579 Commits

Author	SHA1	Message	Date
Ben Rodes	9f8ed710e2	Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_path_validation.py ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-10 11:09:25 -05:00
REDMOND\brodes	f6c302b68c	Removing commented out test cases.	2026-02-06 11:28:48 -05:00
REDMOND\brodes	97f19d03ad	Updating test case expected alerts.	2026-02-06 11:20:13 -05:00
REDMOND\brodes	97ddab0724	Added support for new URIValidator in AntiSSRF library. Updated test caes to use postprocessing results. Currently results for partial ssrf still need work, it is flagging cases where the URL is fully controlled, but is sanitized. I'm not sure if this should be flagged yet.	2026-02-06 11:20:11 -05:00
Ben Rodes	08b72d0a86	Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-06 11:18:51 -05:00
Ben Rodes	46a2a249f9	Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2026-02-06 11:18:49 -05:00
REDMOND\brodes	9912aaaf1a	Adding azure sdk test cases and updated test expected file.	2026-02-06 11:18:16 -05:00
REDMOND\brodes	0a88425170	Python: Altering SSRF MaD to use 'request-forgery' tag. Update to test cases expected results, off by one line. Changed to using ModelOutput::sinkNode.	2026-02-04 09:04:22 -05:00
Ben Rodes	7ddfa80399	Merge branch 'main' into azure_python_sdk_url_summary_upstream	2026-02-02 09:00:35 -05:00
Owen Mansel-Chan	ad6f800022	Pretty print model numbers in tests	2026-01-30 09:21:24 +00:00
yoff	3dbfb9fa4b	python: add machinery for MaD barriers ... and reinstate previously removed barrier now as a MaD row	2026-01-22 17:30:24 +01:00
yoff	699ed50432	python: remove barrier that can be expressed in MaD	2026-01-22 17:30:24 +01:00
yoff	ebe29dd143	python: model urllib.ParseResult	2025-11-26 13:36:05 +01:00
yoff	d59f721341	python: add test for header injection	2025-11-26 13:32:54 +01:00
Ben Rodes	d790c6df57	Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-09-30 14:00:25 -04:00
Ben Rodes	fab96d9539	Update python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/test_azure_client.py ... Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>	2025-09-30 14:00:16 -04:00
REDMOND\brodes	704e2966cb	Adding azure sdk test cases and updated test expected file.	2025-09-30 13:32:56 -04:00
Joe Farebrother	cb7b1efe81	Update alert message	2025-09-25 09:52:27 +01:00
Joe Farebrother	9f5bfeb7f4	Update test output	2025-09-24 15:03:40 +01:00
Joe Farebrother	2cffb21604	Update and fix tests	2025-09-23 15:41:09 +01:00
Joe Farebrother	d28e8004fd	Add sensitive data heuristic	2025-09-23 10:08:08 +01:00
Joe Farebrother	2e95c2b3c2	Split test cases for insecure cookie queries	2025-09-19 14:41:02 +01:00
Napalys Klicius	e60d0c88f1	Python: Add global variable nested field jump steps	2025-09-16 18:08:53 +02:00
Napalys Klicius	6c779c7fa5	Python: Added extra test cases for path injection with FastAPI	2025-09-16 18:08:53 +02:00
Napalys Klicius	f209e3a0fe	Python: Updated PathInjection tests to use inline test expectations	2025-09-16 18:08:53 +02:00
Napalys Klicius	638f6498f0	Removed lxml.etree.XMLParser from xml bomb sinks	2025-07-15 13:43:00 +02:00
Michael Nebel	2321ca59f6	Python: Update all test util paths to point to the new location.	2024-12-12 13:54:30 +01:00
Joe Farebrother	462be46be9	Update test output	2024-12-09 19:57:52 +00:00
Joe Farebrother	1cb01a286d	Add tests for jinja	2024-12-09 19:55:36 +00:00
Jeroen Ketema	c3ea883b11	Python: Update expected test results	2024-12-03 19:18:57 +01:00
Tom Hvitved	e5f2bbb6ec	Python: Post-processing query for inline test expectations	2024-10-29 13:35:37 +01:00
Rasmus Lerchedahl Petersen	bb78c2a67e	Python: update test expectations	2024-10-11 15:36:44 +02:00
Rasmus Lerchedahl Petersen	a4c1a622b7	Merge branch 'main' of https://github.com/github/codeql into python/add-comprehension-capture-flow	2024-10-04 14:53:03 +02:00
Rasmus Lerchedahl Petersen	a22ea6c1c8	Python: use known sanitiser ... - also adjust test expectations in experimental	2024-09-30 14:22:17 +02:00
Rasmus Wriedt Larsen	431a1af628	Merge branch 'main' into threat-models	2024-09-26 11:44:24 +02:00
Taus	8c015b0784	Merge pull request #17305 from Kwstubbs/CORSMiddleware-Starlette ... Python: Add Support for CORS Middlewares	2024-09-24 15:51:49 +02:00
Rasmus Wriedt Larsen	4a21a85e73	Merge branch 'main' into threat-models	2024-09-23 11:19:58 +02:00
Kevin Stubbings	7657b3e115	Fix tests	2024-09-12 21:30:32 -07:00
Rasmus Wriedt Larsen	a0b24d6194	Python: Add e2e threat-model test	2024-09-10 14:32:38 +02:00
Joe Farebrother	a8591c79c5	Update test	2024-08-28 09:11:34 +01:00
Joe Farebrother	fc24ca304d	Update tests	2024-08-27 14:18:50 +01:00
Kevin Stubbings	8bf8893307	Add support for vulnerable CORS middlewares	2024-08-26 21:30:48 -07:00
Joe Farebrother	1127b08635	Merge branch 'main' into python-cookie-concept-promote	2024-07-29 10:26:03 +01:00
Joe Farebrother	93f70b3ad9	Add unit tests	2024-07-23 10:15:23 +01:00
Joe Farebrother	8d93c3a852	Move to cwe-20	2024-07-16 16:50:08 +01:00
Joe Farebrother	983bdb92a1	Add test cases + remove redundant import	2024-07-16 16:50:00 +01:00
Joe Farebrother	93f10fcf14	Add sanitizers for compiled regexes	2024-06-11 15:44:16 +01:00
Joe Farebrother	9331c2c33a	Add tests	2024-06-04 09:39:37 +01:00
Anders Schack-Mulligen	987d5712b8	Python: Accept qltest .expected file changes.	2024-05-22 15:43:49 +02:00
Joe Farebrother	01a6c5e82f	Merge pull request #16446 from joefarebrother/shared-sensitive-heuristics ... Ruby/Python/JS/Swift: Add category of Private information to shared sensitive data heuristics	2024-05-21 09:07:13 +01:00