hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,611 Commits 1,673 Branches 157 Tags
ea4c2e432100cb15e4ad5448d02c36153a6f9f95
Commit Graph

35 Commits

Author SHA1 Message Date
erik-krogh
4da0508dae Merge branch 'main' into py-last-msg 2022-10-11 10:49:19 +02:00
erik-krogh
944ca4a0da fix some more style-guide violations in the alert-messages 2022-10-07 11:23:34 +02:00
Rasmus Wriedt Larsen
b01a0ae696 Python: Adjust .expected after flask source change 
It's really hard to audit that this is all good.. I tried my best with
`icdiff` though -- and there is a problem with
ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
that needs to be fixed in the next commit
 2022-10-03 20:35:49 +02:00
Rasmus Wriedt Larsen
ec66f26ade Python: Handle get_collection on pymongo DB 2022-04-07 16:32:20 +02:00
Rasmus Wriedt Larsen
89eeaf85d5 Python: Handle get_database on MongoClient instance 2022-04-07 16:31:17 +02:00
Rasmus Wriedt Larsen
81fdc1bd78 Python: Add more pymongo NoSQL tests 2022-04-07 16:22:16 +02:00
Rasmus Wriedt Larsen
30fff1cf8b Python: Merge pymongo NoSQL tests 2022-04-07 16:04:25 +02:00
Mathias Vorreiter Pedersen
abe30457ee Python: Accept test changes. 2022-03-17 14:03:58 +01:00
Rasmus Lerchedahl Petersen
9aa4c4a6a7 python: Add missing input 
also update test expectation
 2022-01-21 13:55:33 +01:00
jorgectf
6f09b95019 Update .expected 2021-07-15 17:16:29 +02:00
${sleep,5}
51a6140258 Change variable name to correct sanitized input variable 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2021-07-13 14:04:06 -04:00
jorgectf
e02a63a27a Delete trivial *_good.py tests 2021-06-29 23:03:41 +02:00
jorgectf
621a810b7b Update .expected 2021-06-29 16:53:53 +02:00
jorgectf
9a8d1f8e0f Take back non-trivial tests 2021-06-29 16:53:44 +02:00
jorgectf
68c683189a Polish documentation, mongoCollectionMethod() and update .expected 2021-06-28 20:55:49 +02:00
jorgectf
3fd1129895 Delete trivial tests 2021-06-28 20:18:31 +02:00
jorgectf
0ca4f240d9 Merge tests and update .expected 2021-06-28 20:13:53 +02:00
jorgectf
eb16018446 Update .expected 2021-06-17 15:45:05 +02:00
jorgectf
8e3d5ff3f9 Rename mongoclient tests 2021-06-17 15:43:01 +02:00
jorgectf
8527ccc6d6 Update .expected 2021-06-16 23:19:14 +02:00
jorgectf
81505fbd76 Normalize tests 2021-06-16 23:18:38 +02:00
jorgectf
5123b8f4e3 Update .expected 2021-06-15 20:29:33 +02:00
jorgectf
e61cf9a58d Simplify tests 2021-06-15 19:32:02 +02:00
thank_you
3e25b14a68 Update NoSQLInjection.expected 2021-05-11 20:07:09 -04:00
thank_you
07c3e22428 Fix method name to match flask_mongoengine library 2021-05-09 19:23:52 -04:00
jorgectf
e7bdc73420 Update .expected 2021-05-07 23:00:21 +02:00
jorgectf
65c6f1976a Rename mongoengine-flask-db-document-subclass 2021-05-07 23:00:08 +02:00
thank_you
7693d696cc Add additional query tests 
To ensure that this query works against numerous usages of libraries such as PyMongo, Flask PyMongo, Mongoengine, and Flask Mongoengine, I've added a variety of query tests to test against. These tests deal with scenarious such as:

- Subscript expressions
- Mongoengine instances and Document subclasses
- Mongoengine connection usage
- And more...
 2021-05-07 14:36:02 -04:00
jorgectf
5d25a27d62 Add .expected 2021-04-09 22:28:03 +02:00
jorgectf
0e51dbec86 Polish tests 2021-04-09 21:29:56 +02:00
thank_you
719c30bd92 Fix file name and adjust where the test points to 2021-04-07 16:42:51 -04:00
thank_you
3f0c758622 Add required __raw__ keyword 
This __raw__ keyword is required for the actual mongoengine vulnerability. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 19:07:13 -04:00
jorgectf
5a1dc48e48 Fix Mongoengine test 2021-03-31 17:50:31 +02:00
jorgectf
4579132f22 Add left tests 2021-03-30 21:14:33 +02:00
jorgectf
517a9202ce PR init 2021-03-30 17:51:17 +02:00