531 Commits

Author	SHA1	Message	Date
erik-krogh	bf3fe3cd66	add new qhelp for clear-text-logging	2023-09-07 12:39:13 +02:00
Rasmus Wriedt Larsen	c85ea9a0c0	Python: Fix typo in SSRF example	2023-09-07 09:45:02 +02:00
Rasmus Wriedt Larsen	acde1920e7	Python: Move UntrustedDataToExternalAPI to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	657b1997cc	Python: Move FullServerSideRequestForgery and PartialServerSideRequestForgery to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	dbfe517555	Python: Move HardcodedCredentials to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	46322b717a	Python: Move XmlBomb to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	add1077532	Python: Move RegexInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	c6caf83dfe	Python: Move PolynomialReDoS to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	4c336990e5	Python: Move XpathInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	60e45335dd	Python: Move Xxe to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	4c76ca6127	Python: Move UrlRedirect to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	6f08e73dbc	Python: Move UnsafeDeserialization to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	dd074173d2	Python: Move WeakSensitiveDataHashing to new dataflow API ... I adopted helper predicates to do the "heavy" lifting of .asPathNode1(), maybe I like this approach better... let me know what you think 😊	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	9d6b96dfd2	Python: Move CleartextStorage to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	70095446b6	Python: Move CleartextLogging to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	cca78f31ff	Python: Move PamAuthorization to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	dcd96083e8	Python: Move StackTraceExposure to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	f75e65c67d	Python: Move LogInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	88cf9c99b0	Python: Move CodeInjection to new dataflow API	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	05573904a5	Python: Move LdapInjection to new dataflow API ... We could have switched to a stateful config, but I tried to keep changes as straight forward as possible.	2023-08-28 15:27:50 +02:00
Rasmus Wriedt Larsen	c360346e9e	Python: Move ReflectedXss to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	b30142c1d7	Python: Move CommandInjection to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	700841e9b0	Python: Move UnsafeShellCommandConstruction to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	d4e4e2d426	Python: Move TarSlip to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	e97032909a	Python: Move PathInjection to new dataflow API	2023-08-28 15:27:49 +02:00
Rasmus Wriedt Larsen	245c24077d	Python: Move SqlInjection to new dataflow API	2023-08-28 15:27:49 +02:00
erik-krogh	3a436d1f84	do a quick-and-dirty conversion of py/hardcoded-credentials to the new dataflow library	2023-06-14 08:31:56 +02:00
erik-krogh	6dfeb2536b	delete old deprecations	2023-06-09 15:12:23 +02:00
jorgectf	5608082f35	Update py/unsafe-deserialization name	2023-06-02 17:57:24 +02:00
erik-krogh	9f5bf8fb22	also fix the first code-block	2023-05-25 13:56:29 +02:00
erik-krogh	765076bcba	fix whitespace in the samples in ReDoS.qhelp	2023-05-25 13:28:39 +02:00
erik-krogh	710b309142	apply suggestions from doc review	2023-05-21 22:18:48 +02:00
erik-krogh	480e71fd69	avoid contractions	2023-05-17 08:42:45 +02:00
erik-krogh	83ca1495e0	trim the whitespace in the poly-redos examples	2023-05-15 16:47:24 +02:00
erik-krogh	d989359656	add another example to the qhelp in poly-redos, showing how to just limit the length of the input	2023-05-15 16:47:02 +02:00
Rasmus Wriedt Larsen	62f0c64a03	Merge pull request #12552 from erik-krogh/py-type-trackers ... Py: refactor regex tracking to type-trackers	2023-05-11 16:18:34 +02:00
Kasper Svendsen	3eb5a95ee3	Python: Make implicit this receivers explicit	2023-05-03 12:16:21 +02:00
erik-krogh	f0254fc089	introduce RegExpInterpretation instead of RegexString, and move RegexTreeView.qll into a regexp folder	2023-05-01 10:42:13 +02:00
Rasmus Wriedt Larsen	a168af349e	Python: Expand modeling of paramiko	2023-04-18 11:57:20 +02:00
yoff	2121ed784f	Merge branch 'main' into python/rewrite-InsecureContextConfiguration	2023-03-27 10:20:53 +02:00
Rasmus Lerchedahl Petersen	3c407eaa23	python: rewrite comment	2023-03-24 13:32:25 +01:00
Rasmus Lerchedahl Petersen	8ea4878f7a	python: move comment	2023-03-24 13:24:49 +01:00
yoff	cf4eac6fa1	Update python/ql/src/Security/CWE-327/PyOpenSSL.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2023-03-24 13:18:03 +01:00
Anders Schack-Mulligen	d0b7ffda70	Python/Ruby/Swift: Rename references.	2023-03-23 13:06:19 +01:00
erik-krogh	6a5d6eb5c2	lower precision of py/shell-command-constructed-from-input to medium	2023-03-13 14:56:42 +01:00
erik-krogh	d001cc40d3	Merge branch 'main' into py-shell	2023-03-13 14:56:04 +01:00
Anders Schack-Mulligen	21d5fa836b	Python: Autoformat	2023-03-10 09:41:17 +01:00
Rasmus Lerchedahl Petersen	072df5dbc0	python: remove protocol family ... this concept was due to my confusion between TLS and SSL23, but they are aliases. We might want to bring back the concept if we model DTLS. Also, model what exactly creations allow, bring this back from the unrestrictions they used to be. We accept the changes regarding sources being reported differently.	2023-03-07 14:41:13 +01:00
Rasmus Lerchedahl Petersen	8160f742a5	Python: small clean-up ... - no need for th 2-suffix - context creations are no longer unrestrictions	2023-03-06 19:47:53 +01:00
Anders Schack-Mulligen	5c7f2ac7f7	Merge pull request #12186 from aschackmull/dataflow/refactor-configuration ... Data flow: Refactor configuration	2023-03-06 13:38:59 +01:00