hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,672 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

267 Commits

Author SHA1 Message Date
Sim4n6
d7af80136e Fail tests when missing annotation on sink orfail 2023-02-12 21:27:20 +01:00
Sim4n6
518684b736 Put back the annotation result=BAD 2023-02-12 21:26:12 +01:00
Sim4n6
80d4fb5e33 Organisation TarSlip/UnsafeUnpack into two folders 2023-02-12 10:51:53 +01:00
Sim4n6
b04d5684fb add a blank line at the end of the file 2023-02-09 15:23:58 +01:00
Sim4n6
a0150849cb Updated the expected test file 2023-02-02 21:42:47 +01:00
Sim4n6
1a8c9abee2 Incorporate Sink & Source as steps from TarSlipQry 2023-02-02 21:09:40 +01:00
Sim4n6
18d8bbc9a4 Updated the expected results accordingly 2023-01-27 14:05:25 +01:00
Sim4n6
5f0bf1053a Update the dataflow test query and the expected results 2023-01-27 13:42:57 +01:00
Sim4n6
998f1bf215 Some reformatting 2023-01-26 18:54:36 +01:00
Sim4n6
51b11de44a Add a Django Upload examples 2023-01-26 15:16:24 +01:00
Sim4n6
54cc4d6498 Opt for any source from RemoteFlowSource. 2023-01-26 12:51:55 +01:00
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
Sim4n6
9464940214 Add expected results for argparse source 2023-01-26 01:00:19 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
f867c9008f Commit the expected results 2023-01-26 00:08:54 +01:00
Sim4n6
9b5b0c60b8 Handle the download of a tarball using wget pkg. 2023-01-26 00:02:20 +01:00
Sim4n6
22af6f5182 Restrict download_file() to boto3 lib 2023-01-25 23:00:00 +01:00
Sim4n6
10d6ebf95b Use of inline tests for dataflow queries 2023-01-25 19:28:05 +01:00
Sim4n6
b5a6f6e165 Merge pull request #1 from github/main 
Sync with the upstream
 2023-01-25 19:13:35 +01:00
Rasmus Lerchedahl Petersen
2edbfbf8bc python: update test expectations 
...now the bug is fixed
 2023-01-09 20:35:20 +01:00
ALJI Mohamed
9336f4f1a2 Considering the use of contextlib.closing() method 2022-12-08 12:26:59 +01:00
ALJI Mohamed
68fd75ca34 UnpackUnsafe query and tests 2022-12-05 17:20:22 +01:00
ALJI Mohamed
fdbed2a019 Add expected test results without considering inStdLib files. 2022-10-22 09:34:57 +01:00
ALJI Mohamed
0f44268038 Add expected test results 2022-10-21 22:14:55 +01:00
ALJI Mohamed
7d60f1f1c8 Modified the QL ref file and add TarSlip examples 2022-10-21 22:14:00 +01:00
ALJI Mohamed
31a6fb4181 Add TarSlip qlref for query-tests 2022-10-21 21:28:20 +01:00
erik-krogh
4da0508dae Merge branch 'main' into py-last-msg 2022-10-11 10:49:19 +02:00
erik-krogh
6fdfd40880 changes to address reviews 2022-10-07 22:31:00 +02:00
erik-krogh
944ca4a0da fix some more style-guide violations in the alert-messages 2022-10-07 11:23:34 +02:00
Rasmus Wriedt Larsen
d7be27a1c0 Python: Fix experimental py/ip-address-spoofing 
I realized the modeling was done in a non-recommended way, so I changed
the modeling. It was very nice that I could use API graphs for the flask
part, and a little sad when I couldn't for Django/Tornado.
 2022-10-03 21:19:30 +02:00
Rasmus Wriedt Larsen
b01a0ae696 Python: Adjust .expected after flask source change 
It's really hard to audit that this is all good.. I tried my best with
`icdiff` though -- and there is a problem with
ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
that needs to be fixed in the next commit
 2022-10-03 20:35:49 +02:00
erik-krogh
e89e0eb7fb make some acronyms camelCase 2022-08-22 21:22:35 +02:00
yoff
699761889d Merge pull request #7127 from jty-team/jty/python/emailInjection 
Python: CWE-079 - Add Email injection query
 2022-06-14 10:54:16 +02:00
jorgectf
e577a0e836 Update .expected tests 2022-05-27 00:13:40 +02:00
${sleep,7}
76c27c685f Merge branch 'main' into jty/python/emailInjection 2022-05-26 16:27:57 -04:00
yoff
aadfa8eacd Merge branch 'main' into py/CsvInjection 2022-05-25 10:43:08 +02:00
Rasmus Wriedt Larsen
6611e5b4b8 Merge branch 'main' into promote-pam 2022-05-18 10:35:39 +02:00
Erik Krogh Kristensen
7245591468 Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Rasmus Wriedt Larsen
cff950f5f7 Python: Fix select of py/insecure-cookie 2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen
0956d506de Python: Actually promote py/pam-auth-bypass 
🤦
 2022-05-11 13:44:47 +02:00
Rasmus Wriedt Larsen
fc8633cc01 Python: Fix select for py/cookie-injection 2022-05-11 13:18:14 +02:00
Rasmus Wriedt Larsen
d127d2164a Merge branch 'main' into jorgectf/python/insecure-cookie 2022-05-11 11:13:47 +02:00
Rasmus Wriedt Larsen
7e87e18b32 Python: Adjust name/description/select of PamAuthorization.ql 
Thought that calling out the actual vulnerability would make things
easier for our end users :)
 2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen
cb17e2a649 Merge pull request #8595 from porcupineyhairs/pypam 
Python : Add query to detect PAM authorization bypass
 2022-05-10 13:35:12 +02:00
Rasmus Wriedt Larsen
2421076d2f Merge pull request #8696 from RasmusWL/new-nosql-examples 
Python: Improve experimental modeling for `pymongo`
 2022-05-10 11:03:05 +02:00
Rasmus Wriedt Larsen
c218162104 Merge branch 'main' into pypam 2022-05-09 14:20:05 +02:00
Rasmus Wriedt Larsen
3c1a37e7e1 Merge branch 'main' into new-nosql-examples 2022-05-02 11:21:36 +02:00
${sleep,7}
b5734ed6a2 Merge branch 'main' into jty/python/emailInjection 2022-04-20 09:50:08 -04:00
Rasmus Wriedt Larsen
bb6969a175 Merge branch 'main' into promote-xxe 2022-04-20 13:42:02 +02:00
Rasmus Wriedt Larsen
6235dc5039 Python: Handle find_library assignment to temp variable 2022-04-13 11:44:15 +02:00