2521 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	5f01fc24e4	Merge branch 'main' into promote-xxe	2022-05-02 11:25:55 +02:00
yoff	39753d5a0b	Merge pull request #8693 from erik-krogh/pyApi ... PY: more API-graphs refactorings	2022-04-27 13:19:50 +02:00
Erik Krogh Kristensen	e1c7d369be	Merge pull request #8796 from erik-krogh/redundantImport ... Remove redundant imports	2022-04-27 12:39:51 +02:00
yoff	9d774463f5	Merge pull request #8859 from tausbn/python-fix-bad-essa-joins ... Python: Fix a bunch of bad joins	2022-04-27 12:27:50 +02:00
Taus	7d736952db	Python: Update expected output	2022-04-26 15:49:40 +00:00
Erik Krogh Kristensen	d389012b75	Merge branch 'main' into redundantImport	2022-04-26 14:24:51 +02:00
yoff	76f2eca1ee	Merge pull request #8560 from erik-krogh/movePolyTest ... PY: move the polynomialbacktracking-test to the test folder	2022-04-26 14:21:30 +02:00
Tom Hvitved	bffa8fa7cb	Merge pull request #8641 from hvitved/dataflow/interpret-read-store ... Data flow: Introduce `ContentSet`	2022-04-25 12:17:34 +02:00
Erik Krogh Kristensen	acac8919b3	PY: update expected output for deprecation warning in test file	2022-04-22 15:28:31 +02:00
Tom Hvitved	b033f107df	Merge remote-tracking branch 'upstream/main' into dataflow/interpret-read-store	2022-04-22 14:35:02 +02:00
Rasmus Wriedt Larsen	03c0366fd4	Merge branch 'main' into stdlib-FileSystemAccess-improvement	2022-04-22 14:31:31 +02:00
Erik Krogh Kristensen	8fcbaea273	Merge branch 'main' into labelNaming	2022-04-22 13:19:44 +02:00
Erik Krogh Kristensen	ff73dbc35c	delete redundant imports	2022-04-22 12:55:28 +02:00
Erik Krogh Kristensen	a96489b23d	delete duplicate imports	2022-04-22 12:41:30 +02:00
Rasmus Wriedt Larsen	650d57083b	Python: Recognize path arguments to pathlib methods	2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen	bcaba45202	Python: Expand pathlib tests	2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen	059dea713d	Python: Fix os.path.samefile modeling	2022-04-22 11:01:59 +02:00
Rasmus Wriedt Larsen	bb6969a175	Merge branch 'main' into promote-xxe	2022-04-20 13:42:02 +02:00
Taus	626770aaab	Merge pull request #8004 from ahmed-farid-dev/ZipSlip ... Add query to detect ZipSlip	2022-04-08 23:55:02 +02:00
Taus	3d14c5f3c3	Python: Update tests ... We need to import `tty` in order to be able to detect the standard library correctly.	2022-04-08 23:20:47 +02:00
Rasmus Wriedt Larsen	517444b5ff	Python: Fix SimpleXmlRpcServer.expected	2022-04-07 16:42:40 +02:00
Erik Krogh Kristensen	50bfc8eaa0	refactor uses of API::Node::getAUse() that should have been something else	2022-04-07 13:52:13 +02:00
Rasmus Wriedt Larsen	7728b6cf1b	Python: Change XmlBomb vulnerability kind	2022-04-07 10:56:35 +02:00
Rasmus Wriedt Larsen	23637fd691	Merge branch 'main' into promote-xxe	2022-04-06 12:56:31 +02:00
Rasmus Wriedt Larsen	4d2a3b38d2	Merge pull request #8511 from RasmusWL/use-query-suffix ... Python: Use `Query.qll` suffix for dataflow configuration definitions	2022-04-06 11:59:29 +02:00
Ahmed Farid	29f69bde75	Update zipslip_bad.py	2022-04-05 12:46:51 +00:00
Rasmus Wriedt Larsen	1f285b8983	Python: Rename to XmlParsingVulnerabilityKind ... To keep up with style guide	2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen	ab59d5c786	Python: Rename to XmlParsing ... To follow our style guide	2022-04-05 11:06:22 +02:00
Tom Hvitved	57f2a74636	Python: Implement ContentSet	2022-04-04 13:51:44 +02:00
Rasmus Wriedt Larsen	4abab22066	Python: Promote XXE and XML-bomb queries ... Need to write a change-note as well, but will do that tomorrow	2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen	b8d3c5e96f	Python: Remove last bits of experimental XML modeling	2022-03-31 18:40:26 +02:00
Rasmus Wriedt Larsen	5083023aa8	Python: Move XML parsing PoC ... Since the folder where it used to live is now empty otherwise :O	2022-03-31 18:37:47 +02:00
Rasmus Wriedt Larsen	673220b231	Python: Minor cleanup of XmlParsingTest	2022-03-31 18:18:35 +02:00
Rasmus Wriedt Larsen	b4c0065aeb	Python: Extend FileSystemAccess for xml.sax and xml.dom.* parsing	2022-03-31 18:08:47 +02:00
Rasmus Wriedt Larsen	e11269715d	Python: Promote xml.sax and xml.dom.* modeling	2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen	05bb0ef976	Python: Align xml.etree.ElementTree modeling ... I didn't find a good way to actually share the stuff, so we kinda just have 2 things that look very similar :|	2022-03-31 17:24:16 +02:00
Rasmus Wriedt Larsen	db43d043c4	Python: Add test showing misalignment of xml.etree modeling	2022-03-31 11:55:46 +02:00
Rasmus Wriedt Larsen	543454eff2	Python: Model file access from XML parsing	2022-03-31 11:47:29 +02:00
Rasmus Wriedt Larsen	386ff53614	Python: Model lxml.iterparse	2022-03-31 11:32:22 +02:00
Rasmus Wriedt Larsen	12cbdcde28	Python: Model lxml.etree.XMLID	2022-03-31 11:21:24 +02:00
Rasmus Wriedt Larsen	64aa503cc3	Python: Promote xml.etree modeling	2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen	7f5f7679f8	Python: Promote xmltodict modeling	2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen	80b5cde3a2	Python: Promote lxml parsing modeling	2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen	c4473c5f65	Python: Rename lxml XPath tests	2022-03-31 10:08:02 +02:00
Rasmus Wriedt Larsen	1ea4bcc59f	Python: Make XMLParsing a Decoding subclass	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	35ccba2ec1	Python: Promote XMLParsing concept test	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e45288e812	Python: => XMLParsingVulnerabilityKind ... Since there are other XML vulnerabilities that are not about parsing, this is more correct.	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	e005a5c0ab	Python: Promote XMLParsing concept	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	b00766b054	Python: Adjust XXE qhelp ... and remove the old copy, we don't need it anymore :)	2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen	c365337867	Python: Delete XmlEntityInjection.ql ... Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be used to write the new qhelp files	2022-03-31 09:52:55 +02:00