hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-05 07:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
59,677 Commits 1,700 Branches 161 Tags
adf7d5409dfffd39db78deee210c93bc8a32dc89
Commit Graph

22 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
9b73bbfc31 Python: Add keyword argument support 
and a fair bit of refactoring
 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
3676262313 Python: Clean trailing whitespace 2023-09-29 13:54:21 +02:00
Rasmus Wriedt Larsen
16e1a00e88 Python: NoSQLInjection -> NoSqlInjection 2023-09-29 13:52:51 +02:00
Rasmus Lerchedahl Petersen
2d845e3e55 Python: nicer paths 
turn "the long jump" that would end up
straight at the argument into a short jump
that ends up at the dictionary being written to.
Dataflow takes care of the rest of the path.
 2023-09-29 12:02:16 +02:00
Rasmus Lerchedahl Petersen
d5b64c5ff2 Python: update test expectations 2023-09-28 14:20:30 +02:00
Rasmus Lerchedahl Petersen
3fb579eaff Python: add test for type tracking 2023-09-28 12:14:12 +02:00
yoff
8156fa9a4d Apply naming suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2023-09-28 11:47:10 +02:00
Rasmus Lerchedahl Petersen
4ec8b3f02f Python: Model map_reduce 2023-09-20 15:44:12 +02:00
Rasmus Lerchedahl Petersen
7c085ecc61 Python: Add test for map_reduce 
Also log requirement for old versions of `pymongo`
 2023-09-20 15:23:18 +02:00
Rasmus Lerchedahl Petersen
30c37ca8cb Python: model §accumulator 
also slightly rearrange the modelling
 2023-09-19 22:21:14 +02:00
Rasmus Lerchedahl Petersen
5611bda7ee Python: add test for $accumulator 2023-09-19 17:04:28 +02:00
Rasmus Lerchedahl Petersen
a063d7d510 Python: sinks -> decodings 
Query operators that interpret JavaScript
are no longer considered sinks.
Instead they are considered decodings
and the output is the tainted dictionary.
The state changes to `DictInput` to reflect
that the user now controls a dangerous dictionary.

This fixes the spurious result and moves the error reporting
to a more logical place.
 2023-09-11 16:33:20 +02:00
Rasmus Lerchedahl Petersen
d9f63e1ed3 Python: Split modelling of query operators 
`$where` and `$function` behave quite differently.
 2023-09-11 15:54:00 +02:00
Rasmus Lerchedahl Petersen
154a36934d Python: Add test for function 2023-09-11 14:49:03 +02:00
Rasmus Lerchedahl Petersen
d91cd21204 Python: rename file 2023-09-08 13:37:54 +02:00
Rasmus Lerchedahl Petersen
b07d085157 Python: make test PoC a proper package 2023-09-07 15:04:27 +02:00
Rasmus Lerchedahl Petersen
970e881697 Python: Follow naming convention 2023-09-07 15:03:51 +02:00
Rasmus Lerchedahl Petersen
f253f9797f Python: update test expectations 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
c0b3245a53 Python: Enrich the NoSql concept 
This allows us to make more precise modelling
The query tests now pass.
I do wonder, if there is a cleaner approach, similar to
`TaintedObject` in JavaScript. I want the option to
get this query in the hands of the custumors before
such an investigation, though.
 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
114984bd8c Python: Added tests based on security analysis 
currently we do not:
- recognize the pattern
   `{'author': {"$eq": author}}` as protected
- recognize arguements to `$where` (and friends)
   as vulnerable
 2023-09-07 10:22:37 +02:00
Rasmus Lerchedahl Petersen
bf8bfd91cd Python: Add inline query test 2023-09-07 10:22:30 +02:00
Rasmus Lerchedahl Petersen
19046ea417 Python: more renames 2023-09-07 09:28:30 +02:00