1069 Commits

Author	SHA1	Message	Date
Asger F	a522562f93	Merge pull request #9369 from asgerf/python/api-graph-api ... Python: API graph renaming and documentation	2022-06-28 14:48:12 +02:00
Asger F	b096f9ec72	Python: Rename getAUse -> getAValueReachableFromSource	2022-06-21 12:44:06 +02:00
Anders Schack-Mulligen	f473a0a961	Python: Deprecate and replace BarrierGuard class.	2022-06-20 15:46:38 +02:00
yoff	699761889d	Merge pull request #7127 from jty-team/jty/python/emailInjection ... Python: CWE-079 - Add Email injection query	2022-06-14 10:54:16 +02:00
jorgectf	171239b78f	Format FlaskMail.qll and Sendgrid.qll	2022-06-03 18:27:45 +02:00
Jorge	897d5c9471	Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-06-01 12:44:08 +02:00
${sleep,7}	76c27c685f	Merge branch 'main' into jty/python/emailInjection	2022-05-26 16:27:57 -04:00
yoff	aadfa8eacd	Merge branch 'main' into py/CsvInjection	2022-05-25 10:43:08 +02:00
Taus	3745526d69	Merge pull request #9108 from RasmusWL/promote-pam ... Python: Promote `py/pam-auth-bypass`	2022-05-23 15:27:12 +02:00
Erik Krogh Kristensen	215a6a72cc	Merge branch 'main' into useStringComp	2022-05-18 10:55:31 +02:00
Rasmus Wriedt Larsen	6611e5b4b8	Merge branch 'main' into promote-pam	2022-05-18 10:35:39 +02:00
Erik Krogh Kristensen	7245591468	Merge pull request #7763 from erik-krogh/unused-field ... QL: add unused-field query	2022-05-18 09:15:16 +02:00
Erik Krogh Kristensen	86e97c32d6	fix all ql/use-string-compare	2022-05-17 14:11:05 +02:00
Rasmus Wriedt Larsen	795adf0566	Python: Fix API::moduleImport("foo.bar")	2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen	cff950f5f7	Python: Fix select of py/insecure-cookie	2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen	0956d506de	Python: Actually promote py/pam-auth-bypass ... 🤦	2022-05-11 13:44:47 +02:00
Rasmus Wriedt Larsen	fc8633cc01	Python: Fix select for py/cookie-injection	2022-05-11 13:18:14 +02:00
Rasmus Wriedt Larsen	27b99c51e9	Python: Add placeholder precision for py/insecure-cookie	2022-05-11 11:36:06 +02:00
Rasmus Wriedt Larsen	a902d3d8f0	Python: Add security-severity for py/insecure-cookie ... Matching the Java query 7d4767a4f5/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql (L7)	2022-05-11 11:34:16 +02:00
Rasmus Wriedt Larsen	84ad45c665	Python: Fix Django import	2022-05-11 11:33:35 +02:00
Rasmus Wriedt Larsen	d127d2164a	Merge branch 'main' into jorgectf/python/insecure-cookie	2022-05-11 11:13:47 +02:00
Rasmus Wriedt Larsen	7e87e18b32	Python: Adjust name/description/select of PamAuthorization.ql ... Thought that calling out the actual vulnerability would make things easier for our end users :)	2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen	c84f693151	Python: Adjust PamAuthorization examples ... They did not have proper formatting (only 2 spaces), and I restructured them a bit more so they look like code in the wild	2022-05-10 18:00:20 +02:00
Rasmus Wriedt Larsen	0c534444ad	Python: Format .qhelp file ... 99% of our .qhelp files have manually wrapped lines, so just wanted to keep things consistent	2022-05-10 17:59:21 +02:00
Rasmus Wriedt Larsen	cb17e2a649	Merge pull request #8595 from porcupineyhairs/pypam ... Python : Add query to detect PAM authorization bypass	2022-05-10 13:35:12 +02:00
Rasmus Wriedt Larsen	2421076d2f	Merge pull request #8696 from RasmusWL/new-nosql-examples ... Python: Improve experimental modeling for `pymongo`	2022-05-10 11:03:05 +02:00
Rasmus Wriedt Larsen	c218162104	Merge branch 'main' into pypam	2022-05-09 14:20:05 +02:00
Rasmus Wriedt Larsen	ab1252d196	Python: Add @precision high for py/pam-auth-bypass	2022-05-09 14:19:40 +02:00
Rasmus Wriedt Larsen	5f01fc24e4	Merge branch 'main' into promote-xxe	2022-05-02 11:25:55 +02:00
Rasmus Wriedt Larsen	3c1a37e7e1	Merge branch 'main' into new-nosql-examples	2022-05-02 11:21:36 +02:00
yoff	39753d5a0b	Merge pull request #8693 from erik-krogh/pyApi ... PY: more API-graphs refactorings	2022-04-27 13:19:50 +02:00
Erik Krogh Kristensen	7dba2b5868	PY: revert deletion of redundant-import in ClientSuppliedIpUsedInSecurityCheckLib.qll	2022-04-26 14:51:21 +02:00
Erik Krogh Kristensen	ff73dbc35c	delete redundant imports	2022-04-22 12:55:28 +02:00
${sleep,7}	b5734ed6a2	Merge branch 'main' into jty/python/emailInjection	2022-04-20 09:50:08 -04:00
Rasmus Wriedt Larsen	bb6969a175	Merge branch 'main' into promote-xxe	2022-04-20 13:42:02 +02:00
Rasmus Wriedt Larsen	6235dc5039	Python: Handle find_library assignment to temp variable	2022-04-13 11:44:15 +02:00
Porcupiney Hairs	785dc1af3c	Include changes from review	2022-04-12 21:17:39 +05:30
Taus	ab81247b7c	Python: Fix modelling in ZipSlip.qll ... - Remove use of points-to. - Exclude sources and sinks in the standard library (to prevent test brittleness).	2022-04-08 23:19:41 +02:00
Taus	57beeaada0	Python: Fix name clash in CopyFile.qll	2022-04-08 23:18:03 +02:00
Taus	e1371151f9	Python: Autoformat Concepts.qll	2022-04-08 23:16:41 +02:00
Taus	8521f9a008	Python: Autoformat ZipSlip.ql	2022-04-08 23:13:38 +02:00
Taus	4b580820c8	Python: Fix broken QHelp	2022-04-08 23:12:46 +02:00
Rasmus Wriedt Larsen	ec66f26ade	Python: Handle get_collection on pymongo DB	2022-04-07 16:32:20 +02:00
Rasmus Wriedt Larsen	89eeaf85d5	Python: Handle get_database on MongoClient instance	2022-04-07 16:31:17 +02:00
Rasmus Wriedt Larsen	7ca19653df	Python: mongoDBInstance refactor	2022-04-07 16:22:57 +02:00
Rasmus Wriedt Larsen	e58e9a273b	Python: mongoClientInstance refactoring	2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen	0ce2ced1aa	Python: Model pymongo.mongo_client.MongoClient	2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen	8191be9d75	Python: Move last XXE/XML bomb out of experimental	2022-04-07 15:37:56 +02:00
Rasmus Wriedt Larsen	405480c410	Python: Rename sink definitions for XXE/XML bomb	2022-04-07 15:37:56 +02:00
Erik Krogh Kristensen	50bfc8eaa0	refactor uses of API::Node::getAUse() that should have been something else	2022-04-07 13:52:13 +02:00