hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-20 00:43:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,929 Commits 1,693 Branches 160 Tags
31dc542111bc508c926312206275b8a42535d8db
Commit Graph

538 Commits

Author SHA1 Message Date
Sim4n6
31dc542111 Update request parameter name in good_1() function 2024-03-15 14:17:23 +01:00
Sim4n6
70ebc58b4c Refactor Unicode normalization code 2024-03-15 14:17:23 +01:00
Sim4n6${{7*'7'}}
658b88e62f Update python/ql/src/experimental/Security/CWE-770/UnicodeDoS.ql 
update the Config API

Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-03-15 14:17:23 +01:00
Sim4n6
1f767b887e Add some comments and docs 2024-03-15 14:17:23 +01:00
Sim4n6
5cc9170249 Add UnicodeDoS sink for werkzeug secure_filename 2024-03-15 14:17:23 +01:00
Sim4n6
342465057c Add Unicode DoS (CWE-770) 2024-03-15 14:17:23 +01:00
amammad
09d8a75844 Fix QLDoc issues 2024-02-14 23:31:22 +04:00
Rasmus Wriedt Larsen
e5bd633028 Python: Change name/id to Decompression Bomb 
The old title/id matches how we used to write queries, but I think just
using the normal conversational name is easier for everyone :)
 2024-02-14 14:54:25 +01:00
Rasmus Wriedt Larsen
ba7dd38fc9 Python: Delete duplicated file 2024-02-14 14:48:37 +01:00
Rasmus Wriedt Larsen
9399258e3b Merge branch 'main' into amammad-python-bombs 2024-02-14 13:37:59 +01:00
Anders Schack-Mulligen
8ef4821f63 Python: Remove references to FlowStateString. 2023-12-14 15:05:33 +01:00
amammad
5795c72a99 added inline tests 2023-12-07 14:04:33 +01:00
amammad
6ebdae3bab Merge branch 'main' into amammad-python-bombs 2023-12-07 13:50:20 +01:00
amammad
2d0067d618 fix some qldocs, change Sink extenstion model, deduct some not necessarily checks :) 2023-12-07 13:45:28 +01:00
amammad
4283bb7d48 clean up unused vars,fix tests 2023-10-09 23:15:58 +02:00
amammad
9d86e7946c move library file to experimental lib directory 2023-10-09 23:10:30 +02:00
amammad
1318afdb27 modularize 2023-10-09 23:07:52 +02:00
amammad
3175db226e upgrade fastAPI remote sources 2023-10-09 20:51:19 +02:00
amammad
6ee5865789 add sources to detect CVE completely 2023-09-07 18:27:40 +10:00
Rasmus Lerchedahl Petersen
60dc1afbc0 Python: prepare to promote NoSqlInjection 
Mostly move files, preserving authourship.
This will not compile.
 2023-09-07 09:28:29 +02:00
amammad
bcfc28aae0 add sources to detect CVE completely 2023-09-07 02:02:32 +10:00
Rasmus Wriedt Larsen
c665c21d83 Python: More style-guide renaming 
Split it into multiple commits to make it easier to review.
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
996364d6ee Python: Fix naming style guide violations 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
98538d237e Python: Autoformat 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
5ba8e102eb Python: Adopt tests to new DataflowQueryTest 
Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6961ca5234 Python: Rename to EmailXss 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6d4491e0a9 Python: Modernize WebAppConstantSecretKey 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
d5e2a30e5b Python: Modernize py/azure-storage/unsafe-client-side-encryption-in-use a bit 
To use consistent naming
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
bfcc194b85 Python: Move experimental paramiko to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
acd0f2a8fb Python: Move experimental LDAPInsecureAuth to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c6911c2ae0 Python: Move experimental UnicodeBypassValidation to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c06394bf3 Python: Move experimental CookieInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c412707ab Python: Move experimental CsvInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
ace1e23c21 Python: Move experimental ClientSuppliedIpUsedInSecurityCheck to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
d948e103fa Python: Move experimental HeaderInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
53e57dad5c Python: Move experimental InsecureRandomness to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
3bf2705668 Python: Move experimental TimingAttackAgainstHeaderValue to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c88a0ccb7c Python: Move experimental TimingAttackAgainstHash to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a779547515 Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
8abd3430a2 Python: Move experimental TimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
1a4e8d9464 Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5d8329d9c8 Python: Move experimental ZipSlip to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
67cc3a3935 Python: Move experimental ReflectedXSS to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a0d26741d0 Python: Move experimental TarSlipImprov to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3cdd875e9f Python: Move experimental UnsafeUnpack to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3edb9d1011 Python: Move experimental TokenBuiltFromUUID to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
0f242475f2 Merge branch 'main' into experimental-cleanup 2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
39e2b133e9 Python: Fix naming 2023-08-28 10:40:33 +02:00
Rasmus Wriedt Larsen
4c693b4fc3 Python: Port py/xslt-injection to new data-flow 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
779fe6498c Python: Rename to XsltInjection.ql 2023-08-17 15:45:07 +02:00