codeql

mirror of https://github.com/github/codeql.git synced 2026-05-09 07:31:37 +02:00

Author	SHA1	Message	Date
jorgectf	e7d649f36d	Make `Cookie` concept extend `HTTP::Server::CookieWrite`	2021-11-16 13:54:25 +01:00
Jorge	a905205f16	Merge branch 'github:main' into jty/python/emailInjection	2021-11-15 16:44:11 +01:00
jorgectf	129a81a2f8	Cover `smtplib`	2021-11-13 14:24:40 +01:00
Rasmus Lerchedahl Petersen	ac5a46f24f	Python: split test as suggested in review	2021-11-09 13:04:52 +01:00
yoff	5f4aad40c1	Update python/ql/test/experimental/meta/InlineTaintTest.qll Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>	2021-11-09 13:00:35 +01:00
Rasmus Lerchedahl Petersen	3f4c2ba24e	Python: Support debugging inline taint tests The module `Conf` is created so that it can be imported without importing the query predicates from the same file.	2021-11-08 14:08:11 +01:00
jorgectf	5774ce2479	Improve `django` test	2021-11-08 10:34:16 +01:00
jorgectf	f4a73fcc59	Add RFS to `sendgrid` test	2021-11-08 10:33:57 +01:00
jorgectf	d316974157	Add `HtmlContent` additional taint step	2021-11-08 10:23:50 +01:00
jorgectf	86aac7c215	Add/Update `.expected` files.	2021-11-05 20:13:12 +01:00
jorgectf	a420e6e18d	Add `CookieInjection.qlref`	2021-11-05 20:12:56 +01:00
jorgectf	cf47e8eb9c	Fix endpoints' naming	2021-11-05 20:12:35 +01:00
jorgectf	d7a79469e6	Improve tests	2021-11-05 20:08:52 +01:00
Rasmus Lerchedahl Petersen	624b794980	Python: separate taint sources in `with`	2021-11-04 17:06:36 +01:00
Rasmus Lerchedahl Petersen	05aa314ac9	Python: Add tests for non-async constructs	2021-11-03 10:54:36 +01:00
Rasmus Lerchedahl Petersen	768932d7b3	Python: Add tainttracking step that was removed when the correpsonding datadlow step was removed.	2021-11-02 15:01:47 +01:00
Rasmus Lerchedahl Petersen	07d5086b07	Python: support user defined taint source	2021-11-02 15:00:23 +01:00
thank_you	3a4e3d5146	Remove comments from Python example tests Besides removing comments, I also reduced the complexity of some of the Python code examples.	2021-10-30 14:00:51 -04:00
Rasmus Wriedt Larsen	85f00fda19	Merge pull request #6776 from yoff/python/model-asyncpg Python: Model `asyncpg`	2021-10-29 13:54:44 +02:00
jorgectf	e8e0f0fea8	Add temporary `.expected`	2021-10-28 14:22:14 +02:00
Rasmus Lerchedahl Petersen	c92249525b	Python: update test expectations	2021-10-28 14:03:09 +02:00
jorgectf	4c2a4226ef	Merge remote-tracking branch 'origin/main' into jty/python/emailInjection	2021-10-28 13:26:57 +02:00
jorgectf	3dec222922	Merge remote-tracking branch 'origin/main' into jorgectf/python/jwt-queries	2021-10-28 13:11:46 +02:00
Rasmus Wriedt Larsen	58bc1102e5	Merge branch 'main' into jorgectf/python/deserialization	2021-10-28 12:31:34 +02:00
jorgectf	cf9e9f9dd4	Add cookie injection query missing proper tests	2021-10-28 10:28:45 +02:00
Rasmus Lerchedahl Petersen	cca675a161	Python: Add test for async taint (which we belive we have just broken)	2021-10-28 09:47:04 +02:00
jorgectf	129edd605e	Update `.expected`	2021-10-28 09:25:56 +02:00
jorgectf	0f2b81e0d2	Polish tests	2021-10-28 09:24:47 +02:00
jorgectf	28ec8c9dee	Merge remote-tracking branch 'origin/main' into jorgectf/python/insecure-cookie	2021-10-27 19:00:55 +02:00
Rasmus Lerchedahl Petersen	826f44d98e	Python: Share implementation of `awaited`	2021-10-27 11:41:18 +02:00
Rasmus Lerchedahl Petersen	8a81d42e6f	Python: more logic adjustment Not sure why the missing result is missing. There is and edge with label `getAwaited` from `pkg.async_func` on line 22 to `coro` on line 23.	2021-10-26 10:57:27 +02:00
Rasmus Lerchedahl Petersen	f91e43c068	Python: Add more honest test for `awaited`	2021-10-26 10:43:06 +02:00
Rasmus Lerchedahl Petersen	a8a181a32f	Python: adjust logic and add tests Due to the way paths a re printed, the tests look surprising	2021-10-26 09:55:47 +02:00
Rasmus Lerchedahl Petersen	03ada6e97a	Python: Add concept test for `SqlConstruction`	2021-10-25 13:09:43 +02:00
jorgectf	271e2e4c49	Update `.expected`	2021-10-16 13:12:33 +02:00
jorgectf	45146bc798	Merge branch 'main' into jorgectf/python/headerInjection	2021-10-16 12:46:57 +02:00
jorgectf	bf76d9cd8b	Fix django test	2021-10-16 10:45:25 +02:00
jorgectf	2db1ffef1e	Merge remote-tracking branch 'origin/main' into jorgectf/python/headerInjection	2021-10-16 10:40:52 +02:00
jorgectf	15dfc6d1da	Fix `xml_sax_parser.py` good/bad naming	2021-10-16 09:50:58 +02:00
Anders Schack-Mulligen	8b6baa250c	Merge pull request #6878 from aschackmull/remove-singleton-setliteral C++/C#/Java/JavaScript/Python: Remove singleton set literals.	2021-10-14 14:53:05 +02:00
Rasmus Wriedt Larsen	7cd5e681dd	Merge pull request #6693 from yoff/python/promote-regex-injection Python: Promote `py/regex-injection`	2021-10-14 14:49:05 +02:00
Anders Schack-Mulligen	57cb300759	C++/C#/Java/JavaScript/Python: Remove singleton set literals.	2021-10-14 11:34:22 +02:00
Taus	75c4d6a8a0	Merge pull request #6650 from yoff/python-dataflow/init-time Python: Import time dataflow	2021-10-12 11:31:03 +02:00
Rasmus Lerchedahl Petersen	61008fd3d0	Merge branch 'main' of github.com:github/codeql into python/promote-regex-injection	2021-10-12 11:28:12 +02:00
yoff	43f7eede0b	Merge pull request #6182 from haby0/python/LogInjection Python: CWE-117 Log injection	2021-10-12 10:54:45 +02:00
yoff	c007c9460c	Merge pull request #6843 from RasmusWL/dataflow-bool-expr Python: Add data-flow for `x or y` and `x and y`	2021-10-12 10:40:54 +02:00
yoff	0629ce00de	Merge pull request #6214 from haby0/python/ClientSuppliedIpUsedInSecurityCheck [Python] CWE-348: Client supplied ip used in security check	2021-10-11 16:38:04 +02:00
Rasmus Lerchedahl Petersen	19f6cc00c8	Python: rewrite import time test	2021-10-11 14:28:25 +02:00
yoff	5aee715931	Apply suggestions from code review Co-authored-by: Taus <tausbn@github.com>	2021-10-11 13:00:21 +02:00
haby0	c2d0fcfbe6	Update python/ql/test/experimental/query-tests/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheck.expected Co-authored-by: yoff <lerchedahl@gmail.com>	2021-10-11 16:46:02 +08:00

... 17 18 19 20 21 ...

1899 Commits