jorgectf
b802d7903a
Fix OPT_X_TLS_ mandatory options
2021-09-07 19:01:46 +02:00
jorgectf
ee98c0c587
Add start_tls_s() comment and use DataFlow::MethodCallNode instead
2021-09-07 19:00:14 +02:00
Jorge
1bc16fb31e
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-09-07 18:37:33 +02:00
Jorge
d458464e6b
Apply suggestions from code review
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-08-26 12:20:09 +02:00
Jorge
f02b6d60a5
Merge branch 'github:main' into jorgectf/python/ldapinsecureauth
2021-07-22 18:49:51 +02:00
jorgectf
b03e75e3d1
Extend ldap3's start_tls and fix tests
2021-07-22 18:42:41 +02:00
jorgectf
a34d6d390e
Port to ApiGraphs and finish the query
2021-07-22 18:34:57 +02:00
Rasmus Wriedt Larsen
42a997cbcb
Python: Fix deprecation warning
2021-07-22 15:59:13 +02:00
Rasmus Wriedt Larsen
71e6db8a01
Merge branch 'main' into jorgectf/python/ldapimproperauth
2021-07-22 15:57:43 +02:00
thank_you
9e01338500
Query only vulnerable methods
2021-07-18 17:13:10 -04:00
thank_you
0be2c6b765
Add SQLEscapySanitizerCall class
2021-06-29 19:39:46 -04:00
thank_you
986f2f4302
Add SQLEscape module
2021-06-29 19:39:26 -04:00
jorgectf
2f9e6454a5
Hardcode ldap2 binding functions
2021-06-29 16:14:55 +02:00
Rasmus Wriedt Larsen
a5a7f3e38a
Python: Add taint-step for sqlalchemy.text
2021-06-29 11:06:25 +02:00
Rasmus Wriedt Larsen
684f51ae5f
Merge branch 'main' into python-use-sqlalchemy
2021-06-29 10:58:51 +02:00
Rasmus Wriedt Larsen
5477b2e0d5
Python: Minor refactoring cleanup
2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
4a2c99a021
Python: Inline LDAPImproperAuth.qll
...
Since having it inlined makes the query a bit easier to read. We
obviously need to share it if we want to share this predicate, but for
now that does not seem to be the case.
2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
dfe16aae4c
Python: Handle both positional and keyword args for LDAP bind
2021-06-28 10:46:13 +02:00
Rasmus Wriedt Larsen
e05d6e71b8
Merge pull request #6064 from tausbn/python-add-get-method-call
...
Python: Add `getAMethodCall` to `LocalSourceNode`
2021-06-22 11:16:39 +02:00
Taus
768cab3642
Python: Address review comments
...
- changes `getReceiver` to `getObject`
- fixes `calls` to avoid unwanted cross-talk
- adds some more documentation to highlight the above issue
2021-06-21 14:57:19 +00:00
jorgectf
9cbb7e0899
Change query objective
2021-06-17 17:53:58 +02:00
jorgectf
5704ac36db
Rework LDAP framework modeling
2021-06-17 17:44:08 +02:00
Taus
41ee325bc9
Python: Clean up Stdlib.qll
...
Not as many opportunities to clean stuff up here.
2021-06-15 15:04:30 +00:00
Rasmus Wriedt Larsen
156b10cb59
Merge branch 'main' into promote-clickhouse
2021-06-15 11:30:19 +02:00
jorgectf
1662c5d113
resolve merge conflict
2021-06-15 01:22:11 +02:00
Rasmus Wriedt Larsen
f807c2f52b
Python: autoformat
2021-05-26 11:07:48 +02:00
Rasmus Wriedt Larsen
d5f2846394
Merge branch 'main' into jorgectf/python/ldapInjection
2021-05-26 11:01:48 +02:00
Rasmus Wriedt Larsen
1b3f857a2f
Python: Promote ClickHouse SQL models
2021-05-25 16:27:23 +02:00
Rasmus Wriedt Larsen
eb1da152a0
Python: Rewrite ClickHouse SQL lib modeling
...
This did turn into a few changes, that maybe could have been split into
separate PRs 🤷
* Rename `ClickHouseDriver` => `ClickhouseDriver`, to better follow
import name in `.qll` name
* Rewrote modeling to use API graphs
* Split modeling of `aioch` into separate `.qll` file, which does re-use
the `getExecuteMethodName` predicate. I feel that sharing code between
the modeling like this was the best approach, and stuck the
`INTERNAL: Do not use.` labels on both modules.
* I also added handling of keyword arguments (see change in .py files)
2021-05-25 16:13:31 +02:00
Rasmus Wriedt Larsen
35793a10bb
Merge pull request #5889 from japroc/python-clickhouse-driver
...
Python: Implement module ClickHouseDriver.qll
2021-05-25 14:25:28 +02:00
Jorge
9e9678b3ca
Apply documentation suggestions
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-05-21 16:17:39 +02:00
Evgenii Protsenko
470e3eb089
[python] ClickHouseDriver.qll: add support for subclasses
2021-05-13 00:03:53 +03:00
Evgenii Protsenko
2efa0ad105
[C++] Implement module ClickHouseDriver.qll
2021-05-12 22:36:24 +03:00
yoff
78370cf63f
Update python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll
2021-05-10 14:53:40 +02:00
jorgectf
8665747316
Update sink and sanitizer to match new naming
2021-05-08 18:08:50 +02:00
jorgectf
2ad72ad693
Add LDAP framework entry in Frameworks.qll
2021-05-07 22:16:12 +02:00
jorgectf
6159fbea2b
Update functions naming
2021-05-07 22:15:51 +02:00
jorgectf
34b8af30ac
Move structure to LDAP.qll
2021-05-07 22:09:57 +02:00
Jorge
c2b96b3a5e
Add documentation to main classes' functions.
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2021-05-07 21:51:10 +02:00
Jorge
bd4b189373
Polish documentation consistency
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2021-04-29 16:26:28 +02:00
jorgectf
213d011a8c
Edit code example in CompiledRegex
...
Signed-off-by: jorgectf <jorgectf@protonmail.com >
2021-04-29 11:10:03 +02:00
jorgectf
21e01b809f
Add code example in CompiledRegex
...
Signed-off-by: jorgectf <jorgectf@protonmail.com >
2021-04-27 19:54:42 +02:00
jorgectf
8a800986a2
Remove unused class variables
...
Signed-off-by: jorgectf <jorgectf@protonmail.com >
2021-04-27 19:54:42 +02:00
Jorge
c0c71c509c
Apply suggestions from code review
...
Update `RegexExecution` docs and use `flowsTo()` instead of `getALocalSource()`.
Co-authored-by: yoff <lerchedahl@gmail.com >
2021-04-27 19:54:41 +02:00
jorgectf
3fae3fd93e
Take ApiGraphs out of Concepts.qll
2021-04-27 19:54:39 +02:00
jorgectf
ec85ee4537
Sink's predicate typo
2021-04-27 19:54:36 +02:00
jorgectf
03825a6052
Add comment to Sink's predicates
2021-04-27 19:54:36 +02:00
jorgectf
fc27c6c547
Fix RegexExecution ambiguity
2021-04-27 19:54:35 +02:00
jorgectf
3655514924
Fix ambiguity
2021-04-27 19:54:35 +02:00
jorgectf
b6721971dd
Improve code comments
2021-04-27 19:54:35 +02:00