Python: Add more tarslip examples 2020-02-20 16:09:10 +01:00
Rasmus Wriedt Larsen
5a0babe88b Python: Add support for Django 2.x and 3.x 
I changed the django mock to support both 1.x and 2.x routing APIs, which is not
really a nice long term solution.
 2020-02-18 11:22:35 +01:00
Rasmus Wriedt Larsen
362e7aebbb Python: Add HttpRedirectSinks test for django 2020-02-17 16:54:06 +01:00
Rasmus Wriedt Larsen
c1d073a54d Python: Add test-cases for py/hardcoded-credentials 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
6b5b28aded Python: Add Value.getABooleanValue and Value.getDefiniteBooleanValue 
Replacing `Value.booleanValue`. We wanted to match `Object.booleanValue` that
only gives a result if it is either `true` or `false`, but also wanted to keep
the flexibility to see if the Value _could_ be `true`/`false`. We don't have a
motivating usecase, so let's see if we ever need it :P

+ fix modernisation regression on py/jinja2/autoescape-false
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
bd1f21fb7a Python: Fix modernisation regression on py/weak-crypto-key 
also fixes test code to use the right argument name
 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
e5abfd0196 Python: Modernise Security/ queries 2020-02-04 11:42:11 +01:00
Rasmus Wriedt Larsen
5bc592514a Python: Consistenly use "a user-provided value" 
ReflectedXss was the only query that used it with the "a"
 2020-02-03 14:35:09 +01:00
Taus
618a35bb7c Merge pull request #2664 from RasmusWL/python-fix-redirect-example 
Python: Remove unused variable in example for py/url-redirection
 2020-01-23 13:42:00 +01:00
Rasmus Wriedt Larsen
12bb05522a Python: Make py/weak-cryptographic-algorithm a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
c5091f1ce7 Python: Make py/hardcoded-credentials a path-problem 
and stop using deprecated hasFlow
 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
96d5703f2c Python: Remove use of deprecated methods 2020-01-22 13:45:14 +01:00
Rasmus Wriedt Larsen
422658bbdb Python: Remove unused variable in example for py/url-redirection 2020-01-21 15:45:05 +01:00
Taus
52d231c219 Merge pull request #2469 from RasmusWL/python-modernise-twisted-library 
Python: modernise twisted library
 2019-12-18 13:55:50 +01:00
Rasmus Wriedt Larsen
4e3c183676 Python: Adapt twisted tests so they pass 2019-12-18 10:42:39 +01:00
Rasmus Wriedt Larsen
e257ba40c4 Python: Make zope web tests pass 2019-12-17 17:42:03 +01:00
Taus
4c700882b6 Merge pull request #2190 from RasmusWL/python-modernise-tornado-library 
Python: modernise tornado library
 2019-11-19 09:36:30 +01:00
Taus
78109db243 Merge pull request #2181 from RasmusWL/python-modernise-pyramid-library 
Python: modernise pyramid library
 2019-11-15 15:05:44 +01:00
Rasmus Wriedt Larsen
54246660c6 Python: Add test-case to password_in_cookie 2019-11-12 10:36:12 +01:00
Rasmus Wriedt Larsen
8476bc7d42 Python: correctly handle flask.make_response 
Fixes https://github.com/Semmle/ql/issues/1572

Adjust mock so it's more aligned with what the flask code actually does. Tests
were passing before, even though we didn't handle the case in real code :\
 2019-11-11 17:24:36 +01:00
Rasmus Wriedt Larsen
9151a7e433 Python: Always enable legacy taint tracking configuration 
If the legacy configuration is only enabled if there are no other
configurations, defining a configuration in an imported library can lead to
unwanted results. For example, code that uses `any(MyTaintKind t).taints(node)`
would *stop* working, if it did not define its own configuration. (this actually
happened to us)

We performed a dist-compare to ensure there is not a performance deg ration by
doing this. Results at https://git.semmle.com/gist/rasmuswl/a1eca07f3a92f5f65ee78d733e5d260e

Tests that were affected by this:

- RockPaperScissors + Simple: new edges because no configuration was defined for
  SqlInjectionTaint or CommandInjectionTaint
- CleartextLogging + CleartextStorage: new edges because no configuration was
  defined before, AND duplicate deges.
- TestNode: new edges because no configuration was defined before

- PathInjection: Duplicate edges
- TarSlip: Duplicate edges
- CommandInjection: Duplicate edges
- ReflectedXss: Duplicate edges
- SqlInjection: Duplicate edges
- CodeInjection: Duplicate edges
- StackTraceExposure: Duplicate edges
- UnsafeDeserialization: Duplicate edges
- UrlRedirect: Duplicate edges
 2019-11-11 11:17:21 +01:00
Rasmus Wriedt Larsen
fc851b46c3 Python: Fix Django class-based views 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
fb864b7262 Python: Consolidate tests for django 
The tests in 3/ was not Python 3 specific anymore
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
471318369b Python: Don't quote %s in django example 
This is vulnerable to SQL injection because of the quotes around %s -- added
some code that highlights this in test.py

Since our examples did this in the safe query, I ended up rewriting them
completely, causing a lot of trouble for myself :D
 2019-10-29 13:58:07 +01:00
Rasmus Wriedt Larsen
bc50e90f5b Python: Use mock for tornado tests 2019-10-24 15:01:40 +02:00
Rasmus Wriedt Larsen
2874c54133 Python: Move pyramid tests from internal repo 
Use minimal mock instead of full library
 2019-10-23 16:28:46 +02:00
AlexTereshenkov
3e6f8fb6be Add bind-socket-all-network-interfaces Python query (#2048) 
Add bind-socket-all-network-interfaces Python query
 2019-10-03 11:23:11 +01:00