1340 Commits

Author	SHA1	Message	Date
Ahmed Farid	bfce1898b9	Update and rename PossibleTimingAttackAgainstSignature.ql to PossibleTimingAttackAgainstHash.ql	2022-07-20 00:49:09 +01:00
Raul Garcia	6b17890e4f	Fixing warning on usage of a deprecated feature.	2022-07-16 08:30:06 -07:00
Ahmed Farid	7406273346	Update TimingAttack.qhelp	2022-07-14 17:56:58 +01:00
Ahmed Farid	f4654136d6	Update TimingAttack.qhelp	2022-07-14 17:56:13 +01:00
Raul Garcia	f7c47b6c75	Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.py ... Co-authored-by: Taus <tausbn@github.com>	2022-07-13 08:34:48 -07:00
Raul Garcia	0dbb03f732	Adding CVE information.	2022-07-12 21:49:19 -07:00
Raul Garcia	d929b1338b	Addressing API::Node feedback for all predicates	2022-07-12 11:55:06 -07:00
Raul Garcia	d5791e2d56	Addressing feedback from the PR	2022-07-11 15:45:15 -07:00
Raul Garcia	ac05577966	Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python.	2022-07-11 13:25:35 -07:00
Raul Garcia	e5702d0e15	Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Taus <tausbn@github.com>	2022-07-11 13:07:37 -07:00
Raul Garcia	7fc9ae6c49	Update python/ql/src/experimental/Security/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql ... Co-authored-by: Taus <tausbn@github.com>	2022-07-11 13:07:20 -07:00
Taus	ec363166ba	Python: Make UserInputMsgConfig public	2022-07-11 15:24:31 +02:00
Raul Garcia	dd1a9a22e3	Update UnsafeUsageOfClientSideEncryptionVersion.qhelp	2022-07-05 13:58:38 -07:00
Raul Garcia	e43e5810cf	New queries to detect unsafe client side encryption in Azure Storage	2022-07-01 17:08:35 -07:00
Ahmed Farid	f5d0791b4f	Update TimingAttack.qll	2022-06-29 00:56:15 +01:00
Ahmed Farid	98909c2069	Update TimingAttackAgainstSensitiveInfo.ql	2022-06-29 00:55:21 +01:00
Ahmed Farid	41b4c06f2d	Update TimingAttackAgainstSignature.ql	2022-06-29 00:54:44 +01:00
Ahmed Farid	e20fefc3ad	Update TimingAttackAgainstHeader.ql	2022-06-29 00:54:03 +01:00
Ahmed Farid	5742046edf	Update PossibleTimingAttackAgainstSignature.ql	2022-06-29 00:51:51 +01:00
Ahmed Farid	acbb4042df	Update TimingAttack.qhelp	2022-06-29 00:51:12 +01:00
Asger F	a522562f93	Merge pull request #9369 from asgerf/python/api-graph-api ... Python: API graph renaming and documentation	2022-06-28 14:48:12 +02:00
root	655b9d4262	Python: Timing attack	2022-06-27 12:18:45 -04:00
Asger F	b096f9ec72	Python: Rename getAUse -> getAValueReachableFromSource	2022-06-21 12:44:06 +02:00
Anders Schack-Mulligen	f473a0a961	Python: Deprecate and replace BarrierGuard class.	2022-06-20 15:46:38 +02:00
yoff	699761889d	Merge pull request #7127 from jty-team/jty/python/emailInjection ... Python: CWE-079 - Add Email injection query	2022-06-14 10:54:16 +02:00
jorgectf	171239b78f	Format FlaskMail.qll and Sendgrid.qll	2022-06-03 18:27:45 +02:00
Jorge	897d5c9471	Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-06-01 12:44:08 +02:00
${sleep,7}	76c27c685f	Merge branch 'main' into jty/python/emailInjection	2022-05-26 16:27:57 -04:00
yoff	aadfa8eacd	Merge branch 'main' into py/CsvInjection	2022-05-25 10:43:08 +02:00
Taus	3745526d69	Merge pull request #9108 from RasmusWL/promote-pam ... Python: Promote `py/pam-auth-bypass`	2022-05-23 15:27:12 +02:00
Erik Krogh Kristensen	215a6a72cc	Merge branch 'main' into useStringComp	2022-05-18 10:55:31 +02:00
Rasmus Wriedt Larsen	6611e5b4b8	Merge branch 'main' into promote-pam	2022-05-18 10:35:39 +02:00
Erik Krogh Kristensen	7245591468	Merge pull request #7763 from erik-krogh/unused-field ... QL: add unused-field query	2022-05-18 09:15:16 +02:00
Erik Krogh Kristensen	86e97c32d6	fix all ql/use-string-compare	2022-05-17 14:11:05 +02:00
Rasmus Wriedt Larsen	795adf0566	Python: Fix API::moduleImport("foo.bar")	2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen	cff950f5f7	Python: Fix select of py/insecure-cookie	2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen	0956d506de	Python: Actually promote py/pam-auth-bypass ... 🤦	2022-05-11 13:44:47 +02:00
Rasmus Wriedt Larsen	fc8633cc01	Python: Fix select for py/cookie-injection	2022-05-11 13:18:14 +02:00
Rasmus Wriedt Larsen	27b99c51e9	Python: Add placeholder precision for py/insecure-cookie	2022-05-11 11:36:06 +02:00
Rasmus Wriedt Larsen	a902d3d8f0	Python: Add security-severity for py/insecure-cookie ... Matching the Java query 7d4767a4f5/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql (L7)	2022-05-11 11:34:16 +02:00
Rasmus Wriedt Larsen	84ad45c665	Python: Fix Django import	2022-05-11 11:33:35 +02:00
Rasmus Wriedt Larsen	d127d2164a	Merge branch 'main' into jorgectf/python/insecure-cookie	2022-05-11 11:13:47 +02:00
Rasmus Wriedt Larsen	7e87e18b32	Python: Adjust name/description/select of PamAuthorization.ql ... Thought that calling out the actual vulnerability would make things easier for our end users :)	2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen	c84f693151	Python: Adjust PamAuthorization examples ... They did not have proper formatting (only 2 spaces), and I restructured them a bit more so they look like code in the wild	2022-05-10 18:00:20 +02:00
Rasmus Wriedt Larsen	0c534444ad	Python: Format .qhelp file ... 99% of our .qhelp files have manually wrapped lines, so just wanted to keep things consistent	2022-05-10 17:59:21 +02:00
Rasmus Wriedt Larsen	cb17e2a649	Merge pull request #8595 from porcupineyhairs/pypam ... Python : Add query to detect PAM authorization bypass	2022-05-10 13:35:12 +02:00
Rasmus Wriedt Larsen	2421076d2f	Merge pull request #8696 from RasmusWL/new-nosql-examples ... Python: Improve experimental modeling for `pymongo`	2022-05-10 11:03:05 +02:00
Rasmus Wriedt Larsen	c218162104	Merge branch 'main' into pypam	2022-05-09 14:20:05 +02:00
Rasmus Wriedt Larsen	ab1252d196	Python: Add @precision high for py/pam-auth-bypass	2022-05-09 14:19:40 +02:00
Rasmus Wriedt Larsen	5f01fc24e4	Merge branch 'main' into promote-xxe	2022-05-02 11:25:55 +02:00