hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,609 Commits 1,673 Branches 157 Tags
ba3ea700f57a25f0187baca710ea29abba5019eb
Commit Graph

2071 Commits

Author SHA1 Message Date
jorgectf
e8e0f0fea8 Add temporary .expected 2021-10-28 14:22:14 +02:00
jorgectf
4c2a4226ef Merge remote-tracking branch 'origin/main' into jty/python/emailInjection 2021-10-28 13:26:57 +02:00
Rasmus Wriedt Larsen
6d09334cba Merge pull request #6330 from porcupineyhairs/pyPathTraversal 
Python : Add Flask sinks for path injection query
 2021-10-28 11:39:40 +02:00
Rasmus Wriedt Larsen
358663ffbb Python: Fix tests 2021-10-28 11:14:41 +02:00
yoff
9478faf040 Merge pull request #6967 from RasmusWL/ruamel.yaml 
Python: Model `ruamel.yaml` PyPI package
 2021-10-28 10:19:08 +02:00
Porcuiney Hairs
4fd3f212f8 Python : Add Flask sinks for path injection query 2021-10-28 02:12:11 +05:30
Rasmus Wriedt Larsen
cd6d73d553 Python: Handle kwarg in PyYAML 
Really surprised that we didn't already :|
 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
6c0083e584 Python: Add PoC for PyYAML code execution 2021-10-26 17:48:10 +02:00
Rasmus Wriedt Larsen
1ce09afa08 Python: Add modeling of ruamel.yaml PyPI package 2021-10-26 17:48:10 +02:00
Erik Krogh Kristensen
a3c55c2aec use set literal instead of big disjunction of literals 2021-10-26 12:55:25 +02:00
Rasmus Wriedt Larsen
8167e83ae5 Python: Fix tests 2021-10-20 17:58:03 +02:00
jorgectf
271e2e4c49 Update .expected 2021-10-16 13:12:33 +02:00
jorgectf
45146bc798 Merge branch 'main' into jorgectf/python/headerInjection 2021-10-16 12:46:57 +02:00
jorgectf
bf76d9cd8b Fix django test 2021-10-16 10:45:25 +02:00
jorgectf
2db1ffef1e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-10-16 10:40:52 +02:00
Anders Schack-Mulligen
8b6baa250c Merge pull request #6878 from aschackmull/remove-singleton-setliteral 
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
 2021-10-14 14:53:05 +02:00
Rasmus Wriedt Larsen
7cd5e681dd Merge pull request #6693 from yoff/python/promote-regex-injection 
Python: Promote `py/regex-injection`
 2021-10-14 14:49:05 +02:00
Mathias Vorreiter Pedersen
47a85bbb1d Merge pull request #6869 from MathiasVP/fix-prefix/suffix-equality 
Java/JS/Python: Replace '.prefix'/'.suffix' with '.matches'
 2021-10-14 13:47:03 +01:00
Anders Schack-Mulligen
57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
CodeQL CI
2b0415e238 Merge pull request #6741 from yoff/python/model-os-path-file-accesses 
Approved by RasmusWL
 2021-10-13 11:11:41 -07:00
Mathias Vorreiter Pedersen
a80860cdc6 Python: Replace '.prefix'/'.suffix' with '.matches'. 2021-10-13 13:23:12 +01:00
Taus
75c4d6a8a0 Merge pull request #6650 from yoff/python-dataflow/init-time 
Python: Import time dataflow
 2021-10-12 11:31:03 +02:00
Rasmus Lerchedahl Petersen
61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
yoff
43f7eede0b Merge pull request #6182 from haby0/python/LogInjection 
Python: CWE-117 Log injection
 2021-10-12 10:54:45 +02:00
yoff
c007c9460c Merge pull request #6843 from RasmusWL/dataflow-bool-expr 
Python: Add data-flow for `x or y` and `x and y`
 2021-10-12 10:40:54 +02:00
Rasmus Lerchedahl Petersen
f34d1ee997 Python: Update test expectation following rename 2021-10-12 10:36:18 +02:00
yoff
0629ce00de Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck 
[Python] CWE-348:  Client supplied ip used in security check
 2021-10-11 16:38:04 +02:00
Owen Mansel-Chan
058a04f756 Merge pull request #6795 from owen-mc/inline-expectation-test-trivial-change 
Change class name in InlineExpectationTest to avoid clash
 2021-10-11 15:35:17 +01:00
Rasmus Lerchedahl Petersen
19f6cc00c8 Python: rewrite import time test 2021-10-11 14:28:25 +02:00
yoff
5aee715931 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-11 13:00:21 +02:00
haby0
c2d0fcfbe6 Update python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:46:02 +08:00
haby0
29ddc76e2f Update python/ql/test/experimental/query-tests/Security/CWE-117/LogInjection.expected 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-11 16:43:30 +08:00
Rasmus Wriedt Larsen
8444388ec7 Python: Update .expected 2021-10-11 09:48:56 +02:00
Rasmus Lerchedahl Petersen
64b1aeaecd Python: Shorten toString for module vars 2021-10-10 15:59:31 +02:00
Rasmus Lerchedahl Petersen
0aa632d149 Python: Move writing of module vars 
into runtime jump steps.
 2021-10-10 15:49:33 +02:00
Rasmus Wriedt Larsen
a50b193c40 Python: Model data-flow for x or y and x and y 2021-10-08 18:32:30 +02:00
Rasmus Wriedt Larsen
15476c2513 Python: Add data-flow tests for BoolExp 
> 6.11. Boolean operations

> The expression x and y first evaluates x; if x is false, its value is
> returned; otherwise, y is evaluated and the resulting value is
> returned.

> The expression x or y first evaluates x; if x is true, its value is
> returned; otherwise, y is evaluated and the resulting value is
> returned.
 2021-10-08 18:29:06 +02:00
Rasmus Lerchedahl Petersen
705970cedd Python: Update tests to use correct tag 2021-10-08 16:57:36 +02:00
Rasmus Lerchedahl Petersen
8ba01abcd6 Merge branch 'python-dataflow/init-time' of github.com:yoff/codeql into python-dataflow/init-time 2021-10-08 16:53:08 +02:00
Rasmus Lerchedahl Petersen
4807f50c00 Merge branch 'main' of github.com:github/codeql into python-dataflow/init-time 2021-10-08 14:55:01 +02:00
Rasmus Wriedt Larsen
5e6f042f6e Python: Model pickle.Unpickler 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
75b06d8a25 Python: Model dill.load 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
4820be3b10 Python: Model keyword arguments to dill.loads 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
f9333fc551 Python: Expand dill tests 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
42980a1ab4 Python: Model shelve.open 2021-10-08 11:55:54 +02:00
Rasmus Wriedt Larsen
a81d359669 Python: Model marshal.load 2021-10-07 21:27:51 +02:00
Rasmus Wriedt Larsen
1b61296ea5 Python: Model pickle.load 2021-10-07 21:25:48 +02:00
Rasmus Wriedt Larsen
27c368a444 Python: Model keyword arguments to pickle.loads 2021-10-07 21:24:12 +02:00
Rasmus Wriedt Larsen
3592b09d56 Python: Expand stdlib decoding tests 
The part about claiming there is decoding of the input to `shelve.open`
is sort of an odd one, since it's not the filename, but the contents of
the file that is decoded.

However, trying to only handle this problem through path injection is
not enough -- if a user is able to upload and access files through
`shelve.open` in a path injection safe manner, that still leads to code
execution.

So right now the best way we have of modeling this is to treat the
filename argument as being deserialized...
 2021-10-07 21:11:51 +02:00
yoff
933412eb8d Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-07 17:45:07 +02:00