Rasmus Wriedt Larsen 6cba2fe4f8 Python: Model Django response sinks that are not vuln to XSS ...

Since HttpResponse is not *only* used for XSS, it is still valuable to know the
content is send as part of the response.

The *proper* solution to this problem of not all HttpResponses being vulnerable
to XSS is probably to define a new abstract class in Http.qll called
HttpResponseXSSVulnerableSink (or similar). I would like to model a few more
libraries/frameworks before fully comitting to an approach though.

2020-05-26 16:45:46 +02:00

..

HttpRedirectSinks.expected

Python: Proper redirect taint sinks for Django

2020-05-18 19:14:29 +02:00

HttpRedirectSinks.ql

Python: Add HttpRedirectSinks test for django

2020-02-17 16:54:06 +01:00

HttpResponseSinks.expected

Python: Model Django response sinks that are not vuln to XSS

2020-05-26 16:45:46 +02:00

HttpResponseSinks.ql

Python: For web tests, use more precise name HttpResponseSinks

2020-01-28 13:06:48 +01:00

HttpSources.expected

Python: Django: Handle Class-based views

2020-03-11 14:44:14 +01:00

HttpSources.ql

Python: Add explicit tests for HttpSources and HttpSinks

2020-01-28 13:06:48 +01:00

options

Python: Remove --optimize: true from options files

2020-02-25 15:52:00 +01:00

sql.py

Python: Consolidate tests for django

2019-10-29 13:58:07 +01:00

SqlInjectionSinks.expected

Python: Add explicit tests for HttpSources and HttpSinks

2020-01-28 13:06:48 +01:00

SqlInjectionSinks.ql

Python: Add explicit tests for HttpSources and HttpSinks

2020-01-28 13:06:48 +01:00

test_1x.py

Python: Improve django tests (and prepare for v2 + v3 support)

2020-02-17 16:39:01 +01:00

test_2x_3x.py

Python: Add support for Django 2.x and 3.x

2020-02-18 11:22:35 +01:00

views_1x.py

Python: Reduce FPs in Django due to bad XSS taint-sinks

2020-05-18 19:14:43 +02:00

views_2x_3x.py

Python: Reduce FPs in Django due to bad XSS taint-sinks

2020-05-18 19:14:43 +02:00