hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-25 13:16:33 +01:00
Code Issues Packages Projects Releases Wiki Activity
4,249 Commits 1,673 Branches 157 Tags
3bcd445a3236456f9383da456a9e83a4446e8908
Commit Graph

59 Commits

Author SHA1 Message Date
Mark Shannon
3bcd445a32 Python change 'SimpleHttpResponseTaintSink' to 'HttpResponseTaintSink'. 2019-04-04 14:45:37 +01:00
Mark Shannon
8b01bac900 Python: make sure unsafe deserialization query is using correct sources and that pickle is included in sinks. 2019-04-04 10:56:45 +01:00
Mark Shannon
bc19769e6d Python: make sure code injection query is using correct sources. 2019-04-04 10:56:45 +01:00
Mark Shannon
35e82dca68 Python revert .getNode() to .getSink()/.getSource() to keep expected test output the same. 2019-04-04 10:56:45 +01:00
Mark Shannon
f8c43ca40b Python: make sure all django and flask request sources conform to interface. 2019-04-04 10:56:45 +01:00
Mark Shannon
61e6ae7c4a Python: Use new taint-tracking query in unsafe deserialization query. 2019-04-04 10:56:45 +01:00
Mark Shannon
3c1a5bb046 Python: Use new taint-tracking query in code-injection query. 2019-04-04 10:56:44 +01:00
Mark Shannon
64e8be6ed1 Python: Use new taint-tracking query in reflected-xss query. 2019-04-04 10:56:44 +01:00
Mark Shannon
7fc5d690cd Python: Use new taint-tracking query in SQL-injection query. 2019-04-04 10:56:44 +01:00
Mark Shannon
058ae7befc Merge pull request #1142 from taus-semmle/python-use-new-moduleobject-api 
Python: Use new `ModuleObject` API more widely.
 2019-03-26 15:02:44 +00:00
Taus Brock-Nannestad
5eb63ae048 Fix false positive and add test. 2019-03-21 14:10:05 +01:00
Taus Brock-Nannestad
9cb35a8ca9 Use correct named argument for ssl.SSLContext. 2019-03-21 14:09:25 +01:00
Taus Brock-Nannestad
391e111189 Use attr instead of getAttribute. 2019-03-20 17:41:23 +01:00
Taus Brock-Nannestad
f14f7b50ed Python: Use ModuleObject::named more consistently. 2019-03-20 17:41:23 +01:00
Mark Shannon
38a5fb715a Python: Avoid cross-talk between unrelated sources in py/stack-trace-exposure query. 2019-03-05 16:52:28 +00:00
Taus Brock-Nannestad
63893fe52c Python: Add missing @kind for py/insecure-temporary-file. 2019-03-04 11:20:39 +01:00
Taus Brock-Nannestad
e47b391329 Fix interpolation. 2019-02-26 16:27:04 +01:00
Taus Brock-Nannestad
7daaf77183 Make query alert refer to AST nodes rather than CFG nodes. 2019-02-26 15:56:37 +01:00
Taus Brock-Nannestad
504cb648d1 Change query description. 2019-02-26 13:26:20 +01:00
Taus Brock-Nannestad
8d774cd354 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-02-26 13:23:38 +01:00
Mark Shannon
98be27a73e Python: Add 'attr' predicate as a synomnym for 'getAttribute' to help readability. 2019-02-20 11:08:44 +00:00
Mark Shannon
35fa5d8f60 Python move various theXXX() predicates into the appropriate module. 2019-02-20 10:34:08 +00:00
Taus
08fcb984a8 Implement getACall suggestion. 2019-01-29 17:59:45 +01:00
Taus
6f7c96db54 Merge branch 'master' into python-unsafe-use-of-mktemp 2019-01-29 16:12:53 +01:00
Taus Brock-Nannestad
9a9d902cfb Add support for os.tempnam and os.tmpnam. 2019-01-29 16:08:32 +01:00
Taus
9adb19f3a9 Merge branch 'master' into python-incomplete-url-sanitize 2019-01-29 14:17:37 +01:00
Mark Shannon
6d553ae2be Python: Check os.open as well as os.chmod for weak file permissions. 2019-01-28 14:26:16 +00:00
Mark Shannon
3850f87879 Make qhelp for 'Incomplete URL substring sanitization' consistent across languages. 2019-01-25 16:47:23 +00:00
Mark Shannon
6ddbed7d95 Python: Minor tweaks to qldoc and release note. 2019-01-25 11:34:41 +00:00
Mark Shannon
88d8cb514c Python: Two new queries for URL and hostname sanitization (CWE-020). 2019-01-24 12:57:14 +00:00
Mark Shannon
a3b5769c2c Python: Weak file permissions query. 2019-01-22 11:33:19 +00:00
Taus Brock-Nannestad
7c3dc929ac Add query and qhelp. 2019-01-17 14:45:25 +01:00
Taus Brock-Nannestad
9ac50186f6 Add a few more insecure versions 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
1af503ab84 Address documentation comments. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
46973f4305 Support from ssl import PROTOCOL_.... 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
e8a41f719c Add documentation. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
dfe3fc6d5c Pass pyOpenSSL method as parameter instead of keyword argument. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
d604f5c9c9 Fix insecure_version_name comments. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
a893dca06e Add support for ssl.SSLContext. 2019-01-07 15:24:15 +01:00
Taus Brock-Nannestad
0a839f8468 Python: Check for insecure versions of SSL and TLS. 2019-01-07 15:24:15 +01:00
Mark Shannon
a345727f71 Python fix up tags in qhelp. 2018-11-28 17:14:07 +00:00
Mark Shannon
b3eaa46f14 Python: Use consistent abbreviations in weak-crypto query message. 2018-11-28 16:58:22 +00:00
Mark Shannon
4f0a666a43 Python: Tweak name of new query and add change note. 2018-11-28 16:58:22 +00:00
Mark Shannon
3c4c8cf7d3 Python: Add qhelp for new query. 2018-11-28 16:57:34 +00:00
Mark Shannon
1065ad0ce7 Python: Weak crypto query. 2018-11-28 16:57:34 +00:00
Mark Shannon
21246dcbf2 Python: clean up change notes and query help. 2018-11-28 15:02:47 +00:00
Mark Shannon
eefb45c94b Python: jinja2-without-escaping query: Clean up query and account for Template class in tests. 2018-11-28 10:46:44 +00:00
Mark Shannon
243280dc00 Python: New query to check for use of jinja2 templates without auto-escaping. 2018-11-28 10:45:19 +00:00
Mark Shannon
31ac33e723 Merge pull request #528 from taus-semmle/python-flask-debug 
Python: Implement check for flask debug mode.
 2018-11-27 19:42:26 +00:00
Taus Brock-Nannestad
7f94c257a7 Change precision to high. 2018-11-27 19:02:44 +01:00