hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
18,550 Commits 1,672 Branches 157 Tags
f95c480b51018ffedb693bcf90da5350b652fdfc
Commit Graph

1815 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
1897a0d59a Python: Move PathInjection configuration to own file 
This one required a bit more thought, but ended up pretty nicely. Had to write
some QLDoc, but I think it turned out OK.
 2020-11-06 14:21:23 +01:00
Rasmus Wriedt Larsen
0c6bd8401a Python: Move SqlInjection configuration to own file 2020-11-06 14:09:46 +01:00
Rasmus Wriedt Larsen
6299b73a46 Python: Move CommandInjection configuration to own file 2020-11-06 14:07:06 +01:00
Rasmus Wriedt Larsen
7c04c59456 Python: Move CodeInjection configuration to own file 
This makes it easy to extend the sources/sinks of the configuration and re-run
the query from the query console on LGTM.com.

File location in `semmle.<lang>.security.dataflow.<QueryName>.qll` is matching
what we currently do in other languages (JS and C# sampled).

I did not follow the pattern in other languages for wrapping all the code in a
`module CodeInjection`, since I didn't understand the value in doing so -- I
would like confirmation from the other teams if we _should_ actually do that,
before merging.
 2020-11-06 13:58:06 +01:00
yoff
79fcf598f3 Merge pull request #4608 from RasmusWL/patch-1 
Python: Remove unnecessary cached annotation from adjacentRefUse
 2020-11-04 16:08:30 +01:00
Rasmus Wriedt Larsen
31247739d7 Python: Remove unnecessary cached annotation from adjacentRefUse 
As discussed in https://github.com/github/codeql/pull/4544#pullrequestreview-516575676
 2020-11-04 15:16:08 +01:00
yoff
62cb4ec974 Merge pull request #4605 from RasmusWL/python-fix-django-response-modeling 
Python: fix django response modeling
 2020-11-04 15:00:52 +01:00
Rasmus Wriedt Larsen
5cf8285717 Python: Fix default mimetype for django FileResponse 2020-11-04 12:28:51 +01:00
Rasmus Wriedt Larsen
826aedeb85 Python: Remove resolved TODO 2020-11-04 12:17:31 +01:00
Rasmus Wriedt Larsen
353505ec6c Python: Handle content of Django redirects correctly 2020-11-04 12:10:58 +01:00
Taus
180373c41d Merge pull request #4597 from yoff/python-fix-ql-doc 
Python: Fix ql doc
 2020-11-04 11:37:32 +01:00
Rasmus Wriedt Larsen
92dc7dc2f3 Python: Use mimetype instead of content-type in django modeling 
This enables the XSS query to actually find results from django responses.
 2020-11-04 11:34:20 +01:00
Anders Schack-Mulligen
92494441a7 Merge pull request #4554 from aschackmull/dataflow/reverse-partial 
Dataflow: Add support reverse partial flow exploration.
 2020-11-03 15:34:30 +01:00
Rasmus Lerchedahl Petersen
1023b239e4 Python: Simplify doc 2020-11-03 12:10:00 +01:00
yoff
d6a33a1253 Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-03 12:04:43 +01:00
Rasmus Lerchedahl Petersen
b71ea40dbd Python: QL doc for Werkzeug 2020-11-03 11:44:48 +01:00
Rasmus Lerchedahl Petersen
1773cc3a38 Python: QL doc for MySQLdb 2020-11-03 11:39:28 +01:00
Rasmus Lerchedahl Petersen
01783acca6 Python: QL doc for RemoteFlowSources 2020-11-03 11:37:34 +01:00
Rasmus Lerchedahl Petersen
f44cbf4b6c Python: QL doc for TypeTracker 2020-11-03 11:32:57 +01:00
Rasmus Lerchedahl Petersen
50eb51b6fe Python: QL doc for StepSummary 2020-11-03 11:30:52 +01:00
Rasmus Lerchedahl Petersen
6103dbcfff Python: QL doc for Node 2020-11-03 11:13:58 +01:00
Rasmus Lerchedahl Petersen
2bb1917733 Python: QlDoc for content 2020-11-03 11:10:33 +01:00
Rasmus Wriedt Larsen
cac336d053 Python: Import Customizations into python 
Using the pattern from JS and Java to make this the _first_ import in `<lang>.qll`
 2020-11-03 10:23:05 +01:00
Anders Schack-Mulligen
2971784f9c Dataflow: Add missing qldoc and sync. 2020-11-03 09:21:48 +01:00
Anders Schack-Mulligen
7eb64aa998 Dataflow: Code review fixes. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
1ae76a80aa Dataflow: Fix qldoc. 2020-11-03 09:16:20 +01:00
Anders Schack-Mulligen
d5be4d7b92 Dataflow: Add support reverse partial flow exploration. 2020-11-03 09:16:19 +01:00
Taus Brock-Nannestad
8752b1af1e Python: Fix up remaining data-flow library copies 2020-11-02 23:02:04 +01:00
Taus Brock-Nannestad
b7773849d7 Python: Fix up some comments 2020-11-02 22:57:40 +01:00
Taus Brock-Nannestad
d8c554ed4f Python: Add redirects to old data-flow libraries 2020-11-02 22:20:16 +01:00
Taus Brock-Nannestad
a5121babc8 Python: The one with changes that don't look like renames anymore 2020-11-02 22:19:15 +01:00
Taus Brock-Nannestad
fb6a02e060 Python: More import fixups 2020-11-02 22:17:42 +01:00
Taus Brock-Nannestad
5156bf756d Python: Promote data-flow libraries 
Step 1: Moving stuff around. Also includes a bit of import renaming.
 2020-11-02 22:15:38 +01:00
Taus
25e88ed585 Merge pull request #4588 from yoff/python-pep-249 
Python: Model PEP 249
 2020-11-02 18:57:15 +01:00
yoff
1535ce1f5d Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 18:26:37 +01:00
Rasmus Lerchedahl Petersen
ea74c7f12b Python: add tests 2020-11-02 17:59:51 +01:00
Rasmus Lerchedahl Petersen
cb47b57440 Python: fix typos 2020-11-02 17:22:01 +01:00
yoff
222a2f7f5d Update python/ql/src/experimental/semmle/python/frameworks/PEP249.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 17:19:21 +01:00
yoff
ca34219ec5 Update python/ql/src/experimental/semmle/python/frameworks/PEP249.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 17:19:10 +01:00
yoff
1c83d67513 Update python/ql/src/experimental/semmle/python/frameworks/PEP249.qll 
Co-authored-by: Taus <tausbn@github.com>
 2020-11-02 17:18:18 +01:00
Rasmus Lerchedahl Petersen
6a81987284 Python: Rename and add docs 2020-11-02 17:17:12 +01:00
Taus
2dfffdbab8 Merge pull request #4590 from RasmusWL/python-model-base64 
Python: Model encoding/decoding with base64 module
 2020-11-02 17:00:21 +01:00
Rasmus Lerchedahl Petersen
6d850b2e0c Merge branch 'main' of github.com:github/codeql into python-pep-249 2020-11-02 16:58:31 +01:00
yoff
ac85a77ac5 Update python/ql/src/experimental/semmle/python/Frameworks.qll 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2020-11-02 16:40:22 +01:00
Calum Grant
cb527cae73 Merge pull request #4583 from tausbn/python-test-2 
Python: Promote experimental queries
 2020-11-02 14:42:27 +00:00
Rasmus Wriedt Larsen
247fd4f5f3 Python: Make encoding/decoding preserve taint automatically 
With the way we have set things up, there is no way to opt out of this behavior.
 2020-11-02 14:53:30 +01:00
Rasmus Lerchedahl Petersen
36e364d6ef Python: Django use PEP 249 2020-11-02 14:49:34 +01:00
Rasmus Wriedt Larsen
66f5d0d9d5 Python: Model encoding/decoding with base64 module 2020-11-02 14:44:53 +01:00
Rasmus Wriedt Larsen
eff244db71 Python: Add Encoding concept 
I wasn't able to find a good opposite of "parsing", so left that out of the list
of intended purposes.
 2020-11-02 14:19:20 +01:00
Taus Brock-Nannestad
8147ad4e0b Python: Remove irrelevant files 2020-11-02 14:08:59 +01:00