hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-27 22:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
21,559 Commits 1,673 Branches 157 Tags
30ba69d9911f0edc3338bc4de2aaa52bc314d291
Commit Graph

184 Commits

Author SHA1 Message Date
Taus
9adb19f3a9 Merge branch 'master' into python-incomplete-url-sanitize 2019-01-29 14:17:37 +01:00
Mark Shannon
6d553ae2be Python: Check os.open as well as os.chmod for weak file permissions. 2019-01-28 14:26:16 +00:00
Mark Shannon
3850f87879 Make qhelp for 'Incomplete URL substring sanitization' consistent across languages. 2019-01-25 16:47:23 +00:00
Mark Shannon
6ddbed7d95 Python: Minor tweaks to qldoc and release note. 2019-01-25 11:34:41 +00:00
Mark Shannon
88d8cb514c Python: Two new queries for URL and hostname sanitization (CWE-020). 2019-01-24 12:57:14 +00:00
Mark Shannon
a3b5769c2c Python: Weak file permissions query. 2019-01-22 11:33:19 +00:00
Taus Brock-Nannestad
7c3dc929ac Add query and qhelp. 2019-01-17 14:45:25 +01:00
Taus Brock-Nannestad
9ac50186f6 Add a few more insecure versions 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
1af503ab84 Address documentation comments. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
46973f4305 Support from ssl import PROTOCOL_.... 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
e8a41f719c Add documentation. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
dfe3fc6d5c Pass pyOpenSSL method as parameter instead of keyword argument. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
d604f5c9c9 Fix insecure_version_name comments. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
a893dca06e Add support for ssl.SSLContext. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
0a839f8468 Python: Check for insecure versions of SSL and TLS. 2019-01-07 15:24:15 +01:00
Mark Shannon
a345727f71 Python fix up tags in qhelp. 2018-11-28 17:14:07 +00:00
Mark Shannon
b3eaa46f14 Python: Use consistent abbreviations in weak-crypto query message. 2018-11-28 16:58:22 +00:00
Mark Shannon
4f0a666a43 Python: Tweak name of new query and add change note. 2018-11-28 16:58:22 +00:00
Mark Shannon
3c4c8cf7d3 Python: Add qhelp for new query. 2018-11-28 16:57:34 +00:00
Mark Shannon
1065ad0ce7 Python: Weak crypto query. 2018-11-28 16:57:34 +00:00
Mark Shannon
21246dcbf2 Python: clean up change notes and query help. 2018-11-28 15:02:47 +00:00
Mark Shannon
eefb45c94b Python: jinja2-without-escaping query: Clean up query and account for Template class in tests. 2018-11-28 10:46:44 +00:00
Mark Shannon
243280dc00 Python: New query to check for use of jinja2 templates without auto-escaping. 2018-11-28 10:45:19 +00:00
Mark Shannon
31ac33e723 Merge pull request #528 from taus-semmle/python-flask-debug 
Python: Implement check for flask debug mode.
 2018-11-27 19:42:26 +00:00
Taus Brock-Nannestad
7f94c257a7 Change precision to high. 2018-11-27 19:02:44 +01:00
Taus Brock-Nannestad
a4da245809 Python: Implement check for flask debug mode. 2018-11-27 15:14:38 +01:00
Mark Shannon
698957e2cf Python: Correct case of query name and improve help. 2018-11-27 11:32:40 +00:00
Mark Shannon
6588606739 Python: Account for other 'falsey' values in query. 2018-11-23 14:42:45 +00:00
Mark Shannon
06e5bc8359 Python: Add qhelp for new query. 2018-11-23 14:42:45 +00:00
Mark Shannon
45e864a395 Python: New query to test for requests without validation. 2018-11-23 14:42:45 +00:00
Mark Shannon
61bd8682df Python: Improve API and representation of taint tracking nodes. Update queries and tests accordingly. 2018-11-23 12:32:14 +00:00
Mark Shannon
722d89fc75 Upgrade taint-tracking security queries to path-problem queries. 2018-11-22 11:05:01 +00:00
Mark Shannon
e930b43bf3 Python security queries. Choose a precision reflecting actual precision for Security queries. 2018-11-19 17:10:40 +00:00
Mark Shannon
5f58824d1b Initial commit of Python queries and QL libraries. 2018-11-19 15:10:42 +00:00