hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-22 07:26:45 +01:00
Code Issues Packages Projects Releases Wiki Activity
48,607 Commits 1,712 Branches 163 Tags
f5e33ac00a3c0ea059db832dd3f17283c06c28fa
Commit Graph

1118 Commits

Author SHA1 Message Date
Taus
8cccee6eba Merge pull request #6972 from yoff/python/promote-redos 
Python: Promote ReDoS queries
 2021-11-23 14:02:09 +01:00
jorgectf
840cded9b0 Avoid using Str_ in CookieHeader 2021-11-16 19:18:00 +01:00
jorgectf
a4204cc04f Avoid using Str_ internal class 2021-11-16 19:00:04 +01:00
Taus
eed98bd76a Merge pull request #5588 from jorgectf/jorgectf/python/jwt-queries 
Python: Add JWT security-related queries
 2021-11-16 15:40:45 +01:00
jorgectf
9ad8a85f4d Delete redundant checks in verifiesSignature() 2021-11-16 15:08:18 +01:00
Jorge
a722631278 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-11-16 15:02:06 +01:00
jorgectf
6ecb6d1a1b Adapt Django and Flask to their main modelings 2021-11-16 14:59:41 +01:00
jorgectf
e7d649f36d Make Cookie concept extend HTTP::Server::CookieWrite 2021-11-16 13:54:25 +01:00
jorgectf
cb8e54e38e Delete redundant LXMLParser dangerous check 2021-11-16 13:27:24 +01:00
jorgectf
637901d980 Make concepts instances of their ranges 2021-11-16 13:25:29 +01:00
jorgectf
018aa11bb6 Make EmailSender an instance of EmailSender::Range 2021-11-16 13:17:43 +01:00
jorgectf
f35025344c Merge branch 'jty/python/emailInjection' of https://github.com/jty-team/codeql into jty/python/emailInjection 2021-11-15 23:04:19 +01:00
jorgectf
5bd8de1514 Fix smtplib's _subparts taint config issue 2021-11-15 23:04:17 +01:00
Jorge
a905205f16 Merge branch 'github:main' into jty/python/emailInjection 2021-11-15 16:44:11 +01:00
Jorge
1be823d5e7 Apply suggestions from code review 
Co-authored-by: ${sleep,5} <52643283+mrthankyou@users.noreply.github.com>
 2021-11-15 16:41:51 +01:00
jorgectf
129a81a2f8 Cover smtplib 2021-11-13 14:24:40 +01:00
jorgectf
e7cb762947 Add SmtpLib to Frameworks.qll and minimal fixes 2021-11-13 14:24:02 +01:00
jorgectf
dbdf102ea6 Make EmailSender an extendable API 2021-11-13 14:23:11 +01:00
jorgectf
63eadc8441 Polish sendgrid modeling 2021-11-13 02:12:58 +01:00
jorgectf
33b6f6fe61 Polish FlaskMail qldocs 2021-11-13 02:12:22 +01:00
jorgectf
1393b5b157 Add django qldocs 2021-11-13 02:11:45 +01:00
jorgectf
5b46b90e10 Fix additional taint step variables 2021-11-09 14:41:35 +01:00
jorgectf
c0a0c5d811 Cover footer and subscription_tracking html injection 2021-11-08 10:51:11 +01:00
jorgectf
d316974157 Add HtmlContent additional taint step 2021-11-08 10:23:50 +01:00
jorgectf
83e3de1fed Polish documentation. 2021-11-05 21:05:33 +01:00
jorgectf
cf47e8eb9c Fix endpoints' naming 2021-11-05 20:12:35 +01:00
jorgectf
b3258ce20f Add CookieInjection sample and .qhelp 2021-11-05 20:12:05 +01:00
jorgectf
4cb78ac654 Fix typo 2021-11-05 20:08:37 +01:00
Rasmus Wriedt Larsen
5c2734c643 Python: Fix experimental Django.qll 2021-11-02 10:55:44 +01:00
jorgectf
356b07112a Cover MimeType.amp as a vulnerable mimetype 2021-10-30 21:19:22 +02:00
jorgectf
3264e7be99 Merge branch 'jty/python/emailInjection' of https://github.com/jty-team/codeql into jty/python/emailInjection 2021-10-30 21:11:30 +02:00
thank_you
d9e4df7f97 Remove unnecessary comment 2021-10-30 14:00:58 -04:00
jorgectf
066b40098c Add lxml.etree.XMLParser missing resolve_entities dangerous case 2021-10-28 19:34:15 +02:00
jorgectf
4afcd9d207 [mrthankyou] smtplib partial modeling. 2021-10-28 19:18:59 +02:00
jorgectf
ba3ea700f5 Add Sendgrid dict data html body modeling 2021-10-28 18:47:54 +02:00
jorgectf
dbf5b24b86 Polish Sendgrid.qll qldoc 2021-10-28 18:26:35 +02:00
jorgectf
47b14f1adc Polish Concepts.qll qldocs 2021-10-28 17:55:34 +02:00
jorgectf
b3ec82cd36 Merge branch 'jorgectf/python/jwt-queries' of https://github.com/jorgectf/codeql into jorgectf/python/jwt-queries 2021-10-28 17:40:33 +02:00
jorgectf
a6c285ad32 Apply getItem(_) and extend verifiesSignature readability 2021-10-28 17:40:27 +02:00
Jorge
f4d63cc5e7 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2021-10-28 17:34:11 +02:00
jorgectf
ef4a27ff8c Apply code review suggestions 2021-10-28 17:31:52 +02:00
jorgectf
e8e0f0fea8 Add temporary .expected 2021-10-28 14:22:14 +02:00
jorgectf
bf68495102 Polish FlaskMail qldocs 2021-10-28 14:21:43 +02:00
jorgectf
c9634f3c6f Fix getFlaskMailArgument() 2021-10-28 13:54:14 +02:00
jorgectf
4c2a4226ef Merge remote-tracking branch 'origin/main' into jty/python/emailInjection 2021-10-28 13:26:57 +02:00
jorgectf
3dec222922 Merge remote-tracking branch 'origin/main' into jorgectf/python/jwt-queries 2021-10-28 13:11:46 +02:00
jorgectf
7069f45864 Polish documentation 2021-10-28 13:09:28 +02:00
Rasmus Wriedt Larsen
58bc1102e5 Merge branch 'main' into jorgectf/python/deserialization 2021-10-28 12:31:34 +02:00
jorgectf
cf9e9f9dd4 Add cookie injection query missing proper tests 2021-10-28 10:28:45 +02:00
jorgectf
5dc1ad6f8a Polish .ql 2021-10-28 09:25:47 +02:00