Rasmus Wriedt Larsen
bfcc194b85
Python: Move experimental paramiko to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
acd0f2a8fb
Python: Move experimental LDAPInsecureAuth to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c6911c2ae0
Python: Move experimental UnicodeBypassValidation to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c06394bf3
Python: Move experimental CookieInjection to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c412707ab
Python: Move experimental CsvInjection to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
ace1e23c21
Python: Move experimental ClientSuppliedIpUsedInSecurityCheck to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
d948e103fa
Python: Move experimental HeaderInjection to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
53e57dad5c
Python: Move experimental InsecureRandomness to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
3bf2705668
Python: Move experimental TimingAttackAgainstHeaderValue to new dataflow API
2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c88a0ccb7c
Python: Move experimental TimingAttackAgainstHash to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a779547515
Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
8abd3430a2
Python: Move experimental TimingAttackAgainstSensitiveInfo to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
1a4e8d9464
Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5d8329d9c8
Python: Move experimental ZipSlip to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
67cc3a3935
Python: Move experimental ReflectedXSS to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a0d26741d0
Python: Move experimental TarSlipImprov to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3cdd875e9f
Python: Move experimental UnsafeUnpack to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3edb9d1011
Python: Move experimental TokenBuiltFromUUID to new dataflow API
2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
0f242475f2
Merge branch 'main' into experimental-cleanup
2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
39e2b133e9
Python: Fix naming
2023-08-28 10:40:33 +02:00
Rasmus Wriedt Larsen
4c693b4fc3
Python: Port py/xslt-injection to new data-flow
2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
779fe6498c
Python: Rename to XsltInjection.ql
2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
91edde72c4
Python: Port py/template-injection to new data-flow
...
I kept all the modeling in _one_ file, since that makes it easy to work
with such an external contribution... and I would certainly propose this
file setup for the future 👍
2023-08-17 15:44:26 +02:00
Rasmus Wriedt Larsen
24f9f13790
Python: Fix tests
2023-08-17 10:15:36 +02:00
amammad
eb5529eac5
sanitize resutls exist in test/demo/example/sample directories
2023-08-14 23:48:03 +10:00
Rasmus Wriedt Larsen
1c3cc1fa29
Python: Remove flow through stdlib
...
This means tests can pass on any machine now 👍
2023-08-14 11:55:22 +02:00
Rasmus Wriedt Larsen
6e168ff7d8
Python: Only interested in StrConst
2023-08-14 11:46:21 +02:00
Rasmus Wriedt Larsen
eeefdc5dcd
Python: Fix formatting
2023-08-14 11:29:38 +02:00
amammad
bee8e6ff0d
remove unused saniter
2023-07-27 01:41:31 +10:00
amammad
591d81b5f9
remove saniter which was responsible for a defensive technique
2023-07-26 02:39:10 +10:00
amammad
1e1d42fa35
fix a mistake :(
2023-07-25 00:11:23 +10:00
amammad
7aff0079f5
better safe Flask example
2023-07-25 00:08:51 +10:00
amammad
0e8f83460c
a little bit change on flask example
2023-07-24 21:41:54 +10:00
amammad
bbba906ff1
a little bit change on flask example
2023-07-24 21:41:44 +10:00
amammad
6f8ec118df
fix qlhelp and qldoc bugs
2023-07-24 17:15:43 +10:00
amammad
c704158150
remove sources which are contained from environment variables, fix some bugs thanks to @yoff
2023-07-24 17:06:27 +10:00
Rasmus Wriedt Larsen
13fa08a90a
Python: Move source modeling to shared file
2023-07-14 14:47:50 +02:00
amammad
2ba83022c7
delete old qhelp file
2023-07-01 04:49:35 +10:00
amammad
816799c4ba
upgrade query to detect redash CVE too
2023-06-30 22:14:50 +10:00
amammad
7a17b99c17
V2
2023-06-29 20:55:51 +10:00
amammad
e3e0307db7
V1
2023-06-25 20:36:28 +10:00
Tony Torralba
8f6d2ed2f9
Adjust ZipSlip query description according to review suggestions.
2023-06-19 10:27:41 +02:00
Tony Torralba
3c4d938cf1
Apply code review suggestions.
...
Co-authored-by: Asger F <asgerf@github.com >
2023-06-19 10:20:19 +02:00
Tony Torralba
3e96fe60c5
Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query
...
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
2023-06-16 08:52:44 +02:00
Rasmus Wriedt Larsen
0c8b4251cf
Python: Avoid duplicated query-id
2023-06-07 10:07:01 +02:00
Rasmus Wriedt Larsen
c1b90c8f05
Python: Apply suggested change
2023-05-22 11:58:32 +02:00
Sim4n6
be3f59afab
Replaced StringMethod() with a restrained String method calls
2023-05-20 12:17:33 +01:00
Sim4n6
21e99d52c7
Fix a redundant import
2023-05-20 10:23:04 +01:00
Sim4n6
b8969707c5
Delete the vulnerability flow image from the QHelp file.
2023-05-20 10:21:38 +01:00
Sim4n6
16ce024429
Update python/ql/src/experimental/Security/CWE-176/UnicodeBypassValidation.qhelp
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2023-05-20 10:13:23 +01:00