hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-05 02:30:19 +01:00
Code Issues Packages Projects Releases Wiki Activity
58,955 Commits 1,673 Branches 157 Tags
c7e892fa8e1bd6f8d7939549233e09add274084f
Commit Graph

1392 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
e8e8d975e3 Python: Remove all usage of DataFlow2+TaintTracking2 
(and any higher number as well)
 2023-08-28 15:34:19 +02:00
Rasmus Wriedt Larsen
c665c21d83 Python: More style-guide renaming 
Split it into multiple commits to make it easier to review.
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
996364d6ee Python: Fix naming style guide violations 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
98538d237e Python: Autoformat 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
5ba8e102eb Python: Adopt tests to new DataflowQueryTest 
Since we want to know the _sinks_ and not just the flow, we need to
expose the config as well :|
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6961ca5234 Python: Rename to EmailXss 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
6d4491e0a9 Python: Modernize WebAppConstantSecretKey 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
852b01c65d Python: Move SmtpMessageConfig to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
d5e2a30e5b Python: Modernize py/azure-storage/unsafe-client-side-encryption-in-use a bit 
To use consistent naming
 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
bfcc194b85 Python: Move experimental paramiko to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
acd0f2a8fb Python: Move experimental LDAPInsecureAuth to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c6911c2ae0 Python: Move experimental UnicodeBypassValidation to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c06394bf3 Python: Move experimental CookieInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
2c412707ab Python: Move experimental CsvInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
ace1e23c21 Python: Move experimental ClientSuppliedIpUsedInSecurityCheck to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
d948e103fa Python: Move experimental HeaderInjection to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
53e57dad5c Python: Move experimental InsecureRandomness to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
3bf2705668 Python: Move experimental TimingAttackAgainstHeaderValue to new dataflow API 2023-08-28 15:31:08 +02:00
Rasmus Wriedt Larsen
c88a0ccb7c Python: Move experimental TimingAttackAgainstHash to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a779547515 Python: Move experimental PossibleTimingAttackAgainstHash to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
8abd3430a2 Python: Move experimental TimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
1a4e8d9464 Python: Move experimental PossibleTimingAttackAgainstSensitiveInfo to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5fd3594f5f Python: Move TimingAttack.qll to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
5d8329d9c8 Python: Move experimental ZipSlip to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
67cc3a3935 Python: Move experimental ReflectedXSS to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
a0d26741d0 Python: Move experimental TarSlipImprov to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3cdd875e9f Python: Move experimental UnsafeUnpack to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
3edb9d1011 Python: Move experimental TokenBuiltFromUUID to new dataflow API 2023-08-28 15:31:07 +02:00
Rasmus Wriedt Larsen
0f242475f2 Merge branch 'main' into experimental-cleanup 2023-08-28 11:01:22 +02:00
Rasmus Wriedt Larsen
0dca8a5d86 Python: Remove old points-to modeling file 
Since all of this was ported already
 2023-08-28 10:40:45 +02:00
Rasmus Wriedt Larsen
39e2b133e9 Python: Fix naming 2023-08-28 10:40:33 +02:00
Rasmus Wriedt Larsen
4c693b4fc3 Python: Port py/xslt-injection to new data-flow 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
779fe6498c Python: Rename to XsltInjection.ql 2023-08-17 15:45:07 +02:00
Rasmus Wriedt Larsen
91edde72c4 Python: Port py/template-injection to new data-flow 
I kept all the modeling in _one_ file, since that makes it easy to work
with such an external contribution... and I would certainly propose this
file setup for the future 👍
 2023-08-17 15:44:26 +02:00
Rasmus Wriedt Larsen
24f9f13790 Python: Fix tests 2023-08-17 10:15:36 +02:00
amammad
eb5529eac5 sanitize resutls exist in test/demo/example/sample directories 2023-08-14 23:48:03 +10:00
Rasmus Wriedt Larsen
1c3cc1fa29 Python: Remove flow through stdlib 
This means tests can pass on any machine now 👍
 2023-08-14 11:55:22 +02:00
Rasmus Wriedt Larsen
6e168ff7d8 Python: Only interested in StrConst 2023-08-14 11:46:21 +02:00
Rasmus Wriedt Larsen
eeefdc5dcd Python: Fix formatting 2023-08-14 11:29:38 +02:00
amammad
bee8e6ff0d remove unused saniter 2023-07-27 01:41:31 +10:00
amammad
591d81b5f9 remove saniter which was responsible for a defensive technique 2023-07-26 02:39:10 +10:00
amammad
1e1d42fa35 fix a mistake :( 2023-07-25 00:11:23 +10:00
amammad
7aff0079f5 better safe Flask example 2023-07-25 00:08:51 +10:00
amammad
0e8f83460c a little bit change on flask example 2023-07-24 21:41:54 +10:00
amammad
bbba906ff1 a little bit change on flask example 2023-07-24 21:41:44 +10:00
amammad
6f8ec118df fix qlhelp and qldoc bugs 2023-07-24 17:15:43 +10:00
amammad
c704158150 remove sources which are contained from environment variables, fix some bugs thanks to @yoff 2023-07-24 17:06:27 +10:00
Rasmus Wriedt Larsen
13fa08a90a Python: Move source modeling to shared file 2023-07-14 14:47:50 +02:00
amammad
2ba83022c7 delete old qhelp file 2023-07-01 04:49:35 +10:00
amammad
816799c4ba upgrade query to detect redash CVE too 2023-06-30 22:14:50 +10:00