hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-30 14:52:57 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,480 Commits 1,684 Branches 159 Tags
7aa3d0fd26b4e7bb7fd7799a19eb02e07c7ba25f
Commit Graph

1165 Commits

Author SHA1 Message Date
yoff
b6605bc330 Merge pull request #8634 from RasmusWL/promote-xxe 
Python: Promote XXE and XML-bomb queries
 2022-05-09 21:54:55 +02:00
Rasmus Wriedt Larsen
de05b108fa Python: Fix singleton set 2022-05-09 11:01:13 +02:00
yoff
1d44694280 Merge pull request #8732 from RasmusWL/dataflow-imports 
Python: Don't re-export `python` under `DataFlow::`
 2022-05-02 12:08:28 +02:00
Taus
231def026f Merge pull request #8890 from tausbn/python-add-global-attribute-writes 
Python: Add support for global attribute writes
 2022-05-02 12:03:41 +02:00
yoff
c67b06b1fd Update python/ql/test/experimental/dataflow/typetracking/attribute_tests.py 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-02 11:36:58 +02:00
Rasmus Wriedt Larsen
5f01fc24e4 Merge branch 'main' into promote-xxe 2022-05-02 11:25:55 +02:00
Taus
b4a31e572f Python: Add global attribute writes 2022-04-27 16:45:00 +00:00
Taus
f71cf2e1fc Python: Add test 2022-04-27 15:48:11 +00:00
yoff
39753d5a0b Merge pull request #8693 from erik-krogh/pyApi 
PY: more API-graphs refactorings
 2022-04-27 13:19:50 +02:00
Rasmus Wriedt Larsen
bb6969a175 Merge branch 'main' into promote-xxe 2022-04-20 13:42:02 +02:00
Rasmus Wriedt Larsen
084c8eb22e Python: Don't re-export python under DataFlow:: 2022-04-20 11:42:10 +02:00
Rasmus Wriedt Larsen
5dbbd17bb2 Python: Add test to ensure we keep DataFlow imports clean 
Currently we're not in a good state :(
 2022-04-20 11:41:01 +02:00
Taus
626770aaab Merge pull request #8004 from ahmed-farid-dev/ZipSlip 
Add query to detect ZipSlip
 2022-04-08 23:55:02 +02:00
Taus
3d14c5f3c3 Python: Update tests 
We need to import `tty` in order to be able to detect the standard library correctly.
 2022-04-08 23:20:47 +02:00
Rasmus Wriedt Larsen
517444b5ff Python: Fix SimpleXmlRpcServer.expected 2022-04-07 16:42:40 +02:00
Erik Krogh Kristensen
50bfc8eaa0 refactor uses of API::Node::getAUse() that should have been something else 2022-04-07 13:52:13 +02:00
Ahmed Farid
29f69bde75 Update zipslip_bad.py 2022-04-05 12:46:51 +00:00
Rasmus Wriedt Larsen
1f285b8983 Python: Rename to XmlParsingVulnerabilityKind 
To keep up with style guide
 2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen
ab59d5c786 Python: Rename to XmlParsing 
To follow our style guide
 2022-04-05 11:06:22 +02:00
Rasmus Wriedt Larsen
4abab22066 Python: Promote XXE and XML-bomb queries 
Need to write a change-note as well, but will do that tomorrow
 2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen
b8d3c5e96f Python: Remove last bits of experimental XML modeling 2022-03-31 18:40:26 +02:00
Rasmus Wriedt Larsen
5083023aa8 Python: Move XML parsing PoC 
Since the folder where it used to live is now empty otherwise :O
 2022-03-31 18:37:47 +02:00
Rasmus Wriedt Larsen
673220b231 Python: Minor cleanup of XmlParsingTest 2022-03-31 18:18:35 +02:00
Rasmus Wriedt Larsen
e11269715d Python: Promote xml.sax and xml.dom.* modeling 2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen
64aa503cc3 Python: Promote xml.etree modeling 2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen
7f5f7679f8 Python: Promote xmltodict modeling 2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen
80b5cde3a2 Python: Promote lxml parsing modeling 2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen
1ea4bcc59f Python: Make XMLParsing a Decoding subclass 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
35ccba2ec1 Python: Promote XMLParsing concept test 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e45288e812 Python: => XMLParsingVulnerabilityKind 
Since there are other XML vulnerabilities that are not about parsing,
this is more correct.
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
e005a5c0ab Python: Promote XMLParsing concept 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
b00766b054 Python: Adjust XXE qhelp 
and remove the old copy, we don't need it anymore :)
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
c365337867 Python: Delete XmlEntityInjection.ql 
Kept the test of SimpleXmlRpcServer, and kept the qhelp so it can be
used to write the new qhelp files
 2022-03-31 09:52:55 +02:00
Rasmus Wriedt Larsen
57b9780428 Python: XXE: Add example of exfiltrating data through dtd-retrival 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
a1d88e39a7 Python: Adjust XXE PoC for newer lxml versions 
Which doesn't raise that syntax error (at least not on my laptop)
 2022-03-31 09:52:54 +02:00
Rasmus Wriedt Larsen
91795b8577 Python: Add simple test of Xxe/XmlBomb 
Note that most of the testing happens in the framework specific tests,
with an inline-expectation test
 2022-03-31 09:52:54 +02:00
Ahmed Farid
53f756b078 Update ZipSlip.expected 2022-03-28 08:54:44 +00:00
yoff
5efc19c39d Merge pull request #7806 from erik-krogh/pyDef 
Python: Add def nodes to API graphs
 2022-03-28 08:09:14 +02:00
Ahmed Farid
a50f051cdd Update zipslip_bad.py 2022-03-28 01:38:58 +00:00
Ahmed Farid
f364e41dbe Update ZipSlip.expected 2022-03-28 01:02:38 +00:00
Ahmed Farid
a8c14ed6c3 Update zipslip_bad.py 2022-03-28 01:00:38 +00:00
Ahmed Farid
8dea7248ea Update zipslip_bad.py 2022-03-24 00:34:52 +01:00
Ahmed Farid
a05318f10c Update zipslip_good.py 2022-03-24 00:32:11 +01:00
Ahmed Farid
1836723ecb Merge branch 'main' into ZipSlip 2022-03-23 19:27:12 -04:00
Mathias Vorreiter Pedersen
abe30457ee Python: Accept test changes. 2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
2f4a22c86c Merge pull request #6112 from jorgectf/jorgectf/python/deserialization 
Python: Port and extend XXE modeling
 2022-03-14 11:59:28 +01:00
Taus
4ee4bba4d1 Merge branch 'main' into ZipSlip 2022-03-10 13:30:51 +01:00
Taus
7b877fb317 Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings 
Python: Fix a bunch of QL warnings
 2022-03-09 16:31:28 +01:00
Ahmed Farid
23bd53a325 Update zipslip_good.py 2022-03-08 23:55:17 +01:00
Rasmus Wriedt Larsen
6b14c1d6b9 Merge branch 'main' into jorgectf/python/deserialization 2022-03-08 11:15:03 +01:00