2529 Commits

Author	SHA1	Message	Date
Taus Brock-Nannestad	ebb593466d	Python: Fixup CWE-089 tests	2020-11-02 11:45:14 +01:00
Taus Brock-Nannestad	7a395bf7c8	Python: Fixup CWE-078 tests.	2020-11-02 11:44:42 +01:00
Taus Brock-Nannestad	52dc905037	Python: Fixup CWE-502 tests.	2020-11-02 11:44:00 +01:00
Rasmus Lerchedahl Petersen	d35bf8f446	Python: Update comments on PEP 249 module	2020-11-02 11:22:51 +01:00
Rasmus Lerchedahl Petersen	0240670d62	Python: import frameworks	2020-11-01 18:02:36 +01:00
Rasmus Lerchedahl Petersen	babcf7acd9	Python: add two implementations of PEP249	2020-11-01 16:01:05 +01:00
Mathias Vorreiter Pedersen	6d0783a3bd	Python: Make sure that expected values with tag mimetype is wrapped in quotes if the value contains a space.	2020-10-31 18:13:12 +01:00
Mathias Vorreiter Pedersen	870ed0039b	Python: Allow single quote strings and accept test changes.	2020-10-31 18:01:55 +01:00
Mathias Vorreiter Pedersen	0bc4d52d66	Python: Update more tests annotations. It looks like we need to allow single-quote strings to support the existing Python use-cases, but let's do that in the next commit.	2020-10-31 17:40:19 +01:00
Mathias Vorreiter Pedersen	ed9ad8b5e3	Merge branch 'main' into better-syntax-for-false-positives-and-negatives-inline-expectation	2020-10-31 16:52:16 +01:00
Rasmus Lerchedahl Petersen	ae3227fc33	Python: initial sketch	2020-10-31 00:10:49 +01:00
Rasmus Lerchedahl Petersen	63cbc01c32	Python: Use subclass pattern for Models	2020-10-30 22:29:38 +01:00
Taus Brock-Nannestad	f903e4ffbe	Python: Promote experimental queries ... DO NOT MERGE Also adds performance fix to `python.qll`.	2020-10-30 19:40:56 +01:00
Rasmus Lerchedahl Petersen	80360450de	Merge branch 'main' of github.com:github/codeql into RasmusWL-python-port-reflected-xss	2020-10-30 17:56:36 +01:00
Rasmus Lerchedahl Petersen	ef9999a4a1	Python: fix test annotation	2020-10-30 17:43:56 +01:00
Rasmus Lerchedahl Petersen	37ad59a92a	Python: subclas of known subclasses	2020-10-30 17:37:54 +01:00
yoff	a3cc9b6982	Update python/ql/src/experimental/semmle/python/frameworks/Flask.qll ... Co-authored-by: Taus <tausbn@github.com>	2020-10-30 17:29:35 +01:00
Mathias Vorreiter Pedersen	45b24a9bc8	Python: Update inline-expectation tests	2020-10-30 16:53:33 +01:00
Mathias Vorreiter Pedersen	6ac740a490	Python: Sync identical file	2020-10-30 16:53:17 +01:00
Rasmus Lerchedahl Petersen	e7c9bc388b	Python: support some custom subclasses	2020-10-30 14:16:48 +01:00
Rasmus Lerchedahl Petersen	e69349791a	Python: django.http.response.HttpRequest.write	2020-10-30 12:51:23 +01:00
Rasmus Lerchedahl Petersen	ffe10d1b7c	Python: test HttpResponse.write	2020-10-30 12:16:12 +01:00
Rasmus Lerchedahl Petersen	fa3a7e6686	Python: Known subclasses of HttpResponse	2020-10-30 11:53:24 +01:00
Rasmus Lerchedahl Petersen	c962377ef4	Python: test for subclasses	2020-10-30 10:37:40 +01:00
Rasmus Lerchedahl Petersen	08af839757	Python: django.http.response.HttpResponseRedirect	2020-10-30 01:29:49 +01:00
Rasmus Lerchedahl Petersen	52be896666	Python: django.http.response.JsonResponse ... It s possible this class is not relevant to XSS	2020-10-30 01:05:36 +01:00
Rasmus Lerchedahl Petersen	0f9b8595d1	Python: rename functions by vulnerability	2020-10-30 00:51:09 +01:00
Rasmus Lerchedahl Petersen	97153b56ad	Python: add false negatives to test	2020-10-30 00:48:19 +01:00
Rasmus Lerchedahl Petersen	2ca86f5ea7	Python: django.http.response.HttpResponse	2020-10-30 00:22:53 +01:00
Mathias Vorreiter Pedersen	acf6ffb990	Python: Sync identical file	2020-10-29 19:07:10 +01:00
Rasmus Lerchedahl Petersen	96e79a2702	Python: restrict to python files	2020-10-29 15:00:47 +01:00
Rasmus Lerchedahl Petersen	6658ee9dc8	Merge branch 'python-port-reflected-xss' of https://github.com/RasmusWL/codeql into RasmusWL-python-port-reflected-xss	2020-10-29 12:46:44 +01:00
Rasmus Lerchedahl Petersen	cf97a56844	Merge remote-tracking branch 'upstream/main' into python-port-path-injection	2020-10-28 14:43:33 +01:00
yoff	c8bb0509e5	Merge pull request #4563 from tausbn/python-remove-refersto-from-regex-libs ... Python: Remove `refersTo` from `regex.qll`	2020-10-28 13:37:14 +01:00
Taus Brock-Nannestad	1503c5ea16	Python: Remove refersTo from regex.qll ... This was causing the old `Object` API stuff to be evaluated when using our new library models (specifically the Django model).	2020-10-28 12:41:17 +01:00
Rasmus Lerchedahl Petersen	9fd1bf60fa	Merge branch 'main' of github.com:github/codeql into python-port-path-injection	2020-10-28 10:24:23 +01:00
Rasmus Lerchedahl Petersen	164acf4055	Python: test that aliasing is not a problem	2020-10-27 11:25:58 +01:00
Rasmus Lerchedahl Petersen	2baed20067	Python: Test false negative from review	2020-10-27 08:30:16 +01:00
Rasmus Lerchedahl Petersen	b6313dddb9	Python: Add concept tests	2020-10-27 08:26:00 +01:00
Rasmus Lerchedahl Petersen	8350d64763	Python: Add concept test definitions	2020-10-27 08:00:53 +01:00
Rasmus Lerchedahl Petersen	601a803ee2	Python: DataFlow/TaintTrackin 3/4	2020-10-26 14:42:18 +01:00
Rasmus Lerchedahl Petersen	d89e985246	Python: Test showing chaining FP	2020-10-24 09:20:30 +02:00
Rasmus Lerchedahl Petersen	022cf0b2cc	Python: Add test from tracking issue ... All tests pass, but there are spurious paths due to configuration chaining.	2020-10-24 09:07:43 +02:00
Rasmus Lerchedahl Petersen	c4d1affaf8	Python: Suggestions from reviewer	2020-10-23 16:57:11 +02:00
yoff	15167753c6	Apply suggestions from code review ... Co-authored-by: Taus <tausbn@github.com>	2020-10-23 16:52:13 +02:00
Rasmus Lerchedahl Petersen	d6e9b351e5	Python: Add qldocs	2020-10-23 16:39:38 +02:00
Rasmus Lerchedahl Petersen	821b0c918a	Python: Additional taintstep for normpath ... Is it ok to have this in general?	2020-10-23 16:35:10 +02:00
CodeQL CI	6218a48e88	Merge pull request #4545 from RasmusWL/python-model-django-v1 ... Approved by tausbn	2020-10-23 15:27:42 +01:00
Rasmus Lerchedahl Petersen	6317db1622	Python: Reword explanation (slightly)	2020-10-23 15:54:52 +02:00
Rasmus Wriedt Larsen	aa9f15af76	Python: Fix typo ... Co-authored-by: Taus <tausbn@github.com>	2020-10-23 15:39:38 +02:00