hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-23 07:56:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,607 Commits 1,712 Branches 163 Tags
f5e33ac00a3c0ea059db832dd3f17283c06c28fa
Commit Graph

1118 Commits

Author SHA1 Message Date
jorgectf
fa5869afe7 Polish qhelp and examples 2021-04-09 21:31:45 +02:00
jorgectf
a6b3aefb0b Add flask_mongoengine sink 2021-04-09 21:30:17 +02:00
jorgectf
1c34230efb Fix documentation typo 2021-04-09 01:58:18 +02:00
jorgectf
f140601241 Write documentation 2021-04-09 01:57:23 +02:00
jorgectf
b020ea6e3a Polish documentation 2021-04-09 01:50:23 +02:00
jorgectf
a2e8d88a07 Write documentation 2021-04-09 01:47:44 +02:00
jorgectf
e9c4574552 Apply structure 2021-04-09 01:26:53 +02:00
jorgectf
789c5857fa Create qhelp example 2021-04-09 01:26:28 +02:00
jorgectf
ce3fb6be21 Improve qhelp 2021-04-09 01:26:16 +02:00
jorgectf
b0c498629a Init restructuring 2021-04-09 01:02:03 +02:00
jorgectf
6158dd6bce Finish Sinks 2021-04-09 01:02:02 +02:00
jorgectf
bd894ae8b3 Fix flask test 2021-04-09 01:02:02 +02:00
jorgectf
3be916e82b Polish FlaskHeaderCall 2021-04-09 01:02:01 +02:00
jorgectf
46c5cb1136 Polish WerkzeugHeaderCall 2021-04-09 01:02:00 +02:00
jorgectf
6f89b3f3d9 Init Header Injection query 2021-04-09 01:02:00 +02:00
jorgectf
cd75433e39 Fix qhelp examples extension 2021-04-09 00:52:50 +02:00
jorgectf
015d203fcb Improve tests, move them and create qhelp examples 2021-04-09 00:50:47 +02:00
jorgectf
2392be08c7 Improve sink 2021-04-09 00:50:04 +02:00
jorgectf
20fc5db49e Polish query file 2021-04-09 00:49:30 +02:00
jorgectf
63bd32359a Improve qhelp 2021-04-09 00:48:57 +02:00
jorgectf
82f47f8571 Polish metadata 2021-04-08 23:55:34 +02:00
jorgectf
b405c675c2 Add qhelp last newline 2021-04-08 23:49:33 +02:00
jorgectf
95bfdc4955 Move tests to /test 2021-04-08 23:45:03 +02:00
jorgectf
1554f4f48d Create qhelp examples 2021-04-08 23:44:46 +02:00
jorgectf
3c1ca72324 Improve qhelp 2021-04-08 23:44:30 +02:00
jorgectf
7296879bc9 Polish tests 2021-04-08 23:11:20 +02:00
jorgectf
8661cb0719 Polish LDAP3Query 2021-04-08 22:56:12 +02:00
jorgectf
a1850ddad4 Change LDAP config (qll) filename 2021-04-08 22:55:48 +02:00
Dilan
d73ba13b28 autoformat fix 2021-04-08 11:41:58 -07:00
jorgectf
33423eaef3 Optimize calls 2021-04-08 00:31:53 +02:00
jorgectf
7e456494ef Set up taint config and custom sink 2021-04-08 00:20:04 +02:00
jorgectf
8ca6e84268 Refactor Calls to use ApiGraphs 2021-04-08 00:19:46 +02:00
jorgectf
aa7763b3d2 Set up Concepts 2021-04-08 00:19:14 +02:00
jorgectf
db1f54a5f3 Polish query file 2021-04-08 00:19:00 +02:00
Dilan
675de07c3e autoformat ql 2021-04-07 15:04:18 -07:00
thank_you
83f28bfdda Catch any keyword argument passed to MongoEngine's objects method 
After some research, we discovered that any keyword argument passed to the objects method will result in NoSQL injection. This includes scenarios where we have the following:

objects(name_of_model_attribute=unsanitized_user_input)
 2021-04-07 16:45:48 -04:00
thank_you
4e98348411 Remove comment 2021-04-06 13:57:03 -04:00
thank_you
dc274ecf36 Improve sentence structure and grammar 2021-04-06 13:51:59 -04:00
thank_you
520e65e3c3 Remove unnecessary example code 2021-04-06 13:46:51 -04:00
thank_you
ac31260fed Made grammar changes 2021-04-06 13:42:57 -04:00
jorgectf
bfd4280d35 Fix imports and begin refactor 2021-04-06 15:51:37 +02:00
jorgectf
2f874c5c0b Precision warn and Remove CWE (broken) reference 2021-04-06 15:47:42 +02:00
jorgectf
809bf2377e Move to experimental folder 2021-04-06 15:47:41 +02:00
jorgectf
1bcb9cd7c0 Simplify query 2021-04-06 15:42:56 +02:00
thank_you
6ade120983 Add check for mongoengine raw queries 
After initial research on our end, we believe that the only vulnerability within the objects() method is passing a query into the __raw__ keyword argument. More info can be found below:

http://docs.mongoengine.org/guide/querying.html?highlight=inc__#raw-queries
 2021-04-05 20:44:16 -04:00
thank_you
759fa2cd01 Update query to search for more pymongo sink methods 2021-04-05 20:42:18 -04:00
Your Name
80216f6974 Rename classes 2021-04-05 14:41:08 -04:00
Your Name
be9a3a95b1 Add relevant PyMongo sink methods 2021-04-05 14:23:56 -04:00
Your Name
9072d19cda Update qhelp file 2021-04-05 13:56:43 -04:00
jorgectf
d22da880e7 Fix verifiesSignature() 2021-04-04 20:31:07 +02:00