codeql

mirror of https://github.com/github/codeql.git synced 2025-12-30 07:36:34 +01:00

Author	SHA1	Message	Date
yoff	a08eb99778	Merge pull request #4779 from RasmusWL/django-class-based-handlers Python: Add modeling of django class based view handlers	2020-12-18 15:58:51 +01:00
Rasmus Wriedt Larsen	272feedb69	Merge branch 'main' into stdlib-http-source-modeling	2020-12-15 11:59:23 +01:00
CodeQL CI	0420ac7aac	Merge pull request #4820 from RasmusWL/add-pymysql-modeling Approved by yoff	2020-12-14 03:04:24 -08:00
Rasmus Wriedt Larsen	31d4ea77cb	Python: Add modeling of PyMySQL	2020-12-14 10:56:47 +01:00
Rasmus Wriedt Larsen	e7b6400e48	Python: Add tests for PyMySQL	2020-12-14 10:55:01 +01:00
Rasmus Wriedt Larsen	8d8e92eb09	Python: Model `execute` on a DB connection	2020-12-14 10:33:10 +01:00
Rasmus Wriedt Larsen	36e8ef53eb	Python: Model sqlite3 as SQL interface	2020-12-09 11:36:18 +01:00
Rasmus Wriedt Larsen	767a246edc	Python: Add sqlite3 test	2020-12-09 11:36:17 +01:00
Rasmus Wriedt Larsen	ba1ca70858	Python: Add source modeling of stdlib HTTPRequestHandlers	2020-12-08 14:04:15 +01:00
Rasmus Wriedt Larsen	34863721f0	Python: Model `cgi.FieldStorage`	2020-12-08 14:03:13 +01:00
Rasmus Wriedt Larsen	43688715f5	Python: Add test of stdlib HTTP server facilities Just a port of the old tests, except for the fact that I learned `cgi.FieldStorage()` _should_ be tainted when not specifying any arguments. (and moved taint-test to own function) Also clarified how imports of all the .*HTTPRequestHandler works in Python2	2020-12-08 14:01:55 +01:00
Rasmus Wriedt Larsen	c7ab78f8c2	Python: Add modeling of django class based view handlers BUT, since MyCustomViewBaseClass.post (django-v2-v3/testapp/views.py) and Foo.post (django-v2-v3/routing_test.py) aren't handled, this raises important question about how to do MRO without points-to :S	2020-12-04 14:03:59 +01:00
Rasmus Wriedt Larsen	4ead118a31	Python: Add class based route handler in django tests Disabled CSRF middleware for now, since it blocked my debugging curl POST requests :(	2020-12-04 13:27:01 +01:00
Rasmus Wriedt Larsen	d88e5bdb3a	Python: Model `io.open` as FileSystemAccess	2020-11-24 18:27:33 +01:00
Rasmus Wriedt Larsen	e39bb56078	Python: Model builtin `open` function better	2020-11-24 18:27:31 +01:00
Rasmus Wriedt Larsen	5af1fdd06f	Python: Expand tests of `open`	2020-11-24 18:27:30 +01:00
Rasmus Lerchedahl Petersen	0710963fc3	Python: update test expectations EssaNode -> ControlFlowNode	2020-11-10 23:58:55 +01:00
Rasmus Wriedt Larsen	353505ec6c	Python: Handle content of Django redirects correctly	2020-11-04 12:10:58 +01:00
Rasmus Wriedt Larsen	92dc7dc2f3	Python: Use mimetype instead of content-type in django modeling This enables the XSS query to actually find results from django responses.	2020-11-04 11:34:20 +01:00
Jonas Jensen	5680b2df13	Merge remote-tracking branch 'upstream/main' into better-syntax-for-false-positives-and-negatives-inline-expectation Required fixing up semantic conflicts in tests. Conflicts: python/ql/test/experimental/library-tests/frameworks/stdlib/Decoding.py	2020-11-03 09:47:26 +01:00
Taus Brock-Nannestad	5dadb0f476	Python: Fix imports in tests	2020-11-02 23:02:29 +01:00
Taus	25e88ed585	Merge pull request #4588 from yoff/python-pep-249 Python: Model PEP 249	2020-11-02 18:57:15 +01:00
Rasmus Lerchedahl Petersen	ea74c7f12b	Python: add tests	2020-11-02 17:59:51 +01:00
Rasmus Wriedt Larsen	66f5d0d9d5	Python: Model encoding/decoding with base64 module	2020-11-02 14:44:53 +01:00
Mathias Vorreiter Pedersen	6d0783a3bd	Python: Make sure that expected values with tag mimetype is wrapped in quotes if the value contains a space.	2020-10-31 18:13:12 +01:00
Mathias Vorreiter Pedersen	870ed0039b	Python: Allow single quote strings and accept test changes.	2020-10-31 18:01:55 +01:00
Mathias Vorreiter Pedersen	0bc4d52d66	Python: Update more tests annotations. It looks like we need to allow single-quote strings to support the existing Python use-cases, but let's do that in the next commit.	2020-10-31 17:40:19 +01:00
Mathias Vorreiter Pedersen	ed9ad8b5e3	Merge branch 'main' into better-syntax-for-false-positives-and-negatives-inline-expectation	2020-10-31 16:52:16 +01:00
Rasmus Lerchedahl Petersen	80360450de	Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss	2020-10-30 17:56:36 +01:00
Rasmus Lerchedahl Petersen	ef9999a4a1	Python: fix test annotation	2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen	37ad59a92a	Python: subclas of known subclasses	2020-10-30 17:37:54 +01:00
Mathias Vorreiter Pedersen	45b24a9bc8	Python: Update inline-expectation tests	2020-10-30 16:53:33 +01:00
Rasmus Lerchedahl Petersen	e7c9bc388b	Python: support some custom subclasses	2020-10-30 14:16:48 +01:00
Rasmus Lerchedahl Petersen	e69349791a	Python: django.http.response.HttpRequest.write	2020-10-30 12:51:23 +01:00
Rasmus Lerchedahl Petersen	ffe10d1b7c	Python: test `HttpResponse.write`	2020-10-30 12:16:12 +01:00
Rasmus Lerchedahl Petersen	fa3a7e6686	Python: Known subclasses of HttpResponse	2020-10-30 11:53:24 +01:00
Rasmus Lerchedahl Petersen	c962377ef4	Python: test for subclasses	2020-10-30 10:37:40 +01:00
Rasmus Lerchedahl Petersen	08af839757	Python: django.http.response.HttpResponseRedirect	2020-10-30 01:29:49 +01:00
Rasmus Lerchedahl Petersen	52be896666	Python: django.http.response.JsonResponse It s possible this class is not relevant to XSS	2020-10-30 01:05:36 +01:00
Rasmus Lerchedahl Petersen	0f9b8595d1	Python: rename functions by vulnerability	2020-10-30 00:51:09 +01:00
Rasmus Lerchedahl Petersen	97153b56ad	Python: add false negatives to test	2020-10-30 00:48:19 +01:00
Rasmus Lerchedahl Petersen	2ca86f5ea7	Python: django.http.response.HttpResponse	2020-10-30 00:22:53 +01:00
Rasmus Lerchedahl Petersen	6658ee9dc8	Merge branch 'python-port-reflected-xss' of https://github.com/RasmusWL/codeql into RasmusWL-python-port-reflected-xss	2020-10-29 12:46:44 +01:00
Rasmus Lerchedahl Petersen	9fd1bf60fa	Merge branch 'main' of github.com:github/codeql into python-port-path-injection	2020-10-28 10:24:23 +01:00
Rasmus Lerchedahl Petersen	2baed20067	Python: Test false negative from review	2020-10-27 08:30:16 +01:00
Rasmus Lerchedahl Petersen	b6313dddb9	Python: Add concept tests	2020-10-27 08:26:00 +01:00
Rasmus Wriedt Larsen	aa9f15af76	Python: Fix typo Co-authored-by: Taus <tausbn@github.com>	2020-10-23 15:39:38 +02:00
Rasmus Wriedt Larsen	d295c64ccd	Python: Add example of flask response .set_data	2020-10-23 14:31:36 +02:00
Rasmus Wriedt Larsen	d2cfa91155	Python: Add some tricky tests of return in flask route handler In these cases the `return` might end up creating a new HTTP response, so they need to be modeled as such. Initially I created a very naive solution that didn't handle either tricky_return1 or tricky_return2. The interaction in tricky_return2/helper highlighted for me that to handle this properly, due to the fact that the flow is across functions, we either need to use a global dataflow/taint-tracking configuration, or some clever use of type-trackers. In the end, this extra effort for not modeling all returns in a flask route handler as a creation of a HTTP response doesn't really seem to be worth it (at least not right now). Sicne we use it with taint-tracking for the Reflected XSS query, and use a HTTP response _creation_ as the sink (without propagating taint to the HTTP response), we won't get into trouble where we report a path to BOTH `make_response(...)` and the `return` ``` resp = make_response(...) return resp ``` If we change this setup in the future, we will probably need to do something to avoid this double-path reporting.	2020-10-23 14:31:35 +02:00
Rasmus Wriedt Larsen	d60221b168	Python: Model return from flask handler as HTTP response When dealing with ``` resp = make_response(...) return resp ``` ideally we don't want to mark the return as a creation of a HTTP response. I'll deal with this in a second commit, to show off how annoying it looks in the tests right now :D	2020-10-23 14:31:34 +02:00

1 2 3 4

160 Commits