hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 12:46:34 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,527 Commits 1,673 Branches 157 Tags
b54de13d973d7f1e21066076aaee1745047922ae
Commit Graph

5427 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
b54de13d97 Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-18 10:30:29 +02:00
Rasmus Wriedt Larsen
044829c3bb Python: Add @security-severity to py/pam-auth-bypass 
The value 8.1 was calculated by our internal tool. This corresponds to a
'High' severity, which from my gut feeling seems reasonable for
authorization bypass.
 2022-05-11 14:57:21 +02:00
Rasmus Wriedt Larsen
0956d506de Python: Actually promote py/pam-auth-bypass 
🤦
 2022-05-11 13:44:47 +02:00
Rasmus Wriedt Larsen
c890f9c4ac Python: Fix change-note 2022-05-10 18:08:43 +02:00
Rasmus Wriedt Larsen
f68b281762 Python: Add change-note 2022-05-10 18:04:52 +02:00
Rasmus Wriedt Larsen
7e87e18b32 Python: Adjust name/description/select of PamAuthorization.ql 
Thought that calling out the actual vulnerability would make things
easier for our end users :)
 2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen
c84f693151 Python: Adjust PamAuthorization examples 
They did not have proper formatting (only 2 spaces), and I restructured
them a bit more so they look like code in the wild
 2022-05-10 18:00:20 +02:00
Rasmus Wriedt Larsen
0c534444ad Python: Format .qhelp file 
99% of our .qhelp files have manually wrapped lines, so just wanted to
keep things consistent
 2022-05-10 17:59:21 +02:00
Rasmus Wriedt Larsen
2b6e0cfb44 Merge pull request #8340 from yoff/python/simple-csrf 
python: minimal CSRF implementation
 2022-05-10 13:36:38 +02:00
Rasmus Wriedt Larsen
cb17e2a649 Merge pull request #8595 from porcupineyhairs/pypam 
Python : Add query to detect PAM authorization bypass
 2022-05-10 13:35:12 +02:00
Rasmus Lerchedahl Petersen
aa3d7babf4 python: fix bad merge 
caused by an optimistic attempt at solving a
merge conflict in the online GUI.
 2022-05-10 11:37:41 +02:00
Rasmus Wriedt Larsen
2421076d2f Merge pull request #8696 from RasmusWL/new-nosql-examples 
Python: Improve experimental modeling for `pymongo`
 2022-05-10 11:03:05 +02:00
yoff
6c3e2db7fd Merge branch 'main' into python/simple-csrf 2022-05-10 10:55:28 +02:00
yoff
b6605bc330 Merge pull request #8634 from RasmusWL/promote-xxe 
Python: Promote XXE and XML-bomb queries
 2022-05-09 21:54:55 +02:00
Rasmus Lerchedahl Petersen
1c7e533144 python: format 2022-05-09 21:22:27 +02:00
Rasmus Lerchedahl Petersen
2a5908ff49 python: require all settings be vulnerable 
at least all thos not in tests
 2022-05-09 17:08:49 +02:00
Rasmus Wriedt Larsen
4a6789182d Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-05-09 16:37:12 +02:00
Anders Schack-Mulligen
f24364d951 Merge pull request #9045 from hvitved/dataflow/subpaths-perf-take2 
Data flow: Speedup `subpaths` predicate (take 2)
 2022-05-09 15:39:11 +02:00
Rasmus Wriedt Larsen
c218162104 Merge branch 'main' into pypam 2022-05-09 14:20:05 +02:00
Rasmus Wriedt Larsen
ab1252d196 Python: Add @precision high for py/pam-auth-bypass 2022-05-09 14:19:40 +02:00
Rasmus Wriedt Larsen
de05b108fa Python: Fix singleton set 2022-05-09 11:01:13 +02:00
Rasmus Wriedt Larsen
36349222a9 Python: Fix casing of XMLDomParsing 2022-05-09 11:00:25 +02:00
Rasmus Wriedt Larsen
f22bd039f3 Python: Slight refactor of LxmlParsing 2022-05-09 10:56:39 +02:00
Rasmus Wriedt Larsen
f5854f33da Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-05-09 10:53:25 +02:00
Mathias Vorreiter Pedersen
176e40f139 Merge pull request #9052 from github/post-release-prep/codeql-cli-2.9.1 
Post-release preparation for codeql-cli-2.9.1
 2022-05-06 13:15:17 +01:00
github-actions[bot]
1a25457178 Post-release preparation for codeql-cli-2.9.1 2022-05-05 19:05:50 +00:00
yoff
6169ac6122 Merge pull request #7776 from RasmusWL/django-filefield-uploadto 
Python: Support Django FileField.upload_to
 2022-05-05 14:25:08 +02:00
Tom Hvitved
d9d5372f28 Data flow: Sync files 2022-05-05 13:36:26 +02:00
yoff
0c7184952b Merge pull request #9023 from RasmusWL/positional-docs 
Python: Clarify `getArg` is about positional arguments
 2022-05-05 11:28:17 +02:00
Tom Hvitved
66a9759329 Merge pull request #8870 from hvitved/dataflow/expect-content 
Data flow: Introduce `expectsContent`
 2022-05-05 09:01:40 +02:00
Tom Hvitved
8e33653d25 Merge pull request #9017 from hvitved/dataflow/subpaths-perf 
Data flow: Speedup `subpaths` predicate
 2022-05-04 16:37:52 +02:00
Tom Hvitved
9cb63c0a5e Data flow: Sync files 2022-05-04 14:49:26 +02:00
Tom Hvitved
74e99302d6 Address review comments 2022-05-04 09:57:59 +02:00
Tom Hvitved
da72ba46d4 Data flow: Add stub expectsContent for all languages 2022-05-04 09:57:59 +02:00
Tom Hvitved
6e2e8440eb Data flow: Sync files 2022-05-04 09:57:59 +02:00
Rasmus Wriedt Larsen
d012eaa892 Python: Clarify getArg is about positional arguments 2022-05-03 14:26:23 +02:00
yoff
56ed68b3eb Merge pull request #9001 from RasmusWL/files-refactoring 
Python: Flask: Improve `request.files` modeing
 2022-05-03 12:19:55 +02:00
Tom Hvitved
e9c8f979f9 Data flow: Sync files 2022-05-03 11:46:51 +02:00
Rasmus Wriedt Larsen
7e1be3172e Python: Add change-note 2022-05-02 14:24:13 +02:00
Rasmus Wriedt Larsen
de4390cdf6 Python: Improve Flask request.files handling even more 2022-05-02 14:19:45 +02:00
Rasmus Wriedt Larsen
fb0133d276 Python: Fix Flask request.files modeling 2022-05-02 14:14:58 +02:00
Rasmus Wriedt Larsen
0c62916af5 Python: Highlight problem with Flask request.files modeling 2022-05-02 14:14:53 +02:00
yoff
1d44694280 Merge pull request #8732 from RasmusWL/dataflow-imports 
Python: Don't re-export `python` under `DataFlow::`
 2022-05-02 12:08:28 +02:00
Taus
231def026f Merge pull request #8890 from tausbn/python-add-global-attribute-writes 
Python: Add support for global attribute writes
 2022-05-02 12:03:41 +02:00
yoff
c67b06b1fd Update python/ql/test/experimental/dataflow/typetracking/attribute_tests.py 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-02 11:36:58 +02:00
Rasmus Wriedt Larsen
714465bf39 Python: Refactor SaxParserSetFeatureCall 
Originally made by @erik-krogh in
https://github.com/github/codeql/pull/8693/files#diff-9627c1fb9a1cc77fb93e6b7e31af1a4fa908f2a60362cfb34377d24debb97398

Could not be applied directly to this PR, since this PR deletes the file.
 2022-05-02 11:29:54 +02:00
Rasmus Wriedt Larsen
5f01fc24e4 Merge branch 'main' into promote-xxe 2022-05-02 11:25:55 +02:00
Rasmus Wriedt Larsen
3c1a37e7e1 Merge branch 'main' into new-nosql-examples 2022-05-02 11:21:36 +02:00
Jeroen Ketema
4a648f3c89 Fix change note items 2022-04-28 14:14:19 +02:00
github-actions[bot]
8e4cf190e9 Release preparation for version 2.9.1 2022-04-28 11:59:05 +00:00