2010 Commits

Author	SHA1	Message	Date
Erik Krogh Kristensen	843ed8fca5	rename pw to aw ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-02-28 15:25:25 +01:00
haby0	be40b54b9f	add test	2022-02-28 20:34:58 +08:00
haby0	b23e28a1e6	add Server-side Request Forgery sinks	2022-02-28 15:24:02 +08:00
Arthur Baars	5044f89105	Ruby/Python re-introduce normalCharacterSequence	2022-02-25 18:43:43 +01:00
Taus	622b32692b	Python: Prevent magic/inlining in getCase ... This is a simplified version of https://github.com/github/codeql/pull/8028 consisting of just the `nomagic` fix.	2022-02-25 14:32:59 +00:00
yoff	8b926f6859	Merge pull request #7873 from RasmusWL/fix-attribute-taint ... Python: Fix attribute taint	2022-02-25 15:02:24 +01:00
Arthur Baars	9d9abaf1f9	Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-02-25 12:27:20 +01:00
Arthur Baars	69ed121ecb	Ruby/Python: regex parser: group sequences of 'normal' characters	2022-02-22 16:15:33 +01:00
Rasmus Wriedt Larsen	d2cd77aefb	Merge branch 'main' into dataflow-improvements	2022-02-21 14:49:40 +01:00
Rasmus Wriedt Larsen	b59ab7f5f3	Merge branch 'main' into python/promote-log-injection	2022-02-21 09:59:31 +01:00
Rasmus Wriedt Larsen	67ca14876a	Python: Apply suggestions from code review ... Co-authored-by: yoff <lerchedahl@gmail.com>	2022-02-18 13:47:07 +01:00
Rasmus Wriedt Larsen	62d4bb50a5	Python: Autoformat ... Trailing whitespace is a bit too easy with the ```suggestions through the UI :|	2022-02-15 10:38:52 +01:00
Rasmus Wriedt Larsen	5a90214ece	Merge pull request #7783 from yoff/python/promote-ldap-injection ... Python: promote LDAP injection query	2022-02-15 10:24:18 +01:00
yoff	de5b3a272d	Merge pull request #7660 from RasmusWL/deprecate-old-modeling ... Python: Deprecate old points-to based modeling	2022-02-14 19:48:03 +01:00
yoff	3a995ec1b1	Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-02-14 16:08:44 +01:00
yoff	62598c0fd1	Update python/ql/lib/semmle/python/security/dataflow/LogInjectionCustomizations.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-02-14 16:07:40 +01:00
Rasmus Lerchedahl Petersen	84447e4710	python: more detailed alert message	2022-02-14 11:55:07 +01:00
Rasmus Lerchedahl Petersen	bd14adefa0	python: add apologetic comment	2022-02-14 11:37:46 +01:00
Taus	d7f30de5b0	Merge pull request #7874 from RasmusWL/set-store-step ... Python: Fix setStoreStep to use `SetElementContent`	2022-02-11 12:50:02 +01:00
Tom Hvitved	58d90c7f8d	Python: More points-to performance improvements	2022-02-10 10:29:30 +01:00
Tom Hvitved	7fd8d6dd30	Address review comments	2022-02-10 10:29:30 +01:00
Tom Hvitved	2de892bfd8	Python: Points-to performance improvements	2022-02-10 10:29:30 +01:00
Rasmus Lerchedahl Petersen	313f9f056c	python: switch to using concepts	2022-02-09 14:36:48 +01:00
Rasmus Lerchedahl Petersen	17aa2898f9	python: model (xpathEval from) libxml2	2022-02-09 14:25:43 +01:00
Rasmus Lerchedahl Petersen	e8649d8947	python: model (etree from) lxml	2022-02-09 14:15:17 +01:00
yoff	f21ac04285	Update python/ql/lib/semmle/python/frameworks/Stdlib.qll ... Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2022-02-09 09:22:31 +01:00
Rasmus Lerchedahl Petersen	3f36ccba92	python: add name to concept	2022-02-08 12:40:13 +01:00
Rasmus Lerchedahl Petersen	8665fe4817	python: add concept for XPath construction ... also small fixup in `SqlConstruction`	2022-02-08 12:31:37 +01:00
Rasmus Lerchedahl Petersen	7d287f1698	python: add concept for xpath execution	2022-02-08 11:46:28 +01:00
Rasmus Lerchedahl Petersen	a9cfc60ea1	python: move supporting libraries ... and update reference in query	2022-02-08 11:27:45 +01:00
Rasmus Wriedt Larsen	62702d0ca9	Python: Fix setStoreStep to use SetElementContent	2022-02-07 13:18:36 +01:00
Rasmus Wriedt Larsen	b276b2d48c	Python: Clean up taint steps for attributes	2022-02-07 13:12:31 +01:00
yoff	182c62f5c3	Merge pull request #7838 from tausbn/python-fix-charset-performance-problem ... Python: Fix performance issue in `charSet`	2022-02-04 14:18:13 +01:00
Taus	67be20f368	Python: Remove implied inequalities ... Also gets rid of `inner_end`, since we're already doing `end - 1 = ...` in the other fix (and so this is more consistent).	2022-02-04 12:46:06 +00:00
Rasmus Wriedt Larsen	438a01e911	Python: Deprecate old bottle points-to extension	2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen	c9e36aaf72	Python: Fix deprecated deprecated	2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen	84fdd8a739	Python: Add non-deprecated httpVerb to Concepts	2022-02-04 12:02:09 +01:00
Rasmus Wriedt Larsen	5a032d6f84	Python: deprecate old taint-tracking related predicates	2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen	dba6b60c80	Python: Deprecate old library modeling	2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen	a40fdf7a7c	Python: Deprecate old web modeling	2022-02-04 12:02:08 +01:00
Rasmus Wriedt Larsen	b2ce0fcb72	Python: Add post-update nodes to args of unresolved calls ... Besides solving the problem with `setattr`, it also solved some old problems with json library modeling (yay).	2022-02-04 11:51:53 +01:00
Erik Krogh Kristensen	5e23da813f	rename named-parameters to keyword-parameters	2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen	e434f075fa	introduce, and use, API::APICallNode	2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen	3801a158a8	remove module exporst nodes from API graphs	2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen	c3f4a851f0	remove some TODOs I won't do	2022-02-03 23:10:39 +01:00
Erik Krogh Kristensen	ef5818e243	support import * in ApiGraphs	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	16774ba285	add support for named parameters in API graphs	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	66fd43fc3b	add def edge for function returns	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	d8eea7ba4c	property writes are def nodes	2022-02-03 23:10:38 +01:00
Erik Krogh Kristensen	a908b219e9	more backtracking of def nodes, and lots of tests	2022-02-03 23:10:38 +01:00