hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 10:23:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
24,466 Commits 1,693 Branches 161 Tags
b802d7903ab9bcdbc25d3eed82a33d171991395d
Commit Graph

272 Commits

Author SHA1 Message Date
jorgectf
b802d7903a Fix OPT_X_TLS_ mandatory options 2021-09-07 19:01:46 +02:00
jorgectf
ee98c0c587 Add start_tls_s() comment and use DataFlow::MethodCallNode instead 2021-09-07 19:00:14 +02:00
Jorge
1bc16fb31e Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-07 18:37:33 +02:00
Jorge
d458464e6b Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-08-26 12:20:09 +02:00
Jorge
f02b6d60a5 Merge branch 'github:main' into jorgectf/python/ldapinsecureauth 2021-07-22 18:49:51 +02:00
jorgectf
b03e75e3d1 Extend ldap3's start_tls and fix tests 2021-07-22 18:42:41 +02:00
jorgectf
a34d6d390e Port to ApiGraphs and finish the query 2021-07-22 18:34:57 +02:00
Rasmus Wriedt Larsen
42a997cbcb Python: Fix deprecation warning 2021-07-22 15:59:13 +02:00
Rasmus Wriedt Larsen
71e6db8a01 Merge branch 'main' into jorgectf/python/ldapimproperauth 2021-07-22 15:57:43 +02:00
thank_you
9e01338500 Query only vulnerable methods 2021-07-18 17:13:10 -04:00
thank_you
0be2c6b765 Add SQLEscapySanitizerCall class 2021-06-29 19:39:46 -04:00
thank_you
986f2f4302 Add SQLEscape module 2021-06-29 19:39:26 -04:00
jorgectf
2f9e6454a5 Hardcode ldap2 binding functions 2021-06-29 16:14:55 +02:00
Rasmus Wriedt Larsen
a5a7f3e38a Python: Add taint-step for sqlalchemy.text 2021-06-29 11:06:25 +02:00
Rasmus Wriedt Larsen
684f51ae5f Merge branch 'main' into python-use-sqlalchemy 2021-06-29 10:58:51 +02:00
Rasmus Wriedt Larsen
5477b2e0d5 Python: Minor refactoring cleanup 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
4a2c99a021 Python: Inline LDAPImproperAuth.qll 
Since having it inlined makes the query a bit easier to read. We
obviously need to share it if we want to share this predicate, but for
now that does not seem to be the case.
 2021-06-28 10:54:21 +02:00
Rasmus Wriedt Larsen
dfe16aae4c Python: Handle both positional and keyword args for LDAP bind 2021-06-28 10:46:13 +02:00
Rasmus Wriedt Larsen
e05d6e71b8 Merge pull request #6064 from tausbn/python-add-get-method-call 
Python: Add `getAMethodCall` to `LocalSourceNode`
 2021-06-22 11:16:39 +02:00
Taus
768cab3642 Python: Address review comments 
- changes `getReceiver` to `getObject`
- fixes `calls` to avoid unwanted cross-talk
- adds some more documentation to highlight the above issue
 2021-06-21 14:57:19 +00:00
jorgectf
9cbb7e0899 Change query objective 2021-06-17 17:53:58 +02:00
jorgectf
5704ac36db Rework LDAP framework modeling 2021-06-17 17:44:08 +02:00
Taus
41ee325bc9 Python: Clean up Stdlib.qll 
Not as many opportunities to clean stuff up here.
 2021-06-15 15:04:30 +00:00
Rasmus Wriedt Larsen
156b10cb59 Merge branch 'main' into promote-clickhouse 2021-06-15 11:30:19 +02:00
jorgectf
1662c5d113 resolve merge conflict 2021-06-15 01:22:11 +02:00
Rasmus Wriedt Larsen
f807c2f52b Python: autoformat 2021-05-26 11:07:48 +02:00
Rasmus Wriedt Larsen
d5f2846394 Merge branch 'main' into jorgectf/python/ldapInjection 2021-05-26 11:01:48 +02:00
Rasmus Wriedt Larsen
1b3f857a2f Python: Promote ClickHouse SQL models 2021-05-25 16:27:23 +02:00
Rasmus Wriedt Larsen
eb1da152a0 Python: Rewrite ClickHouse SQL lib modeling 
This did turn into a few changes, that maybe could have been split into
separate PRs 🤷

* Rename `ClickHouseDriver` => `ClickhouseDriver`, to better follow
  import name in `.qll` name
* Rewrote modeling to use API graphs
* Split modeling of `aioch` into separate `.qll` file, which does re-use
  the `getExecuteMethodName` predicate. I feel that sharing code between
  the modeling like this was the best approach, and stuck the
  `INTERNAL: Do not use.` labels on both modules.
* I also added handling of keyword arguments (see change in .py files)
 2021-05-25 16:13:31 +02:00
Rasmus Wriedt Larsen
35793a10bb Merge pull request #5889 from japroc/python-clickhouse-driver 
Python: Implement module ClickHouseDriver.qll
 2021-05-25 14:25:28 +02:00
Jorge
9e9678b3ca Apply documentation suggestions 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-21 16:17:39 +02:00
Evgenii Protsenko
470e3eb089 [python] ClickHouseDriver.qll: add support for subclasses 2021-05-13 00:03:53 +03:00
Evgenii Protsenko
2efa0ad105 [C++] Implement module ClickHouseDriver.qll 2021-05-12 22:36:24 +03:00
yoff
78370cf63f Update python/ql/src/experimental/semmle/python/frameworks/Stdlib.qll 2021-05-10 14:53:40 +02:00
jorgectf
8665747316 Update sink and sanitizer to match new naming 2021-05-08 18:08:50 +02:00
jorgectf
2ad72ad693 Add LDAP framework entry in Frameworks.qll 2021-05-07 22:16:12 +02:00
jorgectf
6159fbea2b Update functions naming 2021-05-07 22:15:51 +02:00
jorgectf
34b8af30ac Move structure to LDAP.qll 2021-05-07 22:09:57 +02:00
Jorge
c2b96b3a5e Add documentation to main classes' functions. 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-05-07 21:51:10 +02:00
Jorge
bd4b189373 Polish documentation consistency 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-29 16:26:28 +02:00
jorgectf
213d011a8c Edit code example in CompiledRegex 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-29 11:10:03 +02:00
jorgectf
21e01b809f Add code example in CompiledRegex 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-27 19:54:42 +02:00
jorgectf
8a800986a2 Remove unused class variables 
Signed-off-by: jorgectf <jorgectf@protonmail.com>
 2021-04-27 19:54:42 +02:00
Jorge
c0c71c509c Apply suggestions from code review 
Update `RegexExecution` docs and use `flowsTo()` instead of `getALocalSource()`.

Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-04-27 19:54:41 +02:00
jorgectf
3fae3fd93e Take ApiGraphs out of Concepts.qll 2021-04-27 19:54:39 +02:00
jorgectf
ec85ee4537 Sink's predicate typo 2021-04-27 19:54:36 +02:00
jorgectf
03825a6052 Add comment to Sink's predicates 2021-04-27 19:54:36 +02:00
jorgectf
fc27c6c547 Fix RegexExecution ambiguity 2021-04-27 19:54:35 +02:00
jorgectf
3655514924 Fix ambiguity 2021-04-27 19:54:35 +02:00
jorgectf
b6721971dd Improve code comments 2021-04-27 19:54:35 +02:00