1205 Commits

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	6611e5b4b8	Merge branch 'main' into promote-pam	2022-05-18 10:35:39 +02:00
Erik Krogh Kristensen	7245591468	Merge pull request #7763 from erik-krogh/unused-field ... QL: add unused-field query	2022-05-18 09:15:16 +02:00
Nick Rolfe	2efa38aaa6	Python: fix typos in comments	2022-05-12 16:02:20 +01:00
Rasmus Wriedt Larsen	795adf0566	Python: Fix API::moduleImport("foo.bar")	2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen	cff950f5f7	Python: Fix select of py/insecure-cookie	2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen	0956d506de	Python: Actually promote py/pam-auth-bypass ... 🤦	2022-05-11 13:44:47 +02:00
Rasmus Wriedt Larsen	fc8633cc01	Python: Fix select for py/cookie-injection	2022-05-11 13:18:14 +02:00
Rasmus Wriedt Larsen	d127d2164a	Merge branch 'main' into jorgectf/python/insecure-cookie	2022-05-11 11:13:47 +02:00
Rasmus Wriedt Larsen	7e87e18b32	Python: Adjust name/description/select of PamAuthorization.ql ... Thought that calling out the actual vulnerability would make things easier for our end users :)	2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen	2b6e0cfb44	Merge pull request #8340 from yoff/python/simple-csrf ... python: minimal CSRF implementation	2022-05-10 13:36:38 +02:00
Rasmus Wriedt Larsen	cb17e2a649	Merge pull request #8595 from porcupineyhairs/pypam ... Python : Add query to detect PAM authorization bypass	2022-05-10 13:35:12 +02:00
Rasmus Lerchedahl Petersen	aa3d7babf4	python: fix bad merge ... caused by an optimistic attempt at solving a merge conflict in the online GUI.	2022-05-10 11:37:41 +02:00
Rasmus Wriedt Larsen	2421076d2f	Merge pull request #8696 from RasmusWL/new-nosql-examples ... Python: Improve experimental modeling for `pymongo`	2022-05-10 11:03:05 +02:00
yoff	6c3e2db7fd	Merge branch 'main' into python/simple-csrf	2022-05-10 10:55:28 +02:00
yoff	b6605bc330	Merge pull request #8634 from RasmusWL/promote-xxe ... Python: Promote XXE and XML-bomb queries	2022-05-09 21:54:55 +02:00
Rasmus Wriedt Larsen	c218162104	Merge branch 'main' into pypam	2022-05-09 14:20:05 +02:00
Rasmus Wriedt Larsen	de05b108fa	Python: Fix singleton set	2022-05-09 11:01:13 +02:00
yoff	1d44694280	Merge pull request #8732 from RasmusWL/dataflow-imports ... Python: Don't re-export `python` under `DataFlow::`	2022-05-02 12:08:28 +02:00
Taus	231def026f	Merge pull request #8890 from tausbn/python-add-global-attribute-writes ... Python: Add support for global attribute writes	2022-05-02 12:03:41 +02:00
yoff	c67b06b1fd	Update python/ql/test/experimental/dataflow/typetracking/attribute_tests.py ... Co-authored-by: Taus <tausbn@github.com>	2022-05-02 11:36:58 +02:00
Rasmus Wriedt Larsen	5f01fc24e4	Merge branch 'main' into promote-xxe	2022-05-02 11:25:55 +02:00
Rasmus Wriedt Larsen	3c1a37e7e1	Merge branch 'main' into new-nosql-examples	2022-05-02 11:21:36 +02:00
Taus	b4a31e572f	Python: Add global attribute writes	2022-04-27 16:45:00 +00:00
Taus	f71cf2e1fc	Python: Add test	2022-04-27 15:48:11 +00:00
yoff	39753d5a0b	Merge pull request #8693 from erik-krogh/pyApi ... PY: more API-graphs refactorings	2022-04-27 13:19:50 +02:00
Rasmus Wriedt Larsen	bb6969a175	Merge branch 'main' into promote-xxe	2022-04-20 13:42:02 +02:00
Rasmus Wriedt Larsen	084c8eb22e	Python: Don't re-export python under DataFlow::	2022-04-20 11:42:10 +02:00
Rasmus Wriedt Larsen	5dbbd17bb2	Python: Add test to ensure we keep DataFlow imports clean ... Currently we're not in a good state :(	2022-04-20 11:41:01 +02:00
Rasmus Wriedt Larsen	6235dc5039	Python: Handle find_library assignment to temp variable	2022-04-13 11:44:15 +02:00
Porcupiney Hairs	785dc1af3c	Include changes from review	2022-04-12 21:17:39 +05:30
Taus	626770aaab	Merge pull request #8004 from ahmed-farid-dev/ZipSlip ... Add query to detect ZipSlip	2022-04-08 23:55:02 +02:00
Taus	3d14c5f3c3	Python: Update tests ... We need to import `tty` in order to be able to detect the standard library correctly.	2022-04-08 23:20:47 +02:00
Rasmus Wriedt Larsen	517444b5ff	Python: Fix SimpleXmlRpcServer.expected	2022-04-07 16:42:40 +02:00
Rasmus Wriedt Larsen	ec66f26ade	Python: Handle get_collection on pymongo DB	2022-04-07 16:32:20 +02:00
Rasmus Wriedt Larsen	89eeaf85d5	Python: Handle get_database on MongoClient instance	2022-04-07 16:31:17 +02:00
Rasmus Wriedt Larsen	81fdc1bd78	Python: Add more pymongo NoSQL tests	2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen	30fff1cf8b	Python: Merge pymongo NoSQL tests	2022-04-07 16:04:25 +02:00
Erik Krogh Kristensen	50bfc8eaa0	refactor uses of API::Node::getAUse() that should have been something else	2022-04-07 13:52:13 +02:00
Ahmed Farid	29f69bde75	Update zipslip_bad.py	2022-04-05 12:46:51 +00:00
Rasmus Wriedt Larsen	1f285b8983	Python: Rename to XmlParsingVulnerabilityKind ... To keep up with style guide	2022-04-05 11:07:12 +02:00
Rasmus Wriedt Larsen	ab59d5c786	Python: Rename to XmlParsing ... To follow our style guide	2022-04-05 11:06:22 +02:00
Rasmus Wriedt Larsen	4abab22066	Python: Promote XXE and XML-bomb queries ... Need to write a change-note as well, but will do that tomorrow	2022-03-31 18:47:50 +02:00
Rasmus Wriedt Larsen	b8d3c5e96f	Python: Remove last bits of experimental XML modeling	2022-03-31 18:40:26 +02:00
Rasmus Wriedt Larsen	5083023aa8	Python: Move XML parsing PoC ... Since the folder where it used to live is now empty otherwise :O	2022-03-31 18:37:47 +02:00
Rasmus Wriedt Larsen	673220b231	Python: Minor cleanup of XmlParsingTest	2022-03-31 18:18:35 +02:00
Rasmus Wriedt Larsen	e11269715d	Python: Promote xml.sax and xml.dom.* modeling	2022-03-31 17:44:00 +02:00
Rasmus Wriedt Larsen	64aa503cc3	Python: Promote xml.etree modeling	2022-03-31 11:12:02 +02:00
Rasmus Wriedt Larsen	7f5f7679f8	Python: Promote xmltodict modeling	2022-03-31 10:28:34 +02:00
Rasmus Wriedt Larsen	80b5cde3a2	Python: Promote lxml parsing modeling	2022-03-31 10:19:08 +02:00
Rasmus Wriedt Larsen	1ea4bcc59f	Python: Make XMLParsing a Decoding subclass	2022-03-31 09:52:55 +02:00