Alex Ford
0f3cf47ca9
Ruby/JS/Py: Add "random" to the notSensitiveRegexp() heuristic
2022-03-10 17:38:52 +00:00
Erik Krogh Kristensen
a96223c9c1
PY: remove leftover comments
2022-03-10 10:25:03 +01:00
Erik Krogh Kristensen
9c4fcf4c6d
fix typo in change-note
...
Co-authored-by: Stephan Brandauer <kaeluka@github.com >
2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
b45d06df9a
PY: remove leftover comment
2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
755b0bbcb9
PY: update tests to not use deleted deprecations
2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
61e282da84
PY: delete test that mostly used deleted deprecated features
2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
309e376c6d
PY: convert test to not use deleted deprecations
2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
d5a76e8c98
Python: delete test that only used deprecated classes
2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
a1769f8036
Python: add default implementation of getName() and deprecate it
2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
e721094182
Python: remove old deprecation that was recently updated by an automated patch of mine
2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
b8d632810e
Python: remove deprecation that were recently updated from an automated patch of mine
2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
5312e4a8b5
add change note that all old deprecations were deleted
2022-03-09 18:28:11 +01:00
Erik Krogh Kristensen
a86f0afb3c
delete all deprecations that are over 14 months old
2022-03-09 18:28:07 +01:00
Taus
7b877fb317
Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings
...
Python: Fix a bunch of QL warnings
2022-03-09 16:31:28 +01:00
Rasmus Wriedt Larsen
0e9da4aadb
Python: Resolve name conflict over XML module
...
Not the prettiest solution... but it works ¯\_(ツ)_/¯
2022-03-09 11:02:28 +01:00
Taus
063a8bbc43
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2022-03-08 15:20:35 +01:00
Rasmus Wriedt Larsen
6b14c1d6b9
Merge branch 'main' into jorgectf/python/deserialization
2022-03-08 11:15:03 +01:00
Rasmus Wriedt Larsen
cbe3964a87
Merge pull request #8275 from haby0/py/add-ssrf-sinks
...
Python: Add Server-side Request Forgery sinks
2022-03-08 11:06:52 +01:00
Taus
5a8ba6a7af
Python: Fix use of singleton set
2022-03-07 18:59:49 +00:00
Taus
d2603884ca
Python: Fix a bunch of class QLDoc
2022-03-07 18:59:49 +00:00
Taus
af7f532212
Python: Fix up a bunch of function QLDoc
2022-03-07 18:59:49 +00:00
Arthur Baars
ce50f35dda
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
2022-03-07 16:10:08 +01:00
Arthur Baars
9e8930c192
Ruby: IncompleteHostnameRegExp.ql
2022-03-07 16:10:08 +01:00
Tom Hvitved
c1db0a9429
Merge pull request #8317 from hvitved/typetracker/jump-step
...
Ruby/Python: Clear call contexts after jump steps in type tracking
2022-03-07 11:38:51 +01:00
haby0
7e6666bc63
Merge branch 'main' into py/add-ssrf-sinks
2022-03-07 12:09:14 +08:00
Taus
b35718e0d5
Python: Remove uses of getAQlClass
2022-03-04 15:39:27 +00:00
Taus
095f27f294
Python: Remove deprecated annotations
2022-03-04 12:30:26 +00:00
Taus
20710616c5
Python: Fix "use set literal" warnings
2022-03-04 12:26:36 +00:00
Taus
821de636af
Python: Remove redundant inline casts
...
These are all implied by the return type of the other side of the
equality.
2022-03-04 12:21:31 +00:00
Taus
74f0bdfc79
Python: Fix "unused disjunct" warnings
...
For the most part, these boil down to "some global property holds, and
so this relation contains all instances of class `X`". The fix is to
explicitly build the cartesian product (which we were already building
implicitly anyway) by adding `and exists(var)` to the disjunct that did
not mention `var`.
Note that these cartesian products are always with singletons on one
side, and so should be unproblematic.
2022-03-04 12:14:57 +00:00
Rasmus Wriedt Larsen
3f48916e95
Merge pull request #7915 from yoff/python/promote-xpath-injection
...
Python: promote XPath injection query
2022-03-04 11:59:39 +01:00
Rasmus Wriedt Larsen
f620e2599d
Merge branch 'main' into py/add-ssrf-sinks
2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen
e47f726e74
Python: Add change-note
2022-03-04 11:48:17 +01:00
Rasmus Wriedt Larsen
75bc532d10
Python: Avoid toString usage :O
2022-03-04 11:41:22 +01:00
Rasmus Wriedt Larsen
866e615689
Python: Add PyPI links in qldocs
2022-03-04 11:40:03 +01:00
Rasmus Wriedt Larsen
02a97b08bb
Python: Move urllib and urllib2 to be part of stdlib modeling
2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen
c65839bb77
Python: improve urllib3 modeling
2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen
7d6d8be179
Python: Fix httpx modeling
2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen
56901ea841
Python: Make new SSRF sink modules private
2022-03-04 11:04:18 +01:00
Rasmus Wriedt Larsen
40feb1fb8d
Python: SPURIOUS results for httpx
2022-03-04 11:03:32 +01:00
yoff
d0a393e8d1
Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2022-03-04 10:56:53 +01:00
yoff
c514282d4a
Merge pull request #8255 from tausbn/python-nomagic-pattern-getcase
...
Python: Prevent magic/inlining in `getCase`
2022-03-04 10:53:20 +01:00
Rasmus Wriedt Larsen
ef045a6789
Python: Fix typo in set_default_parser
2022-03-04 10:18:30 +01:00
Rasmus Wriedt Larsen
1a9620a87a
Python: Add conditional assignment check for sax parser
2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
f0131afc54
Python: Fix huge_tree modeling
2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
d6cbfec434
Python: huge_tree tests were wrong
...
Nice spotted @jorgectf!
2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
3cd165d5b7
Python: Apply suggestions from code review
...
Co-authored-by: Jorge <46056498+jorgectf@users.noreply.github.com >
2022-03-04 10:15:50 +01:00
Jorge
683c2fa825
Apply suggestions from code review
2022-03-04 01:02:56 +01:00
Rasmus Wriedt Larsen
3f6c55e8ae
Python: Rename vulnerable predicate => vulnerableTo
2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen
0d69dc854c
Python: Minor qldoc improvement
2022-03-03 22:06:26 +01:00
