hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-13 14:34:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
70,822 Commits 1,680 Branches 158 Tags
369241e1eab514aaab2ea288fd4d6950fa85fead
Commit Graph

578 Commits

Author SHA1 Message Date
yoff
7816f34d75 Merge branch 'main' into stdlib-optparse 2024-10-01 12:48:09 +02:00
Rasmus Wriedt Larsen
431a1af628 Merge branch 'main' into threat-models 2024-09-26 11:44:24 +02:00
yoff
e7f9b5bbbc Merge branch 'main' into stdlib-optparse 2024-09-24 20:24:00 +02:00
Taus
8c015b0784 Merge pull request #17305 from Kwstubbs/CORSMiddleware-Starlette 
Python: Add Support for CORS Middlewares
 2024-09-24 15:51:49 +02:00
Kevin Stubbings
01aa63e170 Add tests 2024-09-23 16:47:10 -07:00
Rasmus Wriedt Larsen
4a21a85e73 Merge branch 'main' into threat-models 2024-09-23 11:19:58 +02:00
Rasmus Wriedt Larsen
cbebf7b392 Python: Additional threatModelSource annotations 2024-09-10 14:32:39 +02:00
Rasmus Wriedt Larsen
8d8cd05b94 Python: Add basic support for database threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
7483075b7e Python: Fixup modeling of os.open 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
d245db54a1 Python: Model file threat-model 2024-09-10 14:32:37 +02:00
Rasmus Wriedt Larsen
66f389a4b6 Python: Model stdin thread-model 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
e1801f3a29 Python: Proper threat-model handling for argparse 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
56c85ffe54 Python: Fixup threat-models for os.environ.get() 
Since using `.DictionaryElementAny` doesn't actually do a store on the
source, (so we can later follow any dict read-steps).

I added the ensure_tainted steps to highlight that the result of the
WHOLE expression ends up "tainted", and that we don't just mark
`os.environ` as the source without further flow.
 2024-09-10 14:32:36 +02:00
Rasmus Wriedt Larsen
b9239d7101 Python: Add basic support for environment/commandargs threat-models 2024-09-10 14:32:36 +02:00
Tom Hvitved
c92c96fa78 Data flow: Compute local big step relation per stage 2024-08-26 09:15:27 +02:00
Joe Farebrother
62c2fe6b17 Merge pull request #16933 from joefarebrother/python-cookie-concept-promote 
Python: Promote the insecure cookie query from experimental
 2024-08-07 09:06:05 +01:00
yoff
251036c6b4 Merge pull request #17080 from sylwia-budzynska/streamlit 
Python: Add Streamlit models
 2024-07-31 18:20:11 +02:00
Sylwia Budzynska
9bd00c9e1e Change Gradio rfs test to use shared rfs test module 2024-07-31 13:25:32 +02:00
Sylwia Budzynska
9741ddb926 Add remoteflowsoucre test 2024-07-30 17:20:14 +02:00
Sylwia Budzynska
bfd2e4350b Add StreamlitConnection model 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2024-07-30 12:58:49 +02:00
Joe Farebrother
e68ef87662 update inline tests for rest_framework tests 2024-07-29 23:35:36 +01:00
Joe Farebrother
f10d007496 Add additional test for kwargs case 2024-07-29 23:27:22 +01:00
Sylwia Budzynska
358a1b3a20 Fix tests 2024-07-26 14:19:06 +02:00
Sylwia Budzynska
6d1c00742f Add tests and change note 2024-07-26 14:15:43 +02:00
Joe Farebrother
db27fd934a Add tests for tornado and twisted 2024-07-23 13:21:37 +01:00
Joe Farebrother
b28d79960b Update ConceptsTests and make a fix 2024-07-23 10:15:09 +01:00
Rasmus Wriedt Larsen
db8a5306cf Python: Add MaD support for DictionaryElement/DictionaryElementAny for sources 2024-07-12 15:19:40 +02:00
Rasmus Wriedt Larsen
eed8b3e87b Python: Add more tests for MaD sources 2024-07-12 15:10:23 +02:00
Joe Farebrother
8152ec7472 Merge pull request #16696 from joefarebrother/python-cookie-write-headers 
Python: Model CookieWrites from HeaderWrites
 2024-07-11 14:25:54 +01:00
Joe Farebrother
b81d41ba7b Add django header write models for direct subscript write 2024-07-01 11:26:54 +01:00
Rasmus Lerchedahl Petersen
77a00873a9 Python: add tests for loggers 2024-06-28 15:25:17 +02:00
Joe Farebrother
6538d22d3f Fix tornado model of httheaders.add. 2024-06-26 09:21:53 +01:00
yoff
58b6b3f601 Merge pull request #16789 from yoff/python/document-models-as-data 
python: Document MaD format
 2024-06-25 15:46:28 +02:00
Joe Farebrother
d0f735ac28 Update tests for restframework 2024-06-24 20:52:09 +01:00
Joe Farebrother
c404f00a9b Add additional header write models for aiohttp and tornado + added qldoc 2024-06-24 17:27:25 +01:00
Joe Farebrother
79c0ed6074 Add additional fastapi mheader write models 2024-06-24 17:27:21 +01:00
Joe Farebrother
5ced5c010c Add django header writes 2024-06-24 17:27:15 +01:00
Joe Farebrother
7704801e47 Change fastapi raw cookie header models to header write models 2024-06-24 17:27:12 +01:00
Joe Farebrother
a0201e9c4f Update tests for new cookie write from headers 2024-06-24 17:27:06 +01:00
Joe Farebrother
6b8080a5b3 Update concept tests for header writes 2024-06-24 17:27:02 +01:00
Rasmus Lerchedahl Petersen
00fbada41d Python: recognize fabric.operations 2024-06-24 10:54:59 +02:00
am0o0
8a7fdfa6fe fix conflict 2024-06-18 17:18:59 +02:00
Joe Farebrother
7727e465f4 Model Flask SessionInterface request parameter 2024-05-20 09:46:54 +01:00
yoff
5076b1a214 Merge pull request #16135 from sylwia-budzynska/gradio-model 
Python: Add Gradio models
 2024-05-16 09:00:50 +02:00
yoff
04c0475251 Merge pull request #16483 from yoff/python/MaD-instance-follow-subclass 
Python: The MaD token `Instance` now follows subclasses
 2024-05-14 21:30:43 +02:00
Joe Farebrother
027e5e7291 Merge pull request #16300 from joefarebrother/python-pyramid 
Python: Model the Pyramid framework
 2024-05-14 13:24:19 +01:00
Sylwia Budzynska
34c447939e Update test results 2024-05-14 14:23:36 +02:00
Sylwia Budzynska
f72afdc7cb Merge branch 'main' into gradio-model 2024-05-14 12:41:00 +02:00
Rasmus Lerchedahl Petersen
52717f8500 python: The MaD token Instance now follows subclasses 2024-05-14 08:40:19 +02:00
Sylwia Budzynska
d6acea1d0c Fix tests 2024-05-10 12:41:47 +02:00