hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 16:06:47 +01:00
Code Issues Packages Projects Releases Wiki Activity
41,535 Commits 1,712 Branches 163 Tags
cb5331bdd8c62ffa05a4e82a9c83ba77a5024421
Commit Graph

1289 Commits

Author SHA1 Message Date
Ahmed Farid
9cb7a0ac2e Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.qlref 2022-08-16 16:29:05 +01:00
Ahmed Farid
685cd97b8e Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstSensitiveInfo.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/PossibleTimingAttackAgainstSensitiveInfo.expected 2022-08-16 16:28:51 +01:00
Ahmed Farid
2377880d0c Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo/TimingAttackAgainstSensitiveInfo.py 2022-08-16 16:28:36 +01:00
Ahmed Farid
f956fe12d5 Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.qlref 2022-08-16 16:28:17 +01:00
Ahmed Farid
6536b602df Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeaderValue.expected 2022-08-16 16:28:00 +01:00
Ahmed Farid
b8fe0e2eee Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeader.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeaderValue/TimingAttackAgainstHeader.py 2022-08-16 16:27:45 +01:00
Ahmed Farid
87b67ed64f Rename python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash.py to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/TimingAttackAgainstHash.py 2022-08-16 16:27:19 +01:00
Ahmed Farid
fa3940f69a Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.qlref to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.qlref 2022-08-16 16:27:02 +01:00
Ahmed Farid
6a94d45643 Rename python/ql/test/experimental/query-tests/Security/CWE-208/PossibleTimingAttackAgainstHash.expected to python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHash/PossibleTimingAttackAgainstHash.expected 2022-08-16 16:26:45 +01:00
Ahmed Farid
31ecb0727f Rename TimingAttackAgainstHeader.expected to TimingAttackAgainstHeaderValue.expected 2022-08-16 14:50:54 +01:00
Ahmed Farid
d8719f3b1f Rename TimingAttackAgainstSensitiveInfo.expected to PossibleTimingAttackAgainstSensitiveInfo.expected 2022-08-16 14:50:21 +01:00
Ahmed Farid
67476d0a36 Rename TimingAttackAgainstSensitiveInfo.qlref to PossibleTimingAttackAgainstSensitiveInfo.qlref 2022-08-16 13:36:59 +01:00
Ahmed Farid
e8376a522c Update TimingAttackAgainstHeaderValue.qlref 2022-08-16 13:35:20 +01:00
Ahmed Farid
ecbe663c2f Update TimingAttackAgainstSensitiveInfo.qlref 2022-08-16 13:34:24 +01:00
Ahmed Farid
1dd4400c67 Update PossibleTimingAttackAgainstHash.qlref 2022-08-16 13:33:17 +01:00
Ahmed Farid
44f054bede Update PossibleTimingAttackAgainstHash.expected 2022-08-16 12:31:33 +01:00
Ahmed Farid
abc49bd62b Update TimingAttackAgainstHeader.py 2022-08-16 12:06:34 +01:00
Ahmed Farid
68cf084b8f Update TimingAttackAgainstSensitiveInfo.expected 2022-08-16 12:03:14 +01:00
Ahmed Farid
c85ad1b2c0 Update TimingAttackAgainstHash.py 2022-08-16 11:50:37 +01:00
Ahmed Farid
5ecadd06ae Update TimingAttackAgainstHash.py 2022-08-15 15:21:10 +01:00
Ahmed Farid
f2bf58bdb6 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 15:16:30 +01:00
Ahmed Farid
18b103dbd5 Update TimingAttackAgainstHash.py 2022-08-15 11:29:29 +01:00
Ahmed Farid
7d23b80582 Update TimingAttackAgainstHash.py 2022-08-15 11:29:09 +01:00
Ahmed Farid
521dbd0e82 Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 11:28:51 +01:00
Ahmed Farid
5de103303d Update TimingAttackAgainstHeader.py 2022-08-15 11:26:34 +01:00
Ahmed Farid
7cb1683f5b Update TimingAttackAgainstSensitiveInfo.py 2022-08-15 11:21:40 +01:00
Ahmed Farid
01490414e8 Update TimingAttackAgainstHeader.py 2022-08-12 12:25:31 +01:00
Ahmed Farid
ae4ded08fa Update and rename TimingAttackAgainstHeader.qlref to TimingAttackAgainstHeaderValue.qlref 2022-08-04 12:42:52 +01:00
Ahmed Farid
813e2394f7 Merge branch 'main' into timing-attack-py 2022-07-27 14:40:55 +01:00
Ahmed Farid
e3340c9345 Update TimingAttackAgainstSensitiveInfo.py 2022-07-27 00:25:42 +01:00
Ahmed Farid
ad57ff4def Rename PossibleTimingAttackAgainstSignature.qlref to PossibleTimingAttackAgainstHash.qlref 2022-07-26 23:56:24 +01:00
Ahmed Farid
f35985097d Update and rename PossibleTimingAttackAgainstSignature.expected to PossibleTimingAttackAgainstHash.expected 2022-07-26 23:50:44 +01:00
Ahmed Farid
4f082e28e5 Update and rename TimingAttackAgainstSignature.py to TimingAttackAgainstHash.py 2022-07-20 12:26:57 +01:00
Ahmed Farid
b3925ae988 Update PossibleTimingAttackAgainstSignature.qlref 2022-07-20 00:57:26 +01:00
Asger F
a522562f93 Merge pull request #9369 from asgerf/python/api-graph-api 
Python: API graph renaming and documentation
 2022-06-28 14:48:12 +02:00
root
655b9d4262 Python: Timing attack 2022-06-27 12:18:45 -04:00
Rasmus Wriedt Larsen
3248f7b423 Merge pull request #9649 from RasmusWL/certificate-modeling 
Python/JS/Ruby: Ignore common words (like certain) as sensitive data source
 2022-06-23 12:04:58 +02:00
Rasmus Wriedt Larsen
4be375521f Python: Handle _ in sensitive-data-sources 2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen
4a844312f4 Python: _ in var name not handled by sensitive-data-sources 2022-06-22 11:05:14 +02:00
Rasmus Wriedt Larsen
5dc2bb717a Python: ignore common words (certain/concert) as sensitive source 2022-06-22 11:05:05 +02:00
Anders Schack-Mulligen
df6d68b215 Merge pull request #9618 from aschackmull/dataflow/deprecate-barrierguard-class 
Dataflow: Deprecate BarrierGuard class
 2022-06-22 10:44:08 +02:00
Rasmus Wriedt Larsen
abdcfd55c3 Python: uncertainty is treated as a certificate :O 2022-06-22 10:16:28 +02:00
Asger F
181a53bd03 Python: Rename getAnImmediateUse -> asSource 2022-06-21 12:44:06 +02:00
Asger F
60fde3c031 Python: Rename getARhs -> asSink 2022-06-21 12:44:06 +02:00
Anders Schack-Mulligen
a7c268f804 Python: adjust test. 2022-06-20 15:46:38 +02:00
Anders Schack-Mulligen
f473a0a961 Python: Deprecate and replace BarrierGuard class. 2022-06-20 15:46:38 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
yoff
699761889d Merge pull request #7127 from jty-team/jty/python/emailInjection 
Python: CWE-079 - Add Email injection query
 2022-06-14 10:54:16 +02:00
Alex Ford
8d195e3188 Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Rasmus Wriedt Larsen
c1e6996e99 Inline Expectation Tests: Allow tag[foo bar] 
This is partly motivated by the MaD tests which looks much better now in
my opinion.

I also wanted this for testing argument passing. In Python we're
adopting the same argument positions as Ruby has
[here](4f3751dfea/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll (L508-L540))

So it would be nice if `arg[keyword foo]=...` was allowed, without
having to transform the `toString()` result of an argument position into
something without a space.
 2022-06-03 11:39:57 +02:00