hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
35,614 Commits 1,671 Branches 157 Tags
c20ee76826e10318f8f39c6fae901b743c2e8254
Commit Graph

5326 Commits

Author SHA1 Message Date
Erik Krogh Kristensen
8d6cac76cc apply suggestions from asgerf 2021-10-04 12:45:02 +02:00
Rasmus Lerchedahl Petersen
aa91c26792 Python: Add missing taint steps 2021-10-04 12:12:07 +02:00
yoff
4521a9fdf0 Update python/ql/lib/semmle/python/frameworks/Stdlib.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-10-04 11:36:53 +02:00
Owen Mansel-Chan
938d003e5e Fix example to use space after $ for consistency 2021-10-02 08:11:49 +01:00
Owen Mansel-Chan
25792b2a45 Change class name to avoid clash with Go and Javascript libraries 2021-10-02 08:04:17 +01:00
yoff
1ce9426adf Merge pull request #6761 from RasmusWL/cryptodome-sha3 
Python/JS: Recognize SHA-3 hash functions
 2021-10-01 13:33:36 +02:00
Anders Schack-Mulligen
98f68cb053 Dataflow: Sync. 2021-10-01 13:11:43 +02:00
Anders Schack-Mulligen
490df2027b Dataflow: Add language-specific predicate forceHighPrecision(). 2021-10-01 13:11:14 +02:00
Rasmus Lerchedahl Petersen
175a06fe73 Python: Fix compile error due to predicate rename 2021-10-01 10:33:42 +02:00
Rasmus Wriedt Larsen
2d5c6e2723 Python: FastAPI: Add taint test 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
c839f35485 Python: FastAPI: Proper modeling of implicit returns 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
50147708bf Python: FastAPI: Model response classes 
Figuring out how to do the `media_type` tracking was quite difficult.
 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
eef946a0c8 Python: FastAPI: Add test for custom response annotation 
It really is rather contrived, but it also _does_ work.
 2021-09-30 19:14:15 +02:00
Rasmus Wriedt Larsen
c9895b54fe Python: FastAPI: Add tests for direct response construction 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
c50c805f5f Python: FastAPI: Model Cookie Writes 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
d34c5fd72f Python: FastAPI: Add tests with response parameter 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
285de2b4c8 Python: FastAPI: Add support for APIRouter 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
b1f8b5352b Python: FastAPI: Add support for api_route 
Note that `route` did not actually work (that also comes from the
underlying web framework library Starlette)
 2021-09-30 19:14:14 +02:00
Rasmus Wriedt Larsen
3661ff3bd8 Python: Add basic FastAPI support 2021-09-30 19:14:14 +02:00
Rasmus Lerchedahl Petersen
35d9005eae Python: typo again.. 2021-09-30 14:39:44 +02:00
Rasmus Lerchedahl Petersen
f3fc56a167 Python: typos 2021-09-30 14:39:05 +02:00
Rasmus Lerchedahl Petersen
d19d37bf9b Python: more suggestions from review 2021-09-30 14:36:26 +02:00
yoff
c1c63d0c28 Merge pull request #6738 from RasmusWL/qldoc-getArgByName 
Python: Add QLDoc to `Function.getArgByName`
 2021-09-30 14:11:18 +02:00
yoff
46e62cd963 Apply suggestions from code review 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-30 14:00:18 +02:00
Rasmus Lerchedahl Petersen
02e91b3902 Python: Model functions that will raise 
on non-existing files.
 2021-09-30 13:36:24 +02:00
Rasmus Lerchedahl Petersen
fc9fb59082 Python: Add comments 2021-09-30 10:05:57 +02:00
Rasmus Lerchedahl Petersen
115113888f Python: Add change note 2021-09-29 16:58:14 +02:00
Rasmus Lerchedahl Petersen
cc1c32cf0e Python: model file accesses 2021-09-29 16:53:25 +02:00
Rasmus Wriedt Larsen
ba990f72f2 Another hasLocationInfo URL reference fix 2021-09-29 14:00:28 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Erik Krogh Kristensen
aafae24ef2 update qhelp 2021-09-28 23:11:02 +02:00
Erik Krogh Kristensen
8d556ed1e1 Update python/ql/lib/semmle/python/security/BadTagFilterQuery.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-09-28 23:04:28 +02:00
Rasmus Wriedt Larsen
8df3dab121 Python: Adjust .expected with subpaths 2021-09-28 17:04:20 +02:00
Rasmus Wriedt Larsen
e472814ddd Python: Fix XXE qhelp 2021-09-28 17:02:39 +02:00
Rasmus Wriedt Larsen
9c286a1b50 Python: fix name of .qhelp file 2021-09-28 16:57:46 +02:00
Rasmus Wriedt Larsen
67fddda6d2 Merge branch 'main' into jorgectf/python/deserialization 2021-09-28 16:49:33 +02:00
Rasmus Lerchedahl Petersen
a5912ff76d Python: Align implementations of awaited. 2021-09-28 16:42:19 +02:00
Rasmus Lerchedahl Petersen
3c1206f873 Python: Model more awaiting construcs 
in API graphs.
Some unsatisfactory lack of understanding here.
 2021-09-27 16:41:01 +02:00
Rasmus Lerchedahl Petersen
f6311bf051 Python: model other awaiting constructs 2021-09-27 14:32:55 +02:00
Rasmus Lerchedahl Petersen
15b07bfcc0 Python: Model sql executions 2021-09-27 14:15:58 +02:00
Rasmus Wriedt Larsen
ded3088529 Python/JS: Recognize SHA-3 hash functions 
Official names are SHA3-224, SHA3-256, SHA3-384, SHA3-512 as per
https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf
 2021-09-27 12:08:40 +02:00
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00
Rasmus Wriedt Larsen
d39df18544 Python: Minor test cleanup 2021-09-24 16:11:27 +02:00
Rasmus Wriedt Larsen
26d2fbd217 Python: Fix new XPath injection query 
Fixes the typo `ETXpath` => `ETXPath`
 2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen
913a679ef5 Python: Replace old XPath injection query 2021-09-24 15:10:41 +02:00
Rasmus Wriedt Larsen
c9640ffdbc Python: Minor adjustments to XPath Injection 2021-09-24 15:02:39 +02:00
Rasmus Lerchedahl Petersen
520a2da8ab Python: Add tests for asyncpg 2021-09-24 14:41:50 +02:00
Rasmus Wriedt Larsen
289660067c Merge branch 'main' into pythonXpath 2021-09-24 13:53:38 +02:00
haby0
9b969e15fc Modify according to @yoff suggestion 2021-09-24 12:56:10 +08:00
Rasmus Lerchedahl Petersen
f2fbeed490 Python: Model os.path-functions 2021-09-23 15:30:00 +02:00