hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
471318369b4fee5c66239a5f33c91d9410df8f76
codeql/python/ql/test/query-tests/Security
History
Rasmus Wriedt Larsen 471318369b Python: Don't quote %s in django example 
This is vulnerable to SQL injection because of the quotes around %s -- added
some code that highlights this in test.py

Since our examples did this in the safe query, I ended up rewriting them
completely, causing a lot of trouble for myself :D
2019-10-29 13:58:07 +01:00
..
CVE-2018-1281
Add bind-socket-all-network-interfaces Python query (#2048)
2019-10-03 11:23:11 +01:00
CWE-020
Python: Fix false positive in 'Incomplete URL substring sanitization' query.
2019-04-25 18:11:01 +01:00
CWE-022
Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking
2019-08-29 10:31:50 +01:00
CWE-078
Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking
2019-08-29 10:31:50 +01:00
CWE-079
Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking
2019-08-29 10:31:50 +01:00
CWE-089
Python: Don't quote %s in django example
2019-10-29 13:58:07 +01:00
CWE-094
Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking
2019-08-29 10:31:50 +01:00
CWE-209
Python taint-tracking: Avoid ambiguous flows through calls. Fix up tests.
2019-08-29 10:31:50 +01:00
CWE-215
Update test to reflect new true positive.
2019-04-26 16:21:46 +01:00
CWE-295
Address review comments.
2019-03-19 15:44:11 +01:00
CWE-312
Python: Update CWE-312 queries to use new taint-tracking configuration.
2019-08-30 11:21:04 +01:00
CWE-326
Python: Use consistent abbreviations in weak-crypto query message.
2018-11-28 16:58:22 +00:00
CWE-327
Merge branch 'master' into python-cwe-312
2019-08-30 10:39:04 +01:00
CWE-377
Fix interpolation.
2019-02-26 16:27:04 +01:00
CWE-502
Python taint-tracking: Fix up handling of legacy (config-less) taint-tracking
2019-08-29 10:31:50 +01:00
CWE-601
Python taint-tracking: Avoid ambiguous flows through calls. Fix up tests.
2019-08-29 10:31:50 +01:00
CWE-732
Python: Check os.open as well as os.chmod for weak file permissions.
2019-01-28 14:26:16 +00:00
CWE-798
QL tests for Python queries and libraries.
2018-11-19 15:15:54 +00:00
lib
Python: Modernise bottle library
2019-09-26 15:03:47 +02:00
options
QL tests for Python queries and libraries.
2018-11-19 15:15:54 +00:00