hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
bdf1aa080786ef438241373eab3ed309e6ee15aa
codeql/python/ql/test/query-tests/Security
History
jorgectf c82ab2b2ab Add markupsafe as XXE sanitizer 
Co-authored-by: Kevin Stubbings <Kwstubbs@users.noreply.github.com>
2023-07-05 20:23:20 +02:00
..
CVE-2018-1281
CWE-020-ExternalAPIs
CWE-020-IncompleteHostnameRegExp
CWE-020-IncompleteUrlSubstringSanitization
CWE-020-SuspiciousRegexpRange
CWE-022-PathInjection
Python: Update more inline expectation tests to use the paramterized module
2023-06-20 10:16:15 +02:00
CWE-022-TarSlip
CWE-078-CommandInjection
Python: Update more inline expectation tests to use the paramterized module
2023-06-20 10:16:15 +02:00
CWE-078-CommandInjection-py2
CWE-078-UnsafeShellCommandConstruction
Python: Update more inline expectation tests to use the paramterized module
2023-06-20 10:16:15 +02:00
CWE-079-Jinja2WithoutEscaping
CWE-079-ReflectedXss
CWE-089-SqlInjection
CWE-090-LdapInjection
CWE-094-CodeInjection
CWE-116-BadTagFilter
CWE-117-LogInjection
CWE-209-StackTraceExposure
CWE-215-FlaskDebug
CWE-285-PamAuthorization
CWE-295-MissingHostKeyValidation
CWE-295-RequestWithoutValidation
CWE-312-CleartextLogging
CWE-312-CleartextStorage
CWE-312-CleartextStorage-py3
CWE-326-WeakCryptoKey
CWE-327-BrokenCryptoAlgorithm
CWE-327-InsecureDefaultProtocol
CWE-327-InsecureProtocol
CWE-327-WeakSensitiveDataHashing
CWE-377-InsecureTemporaryFile
CWE-502-UnsafeDeserialization
CWE-601-UrlRedirect
CWE-611-Xxe
Add markupsafe as XXE sanitizer
2023-07-05 20:23:20 +02:00
CWE-643-XPathInjection
CWE-730-PolynomialReDoS
CWE-730-ReDoS
CWE-730-RegexInjection
CWE-732-WeakFilePermissions
CWE-776-XmlBomb
CWE-798-HardcodedCredentials
do a quick-and-dirty conversion of py/hardcoded-credentials to the new dataflow library
2023-06-14 08:31:56 +02:00
CWE-918-ServerSideRequestForgery
lib