543 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	43d9d2ceb7	Merge pull request #14603 from github/max-schaefer/broken-crypto-algorithm-link ... JavaScript/Python/Ruby: Improve alert message for `*/weak-cryptographic-algorithm`.	2023-11-08 14:29:24 +01:00
Geoffrey White	e8a466a02c	Update dead link.	2023-11-07 09:26:07 +00:00
Max Schaefer	104700f6d3	Address review comment.	2023-10-27 10:19:28 +01:00
Max Schaefer	08cc8b8e80	Autoformat.	2023-10-26 15:36:06 +01:00
Max Schaefer	3939167ba2	Include more details in the message for py/weak-cryptographic-algorithm. ... Specifically, we add a link to the location where the cryptographic algorithm is configured, which can be far away from its use.	2023-10-26 11:28:09 +01:00
yoff	dbecb1bd0f	Merge pull request #14070 from yoff/python/promote-nosql-query ... Python: promote nosql query	2023-09-29 14:21:22 +02:00
Rasmus Wriedt Larsen	16e1a00e88	Python: NoSQLInjection -> NoSqlInjection	2023-09-29 13:52:51 +02:00
Rasmus Lerchedahl Petersen	d90630aa66	Python: fix query file	2023-09-28 12:34:10 +02:00
erik-krogh	bf3fe3cd66	add new qhelp for clear-text-logging	2023-09-07 12:39:13 +02:00
Rasmus Wriedt Larsen	c85ea9a0c0	Python: Fix typo in SSRF example	2023-09-07 09:45:02 +02:00
Rasmus Lerchedahl Petersen	087961d179	Python: Refactor to allow customizations ... Also use new DataFlow API	2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen	db0459739f	Python: rename file	2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen	55707d395e	Python: Make things compile in their new location ... - Move NoSQL concepts to the non-experimental concepts file - fix references	2023-09-07 09:28:30 +02:00
Rasmus Lerchedahl Petersen	60dc1afbc0	Python: prepare to promote NoSqlInjection ... Mostly move files, preserving authourship. This will not compile.	2023-09-07 09:28:29 +02:00
Rasmus Wriedt Larsen	acde1920e7	Python: Move UntrustedDataToExternalAPI to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	657b1997cc	Python: Move FullServerSideRequestForgery and PartialServerSideRequestForgery to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	dbfe517555	Python: Move HardcodedCredentials to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	46322b717a	Python: Move XmlBomb to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	add1077532	Python: Move RegexInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	c6caf83dfe	Python: Move PolynomialReDoS to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	4c336990e5	Python: Move XpathInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	60e45335dd	Python: Move Xxe to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	4c76ca6127	Python: Move UrlRedirect to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	6f08e73dbc	Python: Move UnsafeDeserialization to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	dd074173d2	Python: Move WeakSensitiveDataHashing to new dataflow API ... I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	9d6b96dfd2	Python: Move CleartextStorage to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	70095446b6	Python: Move CleartextLogging to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	cca78f31ff	Python: Move PamAuthorization to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	dcd96083e8	Python: Move StackTraceExposure to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	f75e65c67d	Python: Move LogInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	88cf9c99b0	Python: Move CodeInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	05573904a5	Python: Move LdapInjection to new dataflow API ... We could have switched to a stateful config, but I tried to keep changes as straight forward as possible.	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	c360346e9e	Python: Move ReflectedXss to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	b30142c1d7	Python: Move CommandInjection to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	700841e9b0	Python: Move UnsafeShellCommandConstruction to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	d4e4e2d426	Python: Move TarSlip to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	e97032909a	Python: Move PathInjection to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	245c24077d	Python: Move SqlInjection to new dataflow API	2023-08-28 15:27:49 +02:00
erik-krogh	3a436d1f84	do a quick-and-dirty conversion of py/hardcoded-credentials to the new dataflow library	2023-06-14 08:31:56 +02:00
erik-krogh	6dfeb2536b	delete old deprecations	2023-06-09 15:12:23 +02:00
jorgectf	5608082f35	Update py/unsafe-deserialization name	2023-06-02 17:57:24 +02:00
erik-krogh	9f5bf8fb22	also fix the first code-block	2023-05-25 13:56:29 +02:00
erik-krogh	765076bcba	fix whitespace in the samples in ReDoS.qhelp	2023-05-25 13:28:39 +02:00
erik-krogh	710b309142	apply suggestions from doc review	2023-05-21 22:18:48 +02:00
erik-krogh	480e71fd69	avoid contractions	2023-05-17 08:42:45 +02:00
erik-krogh	83ca1495e0	trim the whitespace in the poly-redos examples	2023-05-15 16:47:24 +02:00
erik-krogh	d989359656	add another example to the qhelp in poly-redos, showing how to just limit the length of the input	2023-05-15 16:47:02 +02:00
Rasmus Wriedt Larsen	62f0c64a03	Merge pull request #12552 from erik-krogh/py-type-trackers ... Py: refactor regex tracking to type-trackers	2023-05-11 16:18:34 +02:00
Kasper Svendsen	3eb5a95ee3	Python: Make implicit this receivers explicit	2023-05-03 12:16:21 +02:00
erik-krogh	f0254fc089	introduce RegExpInterpretation instead of RegexString, and move RegexTreeView.qll into a regexp folder	2023-05-01 10:42:13 +02:00