Taus
03b6ee3833
Python: Add import * test
...
This test shows off a few things:
- transitive chains of `import *`
- multiple modules exporting the same name (to test for cross-talk)
2021-11-26 13:49:08 +00:00
Erik Krogh Kristensen
6ff8d4de5c
add all remaining explicit this
2021-11-26 13:50:10 +01:00
Rasmus Wriedt Larsen
baafd9f8ba
Python: Add an other path injection FP
...
Along with the root cause, which is the `StringConstCompare`
BarrierGuard, that does only allows `in <iterable literal>` and not
`in <variable referencing iterable literal>`
2021-11-23 12:59:15 +01:00
Taus
eed98bd76a
Merge pull request #5588 from jorgectf/jorgectf/python/jwt-queries
...
Python: Add JWT security-related queries
2021-11-16 15:40:45 +01:00
jorgectf
3fe2a08376
Update .expected file
2021-11-16 15:03:49 +01:00
jorgectf
e7d649f36d
Make Cookie concept extend HTTP::Server::CookieWrite
2021-11-16 13:54:25 +01:00
Jorge
a905205f16
Merge branch 'github:main' into jty/python/emailInjection
2021-11-15 16:44:11 +01:00
jorgectf
129a81a2f8
Cover smtplib
2021-11-13 14:24:40 +01:00
Rasmus Lerchedahl Petersen
ac5a46f24f
Python: split test as suggested in review
2021-11-09 13:04:52 +01:00
yoff
5f4aad40c1
Update python/ql/test/experimental/meta/InlineTaintTest.qll
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-11-09 13:00:35 +01:00
Rasmus Lerchedahl Petersen
3f4c2ba24e
Python: Support debugging inline taint tests
...
The module `Conf` is created so that it can be imported
without importing the query predicates from the same file.
2021-11-08 14:08:11 +01:00
jorgectf
5774ce2479
Improve django test
2021-11-08 10:34:16 +01:00
jorgectf
f4a73fcc59
Add RFS to sendgrid test
2021-11-08 10:33:57 +01:00
jorgectf
d316974157
Add HtmlContent additional taint step
2021-11-08 10:23:50 +01:00
jorgectf
86aac7c215
Add/Update .expected files.
2021-11-05 20:13:12 +01:00
jorgectf
a420e6e18d
Add CookieInjection.qlref
2021-11-05 20:12:56 +01:00
jorgectf
cf47e8eb9c
Fix endpoints' naming
2021-11-05 20:12:35 +01:00
jorgectf
d7a79469e6
Improve tests
2021-11-05 20:08:52 +01:00
Rasmus Lerchedahl Petersen
624b794980
Python: separate taint sources in with
2021-11-04 17:06:36 +01:00
Rasmus Lerchedahl Petersen
05aa314ac9
Python: Add tests for non-async constructs
2021-11-03 10:54:36 +01:00
Rasmus Lerchedahl Petersen
768932d7b3
Python: Add tainttracking step that was removed
...
when the correpsonding datadlow step was removed.
2021-11-02 15:01:47 +01:00
Rasmus Lerchedahl Petersen
07d5086b07
Python: support user defined taint source
2021-11-02 15:00:23 +01:00
thank_you
3a4e3d5146
Remove comments from Python example tests
...
Besides removing comments, I also reduced the complexity of some of the Python code examples.
2021-10-30 14:00:51 -04:00
Rasmus Wriedt Larsen
85f00fda19
Merge pull request #6776 from yoff/python/model-asyncpg
...
Python: Model `asyncpg`
2021-10-29 13:54:44 +02:00
jorgectf
e8e0f0fea8
Add temporary .expected
2021-10-28 14:22:14 +02:00
Rasmus Lerchedahl Petersen
c92249525b
Python: update test expectations
2021-10-28 14:03:09 +02:00
jorgectf
4c2a4226ef
Merge remote-tracking branch 'origin/main' into jty/python/emailInjection
2021-10-28 13:26:57 +02:00
jorgectf
3dec222922
Merge remote-tracking branch 'origin/main' into jorgectf/python/jwt-queries
2021-10-28 13:11:46 +02:00
Rasmus Wriedt Larsen
58bc1102e5
Merge branch 'main' into jorgectf/python/deserialization
2021-10-28 12:31:34 +02:00
jorgectf
cf9e9f9dd4
Add cookie injection query missing proper tests
2021-10-28 10:28:45 +02:00
Rasmus Lerchedahl Petersen
cca675a161
Python: Add test for async taint
...
(which we belive we have just broken)
2021-10-28 09:47:04 +02:00
jorgectf
129edd605e
Update .expected
2021-10-28 09:25:56 +02:00
jorgectf
0f2b81e0d2
Polish tests
2021-10-28 09:24:47 +02:00
jorgectf
28ec8c9dee
Merge remote-tracking branch 'origin/main' into jorgectf/python/insecure-cookie
2021-10-27 19:00:55 +02:00
Rasmus Lerchedahl Petersen
826f44d98e
Python: Share implementation of awaited
2021-10-27 11:41:18 +02:00
Rasmus Lerchedahl Petersen
8a81d42e6f
Python: more logic adjustment
...
Not sure why the missing result is missing. There is
and edge with label `getAwaited` from `pkg.async_func` on line 22
to `coro` on line 23.
2021-10-26 10:57:27 +02:00
Rasmus Lerchedahl Petersen
f91e43c068
Python: Add more honest test for awaited
2021-10-26 10:43:06 +02:00
Rasmus Lerchedahl Petersen
a8a181a32f
Python: adjust logic and add tests
...
Due to the way paths a re printed, the tests look surprising
2021-10-26 09:55:47 +02:00
Rasmus Lerchedahl Petersen
03ada6e97a
Python: Add concept test for SqlConstruction
2021-10-25 13:09:43 +02:00
jorgectf
271e2e4c49
Update .expected
2021-10-16 13:12:33 +02:00
jorgectf
45146bc798
Merge branch 'main' into jorgectf/python/headerInjection
2021-10-16 12:46:57 +02:00
jorgectf
bf76d9cd8b
Fix django test
2021-10-16 10:45:25 +02:00
jorgectf
2db1ffef1e
Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection
2021-10-16 10:40:52 +02:00
jorgectf
15dfc6d1da
Fix xml_sax_parser.py good/bad naming
2021-10-16 09:50:58 +02:00
Anders Schack-Mulligen
8b6baa250c
Merge pull request #6878 from aschackmull/remove-singleton-setliteral
...
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
2021-10-14 14:53:05 +02:00
Rasmus Wriedt Larsen
7cd5e681dd
Merge pull request #6693 from yoff/python/promote-regex-injection
...
Python: Promote `py/regex-injection`
2021-10-14 14:49:05 +02:00
Anders Schack-Mulligen
57cb300759
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
2021-10-14 11:34:22 +02:00
Taus
75c4d6a8a0
Merge pull request #6650 from yoff/python-dataflow/init-time
...
Python: Import time dataflow
2021-10-12 11:31:03 +02:00
Rasmus Lerchedahl Petersen
61008fd3d0
Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection
2021-10-12 11:28:12 +02:00
yoff
43f7eede0b
Merge pull request #6182 from haby0/python/LogInjection
...
Python: CWE-117 Log injection
2021-10-12 10:54:45 +02:00
