796 Commits

Author	SHA1	Message	Date
jorgectf	95bfdc4955	Move tests to /test	2021-04-08 23:45:03 +02:00
jorgectf	1554f4f48d	Create qhelp examples	2021-04-08 23:44:46 +02:00
jorgectf	3c1ca72324	Improve qhelp	2021-04-08 23:44:30 +02:00
jorgectf	7296879bc9	Polish tests	2021-04-08 23:11:20 +02:00
jorgectf	8661cb0719	Polish LDAP3Query	2021-04-08 22:56:12 +02:00
jorgectf	a1850ddad4	Change LDAP config (qll) filename	2021-04-08 22:55:48 +02:00
Dilan	d73ba13b28	autoformat fix	2021-04-08 11:41:58 -07:00
jorgectf	33423eaef3	Optimize calls	2021-04-08 00:31:53 +02:00
jorgectf	7e456494ef	Set up taint config and custom sink	2021-04-08 00:20:04 +02:00
jorgectf	8ca6e84268	Refactor Calls to use ApiGraphs	2021-04-08 00:19:46 +02:00
jorgectf	aa7763b3d2	Set up Concepts	2021-04-08 00:19:14 +02:00
jorgectf	db1f54a5f3	Polish query file	2021-04-08 00:19:00 +02:00
Dilan	675de07c3e	autoformat ql	2021-04-07 15:04:18 -07:00
thank_you	83f28bfdda	Catch any keyword argument passed to MongoEngine's objects method ... After some research, we discovered that any keyword argument passed to the objects method will result in NoSQL injection. This includes scenarios where we have the following: objects(name_of_model_attribute=unsanitized_user_input)	2021-04-07 16:45:48 -04:00
thank_you	4e98348411	Remove comment	2021-04-06 13:57:03 -04:00
thank_you	dc274ecf36	Improve sentence structure and grammar	2021-04-06 13:51:59 -04:00
thank_you	520e65e3c3	Remove unnecessary example code	2021-04-06 13:46:51 -04:00
thank_you	ac31260fed	Made grammar changes	2021-04-06 13:42:57 -04:00
jorgectf	bfd4280d35	Fix imports and begin refactor	2021-04-06 15:51:37 +02:00
jorgectf	2f874c5c0b	Precision warn and Remove CWE (broken) reference	2021-04-06 15:47:42 +02:00
jorgectf	809bf2377e	Move to experimental folder	2021-04-06 15:47:41 +02:00
jorgectf	1bcb9cd7c0	Simplify query	2021-04-06 15:42:56 +02:00
thank_you	6ade120983	Add check for mongoengine raw queries ... After initial research on our end, we believe that the only vulnerability within the objects() method is passing a query into the __raw__ keyword argument. More info can be found below: http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries	2021-04-05 20:44:16 -04:00
thank_you	759fa2cd01	Update query to search for more pymongo sink methods	2021-04-05 20:42:18 -04:00
Your Name	80216f6974	Rename classes	2021-04-05 14:41:08 -04:00
Your Name	be9a3a95b1	Add relevant PyMongo sink methods	2021-04-05 14:23:56 -04:00
Your Name	9072d19cda	Update qhelp file	2021-04-05 13:56:43 -04:00
jorgectf	d22da880e7	Fix verifiesSignature()	2021-04-04 20:31:07 +02:00
jorgectf	198f8dcc1f	Improve predicates	2021-04-03 23:01:50 +02:00
jorgectf	7ed7809a60	Use LocalSourceNode and flowsTo() for better performance	2021-04-02 21:17:18 +02:00
jorgectf	513055cae5	Change old comments	2021-04-01 18:45:39 +02:00
jorgectf	ee70eb709c	Remove old comment	2021-04-01 18:34:54 +02:00
jorgectf	5edb3b1153	Query upload	2021-04-01 18:31:45 +02:00
jorgectf	15e176a3b8	Polish query select	2021-04-01 13:00:12 +02:00
jorgectf	f980d0694b	Fix taint configs	2021-04-01 12:50:25 +02:00
jorgectf	c8740a2031	Update naming	2021-04-01 12:41:11 +02:00
jorgectf	9b430310b4	Improve Sanitizer calls	2021-03-31 23:19:56 +02:00
jorgectf	4328ff3981	Remove attrs feature	2021-03-31 22:26:08 +02:00
jorgectf	3a47a45e47	Attempt to apply TaintTracking2	2021-03-31 18:49:41 +02:00
jorgectf	f0a50eb67a	Polish up configs	2021-03-31 17:58:18 +02:00
jorgectf	017a826b30	Remove unused class variables	2021-03-31 17:52:03 +02:00
jorgectf	7a4dc46341	Fix Sinks	2021-03-31 17:50:05 +02:00
jorgectf	01f9d4a1b0	Fix MongoEngine Sink	2021-03-31 15:50:45 +02:00
jorgectf	ccd57bea7a	Fix imports	2021-03-30 21:17:11 +02:00
jorgectf	d856f160c8	Adapt query configs and custom classes	2021-03-30 21:14:21 +02:00
jorgectf	bd5ff01ebb	PyMongo and Mongoengine sinks	2021-03-30 21:13:43 +02:00
jorgectf	aea7546cf9	Add Concepts	2021-03-30 21:13:15 +02:00
jorgectf	517a9202ce	PR init	2021-03-30 17:51:17 +02:00
jorgectf	8faafb6961	Update Sink	2021-03-30 16:58:02 +02:00
jorgectf	3cda2e5207	Polish up ldap3 tests	2021-03-29 23:39:49 +02:00