Rasmus Lerchedahl Petersen
3434c38da7
Python: update test expectations
...
This is MaD...
2024-07-22 17:03:29 +02:00
Rasmus Lerchedahl Petersen
e30f725e71
Python: Remove questionable model for multiprocessing.connection.Listener
2024-07-22 15:43:06 +02:00
Rasmus Lerchedahl Petersen
e40ae2e52d
Python: adjust test expectations
...
MaD row numbers in provenance column
2024-06-28 21:56:11 +02:00
Rasmus Lerchedahl Petersen
77a00873a9
Python: add tests for loggers
2024-06-28 15:25:17 +02:00
Rasmus Lerchedahl Petersen
5ddfe75a0d
Python: Add value steps for sequence elements
...
It would be nice to simplify to a single sequence content type..
2024-06-28 15:10:08 +02:00
Rasmus Lerchedahl Petersen
59f953269a
Python: remove strange sink
...
It is not clear from the code how this could happen and
I do not remember the path I saw, perhaps it was unreasonable.
2024-06-28 14:42:24 +02:00
yoff
bbc3ff2dfe
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2024-06-28 14:39:03 +02:00
Rasmus Lerchedahl Petersen
a3076f4f72
Python: fix test expectations, add missing sanitizer
2024-06-26 13:27:32 +02:00
Rasmus Lerchedahl Petersen
b261145f43
Python: fix compilation
2024-06-26 10:46:38 +02:00
Rasmus Lerchedahl Petersen
571be8be3e
Python: model more loggers
2024-06-26 01:00:38 +02:00
Rasmus Lerchedahl Petersen
eb32cbe8a5
Python: codecs.open
2024-06-26 00:57:59 +02:00
Rasmus Lerchedahl Petersen
bdc48088e6
Python: MaD summary models
...
Two of the generated summaries have been excluded:
- ["re", "Member[split]", "Argument[0,pattern:]", "ReturnValue", "taint"]
From the documentation, it is not clear why pattern should figure in the return value, as that is the part denoting split point and thus all those instances are filtered out.
From the implementation
Spit function: https://github.com/python/cpython/blob/3.12/Lib/re/__init__.py#L199
_compile function being called by split: https://github.com/python/cpython/blob/3.12/Lib/re/__init__.py#L280
We see that in case the pattern is already a compiled `Pattern`, it is returned directly from _compile and could thus be part of the return value from split. This is probably not possible to arrange for an attacker, and so an FP in practice.
- ["urllib2", "Member[unquote]", "Argument[0,string:]", "ReturnValue", "taint"]
urllib2 seems to be only in Python2 (e.g. https://docs.python.org/2.7/library/urllib2.html ) and I cannot locate the function unquote.
2024-06-26 00:39:30 +02:00
Rasmus Lerchedahl Petersen
bc551174f9
Python: model copy.deepcopy as a value step
2024-06-25 14:53:06 +02:00
Rasmus Lerchedahl Petersen
501cda4e8c
Python: model fnmatch.filter
2024-06-25 14:44:39 +02:00
Rasmus Lerchedahl Petersen
2118f233b9
Python: model optparse.OptionParser.parse_arg
2024-06-25 14:40:23 +02:00
Rasmus Lerchedahl Petersen
b80a711b27
python: undo changes to qlpack
2024-06-25 14:13:59 +02:00
Rasmus Lerchedahl Petersen
1e97600c4a
Python: move models
2024-06-25 14:13:56 +02:00
Rasmus Lerchedahl Petersen
d410136852
python: compress models
2024-06-25 14:13:52 +02:00
Rasmus Lerchedahl Petersen
c004ffaca8
python: move model to Stdlib.yml
...
There is already a model there so we add to that one.
We did observe that this existing model was blocked by the external MaD model.
This is concerning and needs to be cleared up.
2024-06-25 14:13:48 +02:00
Rasmus Lerchedahl Petersen
281ac05868
python: add modelling for urlib.parse
...
- `quote` together with `re.compile` recover regex injection alerts on haiwen/seahub
- `quote_plus` recovers the URL redirection alert on DemocracyClub/EveryElection
- `unquote` recovers path injection alerts on `cloudera/hue`
- it was tedious finding justifications for the rest..
2024-06-25 14:13:44 +02:00
Rasmus Lerchedahl Petersen
df406b4fca
python: Start modelling using MaD
...
- empty models for now
- `summaryModel` of `codeql/python-all` will be added to shortly.
2024-06-25 14:13:41 +02:00
Anders Schack-Mulligen
8c23e21073
Dataflow: Cache compatibleTypes.
2024-06-24 13:35:48 +02:00
Taus
4a448f445e
Merge pull request #15715 from am0o0/am0o0-python-codeExec
...
Python: New command execution sinks
2024-06-21 14:26:33 +02:00
Paolo Tranquilli
b7a2ea8981
CI: accept other diagnostic format related test changes
2024-06-19 11:33:50 +02:00
am0o0
ccb923a436
fix formatting
2024-06-18 18:31:29 +02:00
am0o0
1f99559e9f
Revert "update id of the query file"
...
This reverts commit 1f112467ce .
2024-06-18 17:33:07 +02:00
am0o0
8a7fdfa6fe
fix conflict
2024-06-18 17:18:59 +02:00
Taus
b7b0f84e8b
Python: Handle @pytest.fixture decorations with arguments as well
...
Not the prettiest of solutions, but it seems to work well enough.
2024-06-14 15:11:25 +00:00
Paolo Tranquilli
1046d03486
Python: update unused import test case for pytest
2024-06-14 16:55:05 +02:00
Taus
2f00a0d323
Python: Also test pytest fixture factories
2024-06-14 13:11:00 +00:00
Taus
78729180ad
Python: Fix pytest fixture unused import FPs
2024-06-14 12:05:55 +00:00
Taus
f3a9c9a9dc
Python: Add tests for pytest fixture unused import FPs
2024-06-14 12:03:43 +00:00
Joe Farebrother
f441c68f7e
Merge pull request #16657 from joefarebrother/python-partial-ssrf-fp
...
Python: Add additional sanitizers to SSRF
2024-06-11 23:20:50 +01:00
Joe Farebrother
93f10fcf14
Add sanitizers for compiled regexes
2024-06-11 15:44:16 +01:00
github-actions[bot]
8a25081a0e
Post-release preparation for codeql-cli-2.17.5
2024-06-10 15:33:08 +00:00
github-actions[bot]
877bfa2468
Release preparation for version 2.17.5
2024-06-10 13:40:39 +00:00
Anders Schack-Mulligen
68ddae2918
Python: Add support for pretty-printed provenace in tests.
2024-06-07 11:47:48 +02:00
Asger F
6e0f3df573
Merge pull request #14120 from asgerf/dynamic/typemodel-istypeused
...
Dynamic: add TypeModel.isTypeUsed
2024-06-06 15:31:16 +02:00
Joe Farebrother
6ff7fb2a70
Add change note
2024-06-04 09:52:57 +01:00
Joe Farebrother
9331c2c33a
Add tests
2024-06-04 09:39:37 +01:00
Rasmus Wriedt Larsen
839171e557
Merge pull request #16646 from RasmusWL/url-redirect-qhelp
...
Python: Update url-redirect qhelp with `https:/example.com` handling
2024-06-04 10:17:37 +02:00
Rasmus Wriedt Larsen
dd8b65130e
Merge pull request #16598 from jorgectf/jorgectf/opml-models
...
Python: Add models for `opml`
2024-06-04 10:16:26 +02:00
Joe Farebrother
6ac46b8436
Add additional sanitizers to SSRF for methods that restrict the contents of a string.
2024-06-03 23:23:25 +01:00
Sid Shankar
859e8db5f2
Fixes typo in deprecation notice
2024-06-03 16:31:29 +00:00
Rasmus Wriedt Larsen
121ca129bc
Update qhelp with https:/example.com handling
2024-06-03 10:17:10 +02:00
am0o0
1f112467ce
update id of the query file
2024-05-29 16:48:35 +02:00
am0o0
b9edcb7943
rename secondary to remote :), complete the previous commit changes
2024-05-29 16:47:37 +02:00
am0o0
52a809145e
SecondaryCommandInjection to RemoteCommandExecution, change RemoteCommandExecution to module like SystemCommandExecution module
2024-05-29 16:18:55 +02:00
am0o0
fd9e6f48d7
fix the docs of secondary server cmd injection
2024-05-29 16:01:43 +02:00
am0o0
171486641e
Ssh2.qll: fix a typo
2024-05-29 16:00:52 +02:00