github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
41 850 коммитов 1 542 Ветки 132 Теги 495 MiB
Граф коммитов

5629 Коммитов

Автор SHA1 Сообщение Дата
yoff 94145e9e74
Update python/ql/lib/semmle/python/security/dataflow/TarSlipCustomizations.qll 2022-06-20 10:14:52 +02:00
Rasmus Wriedt Larsen ae44a941f9
Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Taus 3a328f6a3f
Merge pull request #6570 from yoff/python/broaden-noqa-regex 
Python: Broaden noqa regex to allow comments
 2022-06-17 23:56:39 +02:00
Rasmus Wriedt Larsen 5fb41e4894 Inline Expectation Tests: Disallow `tag[[[foo bar]` 2022-06-17 17:36:04 +02:00
Rasmus Wriedt Larsen f1b0a814e0
Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-06-17 15:04:57 +02:00
Anders Schack-Mulligen 6518a01ded Dataflow: Sync. 2022-06-16 11:25:28 +02:00
Taus 9bf2eb55ca Python: Allow whitespace before colon 
As suggested by @DimitriPapadopolous.

Also fixes the test output to account for the `noqa` annotation (with
added comment) that we're now detecting.
 2022-06-16 11:16:58 +02:00
Rasmus Lerchedahl Petersen 98301332bd Python: Broaden noqa regex 2022-06-16 11:16:58 +02:00
Rasmus Wriedt Larsen d6e68258a4 Python: API-graphs: allow class decorators in `.getASubclass()` 2022-06-15 17:30:34 +02:00
Rasmus Wriedt Larsen 5f32f898d5 Python: API-graphs: test class decorators and subclass 
A class decorator could change the class definition in any way.

In this specific case, it would be better if we allowed the subclass to
be found with API graphs still.

inspired by
c2250cfb80/tests/auth_tests/test_views.py (L40-L46)
 2022-06-15 16:16:34 +02:00
Rasmus Wriedt Larsen b2c8e0fe8d Python: Add comment to test 2022-06-15 15:59:54 +02:00
Rasmus Wriedt Larsen 24c9aff2fc Python: Fix a type-tracking test 2022-06-15 15:58:17 +02:00
github-actions[bot] 1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
yoff f14a90ff09
Merge pull request #9200 from tausbn/python-modernise-weak-file-permissions-query 
Python: Modernise weak file permissions query
 2022-06-15 14:37:17 +02:00
Rasmus Lerchedahl Petersen 0608d4d2f9 python: fix alerts 
Also, remove the `toLowerCase` again,
as I do not know what effect it will have.
 2022-06-15 14:18:29 +02:00
Rasmus Lerchedahl Petersen 40b61fa85f python: fix qldocs and clean-up dead code 2022-06-15 14:07:35 +02:00
yoff 9dbb451f41
Merge pull request #9463 from RasmusWL/req-wo-cert-validation 
Python: Rewrite `py/request-without-cert-validation`
 2022-06-15 13:00:57 +02:00
Rasmus Lerchedahl Petersen f4ce382b7d python: update test expectations 2022-06-15 12:40:14 +02:00
github-actions[bot] 104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Rasmus Wriedt Larsen cfd640b1b2
Python: Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-06-14 16:47:24 +02:00
Rasmus Lerchedahl Petersen 7b5d9ec7df python: Straight port of tarslip 2022-06-14 15:01:13 +02:00
Taus 5b9c668e10 Python: Restrict test to Python 3 2022-06-14 12:58:35 +00:00
yoff 699761889d
Merge pull request #7127 from jty-team/jty/python/emailInjection 
Python: CWE-079 - Add Email injection query
 2022-06-14 10:54:16 +02:00
Alex Ford 8d195e3188
Merge pull request #9157 from alexrford/crypto-op-block-mode 
Ruby/Python: Add a `BlockMode` concept for `CryptographicOperations`
 2022-06-13 21:32:36 +02:00
Rasmus Wriedt Larsen d91b92511f Python: Add change-note 2022-06-08 17:46:51 +02:00
Rasmus Wriedt Larsen 5b2d799fde Python: Model certificate disabling in `urllib3` 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen 0d02ca07d7 Python: Add certificate disable test of `urllib`/`urllib2` 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen 049e87201c Python: Model certificate disabling in `httpx` 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen 1a2a4232a8 Python: Refactor `httpx` tests 
and improve QLDocs a bit
 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen f72a1d98bb Python: Model certificate disabling in `aiohttp.client` 2022-06-08 17:41:45 +02:00
Rasmus Wriedt Larsen 4b07a7b7be Python: Add missing QLDoc for `requests` 
Also fix links
 2022-06-08 17:41:42 +02:00
Rasmus Wriedt Larsen f37d1775f1 Python: Improve `requests` tests 2022-06-08 17:41:11 +02:00
Rasmus Wriedt Larsen c21e05aa44 Python: Use `HTTP::Client::Request request` for `py/request-without-cert-validation` 
This is very much like the Ruby query, except we also have the origin
that does the disabling.

976daddd36/ruby/ql/src/queries/security/cwe-295/RequestWithoutValidation.ql (L18-L20)
 2022-06-08 15:42:32 +02:00
Rasmus Wriedt Larsen 9cb249fc2f Python: Add test we don't handle for `py/request-without-cert-validation` 2022-06-08 15:39:37 +02:00
jorgectf 171239b78f
Format `FlaskMail.qll` and `Sendgrid.qll` 2022-06-03 18:27:45 +02:00
Rasmus Wriedt Larsen c1e6996e99 Inline Expectation Tests: Allow `tag[foo bar]` 
This is partly motivated by the MaD tests which looks much better now in
my opinion.

I also wanted this for testing argument passing. In Python we're
adopting the same argument positions as Ruby has
[here](4f3751dfea/ruby/ql/lib/codeql/ruby/dataflow/internal/DataFlowDispatch.qll (L508-L540))

So it would be nice if `arg[keyword foo]=...` was allowed, without
having to transform the `toString()` result of an argument position into
something without a space.
 2022-06-03 11:39:57 +02:00
Jorge 897d5c9471
Apply suggestions from code review 
Co-authored-by: yoff <lerchedahl@gmail.com>
 2022-06-01 12:44:08 +02:00
Rasmus Wriedt Larsen 729cf79be7
Merge pull request #9351 from RasmusWL/django-file-read 
Python: Support `read` on Django file
 2022-06-01 10:45:26 +02:00
Anders Schack-Mulligen 9abd2259d3
Merge pull request #9381 from aschackmull/redos/perf 
ReDoS: Improve performance in ExponentialBackTracking.qll.
 2022-06-01 10:39:28 +02:00
Anders Schack-Mulligen 4f3751dfea
Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Nick Rolfe f417c12c5e
Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
github-actions[bot] ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
Anders Schack-Mulligen e36c59b285 ReDoS: Sync. 2022-05-31 11:04:42 +02:00
Rasmus Wriedt Larsen b6cc438390
Merge pull request #9368 from RasmusWL/test-model-api-graphs 
Python: Port test model to API graphs
 2022-05-30 15:45:13 +02:00
Rasmus Wriedt Larsen 420dea0792 Python: Fix example TestCase 2022-05-30 14:48:06 +02:00
Rasmus Wriedt Larsen 08e64ea1b4 Python: Remove contrived test-case example 2022-05-30 14:45:34 +02:00
Rasmus Wriedt Larsen 4861a980be Python: Fix cryptography modeling 
The old code was my own suggestion, that I thought would just work, but
was also slightly skeptical about.

I tested out whether it works with the code below

```codeql
predicate foo(int input, string res) {
  input = 1 and res = "that was one"
}

from int input, string res
where
  input in [1, 2] and
  if foo(input, res)
  then any()
  else res = "not one"
select input, res
```

which gave the 3 results

```
1 |	that was one
1 |	not one
2 |	not one
```

only by rewriting the code to be the one below, did I get down to the 2
results I actually wanted. So I've done the same kind of rewrite in the
commit.

```codeql
predicate foo(int input, string res) {
  input = 1 and res = "that was one"
}

from int input, string res
where
  input in [1, 2] and
  if foo(input, _)
  then foo(input, res)
  else res = "not one"
select input, res
```
 2022-05-30 14:37:27 +02:00
Rasmus Wriedt Larsen a8b4b6a374 Python: Move test-modeling to API-graphs 
Notice that although we loose the contrived examples in `test.py`, we do
gain support for real-world test-case construction, which seems worth
the tradeoff.
 2022-05-30 14:13:06 +02:00
Rasmus Wriedt Larsen a5dc4f430c Python: Expand test-filter tests 
With no virtual environment enabled, none of the third-party library
test case are found.
 2022-05-30 14:11:50 +02:00
yoff cd46f31cba
Merge branch 'main' into py/CsvInjection 2022-05-30 13:41:31 +02:00
Rasmus Wriedt Larsen 7a6646dcaf
Merge pull request #8883 from erik-krogh/pyMaD 
Python: add MaD implementation
 2022-05-30 13:31:07 +02:00
Erik Krogh Kristensen e557d8839b have the Instance token just be an alias for ReturnValue 2022-05-30 12:21:42 +02:00
Rasmus Wriedt Larsen 5924e88a86 Python: Support `read` on Django file 2022-05-27 11:18:26 +02:00
jorgectf e577a0e836
Update `.expected` tests 2022-05-27 00:13:40 +02:00
${sleep,7} 76c27c685f
Merge branch 'main' into jty/python/emailInjection 2022-05-26 16:27:57 -04:00
Tom Hvitved 4f95abc4f6 Python: Update expected test output 2022-05-25 14:39:37 +02:00
Tom Hvitved bcdef98392 Data flow: Sync files 2022-05-25 14:39:37 +02:00
yoff aadfa8eacd
Merge branch 'main' into py/CsvInjection 2022-05-25 10:43:08 +02:00
Anders Schack-Mulligen 673355df65
Fix markdown lists 2022-05-25 10:02:48 +02:00
github-actions[bot] 1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Tom Hvitved 728ccafe2b
Merge pull request #9024 from hvitved/dataflow/content-flow-lib 
Data flow: Introduce `ContentDataFlow.qll`
 2022-05-24 15:09:16 +02:00
Erik Krogh Kristensen f8281b43b1 autoformat 2022-05-23 19:58:48 +02:00
Erik Krogh Kristensen b6a4f43737
expand qldoc for `getNumArgument` 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-23 18:51:33 +02:00
Taus 3745526d69
Merge pull request #9108 from RasmusWL/promote-pam 
Python: Promote `py/pam-auth-bypass`
 2022-05-23 15:27:12 +02:00
Rasmus Wriedt Larsen 85fa6fba63 Concepts: Move `CryptographicOperation.isWeak` to be Ruby specific 2022-05-23 14:39:06 +02:00
yoff 23d64ffa04
Merge pull request #9135 from tausbn/python-modernise-py-jinja2-autoescape-false 
Python: Modernise py/jinja2/autoescape-false
 2022-05-23 14:18:06 +02:00
Anders Schack-Mulligen f2218944f6
Merge pull request #9214 from hvitved/dataflow/lambda-fp-flow 
Data flow: Do not discard call context when computing reverse lambda flow through jumps
 2022-05-23 10:02:51 +02:00
Erik Krogh Kristensen 204e01fc24 change getNumArgument to only count positional arguments 2022-05-20 12:43:06 +02:00
Erik Krogh Kristensen a5b11e88b4
update doc to make it clear that moduleImport(..) does not refer to PyPI names 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 20:00:43 +02:00
Alex Ford d3662cf54a Deprecate `CryptographicOperation#isWeak` and add a default implementation 2022-05-19 15:46:13 +01:00
Alex Ford 3d66905dc6 Share the CryptographicOperation and BlockMode concepts between dynamic langs 2022-05-19 15:46:03 +01:00
Alex Ford f8576fb05b
Python: avoid missing `cryptography` uses due to unhandled encryption modes 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 15:22:49 +01:00
Alex Ford 9e483ac4e0
Fix change note formatting 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-19 14:25:44 +01:00
Tom Hvitved f83deb6571 Data flow: Sync files 2022-05-19 15:20:43 +02:00
Tom Hvitved 2b2ac06128 Data flow: Sync files 2022-05-19 13:28:56 +02:00
Erik Krogh Kristensen 215a6a72cc Merge branch 'main' into useStringComp 2022-05-18 10:55:31 +02:00
Rasmus Wriedt Larsen 6611e5b4b8 Merge branch 'main' into promote-pam 2022-05-18 10:35:39 +02:00
Rasmus Wriedt Larsen b54de13d97
Python: Apply suggestions from code review 
Co-authored-by: Taus <tausbn@github.com>
 2022-05-18 10:30:29 +02:00
Erik Krogh Kristensen 7245591468
Merge pull request #7763 from erik-krogh/unused-field 
QL: add unused-field query
 2022-05-18 09:15:16 +02:00
Erik Krogh Kristensen d5f0446940 exclude self parameter from the API-graph edge for keywordParameter 2022-05-17 22:34:38 +02:00
Taus b2fe615ef2 Python: Modernise weak file permissions query 
Using API graphs instead of points-to.

Unfortunately, some results will be lost because of this, due to the
fact that points-to tracks bitwise operations on small numbers (i.e.
flags), whereas API graphs does no such thing. This means using
something like `stat.S_IWUSR | stat.S_IWGRP` will not work.

A custom type tracker (like the one used for `re` flags) could be used
to recapture this behaviour, but I think that's best left as future
work, as it's not clear to me that this query is actually worth the
effort it would take to implement this.
 2022-05-17 20:20:15 +00:00
Erik Krogh Kristensen 6c7c9b6a4b
Merge pull request #9082 from erik-krogh/countZero 
QL: add query warning about `count(...) = 0`.
 2022-05-17 21:46:58 +02:00
Alex Ford 4bb6d1db3a Add missing qldoc 2022-05-17 15:01:28 +01:00
Alex Ford f92782d4e7 Ruby: fix some cases where we assume that a CryptographicOperation is using CBC when it is not 2022-05-17 14:57:11 +01:00
Taus ea32299ab0 Python: Use API-graph flow for boolean tracking 
Introduces a false positive, but arguably that false positive should
have been there with the local flow as well.
 2022-05-17 13:14:55 +00:00
Erik Krogh Kristensen 86e97c32d6 fix all ql/use-string-compare 2022-05-17 14:11:05 +02:00
Taus ba8d73c2be Python: Use `API::CallNode` 2022-05-17 12:00:17 +00:00
Erik Krogh Kristensen 03da62713c fix typo identified by QL-for-QL 2022-05-17 12:32:40 +02:00
Erik Krogh Kristensen 818975dc56 sync upstream typo fixes 2022-05-17 12:25:52 +02:00
Erik Krogh Kristensen 5d1c41c269 Merge branch 'main' into pyMaD 2022-05-17 12:23:03 +02:00
Erik Krogh Kristensen 2868eb61ea add test for Parameter[any] and Parameter[any-named] 2022-05-17 12:08:53 +02:00
Erik Krogh Kristensen f273ccf73b add explicit test of what Parameter[0] matches 2022-05-17 11:17:15 +02:00
Erik Krogh Kristensen ce21d7e5a8 use `test-sink` for sinks in the MaD test 2022-05-17 11:13:59 +02:00
Erik Krogh Kristensen aef592fec8 make a more realistic test for self-parameter 2022-05-17 11:13:35 +02:00
Mathias Vorreiter Pedersen 1280d43e36
Merge pull request #9141 from github/post-release-prep/codeql-cli-2.9.2 
Post-release preparation for codeql-cli-2.9.2
 2022-05-17 10:01:37 +01:00
Erik Krogh Kristensen 55ffdb4aa1 make most imports in ApiGraphModelsSpecific.qll private 2022-05-17 10:34:17 +02:00
Erik Krogh Kristensen 1f8e7c39f4
fix typo in comment 
Co-authored-by: Rasmus Wriedt Larsen <rasmuswriedtlarsen@gmail.com>
 2022-05-17 10:32:31 +02:00
Nick Rolfe c518150b49
Merge pull request #9132 from github/nickrolfe/misspelling 
QL for QL: generalise non-US spelling query
 2022-05-16 16:03:36 +01:00
Alex Ford bda1c21562 BrokenCryptoAlgorithm block mode change notes 2022-05-16 15:49:19 +01:00
Anders Schack-Mulligen 83f817ca45
Merge pull request #9134 from aschackmull/dataflow/perf-std-order 
Dataflow: Improve standard order through easier type check elimination.
 2022-05-16 10:05:17 +02:00
Alex Ford 66736ebd9d sync CryptoAlgorithmNames.qll (remove isWeakBlockMode predicate) 2022-05-13 21:26:01 +01:00
Alex Ford bc073eb460 python: update py/weak-cryptographic-algorithm to flag use of ECB block mode 2022-05-13 16:32:36 +01:00
Alex Ford da135448a2 python: update tests for CryptographicOperation#getBlockMode 2022-05-13 16:32:36 +01:00
Alex Ford 9f2c59cd6d python: implement getBlockMode for CryptographicOperations 2022-05-13 16:32:36 +01:00
github-actions[bot] b7cbd8fd75 Post-release preparation for codeql-cli-2.9.2 2022-05-12 18:21:38 +00:00
Nick Rolfe 1115227f9d Merge remote-tracking branch 'origin/main' into nickrolfe/misspelling 2022-05-12 16:10:27 +01:00
Nick Rolfe 2efa38aaa6 Python: fix typos in comments 2022-05-12 16:02:20 +01:00
Anders Schack-Mulligen 8c8440a58a
Merge pull request #9101 from hvitved/dataflow/include-hidden 
Data flow: Add `Configuration::includeHiddenNodes()`
 2022-05-12 15:36:12 +02:00
Taus a0f8e2f0b1 Python: Modernise py/jinja2/autoescape-false 
A simple rewrite to use API graphs instead.

The handling of falsy values is potentially a bit more restrictive now,
as it only accounts for local flow. We should probably figure out a
better way of capturing this pattern, but I felt that this was out of
scope for the present PR.
 2022-05-12 12:55:42 +00:00
Joe Farebrother 59e400d2e0
Merge pull request #7723 from joefarebrother/redos 
Java: Add ReDoS queries
 2022-05-12 13:50:38 +01:00
Erik Krogh Kristensen fb077bec66 sync AccessPathSyntax changes 2022-05-12 14:46:54 +02:00
Erik Krogh Kristensen dea5596289 update MaD test to reflect that dotted module names don't work 2022-05-12 14:45:29 +02:00
Erik Krogh Kristensen 31e9876de7 Merge branch 'main' into pyMaD 2022-05-12 14:43:16 +02:00
Anders Schack-Mulligen adb56dfa39 Dataflow: Improve standard order through easier type check elimination. 2022-05-12 14:31:38 +02:00
Rasmus Wriedt Larsen 7cd51d6147
Merge pull request #9126 from RasmusWL/moduleimport-with-dots 
Python: Fully disallow `API::moduleImport` of module with dots
 2022-05-12 14:16:25 +02:00
Rasmus Wriedt Larsen 795adf0566 Python: Fix `API::moduleImport("foo.bar")` 2022-05-12 13:33:00 +02:00
Rasmus Wriedt Larsen 3844c5b5c0 Python: Add change-note 2022-05-12 13:32:59 +02:00
Rasmus Wriedt Larsen f8253f5fef Python: Fully disallow `API::moduleImport` of module with dots 
Inspired by discussion about this for MaD in
https://github.com/github/codeql/pull/8883#discussion_r865858084
 2022-05-12 13:30:26 +02:00
Rasmus Wriedt Larsen 597a8414d9 Python: Add test of `API::moduleImport` with dots 
This is currently semi-works -- the import is allowed, but doesn't
always work when used :|
 2022-05-12 13:29:16 +02:00
Nick Rolfe 234a36ff61
Merge pull request #9119 from github/nickrolfe/non-us-spelling-fixes 
Fix non-US spellings and the corresponding query
 2022-05-12 12:29:14 +01:00
Mathias Vorreiter Pedersen 103c589c1d
Update python/ql/lib/change-notes/released/0.3.0.md 2022-05-12 11:47:19 +01:00
Mathias Vorreiter Pedersen 499878a44d
Update python/ql/lib/CHANGELOG.md 2022-05-12 11:47:08 +01:00
Mathias Vorreiter Pedersen 43265c4133
Update python/ql/lib/change-notes/released/0.3.0.md 2022-05-12 11:43:39 +01:00
Mathias Vorreiter Pedersen b069d1bd17
Update python/ql/lib/CHANGELOG.md 2022-05-12 11:43:33 +01:00
github-actions[bot] ee9980b31c Release preparation for version 2.9.2 2022-05-12 10:17:28 +00:00
Tom Hvitved 46ab25b61e
Merge pull request #9098 from aschackmull/dataflow/perf 
Dataflow: Performance fixes
 2022-05-11 20:41:48 +02:00
Nick Rolfe e1b277386a Fix non-US spellings: s/analyse/analyze 2022-05-11 17:48:27 +01:00
Anders Schack-Mulligen 4884520ee1 Dataflow: Review fix. 2022-05-11 15:40:49 +02:00
Rasmus Wriedt Larsen 044829c3bb Python: Add `@security-severity` to `py/pam-auth-bypass` 
The value 8.1 was calculated by our internal tool. This corresponds to a
'High' severity, which from my gut feeling seems reasonable for
authorization bypass.
 2022-05-11 14:57:21 +02:00
Rasmus Wriedt Larsen cff950f5f7 Python: Fix select of `py/insecure-cookie` 2022-05-11 14:06:30 +02:00
Rasmus Wriedt Larsen 0956d506de Python: Actually promote `py/pam-auth-bypass` 
🤦
 2022-05-11 13:44:47 +02:00
Rasmus Wriedt Larsen fc8633cc01 Python: Fix select for `py/cookie-injection` 2022-05-11 13:18:14 +02:00
Rasmus Wriedt Larsen 27b99c51e9 Python: Add placeholder precision for `py/insecure-cookie` 2022-05-11 11:36:06 +02:00
Rasmus Wriedt Larsen a902d3d8f0 Python: Add `security-severity` for `py/insecure-cookie` 
Matching the Java query
7d4767a4f5/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql (L7)
 2022-05-11 11:34:16 +02:00
Rasmus Wriedt Larsen 84ad45c665 Python: Fix Django import 2022-05-11 11:33:35 +02:00
Rasmus Wriedt Larsen d127d2164a Merge branch 'main' into jorgectf/python/insecure-cookie 2022-05-11 11:13:47 +02:00
Erik Krogh Kristensen f5329a3d1b PY: fix ql/field-only-used-in-charpred warning 2022-05-11 09:54:55 +02:00
Erik Krogh Kristensen 94a9b3e873 fix all `ql/counting-to-zero` in some languages 2022-05-11 09:54:53 +02:00
Rasmus Wriedt Larsen c890f9c4ac Python: Fix change-note 2022-05-10 18:08:43 +02:00
Rasmus Wriedt Larsen f68b281762 Python: Add change-note 2022-05-10 18:04:52 +02:00
Rasmus Wriedt Larsen 7e87e18b32 Python: Adjust name/description/select of `PamAuthorization.ql` 
Thought that calling out the actual vulnerability would make things
easier for our end users :)
 2022-05-10 18:02:17 +02:00
Rasmus Wriedt Larsen c84f693151 Python: Adjust PamAuthorization examples 
They did not have proper formatting (only 2 spaces), and I restructured
them a bit more so they look like code in the wild
 2022-05-10 18:00:20 +02:00
Rasmus Wriedt Larsen 0c534444ad Python: Format .qhelp file 
99% of our .qhelp files have manually wrapped lines, so just wanted to
keep things consistent
 2022-05-10 17:59:21 +02:00
Rasmus Wriedt Larsen 2b6e0cfb44
Merge pull request #8340 from yoff/python/simple-csrf 
python: minimal CSRF implementation
 2022-05-10 13:36:38 +02:00
Rasmus Wriedt Larsen cb17e2a649
Merge pull request #8595 from porcupineyhairs/pypam 
Python : Add query to detect PAM authorization bypass
 2022-05-10 13:35:12 +02:00
Tom Hvitved 712fe002b9 Data flow: Sync files 2022-05-10 12:41:10 +02:00
Rasmus Lerchedahl Petersen aa3d7babf4 python: fix bad merge 
caused by an optimistic attempt at solving a
merge conflict in the online GUI.
 2022-05-10 11:37:41 +02:00
Rasmus Wriedt Larsen 2421076d2f
Merge pull request #8696 from RasmusWL/new-nosql-examples 
Python: Improve experimental modeling for `pymongo`
 2022-05-10 11:03:05 +02:00
yoff 6c3e2db7fd
Merge branch 'main' into python/simple-csrf 2022-05-10 10:55:28 +02:00
Anders Schack-Mulligen f85e06c2e4 Dataflow: Sync. 2022-05-10 10:12:39 +02:00