hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-02-23 02:13:41 +01:00
Code Issues Packages Projects Releases Wiki Activity
28,624 Commits 1,693 Branches 161 Tags
e7cb7629470692068639d5a50ef5db11d215a2c9
Commit Graph

789 Commits

Author SHA1 Message Date
jorgectf
e7cb762947 Add SmtpLib to Frameworks.qll and minimal fixes 2021-11-13 14:24:02 +01:00
jorgectf
dbdf102ea6 Make EmailSender an extendable API 2021-11-13 14:23:11 +01:00
jorgectf
63eadc8441 Polish sendgrid modeling 2021-11-13 02:12:58 +01:00
jorgectf
33b6f6fe61 Polish FlaskMail qldocs 2021-11-13 02:12:22 +01:00
jorgectf
1393b5b157 Add django qldocs 2021-11-13 02:11:45 +01:00
jorgectf
5b46b90e10 Fix additional taint step variables 2021-11-09 14:41:35 +01:00
jorgectf
c0a0c5d811 Cover footer and subscription_tracking html injection 2021-11-08 10:51:11 +01:00
jorgectf
d316974157 Add HtmlContent additional taint step 2021-11-08 10:23:50 +01:00
jorgectf
356b07112a Cover MimeType.amp as a vulnerable mimetype 2021-10-30 21:19:22 +02:00
jorgectf
3264e7be99 Merge branch 'jty/python/emailInjection' of https://github.com/jty-team/codeql into jty/python/emailInjection 2021-10-30 21:11:30 +02:00
thank_you
d9e4df7f97 Remove unnecessary comment 2021-10-30 14:00:58 -04:00
jorgectf
4afcd9d207 [mrthankyou] smtplib partial modeling. 2021-10-28 19:18:59 +02:00
jorgectf
ba3ea700f5 Add Sendgrid dict data html body modeling 2021-10-28 18:47:54 +02:00
jorgectf
dbf5b24b86 Polish Sendgrid.qll qldoc 2021-10-28 18:26:35 +02:00
jorgectf
e8e0f0fea8 Add temporary .expected 2021-10-28 14:22:14 +02:00
jorgectf
bf68495102 Polish FlaskMail qldocs 2021-10-28 14:21:43 +02:00
jorgectf
c9634f3c6f Fix getFlaskMailArgument() 2021-10-28 13:54:14 +02:00
jorgectf
4c2a4226ef Merge remote-tracking branch 'origin/main' into jty/python/emailInjection 2021-10-28 13:26:57 +02:00
jorgectf
14c50e993b Add django GET.get RFS 2021-10-16 13:10:48 +02:00
jorgectf
45146bc798 Merge branch 'main' into jorgectf/python/headerInjection 2021-10-16 12:46:57 +02:00
jorgectf
2db1ffef1e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-10-16 10:40:52 +02:00
Rasmus Lerchedahl Petersen
61008fd3d0 Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection 2021-10-12 11:28:12 +02:00
yoff
43f7eede0b Merge pull request #6182 from haby0/python/LogInjection 
Python: CWE-117 Log injection
 2021-10-12 10:54:45 +02:00
haby0
d52f95d24d Auto Formatting 2021-10-12 09:36:44 +08:00
yoff
0629ce00de Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck 
[Python] CWE-348:  Client supplied ip used in security check
 2021-10-11 16:38:04 +02:00
haby0
538bf7c321 Update python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2021-10-07 19:44:25 +08:00
haby0
a17b0d4e5c Modify Sanitizer 2021-10-05 17:12:04 +08:00
Rasmus Wriedt Larsen
547cbb6322 Merge pull request #6331 from porcupineyhairs/pythonXpath 
Python : Improve Xpath Injection Query
 2021-09-24 18:11:08 +02:00
Rasmus Wriedt Larsen
26d2fbd217 Python: Fix new XPath injection query 
Fixes the typo `ETXpath` => `ETXPath`
 2021-09-24 15:11:34 +02:00
Rasmus Wriedt Larsen
913a679ef5 Python: Replace old XPath injection query 2021-09-24 15:10:41 +02:00
Rasmus Wriedt Larsen
c9640ffdbc Python: Minor adjustments to XPath Injection 2021-09-24 15:02:39 +02:00
Rasmus Wriedt Larsen
289660067c Merge branch 'main' into pythonXpath 2021-09-24 13:53:38 +02:00
haby0
9b969e15fc Modify according to @yoff suggestion 2021-09-24 12:56:10 +08:00
Rasmus Wriedt Larsen
70489b2fc2 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-23 10:05:56 +02:00
haby0
6c07a3e260 Apply @yoff's suggestion 2021-09-22 18:50:58 +08:00
haby0
99167539fb Modify sinks 2021-09-17 17:29:40 +08:00
haby0
0277601705 Eliminate false positives caused by . 2021-09-16 20:59:34 +08:00
haby0
c60eded2de Fix conflicting 2021-09-15 11:07:43 +08:00
haby0
9e63aa9d84 Update query 2021-09-14 21:12:49 +08:00
Rasmus Lerchedahl Petersen
36e27f2aa4 Python: Remove promoted code: 
- queries (`py/regex-injection`)
- concepts (RegexExecution, RegexEscape)
- library models (Stdlib::Re)
 2021-09-14 13:14:16 +02:00
jorgectf
2ccc6dc092 Merge branch 'main' into jorgectf/python/ldapinsecureauth 2021-09-14 09:32:19 +02:00
jorgectf
353c0a9ee7 Add missing comment 2021-09-12 20:44:04 +02:00
jorgectf
18b05bc56e Fix tests and add global option 2021-09-12 20:35:57 +02:00
jorgectf
54012eba23 Optimize getFullHostRegex 2021-09-12 20:13:08 +02:00
jorgectf
eee9b3f39e Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection 2021-09-07 19:54:58 +02:00
jorgectf
352eab0eca Fix HeaderDeclaration class' comment 2021-09-07 19:44:25 +02:00
Jorge
190bc2f0da Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-09-07 19:42:37 +02:00
jorgectf
4e261c61ae Optimize concatAndCompareAgainstFullHostRegex 2021-09-07 19:05:03 +02:00
jorgectf
800801177d Fix taint tracking comment 2021-09-07 19:02:32 +02:00
jorgectf
b802d7903a Fix OPT_X_TLS_ mandatory options 2021-09-07 19:01:46 +02:00