Taus
f9120167b4
Python: Fix syntax error in with test output
...
Depends on an internal PR. The two lines in question were caused by
the insertion of an extra node due to the failure to parse a trailing
comma corrcetly.
2022-03-22 16:22:03 +00:00
yoff
47e062cfb9
Merge pull request #8486 from aibaars/incomplete-hostname-python
...
Python: switch to shared implementation of IncompleteHostnameRegExp.ql
2022-03-22 15:06:14 +01:00
Rasmus Wriedt Larsen
6bd9d82610
Merge pull request #8061 from RasmusWL/orm
...
Python: Add data-flow through Django ORM models
2022-03-22 11:14:08 +01:00
Arthur Baars
9412b331db
Revert "Revert "Python: switch to shared implementation of IncompleteHostnameRegExp.ql""
...
This reverts commit 6d24591416
2022-03-18 16:31:22 +01:00
Mathias Vorreiter Pedersen
abe30457ee
Python: Accept test changes.
2022-03-17 14:03:58 +01:00
Rasmus Wriedt Larsen
ae1ba11d57
Merge branch 'main' into orm
2022-03-16 11:23:14 +01:00
Rasmus Wriedt Larsen
461e2f3663
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2022-03-16 10:43:20 +01:00
Erik Krogh Kristensen
c7509c4dd3
Merge branch 'main' into deadCode
2022-03-15 09:19:14 +01:00
Erik Krogh Kristensen
3bf5e06d53
delete all dead code
2022-03-14 13:03:31 +01:00
Rasmus Wriedt Larsen
2f4a22c86c
Merge pull request #6112 from jorgectf/jorgectf/python/deserialization
...
Python: Port and extend XXE modeling
2022-03-14 11:59:28 +01:00
Erik Krogh Kristensen
755b0bbcb9
PY: update tests to not use deleted deprecations
2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
61e282da84
PY: delete test that mostly used deleted deprecated features
2022-03-09 18:28:13 +01:00
Erik Krogh Kristensen
309e376c6d
PY: convert test to not use deleted deprecations
2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
d5a76e8c98
Python: delete test that only used deprecated classes
2022-03-09 18:28:12 +01:00
Erik Krogh Kristensen
a1769f8036
Python: add default implementation of getName() and deprecate it
2022-03-09 18:28:12 +01:00
Taus
7b877fb317
Merge pull request #8336 from tausbn/python-fix-a-bunch-of-ql-warnings
...
Python: Fix a bunch of QL warnings
2022-03-09 16:31:28 +01:00
Taus
063a8bbc43
Python: Apply suggestions from code review
...
Co-authored-by: yoff <lerchedahl@gmail.com >
2022-03-08 15:20:35 +01:00
Rasmus Wriedt Larsen
6b14c1d6b9
Merge branch 'main' into jorgectf/python/deserialization
2022-03-08 11:15:03 +01:00
Taus
5a8ba6a7af
Python: Fix use of singleton set
2022-03-07 18:59:49 +00:00
Taus
d2603884ca
Python: Fix a bunch of class QLDoc
2022-03-07 18:59:49 +00:00
Taus
af7f532212
Python: Fix up a bunch of function QLDoc
2022-03-07 18:59:49 +00:00
haby0
7e6666bc63
Merge branch 'main' into py/add-ssrf-sinks
2022-03-07 12:09:14 +08:00
Rasmus Wriedt Larsen
f620e2599d
Merge branch 'main' into py/add-ssrf-sinks
2022-03-04 11:50:12 +01:00
Rasmus Wriedt Larsen
02a97b08bb
Python: Move urllib and urllib2 to be part of stdlib modeling
2022-03-04 11:31:47 +01:00
Rasmus Wriedt Larsen
c65839bb77
Python: improve urllib3 modeling
2022-03-04 11:25:14 +01:00
Rasmus Wriedt Larsen
7d6d8be179
Python: Fix httpx modeling
2022-03-04 11:07:51 +01:00
Rasmus Wriedt Larsen
40feb1fb8d
Python: SPURIOUS results for httpx
2022-03-04 11:03:32 +01:00
yoff
d0a393e8d1
Update python/ql/test/library-tests/frameworks/stdlib/XPathExecution.py
...
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com >
2022-03-04 10:56:53 +01:00
Rasmus Wriedt Larsen
1a9620a87a
Python: Add conditional assignment check for sax parser
2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
f0131afc54
Python: Fix huge_tree modeling
2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
d6cbfec434
Python: huge_tree tests were wrong
...
Nice spotted @jorgectf!
2022-03-04 10:16:28 +01:00
Rasmus Wriedt Larsen
3f6c55e8ae
Python: Rename vulnerable predicate => vulnerableTo
2022-03-03 22:09:31 +01:00
Rasmus Wriedt Larsen
c0a6f9f3fd
Python: Restructure lxml modeling
...
and handle parser being passed as positional argument
2022-03-03 22:00:55 +01:00
Rasmus Wriedt Larsen
c0a2c25f5a
Python: Restructure modeling of xml.etree parsers
2022-03-03 21:59:34 +01:00
Rasmus Wriedt Larsen
46238d5ea0
Python: Add test for XMLPullParser
...
But handling this in a nice way will require some restructuring
2022-03-03 21:28:46 +01:00
Rasmus Wriedt Larsen
33ebcdf437
Python: Support feed method of lxml/xml.etree Parsers
2022-03-03 21:26:24 +01:00
Rasmus Wriedt Larsen
f72f673e7e
Python: Update XmlEntityInjection.expected
...
I had forgotten about this, but better late than never... also added a
small representative test
2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
3278793972
Python: Handle more functions and kw-args
2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
2451123c67
Python: Move XML PoC to new test dir
2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
c739ae40b6
Python: Port xmltodict tests
2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
0b12d91817
Python: Port xml.sax tests
2022-03-03 21:18:18 +01:00
Rasmus Wriedt Larsen
5fb4c4d152
Python: Port xml.etree tests
2022-03-03 20:51:02 +01:00
Rasmus Wriedt Larsen
a7134cac2e
Python: Port xml.dom tests
2022-03-03 20:39:56 +01:00
Rasmus Wriedt Larsen
faebaee141
Python: Use concept tests for XML Parsing
...
I was loosing my mind from looking through those .expected files
Just going to take it one file at time, to make reviewing easier
2022-03-03 20:36:51 +01:00
Rasmus Wriedt Larsen
4b03f5c724
Python: Rename xml.sax test for consistency
2022-03-03 19:39:32 +01:00
Rasmus Wriedt Larsen
7cda901da2
Python: Add separate query for SimpleXMLRPCServer
...
This was a rough quick-n-dirty query, and should get some qhelp as well at some point.
2022-03-03 19:35:33 +01:00
Rasmus Wriedt Larsen
9406a972cd
Python: Fix vuln detection for xml.minidom with parser arg
2022-03-03 17:52:11 +01:00
Rasmus Wriedt Larsen
5a652480b1
Python: Annotate xml.dom tests
2022-03-03 17:37:25 +01:00
Rasmus Wriedt Larsen
c4d08db62a
Python: Expand XML PoC with minidom/pulldom/expat
2022-03-03 17:30:16 +01:00
Rasmus Wriedt Larsen
3affa6cf3a
Python: Annotate xmltodict tests
2022-03-03 15:08:56 +01:00
