hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 06:42:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,491 Commits 1,684 Branches 159 Tags
09360bce20ae3dba4ef8ae9600236b100d4dac95
Commit Graph

230 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
2421076d2f Merge pull request #8696 from RasmusWL/new-nosql-examples 
Python: Improve experimental modeling for `pymongo`
 2022-05-10 11:03:05 +02:00
Rasmus Wriedt Larsen
3c1a37e7e1 Merge branch 'main' into new-nosql-examples 2022-05-02 11:21:36 +02:00
Rasmus Wriedt Larsen
bb6969a175 Merge branch 'main' into promote-xxe 2022-04-20 13:42:02 +02:00
Taus
3d14c5f3c3 Python: Update tests 
We need to import `tty` in order to be able to detect the standard library correctly.
 2022-04-08 23:20:47 +02:00
Rasmus Wriedt Larsen
517444b5ff Python: Fix SimpleXmlRpcServer.expected 2022-04-07 16:42:40 +02:00
Rasmus Wriedt Larsen
ec66f26ade Python: Handle get_collection on pymongo DB 2022-04-07 16:32:20 +02:00
Rasmus Wriedt Larsen
89eeaf85d5 Python: Handle get_database on MongoClient instance 2022-04-07 16:31:17 +02:00
Rasmus Wriedt Larsen
81fdc1bd78 Python: Add more pymongo NoSQL tests 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
30fff1cf8b Python: Merge pymongo NoSQL tests 2022-04-07 16:04:25 +02:00
Ahmed Farid
29f69bde75 Update zipslip_bad.py 2022-04-05 12:46:51 +00:00
Rasmus Wriedt Larsen
4abab22066 Python: Promote XXE and XML-bomb queries 
Need to write a change-note as well, but will do that tomorrow
 2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen
c365337867 Python: Delete XmlEntityInjection.ql 
Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be
used to write the new qhelp files
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
91795b8577 Python: Add simple test of Xxe/XmlBomb 
Note that most of the testing happens in the framework specific tests,
with an inline-expectation test
 2022-03-31 09:52:54 +02:00
Ahmed Farid
53f756b078 Update ZipSlip.expected 2022-03-28 08:54:44 +00:00
Ahmed Farid
a50f051cdd Update zipslip_bad.py 2022-03-28 01:38:58 +00:00
Ahmed Farid
f364e41dbe Update ZipSlip.expected 2022-03-28 01:02:38 +00:00
Ahmed Farid
a8c14ed6c3 Update zipslip_bad.py 2022-03-28 01:00:38 +00:00
Ahmed Farid
8dea7248ea Update zipslip_bad.py 2022-03-24 00:34:52 +01:00
Ahmed Farid
a05318f10c Update zipslip_good.py 2022-03-24 00:32:11 +01:00
Ahmed Farid
1836723ecb Merge branch 'main' into ZipSlip 2022-03-23 19:27:12 -04:00
Mathias Vorreiter Pedersen
abe30457ee Python: Accept test changes. 2022-03-17 14:03:58 +01:00
Taus
4ee4bba4d1 Merge branch 'main' into ZipSlip 2022-03-10 13:30:51 +01:00
Ahmed Farid
23bd53a325 Update zipslip_good.py 2022-03-08 23:55:17 +01:00
Rasmus Wriedt Larsen
6b14c1d6b9 Merge branch 'main' into jorgectf/python/deserialization 2022-03-08 11:15:03 +01:00
Ahmed Farid
3b8c7e8944 Update ZipSlip.expected 2022-03-07 10:11:34 +01:00
Ahmed Farid
8402d661df Update zipslip_bad.py 2022-03-07 10:11:00 +01:00
Ahmed Farid
35a1c80ceb Update zipslip_bad.py 2022-03-07 00:24:45 +01:00
Ahmed Farid
6233309028 Update ZipSlip.expected 2022-03-07 00:23:48 +01:00
Ahmed Farid
e8449d8f40 Update zipslip_bad.py 2022-03-07 00:23:03 +01:00
Ahmed Farid
b7d4715c4e Create ZipSlip.expected 2022-03-07 00:06:24 +01:00
Ahmed Farid
908db6a05f Update zipslip_bad.py 2022-03-07 00:01:09 +01:00
Ahmed Farid
7f2d242702 Update zipslip_good.py 2022-03-06 23:59:11 +01:00
Ahmed Farid
be7c619ca8 Update zipslip_bad.py 2022-03-04 00:48:45 +01:00
Rasmus Wriedt Larsen
f72f673e7e Python: Update XmlEntityInjection.expected 
I had forgotten about this, but better late than never... also added a
small representative test
 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
2451123c67 Python: Move XML PoC to new test dir 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
c739ae40b6 Python: Port xmltodict tests 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
0b12d91817 Python: Port xml.sax tests 2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
5fb4c4d152 Python: Port xml.etree tests 2022-03-03 20:51:02 +01:00
Rasmus Wriedt Larsen
a7134cac2e Python: Port xml.dom tests 2022-03-03 20:39:56 +01:00
Rasmus Wriedt Larsen
faebaee141 Python: Use concept tests for XML Parsing 
I was loosing my mind from looking through those .expected files

Just going to take it one file at time, to make reviewing easier
 2022-03-03 20:36:51 +01:00
Rasmus Wriedt Larsen
4b03f5c724 Python: Rename xml.sax test for consistency 2022-03-03 19:39:32 +01:00
Rasmus Wriedt Larsen
7cda901da2 Python: Add separate query for SimpleXMLRPCServer 
This was a rough quick-n-dirty query, and should get some qhelp as well at some point.
 2022-03-03 19:35:33 +01:00
Rasmus Wriedt Larsen
9406a972cd Python: Fix vuln detection for xml.minidom with parser arg 2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1 Python: Annotate xml.dom tests 2022-03-03 17:37:25 +01:00
Rasmus Wriedt Larsen
c4d08db62a Python: Expand XML PoC with minidom/pulldom/expat 2022-03-03 17:30:16 +01:00
Rasmus Wriedt Larsen
3affa6cf3a Python: Annotate xmltodict tests 2022-03-03 15:08:56 +01:00
Rasmus Wriedt Larsen
61291936bf Python: Properly model xml.etree 2022-03-03 15:06:55 +01:00
Rasmus Wriedt Larsen
703e3e8a0f Python: Handle DTD retrieval vuln in lxml 2022-03-03 14:46:48 +01:00
Rasmus Wriedt Larsen
e295399f70 Python: Properly handle huge_tree in lxml 2022-03-03 14:43:37 +01:00
Rasmus Wriedt Larsen
124c03c15c Python: Expand lxml tests 
And add annotations, see PoC.py for reference

Some of these needs fixing though
 2022-03-03 14:40:45 +01:00