hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-15 18:01:10 +02:00
Code Issues Packages Projects Releases Wiki Activity
32,387 Commits 1,785 Branches 169 Tags
9440a450153fdff99f539ade1c1928e22abd8dcc
Commit Graph

796 Commits

Author SHA1 Message Date
jorgectf
353c0a9ee7 Add missing comment 2021-09-12 20:44:04 +02:00
jorgectf
18b05bc56e Fix tests and add global option 2021-09-12 20:35:57 +02:00
jorgectf
54012eba23 Optimize getFullHostRegex 2021-09-12 20:13:08 +02:00
jorgectf
eee9b3f39e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-09-07 19:54:58 +02:00
jorgectf
352eab0eca Fix HeaderDeclaration class' comment 2021-09-07 19:44:25 +02:00
Jorge
190bc2f0da Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-09-07 19:42:37 +02:00
jorgectf
4e261c61ae Optimize concatAndCompareAgainstFullHostRegex 2021-09-07 19:05:03 +02:00
jorgectf
800801177d Fix taint tracking comment 2021-09-07 19:02:32 +02:00
jorgectf
b802d7903a Fix OPT_X_TLS_ mandatory options 2021-09-07 19:01:46 +02:00
jorgectf
ee98c0c587 Add start_tls_s() comment and use DataFlow::MethodCallNode instead 2021-09-07 19:00:14 +02:00
Jorge
1bc16fb31e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-07 18:37:33 +02:00
Rasmus Wriedt Larsen
81dbe36e99 Python: Promote SQLAlchemy modeling 
Due to the split between `src/` and `lib/`, I was not really able to do
the next step without having moved the SQLAlchemy modeling over to be in
`lib/` as well.
 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
ba99e21875 Python: Remove modeling of sqlescapy PyPI package 
I've never seen this being used in real code, and this library doesn't
have a lot of traction, so I would rather not commit to supporting it
(which includes verifying that it actually makes things safe).

Personally I don't think this is the right approach for avoiding SQL
injection either.
 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
91442e100c Python: Model sessionmaker().begin() 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
feb2303e1f Python: Model the underlying DB-API connection 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
1ab04a7276 Python: Model Connection.execution_options 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
2acf518037 Python: Model exec_driver_sql 2021-09-02 10:19:57 +02:00
Rasmus Wriedt Larsen
fe143c7dfa Python: Rewrite most of SQLAlchemy modeling 2021-09-02 10:19:57 +02:00
jorgectf
64b305cf7a Add .qhelp along with its example 2021-08-26 23:29:45 +02:00
Jorge
d458464e6b Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-08-26 12:20:09 +02:00
jorgectf
e6ce10b5c5 Merge remote-tracking branch 'origin/main' into jty/python/nosqlInjection 2021-08-10 20:01:08 +02:00
jorgectf
8d0386b049 Split into getNameArg and getValueArg 2021-07-25 04:35:22 +02:00
jorgectf
f9b244ecad Polish documentation 2021-07-24 01:06:05 +02:00
Jorge
f02b6d60a5 Merge branch 'github:main' into jorgectf/python/ldapinsecureauth 2021-07-22 18:49:51 +02:00
jorgectf
b03e75e3d1 Extend ldap3's start_tls and fix tests 2021-07-22 18:42:41 +02:00
jorgectf
a34d6d390e Port to ApiGraphs and finish the query 2021-07-22 18:34:57 +02:00
Rasmus Wriedt Larsen
42a997cbcb Python: Fix deprecation warning 2021-07-22 15:59:13 +02:00
Rasmus Wriedt Larsen
71e6db8a01 Merge branch 'main' into jorgectf/python/ldapimproperauth 2021-07-22 15:57:43 +02:00
Rasmus Wriedt Larsen
802d9bda83 Merge pull request #5680 from mrthankyou/python-use-sqlalchemy 
Python: Add SqlAlchemy model
 2021-07-22 15:31:39 +02:00
Taus
e9a4114c04 Python: Hotfix: Disable ReDoS queries 2021-07-22 10:58:49 +00:00
jorgectf
edb273ace5 Merge remote-tracking branch 'origin/jorgectf/python/ldapimproperauth' into jorgectf/python/ldapinsecureauth 2021-07-22 02:51:19 +02:00
jorgectf
8d84d63b94 Add Python-Jose modeling and tests 2021-07-21 21:31:53 +02:00
jorgectf
ce507beed4 Add Authlib modeling and tests 2021-07-21 21:31:35 +02:00
jorgectf
f1b3c70909 Divide JWT libraries 2021-07-21 21:29:23 +02:00
Porcuiney Hairs
c6c925d67a Python : Improve Xpath Injection Query 2021-07-20 03:31:30 +05:30
thank_you
9e01338500 Query only vulnerable methods 2021-07-18 17:13:10 -04:00
haby0
e8d0827916 Add tornado source 2021-07-05 10:42:15 +08:00
haby0
b866f1b21e Add CWE-348 ClientSuppliedIpUsedInSecurityCheck 2021-07-02 19:30:33 +08:00
jorgectf
3d2b6f7a2d Delete outdated comment 2021-07-01 17:54:46 +02:00
jorgectf
a1f48db60b Make verifiesSignature() a predicate 2021-07-01 17:51:56 +02:00
jorgectf
4079e5352e Add JWT framework to Frameworks.qll 2021-07-01 17:51:34 +02:00
jorgectf
07422a1dce Move tests under test/ 2021-07-01 17:51:00 +02:00
thank_you
0be2c6b765 Add SQLEscapySanitizerCall class 2021-06-29 19:39:46 -04:00
thank_you
986f2f4302 Add SQLEscape module 2021-06-29 19:39:26 -04:00
jorgectf
0819090fcb Fix qldocs typo 2021-06-29 16:53:32 +02:00
jorgectf
2f9e6454a5 Hardcode ldap2 binding functions 2021-06-29 16:14:55 +02:00
Rasmus Wriedt Larsen
a5a7f3e38a Python: Add taint-step for sqlalchemy.text 2021-06-29 11:06:25 +02:00
Rasmus Wriedt Larsen
684f51ae5f Merge branch 'main' into python-use-sqlalchemy 2021-06-29 10:58:51 +02:00
jorgectf
51395d155f Move xmltodict to its own file under frameworks/ 2021-06-28 21:08:43 +02:00
Jorge
350440897c Apply suggestions from code review 
Update `xmltodict` format and delete `ujson` modeling.

Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-06-28 21:02:40 +02:00