279 Commits

Author	SHA1	Message	Date
ALJI Mohamed	7319052495	Delete the examples/	2022-10-21 21:47:00 +01:00
Sim4n6	925f9d09e5	Update python/ql/src/experimental/Security/CWE-022bis/TarSlipImprov.ql ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-10-21 21:06:51 +01:00
ALJI Mohamed	9163cbec09	Restrict the reach for an additional taint step	2022-10-19 16:08:49 +01:00
ALJI Mohamed	25a7fcffc0	Add an additional taint step	2022-10-19 16:01:34 +01:00
ALJI Mohamed	d6fa745279	Add TarSlip Improv query	2022-10-19 14:01:40 +01:00
Josh Soref	ad7dc81bdc	spelling: sanitize ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-13 11:21:09 -04:00
Jeroen Ketema	d389a183f0	Merge pull request #10743 from jsoref/spelling ... Spelling	2022-10-12 12:48:22 +02:00
erik-krogh	4da0508dae	Merge branch 'main' into py-last-msg	2022-10-11 10:49:19 +02:00
Josh Soref	704aba8c1c	spelling: necessitates ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2022-10-11 03:59:17 -04:00
erik-krogh	6fdfd40880	changes to address reviews	2022-10-07 22:31:00 +02:00
erik-krogh	944ca4a0da	fix some more style-guide violations in the alert-messages	2022-10-07 11:23:34 +02:00
Rasmus Wriedt Larsen	d7be27a1c0	Python: Fix experimental py/ip-address-spoofing ... I realized the modeling was done in a non-recommended way, so I changed the modeling. It was very nice that I could use API graphs for the flask part, and a little sad when I couldn't for Django/Tornado.	2022-10-03 21:19:30 +02:00
erik-krogh	e89e0eb7fb	make some acronyms camelCase	2022-08-22 21:22:35 +02:00
erik-krogh	8066e39d07	delete some redundant imports	2022-08-17 13:50:04 +02:00
Raul Garcia	6b17890e4f	Fixing warning on usage of a deprecated feature.	2022-07-16 08:30:06 -07:00
Raul Garcia	f7c47b6c75	Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.py ... Co-authored-by: Taus <tausbn@github.com>	2022-07-13 08:34:48 -07:00
Raul Garcia	0dbb03f732	Adding CVE information.	2022-07-12 21:49:19 -07:00
Raul Garcia	d929b1338b	Addressing API::Node feedback for all predicates	2022-07-12 11:55:06 -07:00
Raul Garcia	d5791e2d56	Addressing feedback from the PR	2022-07-11 15:45:15 -07:00
Raul Garcia	ac05577966	Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python.	2022-07-11 13:25:35 -07:00
Raul Garcia	e5702d0e15	Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Taus <tausbn@github.com>	2022-07-11 13:07:37 -07:00
Raul Garcia	7fc9ae6c49	Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Taus <tausbn@github.com>	2022-07-11 13:07:20 -07:00
Raul Garcia	dd1a9a22e3	Update UnsafeUsageOfClientSideEncryptionVersion.qhelp	2022-07-05 13:58:38 -07:00
Raul Garcia	e43e5810cf	New queries to detect unsafe client side encryption in Azure Storage	2022-07-01 17:08:35 -07:00
yoff	699761889d	Merge pull request #7127 from jty-team/jty/python/emailInjection ... Python: CWE-079 - Add Email injection query	2022-06-14 10:54:16 +02:00
${sleep,7}	76c27c685f	Merge branch 'main' into jty/python/emailInjection	2022-05-26 16:27:57 -04:00
yoff	aadfa8eacd	Merge branch 'main' into py/CsvInjection	2022-05-25 10:43:08 +02:00
Rasmus Wriedt Larsen	6611e5b4b8	Merge branch 'main' into promote-pam	2022-05-18 10:35:39 +02:00
Rasmus Wriedt Larsen	795adf0566	Python: Fix API::moduleImport("foo.bar")	2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen	cff950f5f7	Python: Fix select of py/insecure-cookie	2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen	0956d506de	Python: Actually promote py/pam-auth-bypass ... 🤦	2022-05-11 13:44:47 +02:00
Rasmus Wriedt Larsen	fc8633cc01	Python: Fix select for py/cookie-injection	2022-05-11 13:18:14 +02:00
Rasmus Wriedt Larsen	27b99c51e9	Python: Add placeholder precision for py/insecure-cookie	2022-05-11 11:36:06 +02:00
Rasmus Wriedt Larsen	a902d3d8f0	Python: Add security-severity for py/insecure-cookie ... Matching the Java query 7d4767a4f5/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql (L7)	2022-05-11 11:34:16 +02:00
Rasmus Wriedt Larsen	d127d2164a	Merge branch 'main' into jorgectf/python/insecure-cookie	2022-05-11 11:13:47 +02:00
Rasmus Wriedt Larsen	7e87e18b32	Python: Adjust name/description/select of PamAuthorization.ql ... Thought that calling out the actual vulnerability would make things easier for our end users :)	2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen	c84f693151	Python: Adjust PamAuthorization examples ... They did not have proper formatting (only 2 spaces), and I restructured them a bit more so they look like code in the wild	2022-05-10 18:00:20 +02:00
Rasmus Wriedt Larsen	0c534444ad	Python: Format .qhelp file ... 99% of our .qhelp files have manually wrapped lines, so just wanted to keep things consistent	2022-05-10 17:59:21 +02:00
Rasmus Wriedt Larsen	cb17e2a649	Merge pull request #8595 from porcupineyhairs/pypam ... Python : Add query to detect PAM authorization bypass	2022-05-10 13:35:12 +02:00
Rasmus Wriedt Larsen	c218162104	Merge branch 'main' into pypam	2022-05-09 14:20:05 +02:00
Rasmus Wriedt Larsen	ab1252d196	Python: Add @precision high for py/pam-auth-bypass	2022-05-09 14:19:40 +02:00
Rasmus Wriedt Larsen	5f01fc24e4	Merge branch 'main' into promote-xxe	2022-05-02 11:25:55 +02:00
Erik Krogh Kristensen	7dba2b5868	PY: revert deletion of redundant-import in ClientSuppliedIpUsedInSecurityCheckLib.qll	2022-04-26 14:51:21 +02:00
Erik Krogh Kristensen	ff73dbc35c	delete redundant imports	2022-04-22 12:55:28 +02:00
${sleep,7}	b5734ed6a2	Merge branch 'main' into jty/python/emailInjection	2022-04-20 09:50:08 -04:00
Rasmus Wriedt Larsen	bb6969a175	Merge branch 'main' into promote-xxe	2022-04-20 13:42:02 +02:00
Rasmus Wriedt Larsen	6235dc5039	Python: Handle find_library assignment to temp variable	2022-04-13 11:44:15 +02:00
Porcupiney Hairs	785dc1af3c	Include changes from review	2022-04-12 21:17:39 +05:30
Taus	8521f9a008	Python: Autoformat ZipSlip.ql	2022-04-08 23:13:38 +02:00
Taus	4b580820c8	Python: Fix broken QHelp	2022-04-08 23:12:46 +02:00