hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-22 18:03:39 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,787 Commits 1,693 Branches 161 Tags
bc745dfd5eea4e87a3d29bc745bea7cb815ba6b2
Commit Graph

1426 Commits

Author SHA1 Message Date
jorgectf
809bf2377e Move to experimental folder 2021-04-06 15:47:41 +02:00
jorgectf
1bcb9cd7c0 Simplify query 2021-04-06 15:42:56 +02:00
thank_you
6ade120983 Add check for mongoengine raw queries 
After initial research on our end, we believe that the only vulnerability within the objects() method is passing a query into the __raw__ keyword argument. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 20:44:16 -04:00
thank_you
759fa2cd01 Update query to search for more pymongo sink methods 2021-04-05 20:42:18 -04:00
Your Name
80216f6974 Rename classes 2021-04-05 14:41:08 -04:00
Your Name
be9a3a95b1 Add relevant PyMongo sink methods 2021-04-05 14:23:56 -04:00
Your Name
9072d19cda Update qhelp file 2021-04-05 13:56:43 -04:00
jorgectf
d22da880e7 Fix verifiesSignature() 2021-04-04 20:31:07 +02:00
jorgectf
198f8dcc1f Improve predicates 2021-04-03 23:01:50 +02:00
jorgectf
7ed7809a60 Use LocalSourceNode and flowsTo() for better performance 2021-04-02 21:17:18 +02:00
jorgectf
513055cae5 Change old comments 2021-04-01 18:45:39 +02:00
jorgectf
ee70eb709c Remove old comment 2021-04-01 18:34:54 +02:00
jorgectf
5edb3b1153 Query upload 2021-04-01 18:31:45 +02:00
jorgectf
15e176a3b8 Polish query select 2021-04-01 13:00:12 +02:00
jorgectf
f980d0694b Fix taint configs 2021-04-01 12:50:25 +02:00
jorgectf
c8740a2031 Update naming 2021-04-01 12:41:11 +02:00
jorgectf
9b430310b4 Improve Sanitizer calls 2021-03-31 23:19:56 +02:00
jorgectf
4328ff3981 Remove attrs feature 2021-03-31 22:26:08 +02:00
jorgectf
3a47a45e47 Attempt to apply TaintTracking2 2021-03-31 18:49:41 +02:00
jorgectf
f0a50eb67a Polish up configs 2021-03-31 17:58:18 +02:00
jorgectf
017a826b30 Remove unused class variables 2021-03-31 17:52:03 +02:00
jorgectf
7a4dc46341 Fix Sinks 2021-03-31 17:50:05 +02:00
jorgectf
01f9d4a1b0 Fix MongoEngine Sink 2021-03-31 15:50:45 +02:00
jorgectf
ccd57bea7a Fix imports 2021-03-30 21:17:11 +02:00
jorgectf
d856f160c8 Adapt query configs and custom classes 2021-03-30 21:14:21 +02:00
jorgectf
bd5ff01ebb PyMongo and Mongoengine sinks 2021-03-30 21:13:43 +02:00
jorgectf
aea7546cf9 Add Concepts 2021-03-30 21:13:15 +02:00
jorgectf
517a9202ce PR init 2021-03-30 17:51:17 +02:00
jorgectf
8faafb6961 Update Sink 2021-03-30 16:58:02 +02:00
jorgectf
3cda2e5207 Polish up ldap3 tests 2021-03-29 23:39:49 +02:00
jorgectf
8223539f0c Add a test without attributes 2021-03-29 23:28:28 +02:00
Calum Grant
c26d05b1d5 Merge pull request #5532 from RasmusWL/python-cleanup 
Python: Delete filter queries, code duplication library, and precision tag from metric queries
 2021-03-29 17:16:43 +01:00
Rasmus Wriedt Larsen
96a66fa4ee Python: Apply suggestions from code review 2021-03-29 17:02:56 +02:00
jorgectf
ad36bea9d4 Refactor LDAP3 stuff (untested) 2021-03-29 09:14:35 +02:00
jorgectf
85ec82a389 Refactor in progress 2021-03-28 21:07:08 +02:00
jorgectf
95a1dae315 Precision warn and Remove CWE reference 2021-03-28 18:33:17 +02:00
jorgectf
719b48cbaf Move to experimental folder 2021-03-28 18:33:17 +02:00
Rasmus Wriedt Larsen
9abe02f419 Python: Fix query metadata for old queries that have been ported 
I'm not sure even I want to keep these around much longer. They seem to be
causing more problem than they are doing good.
 2021-03-25 16:01:56 +01:00
yoff
61cff8faed Update python/ql/src/experimental/semmle/python/Concepts.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-03-24 01:06:03 +01:00
Rasmus Lerchedahl Petersen
198a4ca79b Python: Add files to experimental 2021-03-22 21:42:06 +01:00
Taus Brock-Nannestad
7cdf439b83 Python: Clean up basicStoreStep 
Moves the `flowsTo` logic into the shared implementation, so that
`TypeTrackingPrivate` only has to define the shape of immediate store
steps.

Also cleans up the documentation to talk a bit more about what
`content` can represent, and what caveats there are.
 2021-03-22 18:42:24 +01:00
Taus Brock-Nannestad
0e81fd2624 Python: Move Boolean into TypeTrackerPrivate 
In general, this may be defined already for other languages, so moving
it in here will avoid potential clashes.
 2021-03-22 18:41:22 +01:00
Dilan
1385b22642 pr fixes, typo in qhelp file and helper method for queries 2021-03-19 16:43:29 -07:00
yoff
746e9948b0 Merge pull request #5075 from RasmusWL/crypto 
Python: Port py/weak-crypto-key to use type-tracking
 2021-03-18 20:53:28 +01:00
jorgectf
957b3e1e85 Precision warn 2021-03-18 20:39:53 +01:00
jorgectf
3ce0a9c8c0 Move to experimental folder 2021-03-18 20:20:04 +01:00
Taus
dfc0e9b906 Merge pull request #5243 from RasmusWL/port-bind-to-all-interfaces 
Python: Port py/bind-socket-all-network-interfaces query
 2021-03-12 16:04:19 +01:00
Taus Brock-Nannestad
f05313435d Python: Move typePreservingStep into Private 2021-03-12 14:06:39 +01:00
Taus Brock-Nannestad
9b8056371f Python: Make the type tracking implementation shareable 2021-03-12 13:51:24 +01:00
Rasmus Wriedt Larsen
024a586a7d Python: Remove tags for old query copy 
Co-authored-by: Taus <tausbn@github.com>
 2021-03-05 17:08:55 +01:00