hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' of https://github.com/github/codeql into oscarsj/mergeback-rc-3-20-into-main

Browse Source
This commit is contained in:
Óscar San José
2025-12-12 13:22:08 +01:00
parent 72b63bbdc3 c5987b4481
commit d972af9ef8
1129 changed files with 32377 additions and 8332 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
.bazelversion
View File

@@ -1 +1 @@
8.1.1
8.4.2

5
.github/dependabot.yml vendored
View File

@@ -40,3 +40,8 @@ updates:
- dependency-name: "*"
reviewers:
- "github/codeql-go"
- package-ecosystem: bazel
directory: "/"
schedule:
interval: weekly

2
.github/workflows/codeql-analysis.yml vendored
View File

@@ -34,7 +34,7 @@ jobs:
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: 9.0.300
dotnet-version: 10.0.100
- name: Checkout repository
uses: actions/checkout@v5

10
.github/workflows/csharp-qltest.yml vendored
View File

@@ -43,14 +43,14 @@ jobs:
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: 9.0.300
dotnet-version: 10.0.100
- name: Extractor unit tests
run: |
dotnet tool restore
dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Util.Tests
dotnet test -p:RuntimeFrameworkVersion=9.0.5 extractor/Semmle.Extraction.Tests
dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.CSharp.Tests
dotnet test -p:RuntimeFrameworkVersion=9.0.5 autobuilder/Semmle.Autobuild.Cpp.Tests
dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Util.Tests
dotnet test -p:RuntimeFrameworkVersion=10.0.0 extractor/Semmle.Extraction.Tests
dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.CSharp.Tests
dotnet test -p:RuntimeFrameworkVersion=10.0.0 autobuilder/Semmle.Autobuild.Cpp.Tests
shell: bash
stubgentest:
runs-on: ubuntu-latest

14
MODULE.bazel
View File

@@ -26,7 +26,7 @@ bazel_dep(name = "nlohmann_json", version = "3.11.3", repo_name = "json")
bazel_dep(name = "fmt", version = "12.1.0-codeql.1")
bazel_dep(name = "rules_kotlin", version = "2.1.3-codeql.1")
bazel_dep(name = "gazelle", version = "0.40.0")
bazel_dep(name = "rules_dotnet", version = "0.19.2-codeql.1")
bazel_dep(name = "rules_dotnet", version = "0.21.5-codeql.1")
bazel_dep(name = "googletest", version = "1.14.0.bcr.1")
bazel_dep(name = "rules_rust", version = "0.66.0")
bazel_dep(name = "zstd", version = "1.5.5.bcr.1")
@@ -172,7 +172,7 @@ http_archive(
)
dotnet = use_extension("@rules_dotnet//dotnet:extensions.bzl", "dotnet")
dotnet.toolchain(dotnet_version = "9.0.300")
dotnet.toolchain(dotnet_version = "10.0.100")
use_repo(dotnet, "dotnet_toolchains")
register_toolchains("@dotnet_toolchains//:all")
@@ -274,11 +274,11 @@ ripunzip_archive = use_repo_rule("//misc/ripunzip:ripunzip.bzl", "ripunzip_archi
# go to https://github.com/GoogleChrome/ripunzip/releases to find latest version and corresponding sha256s
ripunzip_archive(
name = "ripunzip",
sha256_linux = "ee0e8a957687a5dc3a66b2a4b25883bf762df4c9c07f0651af527a32a405054b",
sha256_macos_arm = "8a88eea54eac232d162a72a42065e0429b82dbf4f05e9642915dff9d7a81f846",
sha256_macos_intel = "4457a18bfcc5feabe09f5ea3d1157128e07b4873392cb404a870e611924abf64",
sha256_windows = "66d0c1375301bf5ab815348048f43b110631d3fa7200acd50d50a8ed8655ca62",
version = "2.0.3",
sha256_linux = "71482d7a7e4ea9176d5596161c49250c34b136b157c45f632b1111323fbfc0de",
sha256_macos_arm = "604194ab13f0aba3972995d995f11002b8fc285c8170401fcd46655065df20c9",
sha256_macos_intel = "65367b94fd579d93d46f2d2595cc4c9a60cfcf497e3c824f9d1a7b80fa8bd38a",
sha256_windows = "ac3874075def2b9e5074a3b5945005ab082cc6e689e1de658da8965bc23e643e",
version = "2.0.4",
)
register_toolchains(

4
actions/ql/lib/change-notes/2025-11-28-fix-code-injection-alert-filtering.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: majorAnalysis
---
* The query `actions/code-injection/medium` has been updated to include results which were incorrectly excluded while filtering out results that are reported by `actions/code-injection/critical`.

42
actions/ql/lib/codeql/actions/security/CodeInjectionQuery.qll
View File

@@ -19,12 +19,7 @@ class CodeInjectionSink extends DataFlow::Node {
Event getRelevantCriticalEventForSink(DataFlow::Node sink) {
inPrivilegedContext(sink.asExpr(), result) and
not exists(ControlCheck check | check.protects(sink.asExpr(), result, "code-injection")) and
// exclude cases where the sink is a JS script and the expression uses toJson
not exists(UsesStep script |
script.getCallee() = "actions/github-script" and
script.getArgumentExpr("script") = sink.asExpr() and
exists(getAToJsonReferenceExpression(sink.asExpr().(Expression).getExpression(), _))
)
not isGithubScriptUsingToJson(sink.asExpr())
}
/**
@@ -91,3 +86,38 @@ private module CodeInjectionConfig implements DataFlow::ConfigSig {
/** Tracks flow of unsafe user input that is used to construct and evaluate a code script. */
module CodeInjectionFlow = TaintTracking::Global<CodeInjectionConfig>;
/**
* Holds if there is a code injection flow from `source` to `sink` with
* critical severity, linked by `event`.
*/
predicate criticalSeverityCodeInjection(
CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Event event
) {
CodeInjectionFlow::flowPath(source, sink) and
event = getRelevantCriticalEventForSink(sink.getNode()) and
source.getNode().(RemoteFlowSource).getEventName() = event.getName()
}
/**
* Holds if there is a code injection flow from `source` to `sink` with medium severity.
*/
predicate mediumSeverityCodeInjection(
CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
) {
CodeInjectionFlow::flowPath(source, sink) and
not criticalSeverityCodeInjection(source, sink, _) and
not isGithubScriptUsingToJson(sink.getNode().asExpr())
}
/**
* Holds if `expr` is the `script` input to `actions/github-script` and it uses
* `toJson`.
*/
predicate isGithubScriptUsingToJson(Expression expr) {
exists(UsesStep script |
script.getCallee() = "actions/github-script" and
script.getArgumentExpr("script") = expr and
exists(getAToJsonReferenceExpression(expr.getExpression(), _))
)
}

5
actions/ql/src/Security/CWE-094/CodeInjectionCritical.ql
View File

@@ -20,10 +20,7 @@ import CodeInjectionFlow::PathGraph
import codeql.actions.security.ControlChecks
from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink, Event event
where
CodeInjectionFlow::flowPath(source, sink) and
event = getRelevantCriticalEventForSink(sink.getNode()) and
source.getNode().(RemoteFlowSource).getEventName() = event.getName()
where criticalSeverityCodeInjection(source, sink, event)
select sink.getNode(), source, sink,
"Potential code injection in $@, which may be controlled by an external user ($@).", sink,
sink.getNode().asExpr().(Expression).getRawExpression(), event, event.getName()

10
actions/ql/src/Security/CWE-094/CodeInjectionMedium.ql
View File

@@ -19,15 +19,7 @@ import codeql.actions.security.CodeInjectionQuery
import CodeInjectionFlow::PathGraph
from CodeInjectionFlow::PathNode source, CodeInjectionFlow::PathNode sink
where
CodeInjectionFlow::flowPath(source, sink) and
inNonPrivilegedContext(sink.getNode().asExpr()) and
// exclude cases where the sink is a JS script and the expression uses toJson
not exists(UsesStep script |
script.getCallee() = "actions/github-script" and
script.getArgumentExpr("script") = sink.getNode().asExpr() and
exists(getAToJsonReferenceExpression(sink.getNode().asExpr().(Expression).getExpression(), _))
)
where mediumSeverityCodeInjection(source, sink)
select sink.getNode(), source, sink,
"Potential code injection in $@, which may be controlled by an external user.", sink,
sink.getNode().asExpr().(Expression).getRawExpression()

2
actions/ql/src/Security/CWE-275/MissingActionsPermissions.md
View File

@@ -2,6 +2,8 @@
If a GitHub Actions job or workflow has no explicit permissions set, then the repository permissions are used. Repositories created under organizations inherit the organization permissions. The organizations or repositories created before February 2023 have the default permissions set to read-write. Often these permissions do not adhere to the principle of least privilege and can be reduced to read-only, leaving the `write` permission only to a specific types as `issues: write` or `pull-requests: write`.
Note that this query cannot check whether the organization or repository token settings are set to read-only. However, even if they are, it is recommended to define explicit permissions (`contents: read` and `packages: read` are equivalent to the read-only default) so that (a) the actual needs of the workflow are documented, and (b) the permissions will remain restricted if the default is subsequently changed, or the workflow is copied to a different repository or organization.
## Recommendation
Add the `permissions` key to the job or the root of workflow (in this case it is applied to all jobs in the workflow that do not have their own `permissions` key) and assign the least privileges required to complete the task.

18
actions/ql/test/query-tests/Security/CWE-094/.github/workflows/push_and_workflow_dispatch.yml vendored Normal file
View File

@@ -0,0 +1,18 @@
on:
push:
workflow_dispatch:
jobs:
echo-chamber:
runs-on: ubuntu-latest
steps:
- run: echo '${{ github.event.commits[11].message }}'
- run: echo '${{ github.event.commits[11].author.email }}'
- run: echo '${{ github.event.commits[11].author.name }}'
- run: echo '${{ github.event.head_commit.message }}'
- run: echo '${{ github.event.head_commit.author.email }}'
- run: echo '${{ github.event.head_commit.author.name }}'
- run: echo '${{ github.event.head_commit.committer.email }}'
- run: echo '${{ github.event.head_commit.committer.name }}'
- run: echo '${{ github.event.commits[11].committer.email }}'
- run: echo '${{ github.event.commits[11].committer.name }}'

10
actions/ql/test/query-tests/Security/CWE-094/CodeInjectionCritical.expected
View File

@@ -435,6 +435,16 @@ nodes
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | semmle.label | github.event.commits[11].message |
| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | semmle.label | github.event.commits[11].author.email |
| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | semmle.label | github.event.commits[11].author.name |
| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | semmle.label | github.event.head_commit.author.email |
| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | semmle.label | github.event.head_commit.author.name |
| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | semmle.label | github.event.head_commit.committer.email |
| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
| .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
| .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |

24
actions/ql/test/query-tests/Security/CWE-094/CodeInjectionMedium.expected
View File

@@ -435,6 +435,16 @@ nodes
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | semmle.label | github.event.commits[11].message |
| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | semmle.label | github.event.commits[11].author.email |
| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | semmle.label | github.event.commits[11].author.name |
| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | semmle.label | github.event.head_commit.message |
| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | semmle.label | github.event.head_commit.author.email |
| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | semmle.label | github.event.head_commit.author.name |
| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | semmle.label | github.event.head_commit.committer.email |
| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | semmle.label | github.event.head_commit.committer.name |
| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | semmle.label | github.event.commits[11].committer.email |
| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | semmle.label | github.event.commits[11].committer.name |
| .github/workflows/reusable-workflow-1.yml:6:7:6:11 | input taint | semmle.label | input taint |
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | semmle.label | inputs.taint |
| .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | semmle.label | github.event.pull_request.title |
@@ -719,6 +729,16 @@ subpaths
| .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:14:19:14:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
| .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:15:19:15:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
| .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push.yml:16:19:16:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
| .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:9:19:9:57 | github.event.commits[11].message | ${{ github.event.commits[11].message }} |
| .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:10:19:10:62 | github.event.commits[11].author.email | ${{ github.event.commits[11].author.email }} |
| .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:11:19:11:61 | github.event.commits[11].author.name | ${{ github.event.commits[11].author.name }} |
| .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:12:19:12:57 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
| .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:13:19:13:62 | github.event.head_commit.author.email | ${{ github.event.head_commit.author.email }} |
| .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:14:19:14:61 | github.event.head_commit.author.name | ${{ github.event.head_commit.author.name }} |
| .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:15:19:15:65 | github.event.head_commit.committer.email | ${{ github.event.head_commit.committer.email }} |
| .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:16:19:16:64 | github.event.head_commit.committer.name | ${{ github.event.head_commit.committer.name }} |
| .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:17:19:17:65 | github.event.commits[11].committer.email | ${{ github.event.commits[11].committer.email }} |
| .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/push_and_workflow_dispatch.yml:18:19:18:64 | github.event.commits[11].committer.name | ${{ github.event.commits[11].committer.name }} |
| .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | .github/workflows/reusable-workflow-caller-1.yml:11:15:11:52 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:36:21:36:39 | inputs.taint | ${{ inputs.taint }} |
| .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | .github/workflows/reusable-workflow-1.yml:44:19:44:56 | github.event.pull_request.title | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:53:26:53:39 | env.log | ${{ env.log }} |
| .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | .github/workflows/reusable-workflow-1.yml:45:24:45:61 | github.event.changes.title.from | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/reusable-workflow-1.yml:66:34:66:52 | env.prev_log | ${{ env.prev_log }} |
@@ -729,6 +749,10 @@ subpaths
| .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:333:34:333:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
| .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:423:34:423:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
| .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test10.yml:518:34:518:77 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
| .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test20.yml:15:54:15:94 | github.event.pull_request.head.ref | ${{ github.event.pull_request.head.ref }} |
| .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:22:35:22:73 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
| .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:23:36:23:74 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
| .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/test21.yml:24:50:24:88 | github.event.head_commit.message | ${{ github.event.head_commit.message }} |
| .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches1.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
| .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches2.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |
| .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | Potential code injection in $@, which may be controlled by an external user. | .github/workflows/workflow_run_branches4.yml:13:20:13:63 | github.event.workflow_run.head_branch | ${{ github.event.workflow_run.head_branch }} |

3
config/identical-files.json
View File

@@ -282,6 +282,7 @@
"java/ql/lib/semmle/code/java/internal/OverlayXml.qll",
"go/ql/lib/semmle/go/internal/OverlayXml.qll",
"python/ql/lib/semmle/python/internal/OverlayXml.qll",
"csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll"
"csharp/ql/lib/semmle/code/csharp/internal/OverlayXml.qll",
"cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll"
]
}

13
cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -148,6 +148,19 @@ module SourceSinkInterpretationInput implements
)
}
predicate barrierElement(
Element n, string output, string kind, Public::Provenance provenance, string model
) {
none()
}
predicate barrierGuardElement(
Element n, string input, Public::AcceptingValue acceptingvalue, string kind,
Public::Provenance provenance, string model
) {
none()
}
private newtype TInterpretNode =
TElement_(Element n) or
TNode_(Node n)

32
cpp/ql/lib/semmle/code/cpp/internal/Overlay.qll
View File

@@ -2,6 +2,8 @@
* Defines entity discard predicates for C++ overlay analysis.
*/
private import OverlayXml
/**
* Holds always for the overlay variant and never for the base variant.
* This local predicate is used to define local predicates that behave
@@ -20,9 +22,21 @@ private string getLocationFilePath(@location_default loc) {
*/
overlay[local]
private string getSingleLocationFilePath(@element e) {
// @var_decl has a direct location in the var_decls relation
exists(@location_default loc | var_decls(e, _, _, _, loc) | result = getLocationFilePath(loc))
//TODO: add other kinds of elements with single locations
exists(@location_default loc |
var_decls(e, _, _, _, loc)
or
fun_decls(e, _, _, _, loc)
or
type_decls(e, _, loc)
or
namespace_decls(e, _, loc, _)
or
macroinvocations(e, _, loc, _)
or
preprocdirects(e, _, loc)
|
result = getLocationFilePath(loc)
)
}
/**
@@ -30,11 +44,17 @@ private string getSingleLocationFilePath(@element e) {
*/
overlay[local]
private string getMultiLocationFilePath(@element e) {
// @variable gets its location(s) from its @var_decl(s)
exists(@var_decl vd, @location_default loc | var_decls(vd, e, _, _, loc) |
exists(@location_default loc |
exists(@var_decl vd | var_decls(vd, e, _, _, loc))
or
exists(@fun_decl fd | fun_decls(fd, e, _, _, loc))
or
exists(@type_decl td | type_decls(td, e, loc))
or
exists(@namespace_decl nd | namespace_decls(nd, e, loc, _))
|
result = getLocationFilePath(loc)
)
//TODO: add other kinds of elements with multiple locations
}
/**

46
cpp/ql/lib/semmle/code/cpp/internal/OverlayXml.qll Normal file
View File

@@ -0,0 +1,46 @@
overlay[local]
module;
/**
* A local predicate that always holds for the overlay variant and never holds for the base variant.
* This is used to define local predicates that behave differently for the base and overlay variant.
*/
private predicate isOverlay() { databaseMetadata("isOverlay", "true") }
private string getXmlFile(@xmllocatable locatable) {
exists(@location_default location, @file file | xmllocations(locatable, location) |
locations_default(location, file, _, _, _, _) and
files(file, result)
)
}
private string getXmlFileInBase(@xmllocatable locatable) {
not isOverlay() and
result = getXmlFile(locatable)
}
/**
* Holds if the given `file` was extracted as part of the overlay and was extracted by the HTML/XML
* extractor.
*/
private predicate overlayXmlExtracted(string file) {
isOverlay() and
exists(@xmllocatable locatable |
not files(locatable, _) and not xmlNs(locatable, _, _, _) and file = getXmlFile(locatable)
)
}
/**
* Holds if the given XML `locatable` should be discarded, because it is part of the overlay base
* and is in a file that was also extracted as part of the overlay database.
*/
overlay[discard_entity]
private predicate discardXmlLocatable(@xmllocatable locatable) {
exists(string file | file = getXmlFileInBase(locatable) |
overlayChangedFiles(file)
or
// The HTML/XML extractor is currently not incremental and may extract more files than those
// included in overlayChangedFiles.
overlayXmlExtracted(file)
)
}

8
cpp/ql/lib/semmle/code/cpp/ir/dataflow/internal/SsaImpl.qll
View File

@@ -1051,12 +1051,12 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
}
private predicate guardChecksInstr(
IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, boolean branch,
IRGuards::Guards_v1::Guard g, IRGuards::GuardsInput::Expr instr, IRGuards::GuardValue gv,
int indirectionIndex
) {
exists(Node node |
nodeHasInstruction(node, instr, indirectionIndex) and
guardChecksNode(g, node, branch, indirectionIndex)
guardChecksNode(g, node, gv.asBooleanValue(), indirectionIndex)
)
}
@@ -1064,8 +1064,8 @@ module BarrierGuardWithIntParam<guardChecksNodeSig/4 guardChecksNode> {
DataFlowIntegrationInput::Guard g, SsaImpl::Definition def, IRGuards::GuardValue val,
int indirectionIndex
) {
IRGuards::Guards_v1::ValidationWrapperWithState<int, guardChecksInstr/4>::guardChecksDef(g, def,
val, indirectionIndex)
IRGuards::Guards_v1::ParameterizedValidationWrapper<int, guardChecksInstr/4>::guardChecksDef(g,
def, val, indirectionIndex)
}
Node getABarrierNode(int indirectionIndex) {

2
cpp/ql/src/Security/CWE/CWE-020/ExternalAPIs.qll
View File

@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
/** A node representing untrusted data being passed to an external API. */
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
/** Gets a source of untrusted data which is passed to this external API data node. */
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

2
cpp/ql/src/Security/CWE/CWE-020/ir/ExternalAPIs.qll
View File

@@ -10,7 +10,7 @@ import ExternalAPIsSpecific
/** A node representing untrusted data being passed to an external API. */
class UntrustedExternalApiDataNode extends ExternalApiDataNode {
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flow(_, this) }
UntrustedExternalApiDataNode() { UntrustedDataToExternalApiFlow::flowTo(this) }
/** Gets a source of untrusted data which is passed to this external API data node. */
DataFlow::Node getAnUntrustedSource() { UntrustedDataToExternalApiFlow::flow(result, this) }

4
cpp/ql/src/Security/CWE/CWE-311/CleartextTransmission.ql
View File

@@ -263,7 +263,7 @@ module FromSensitiveFlow = TaintTracking::Global<FromSensitiveConfig>;
* A taint flow configuration for flow from a sensitive expression to an encryption operation.
*/
module ToEncryptionConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flow(source, _) }
predicate isSource(DataFlow::Node source) { FromSensitiveFlow::flowFrom(source) }
predicate isSink(DataFlow::Node sink) { isSinkEncrypt(sink, _) }
@@ -311,7 +311,7 @@ where
FromSensitiveFlow::flowPath(source, sink) and
isSinkSendRecv(sink.getNode(), networkSendRecv) and
// no flow from sensitive -> evidence of encryption
not ToEncryptionFlow::flow(source.getNode(), _) and
not ToEncryptionFlow::flowFrom(source.getNode()) and
not FromEncryptionFlow::flowTo(sink.getNode()) and
// construct result
if networkSendRecv instanceof NetworkSend

2
cpp/ql/src/experimental/Security/CWE/CWE-193/ConstantSizeArrayOffByOne.ql
View File

@@ -129,7 +129,7 @@ module PointerArithmeticToDerefFlow = DataFlow::Global<PointerArithmeticToDerefC
predicate pointerArithOverflow(PointerArithmeticInstruction pai, int delta) {
pointerArithOverflow0(pai, delta) and
PointerArithmeticToDerefFlow::flow(DataFlow::instructionNode(pai), _)
PointerArithmeticToDerefFlow::flowFrom(DataFlow::instructionNode(pai))
}
bindingset[v]

2
csharp/.config/dotnet-tools.json
View File

@@ -3,7 +3,7 @@
"isRoot": true,
"tools": {
"paket": {
"version": "9.0.2",
"version": "10.0.0-alpha011",
"commands": [
"paket"
]

8
csharp/.vscode/launch.json vendored
View File

@@ -6,7 +6,7 @@
"type": "coreclr",
"request": "launch",
"preLaunchTask": "dotnet: build",
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net9.0/Semmle.Extraction.CSharp.Standalone.dll",
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Standalone/bin/Debug/net10.0/Semmle.Extraction.CSharp.Standalone.dll",
"args": [],
// Set the path to the folder that should be extracted:
"cwd": "${workspaceFolder}/ql/test/library-tests/standalone/standalonemode",
@@ -35,7 +35,7 @@
"type": "coreclr",
"request": "launch",
"preLaunchTask": "dotnet: build",
"program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net9.0/Semmle.Autobuild.CSharp.dll",
"program": "${workspaceFolder}/autobuilder/Semmle.Autobuild.CSharp/bin/Debug/net10.0/Semmle.Autobuild.CSharp.dll",
// Set the path to the folder that should be extracted:
"cwd": "${workspaceFolder}/ql/integration-tests/all-platforms/autobuild",
"stopAtEntry": true,
@@ -53,7 +53,7 @@
"type": "coreclr",
"request": "launch",
"preLaunchTask": "dotnet: build",
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
"stopAtEntry": true,
"args": [
"--binlog",
@@ -66,7 +66,7 @@
"type": "coreclr",
"request": "launch",
"preLaunchTask": "dotnet: build",
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net9.0/Semmle.Extraction.CSharp.Driver.dll",
"program": "${workspaceFolder}/extractor/Semmle.Extraction.CSharp.Driver/bin/Debug/net10.0/Semmle.Extraction.CSharp.Driver.dll",
// Set the path to the folder that should be extracted:
"cwd": "${workspaceFolder}/ql/test/library-tests/dataflow/local",
"args": [

2
csharp/Directory.Build.props
View File

@@ -1,7 +1,7 @@
<Project>
<PropertyGroup>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<RuntimeIdentifiers>win-x64;linux-x64;osx-x64</RuntimeIdentifiers>
<Nullable>enable</Nullable>
<AllowUnsafeBlocks>true</AllowUnsafeBlocks>

2
csharp/actions/create-extractor-pack/action.yml
View File

@@ -7,7 +7,7 @@ runs:
- name: Setup dotnet
uses: actions/setup-dotnet@v4
with:
dotnet-version: 9.0.300
dotnet-version: 10.0.100
- name: Build Extractor
shell: bash
run: scripts/create-extractor-pack.sh

1
csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/BUILD.bazel
View File

@@ -13,6 +13,5 @@ codeql_xunit_test(
"//csharp/autobuilder/Semmle.Autobuild.CSharp:bin/Semmle.Autobuild.CSharp",
"//csharp/autobuilder/Semmle.Autobuild.Shared",
"@paket.main//microsoft.net.test.sdk",
"@paket.main//system.io.filesystem",
],
)

1
csharp/autobuilder/Semmle.Autobuild.CSharp.Tests/paket.references
View File

@@ -1,4 +1,3 @@
System.IO.FileSystem
xunit
xunit.runner.visualstudio
Microsoft.NET.Test.Sdk

10
csharp/autobuilder/Semmle.Autobuild.CSharp/DotNetRule.cs
View File

@@ -48,7 +48,7 @@ namespace Semmle.Autobuild.CSharp
{
// When a custom .NET CLI has been installed, `dotnet --info` has already been executed
// to verify the installation.
var ret = dotNetPath is null ? GetInfoCommand(builder.Actions, dotNetPath, environment) : BuildScript.Success;
var ret = dotNetPath is null ? DotNet.InfoScript(builder.Actions, DotNetCommand(builder.Actions, dotNetPath), environment, builder.Logger) : BuildScript.Success;
foreach (var projectOrSolution in builder.ProjectsOrSolutionsToBuild)
{
var cleanCommand = GetCleanCommand(builder.Actions, dotNetPath, environment);
@@ -111,14 +111,6 @@ namespace Semmle.Autobuild.CSharp
private static string DotNetCommand(IBuildActions actions, string? dotNetPath) =>
dotNetPath is not null ? actions.PathCombine(dotNetPath, "dotnet") : "dotnet";
private static BuildScript GetInfoCommand(IBuildActions actions, string? dotNetPath, IDictionary<string, string>? environment)
{
var info = new CommandBuilder(actions, null, environment).
RunCommand(DotNetCommand(actions, dotNetPath)).
Argument("--info");
return info.Script;
}
private static CommandBuilder GetCleanCommand(IBuildActions actions, string? dotNetPath, IDictionary<string, string>? environment)
{
var clean = new CommandBuilder(actions, null, environment).

1
csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/BUILD.bazel
View File

@@ -13,6 +13,5 @@ codeql_xunit_test(
"//csharp/autobuilder/Semmle.Autobuild.Cpp:bin/Semmle.Autobuild.Cpp",
"//csharp/autobuilder/Semmle.Autobuild.Shared",
"@paket.main//microsoft.net.test.sdk",
"@paket.main//system.io.filesystem",
],
)

1
csharp/autobuilder/Semmle.Autobuild.Cpp.Tests/paket.references
View File

@@ -1,4 +1,3 @@
System.IO.FileSystem
xunit
xunit.runner.visualstudio
Microsoft.NET.Test.Sdk

1
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/BUILD.bazel
View File

@@ -16,5 +16,6 @@ codeql_csharp_library(
"//csharp/extractor/Semmle.Extraction.CSharp",
"//csharp/extractor/Semmle.Util",
"@paket.main//newtonsoft.json",
"@paket.main//nuget.versioning",
],
)

2
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DependencyManager.cs
View File

@@ -283,7 +283,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
{
foreach (var fp in frameworkPaths)
{
dotnetFrameworkVersionVariantCount += NugetPackageRestorer.GetOrderedPackageVersionSubDirectories(fp.Path!).Length;
dotnetFrameworkVersionVariantCount += nugetPackageRestorer.GetOrderedPackageVersionSubDirectories(fp.Path!).Length;
}
var folder = nugetPackageRestorer.GetNewestNugetPackageVersionFolder(frameworkPath.Path, ".NET Framework");

61
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNet.cs
View File

@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.Collections.ObjectModel;
using System.IO;
using System.Linq;
using System.Threading;
using Newtonsoft.Json.Linq;
using Semmle.Util;
@@ -36,12 +37,29 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
public static IDotNet Make(ILogger logger, string? dotNetPath, TemporaryDirectory tempWorkingDirectory, DependabotProxy? dependabotProxy) => new DotNet(logger, dotNetPath, tempWorkingDirectory, dependabotProxy);
private static void HandleRetryExitCode143(string dotnet, int attempt, ILogger logger)
{
logger.LogWarning($"Running '{dotnet} --info' failed with exit code 143. Retrying...");
var sleep = Math.Pow(2, attempt) * 1000;
Thread.Sleep((int)sleep);
}
private void Info()
{
var res = dotnetCliInvoker.RunCommand("--info", silent: false);
if (!res)
// Allow up to four attempts (with up to three retries) to run `dotnet --info`, to mitigate transient issues
for (int attempt = 0; attempt < 4; attempt++)
{
throw new Exception($"{dotnetCliInvoker.Exec} --info failed.");
var exitCode = dotnetCliInvoker.RunCommandExitCode("--info", silent: false);
switch (exitCode)
{
case 0:
return;
case 143 when attempt < 3:
HandleRetryExitCode143(dotnetCliInvoker.Exec, attempt, logger);
continue;
default:
throw new Exception($"{dotnetCliInvoker.Exec} --info failed with exit code {exitCode}.");
}
}
}
@@ -59,7 +77,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
Directory.CreateDirectory(path);
}
args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\"";
args += $" /p:TargetFrameworkRootPath=\"{path}\" /p:NetCoreTargetingPackRoot=\"{path}\" /p:AllowMissingPrunePackageData=true";
}
if (restoreSettings.PathToNugetConfig != null)
@@ -139,7 +157,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
// The version number should be kept in sync with the version .NET version used for building the application.
public const string LatestDotNetSdkVersion = "9.0.300";
public const string LatestDotNetSdkVersion = "10.0.100";
public static ReadOnlyDictionary<string, string> MinimalEnvironment => IDotNetCliInvoker.MinimalEnvironment;
@@ -193,6 +211,35 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return BuildScript.Failure;
}
/// <summary>
/// Returns a script for running `dotnet --info`, with retries on exit code 143.
/// </summary>
public static BuildScript InfoScript(IBuildActions actions, string dotnet, IDictionary<string, string>? environment, ILogger logger)
{
var info = new CommandBuilder(actions, null, environment).
RunCommand(dotnet).
Argument("--info");
var script = info.Script;
for (var attempt = 0; attempt < 4; attempt++)
{
var attemptCopy = attempt; // Capture in local variable
script = BuildScript.Bind(script, ret =>
{
switch (ret)
{
case 0:
return BuildScript.Success;
case 143 when attemptCopy < 3:
HandleRetryExitCode143(dotnet, attemptCopy, logger);
return info.Script;
default:
return BuildScript.Failure;
}
});
}
return script;
}
/// <summary>
/// Returns a script for downloading specific .NET SDK versions, if the
/// versions are not already installed.
@@ -292,9 +339,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
};
}
var dotnetInfo = new CommandBuilder(actions, environment: MinimalEnvironment).
RunCommand(actions.PathCombine(path, "dotnet")).
Argument("--info").Script;
var dotnetInfo = InfoScript(actions, actions.PathCombine(path, "dotnet"), MinimalEnvironment.ToDictionary(), logger);
Func<string, BuildScript> getInstallAndVerify = version =>
// run `dotnet --info` after install, to check that it executes successfully

13
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetCliInvoker.cs
View File

@@ -57,15 +57,21 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return startInfo;
}
private bool RunCommandAux(string args, string? workingDirectory, out IList<string> output, bool silent)
private int RunCommandExitCodeAux(string args, string? workingDirectory, out IList<string> output, out string dirLog, bool silent)
{
var dirLog = string.IsNullOrWhiteSpace(workingDirectory) ? "" : $" in {workingDirectory}";
dirLog = string.IsNullOrWhiteSpace(workingDirectory) ? "" : $" in {workingDirectory}";
var pi = MakeDotnetStartInfo(args, workingDirectory);
var threadId = Environment.CurrentManagedThreadId;
void onOut(string s) => logger.Log(silent ? Severity.Debug : Severity.Info, s, threadId);
void onError(string s) => logger.LogError(s, threadId);
logger.LogInfo($"Running '{Exec} {args}'{dirLog}");
var exitCode = pi.ReadOutput(out output, onOut, onError);
return exitCode;
}
private bool RunCommandAux(string args, string? workingDirectory, out IList<string> output, bool silent)
{
var exitCode = RunCommandExitCodeAux(args, workingDirectory, out output, out var dirLog, silent);
if (exitCode != 0)
{
logger.LogError($"Command '{Exec} {args}'{dirLog} failed with exit code {exitCode}");
@@ -77,6 +83,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
public bool RunCommand(string args, bool silent = true) =>
RunCommandAux(args, null, out _, silent);
public int RunCommandExitCode(string args, bool silent = true) =>
RunCommandExitCodeAux(args, null, out _, out _, silent);
public bool RunCommand(string args, out IList<string> output, bool silent = true) =>
RunCommandAux(args, null, out output, silent);

47
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/DotNetVersion.cs
View File

@@ -1,24 +1,16 @@
using System;
using System.IO;
using NuGet.Versioning;
namespace Semmle.Extraction.CSharp.DependencyFetching
{
internal record DotNetVersion : IComparable<DotNetVersion>
{
private readonly string dir;
private readonly Version version;
private readonly Version? preReleaseVersion;
private readonly string? preReleaseVersionType;
private bool IsPreRelease => preReleaseVersionType is not null && preReleaseVersion is not null;
private readonly NuGetVersion version;
private string FullVersion
{
get
{
var preRelease = IsPreRelease ? $"-{preReleaseVersionType}.{preReleaseVersion}" : "";
return this.version + preRelease;
}
}
private string FullVersion =>
version.ToString();
public string FullPath => Path.Combine(dir, FullVersion);
@@ -48,37 +40,14 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
public DotNetVersion(string dir, string version, string preReleaseVersionType, string preReleaseVersion)
public DotNetVersion(string dir, NuGetVersion version)
{
this.dir = dir;
this.version = Version.Parse(version);
if (!string.IsNullOrEmpty(preReleaseVersion) && !string.IsNullOrEmpty(preReleaseVersionType))
{
this.preReleaseVersionType = preReleaseVersionType;
this.preReleaseVersion = Version.Parse(preReleaseVersion);
}
this.version = version;
}
public int CompareTo(DotNetVersion? other)
{
var c = version.CompareTo(other?.version);
if (c == 0 && IsPreRelease)
{
if (!other!.IsPreRelease)
{
return -1;
}
// Both are pre-release like runtime versions.
// The pre-release version types are sorted alphabetically (e.g. alpha, beta, preview, rc)
// and the pre-release version types are more important that the pre-release version numbers.
return preReleaseVersionType != other!.preReleaseVersionType
? preReleaseVersionType!.CompareTo(other!.preReleaseVersionType)
: preReleaseVersion!.CompareTo(other!.preReleaseVersion);
}
return c;
}
public int CompareTo(DotNetVersion? other) =>
version.CompareTo(other?.version);
public override string ToString() => FullPath;
}

6
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/FilePathFilter.cs
View File

@@ -55,12 +55,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
}
else
{
logger.LogInfo($"Invalid filter: {filter}");
logger.LogWarning($"Invalid filter: {filter}");
continue;
}
var regex = new FilePattern(filterText).RegexPattern;
logger.LogInfo($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
logger.LogDebug($"Filtering {(include ? "in" : "out")} files matching '{regex}'. Original glob filter: '{filter}'");
pathFilters.Add(new PathFilter(new Regex(regex, RegexOptions.IgnoreCase | RegexOptions.Compiled | RegexOptions.Singleline), include));
}
@@ -91,7 +91,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
if (!include)
{
logger.LogInfo($"Excluding '{f.FileInfo.FullName}'");
logger.LogDebug($"Excluding '{f.FileInfo.FullName}'");
}
return include;

6
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/IDotNetCliInvoker.cs
View File

@@ -30,6 +30,12 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
/// </summary>
bool RunCommand(string args, bool silent = true);
/// <summary>
/// Execute `dotnet <paramref name="args"/>` and return the exit code.
/// If `silent` is true the output of the command is logged as `debug` otherwise as `info`.
/// </summary>
int RunCommandExitCode(string args, bool silent = true);
/// <summary>
/// Execute `dotnet <paramref name="args"/>` and return true if the command succeeded, otherwise false.
/// The output of the command is returned in `output`.

16
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/NugetPackageRestorer.cs
View File

@@ -10,6 +10,7 @@ using System.Text;
using System.Text.RegularExpressions;
using System.Threading;
using System.Threading.Tasks;
using NuGet.Versioning;
using Semmle.Util;
using Semmle.Util.Logging;
@@ -87,11 +88,22 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return selectedFrameworkFolder;
}
public static DirectoryInfo[] GetOrderedPackageVersionSubDirectories(string packagePath)
public DirectoryInfo[] GetOrderedPackageVersionSubDirectories(string packagePath)
{
// Only consider directories with valid NuGet version names.
return new DirectoryInfo(packagePath)
.EnumerateDirectories("*", new EnumerationOptions { MatchCasing = MatchCasing.CaseInsensitive, RecurseSubdirectories = false })
.OrderByDescending(d => d.Name) // TODO: Improve sorting to handle pre-release versions.
.SelectMany(d =>
{
if (NuGetVersion.TryParse(d.Name, out var version))
{
return new[] { new { Directory = d, NuGetVersion = version } };
}
logger.LogInfo($"Ignoring package directory '{d.FullName}' as it does not have a valid NuGet version name.");
return [];
})
.OrderByDescending(dw => dw.NuGetVersion)
.Select(dw => dw.Directory)
.ToArray();
}

7
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Runtime.cs
View File

@@ -4,6 +4,7 @@ using System.IO;
using System.Linq;
using System.Runtime.InteropServices;
using System.Text.RegularExpressions;
using NuGet.Versioning;
using Semmle.Util;
using Semmle.Util.Logging;
@@ -27,7 +28,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
this.newestRuntimes = new(GetNewestRuntimes);
}
[GeneratedRegex(@"^(\S+)\s(\d+\.\d+\.\d+)(-([a-z]+)\.(\d+\.\d+\.\d+))?\s\[(.+)\]$")]
[GeneratedRegex(@"^(\S+)\s(\d+\.\d+\.\d+(-[a-z]+\.\d+\.\d+\.\d+)?)\s\[(.+)\]$")]
private static partial Regex RuntimeRegex();
/// <summary>
@@ -44,9 +45,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
listed.ForEach(r =>
{
var match = regex.Match(r);
if (match.Success)
if (match.Success && NuGetVersion.TryParse(match.Groups[2].Value, out var version))
{
runtimes.AddOrUpdateToLatest(match.Groups[1].Value, new DotNetVersion(match.Groups[6].Value, match.Groups[2].Value, match.Groups[4].Value, match.Groups[5].Value));
runtimes.AddOrUpdateToLatest(match.Groups[1].Value, new DotNetVersion(match.Groups[4].Value, version));
}
});

9
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/Sdk.cs
View File

@@ -3,6 +3,7 @@ using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Text.RegularExpressions;
using NuGet.Versioning;
using Semmle.Util;
using Semmle.Util.Logging;
@@ -27,7 +28,7 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
cscPath = new Lazy<string?>(GetCscPath);
}
[GeneratedRegex(@"^(\d+\.\d+\.\d+)(-([a-z]+)\.(\d+\.\d+\.\d+))?\s\[(.+)\]$")]
[GeneratedRegex(@"^(\d+\.\d+\.\d+(-[a-z]+\.\d+\.\d+\.\d+)?)\s\[(.+)\]$")]
private static partial Regex SdkRegex();
private static HashSet<DotNetVersion> ParseSdks(IList<string> listed)
@@ -37,9 +38,9 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
listed.ForEach(r =>
{
var match = regex.Match(r);
if (match.Success)
if (match.Success && NuGetVersion.TryParse(match.Groups[1].Value, out var version))
{
sdks.Add(new DotNetVersion(match.Groups[5].Value, match.Groups[1].Value, match.Groups[3].Value, match.Groups[4].Value));
sdks.Add(new DotNetVersion(match.Groups[3].Value, version));
}
});
@@ -73,4 +74,4 @@ namespace Semmle.Extraction.CSharp.DependencyFetching
return path;
}
}
}
}

1
csharp/extractor/Semmle.Extraction.CSharp.DependencyFetching/paket.references
View File

@@ -1 +1,2 @@
Newtonsoft.Json
NuGet.Versioning

4
csharp/extractor/Semmle.Extraction.CSharp.DependencyStubGenerator/Semmle.Extraction.CSharp.DependencyStubGenerator.csproj
View File

@@ -2,7 +2,7 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<AssemblyName>Semmle.Extraction.CSharp.DependencyStubGenerator</AssemblyName>
<RootNamespace>Semmle.Extraction.CSharp.DependencyStubGenerator</RootNamespace>
<ImplicitUsings>enable</ImplicitUsings>
@@ -14,4 +14,4 @@
<ProjectReference Include="..\Semmle.Extraction.CSharp.StubGenerator\Semmle.Extraction.CSharp.StubGenerator.csproj" />
</ItemGroup>
<Import Project="..\..\.paket\Paket.Restore.targets" />
</Project>
</Project>

4
csharp/extractor/Semmle.Extraction.CSharp.Standalone/paket.references
View File

@@ -1,5 +1 @@
Microsoft.Build
Microsoft.Win32.Primitives
System.Net.Primitives
System.Security.Principal
System.Threading.ThreadPool

24
csharp/extractor/Semmle.Extraction.CSharp/Entities/Constructor.cs
View File

@@ -74,6 +74,7 @@ namespace Semmle.Extraction.CSharp.Entities
{
case SyntaxKind.BaseConstructorInitializer:
initializerType = Symbol.ContainingType.BaseType!;
ExtractObjectInitCall(trapFile);
break;
case SyntaxKind.ThisConstructorInitializer:
initializerType = Symbol.ContainingType;
@@ -90,10 +91,12 @@ namespace Semmle.Extraction.CSharp.Entities
var primaryInfo = Context.GetSymbolInfo(primaryInitializer);
var primarySymbol = primaryInfo.Symbol;
ExtractObjectInitCall(trapFile);
ExtractSourceInitializer(trapFile, primarySymbol?.ContainingType, (IMethodSymbol?)primarySymbol, primaryInitializer.ArgumentList, primaryInitializer.GetLocation());
}
else if (Symbol.MethodKind is MethodKind.Constructor)
{
ExtractObjectInitCall(trapFile);
var baseType = Symbol.ContainingType.BaseType;
if (baseType is null)
{
@@ -127,6 +130,27 @@ namespace Semmle.Extraction.CSharp.Entities
}
}
private void ExtractObjectInitCall(TextWriter trapFile)
{
var target = ObjectInitMethod.Create(Context, ContainingType!);
var type = Context.Compilation.GetSpecialType(SpecialType.System_Void);
var info = new ExpressionInfo(Context,
AnnotatedTypeSymbol.CreateNotAnnotated(type),
Location,
Kinds.ExprKind.METHOD_INVOCATION,
this,
-2,
isCompilerGenerated: true,
null);
var obinitCall = new Expression(info);
trapFile.expr_call(obinitCall, target);
Expressions.This.CreateImplicit(Context, Symbol.ContainingType, Location, obinitCall, -1);
}
private void ExtractSourceInitializer(TextWriter trapFile, ITypeSymbol? type, IMethodSymbol? symbol, ArgumentListSyntax arguments, Microsoft.CodeAnalysis.Location location)
{
var initInfo = new ExpressionInfo(Context,

9
csharp/extractor/Semmle.Extraction.CSharp/Entities/IMethodEntity.cs Normal file
View File

@@ -0,0 +1,9 @@
namespace Semmle.Extraction.CSharp.Entities
{
/// <summary>
/// Marker interface for method entities.
/// </summary>
public interface IMethodEntity : IEntity
{
}
}

2
csharp/extractor/Semmle.Extraction.CSharp/Entities/Method.cs
View File

@@ -9,7 +9,7 @@ using Semmle.Extraction.CSharp.Populators;
namespace Semmle.Extraction.CSharp.Entities
{
internal abstract class Method : CachedSymbol<IMethodSymbol>, IExpressionParentEntity, IStatementParentEntity
internal abstract class Method : CachedSymbol<IMethodSymbol>, IExpressionParentEntity, IStatementParentEntity, IMethodEntity
{
protected Method(Context cx, IMethodSymbol init)
: base(cx, init) { }

56
csharp/extractor/Semmle.Extraction.CSharp/Entities/ObjectInitMethod.cs Normal file
View File

@@ -0,0 +1,56 @@
using System.IO;
using Microsoft.CodeAnalysis;
namespace Semmle.Extraction.CSharp.Entities
{
internal sealed class ObjectInitMethod : CachedEntity, IMethodEntity
{
private Type ContainingType { get; }
private ObjectInitMethod(Context cx, Type containingType)
: base(cx)
{
this.ContainingType = containingType;
}
private static readonly string Name = "<object initializer>";
public static ObjectInitMethod Create(Context cx, Type containingType)
{
return ObjectInitMethodFactory.Instance.CreateEntity(cx, (typeof(ObjectInitMethod), containingType), containingType);
}
public override void Populate(TextWriter trapFile)
{
var returnType = Type.Create(Context, Context.Compilation.GetSpecialType(SpecialType.System_Void));
trapFile.methods(this, Name, ContainingType, returnType.TypeRef, this);
trapFile.compiler_generated(this);
trapFile.method_location(this, Context.CreateLocation(ReportingLocation));
}
public override void WriteId(EscapingTextWriter trapFile)
{
trapFile.WriteSubId(ContainingType);
trapFile.Write(".");
trapFile.Write(Name);
trapFile.Write(";method");
}
public override Microsoft.CodeAnalysis.Location? ReportingLocation => ContainingType.ReportingLocation;
public override bool NeedsPopulation => true;
public override TrapStackBehaviour TrapStackBehaviour => TrapStackBehaviour.NoLabel;
private class ObjectInitMethodFactory : CachedEntityFactory<Type, ObjectInitMethod>
{
public static ObjectInitMethodFactory Instance { get; } = new ObjectInitMethodFactory();
public override ObjectInitMethod Create(Context cx, Type containingType) =>
new ObjectInitMethod(cx, containingType);
}
}
}

6
csharp/extractor/Semmle.Extraction.CSharp/Trap/Tuples.cs
View File

@@ -175,7 +175,7 @@ namespace Semmle.Extraction.CSharp
internal static void expr_argument_name(this TextWriter trapFile, Expression expr, string name) =>
trapFile.WriteTuple("expr_argument_name", expr, name);
internal static void expr_call(this TextWriter trapFile, Expression expr, Method target) =>
internal static void expr_call(this TextWriter trapFile, Expression expr, IMethodEntity target) =>
trapFile.WriteTuple("expr_call", expr, target);
internal static void expr_flowstate(this TextWriter trapFile, Expression expr, int flowState) =>
@@ -247,10 +247,10 @@ namespace Semmle.Extraction.CSharp
internal static void localvars(this TextWriter trapFile, LocalVariable key, VariableKind kind, string name, int @var, Type type, Expression expr) =>
trapFile.WriteTuple("localvars", key, (int)kind, name, @var, type, expr);
internal static void method_location(this TextWriter trapFile, Method method, Location location) =>
internal static void method_location(this TextWriter trapFile, IMethodEntity method, Location location) =>
trapFile.WriteTuple("method_location", method, location);
internal static void methods(this TextWriter trapFile, Method method, string name, Type declType, Type retType, Method originalDefinition) =>
internal static void methods(this TextWriter trapFile, IMethodEntity method, string name, Type declType, Type retType, IMethodEntity originalDefinition) =>
trapFile.WriteTuple("methods", method, name, declType, retType, originalDefinition);
internal static void modifiers(this TextWriter trapFile, Label entity, string modifier) =>

1
csharp/extractor/Semmle.Extraction.Tests/BUILD.bazel
View File

@@ -16,6 +16,5 @@ codeql_xunit_test(
"//csharp/extractor/Semmle.Extraction.CSharp.StubGenerator",
"//csharp/extractor/Semmle.Util",
"@paket.main//microsoft.net.test.sdk",
"@paket.main//system.io.filesystem",
],
)

11
csharp/extractor/Semmle.Extraction.Tests/DotNet.cs
View File

@@ -12,6 +12,7 @@ namespace Semmle.Extraction.Tests
private string lastArgs = "";
public string WorkingDirectory { get; private set; } = "";
public bool Success { get; set; } = true;
public int ExitCode { get; set; } = 0;
public DotNetCliInvokerStub(IList<string> output)
{
@@ -26,6 +27,12 @@ namespace Semmle.Extraction.Tests
return Success;
}
public int RunCommandExitCode(string args, bool silent)
{
lastArgs = args;
return ExitCode;
}
public bool RunCommand(string args, out IList<string> output, bool silent)
{
lastArgs = args;
@@ -83,7 +90,7 @@ namespace Semmle.Extraction.Tests
public void TestDotnetInfoFailure()
{
// Setup
var dotnetCliInvoker = new DotNetCliInvokerStub(new List<string>()) { Success = false };
var dotnetCliInvoker = new DotNetCliInvokerStub(new List<string>()) { ExitCode = 1 };
// Execute
try
@@ -94,7 +101,7 @@ namespace Semmle.Extraction.Tests
// Verify
catch (Exception e)
{
Assert.Equal("dotnet --info failed.", e.Message);
Assert.Equal("dotnet --info failed with exit code 1.", e.Message);
return;
}
Assert.Fail("Expected exception");

1
csharp/extractor/Semmle.Extraction.Tests/paket.references
View File

@@ -1,4 +1,3 @@
System.IO.FileSystem
xunit
xunit.runner.visualstudio
Microsoft.NET.Test.Sdk

16
csharp/paket.dependencies
View File

@@ -1,21 +1,17 @@
framework: net9.0
framework: net10.0
storage: none
source https://api.nuget.org/v3/index.json
# behave like nuget in choosing transitive dependency versions
strategy: max
nuget Basic.CompilerLog.Util 0.9.21
nuget Basic.CompilerLog.Util 0.9.25
nuget Mono.Posix.NETStandard
nuget Newtonsoft.Json
nuget NuGet.Versioning
nuget xunit
nuget xunit.runner.visualstudio
nuget xunit.runner.utility
nuget Microsoft.NET.Test.Sdk
nuget Microsoft.CodeAnalysis.CSharp 4.14.0
nuget Microsoft.CodeAnalysis 4.14.0
nuget Microsoft.Build 17.14.28
nuget Microsoft.Win32.Primitives
nuget System.Net.Primitives
nuget System.Security.Principal
nuget System.Threading.ThreadPool
nuget System.IO.FileSystem
nuget Microsoft.CodeAnalysis.CSharp 5.0.0
nuget Microsoft.CodeAnalysis 5.0.0
nuget Microsoft.Build 18.0.2

225
csharp/paket.lock generated
View File

@@ -1,9 +1,9 @@
STORAGE: NONE
STRATEGY: MAX
RESTRICTION: == net9.0
RESTRICTION: == net10.0
NUGET
remote: https://api.nuget.org/v3/index.json
Basic.CompilerLog.Util (0.9.21)
Basic.CompilerLog.Util (0.9.25)
MessagePack (>= 3.1.4)
Microsoft.Bcl.Memory (>= 9.0.10)
Microsoft.CodeAnalysis (>= 4.8)
@@ -12,197 +12,132 @@ NUGET
Microsoft.Extensions.ObjectPool (>= 9.0.10)
MSBuild.StructuredLogger (>= 2.3.71)
NaturalSort.Extension (>= 4.4)
Humanizer.Core (2.14.1)
NuGet.Versioning (>= 6.14)
Humanizer.Core (3.0.1)
MessagePack (3.1.4)
MessagePack.Annotations (>= 3.1.4)
MessagePackAnalyzer (>= 3.1.4)
Microsoft.NET.StringTools (>= 17.11.4)
MessagePack.Annotations (3.1.4)
MessagePackAnalyzer (3.1.4)
Microsoft.Bcl.AsyncInterfaces (9.0.10)
Microsoft.Bcl.Memory (9.0.10)
Microsoft.Build (17.14.28)
Microsoft.Build.Framework (>= 17.14.28)
Microsoft.NET.StringTools (>= 17.14.28)
Microsoft.Bcl.AsyncInterfaces (10.0)
Microsoft.Bcl.Memory (10.0)
Microsoft.Build (18.0.2)
Microsoft.Build.Framework (>= 18.0.2)
Microsoft.NET.StringTools (>= 18.0.2)
System.Configuration.ConfigurationManager (>= 9.0)
System.Diagnostics.EventLog (>= 9.0)
System.Reflection.MetadataLoadContext (>= 9.0)
System.Security.Cryptography.ProtectedData (>= 9.0)
Microsoft.Build.Framework (17.14.28)
Microsoft.Build.Utilities.Core (17.14.28)
Microsoft.Build.Framework (>= 17.14.28)
Microsoft.NET.StringTools (>= 17.14.28)
System.Collections.Immutable (>= 9.0)
System.Security.Cryptography.ProtectedData (>= 9.0.6)
Microsoft.Build.Framework (18.0.2)
Microsoft.Build.Utilities.Core (18.0.2)
Microsoft.Build.Framework (>= 18.0.2)
Microsoft.NET.StringTools (>= 18.0.2)
System.Configuration.ConfigurationManager (>= 9.0)
System.Diagnostics.EventLog (>= 9.0)
System.Security.Cryptography.ProtectedData (>= 9.0)
Microsoft.CodeAnalysis (4.14)
System.Security.Cryptography.ProtectedData (>= 9.0.6)
Microsoft.CodeAnalysis (5.0)
Humanizer.Core (>= 2.14.1)
Microsoft.Bcl.AsyncInterfaces (>= 9.0)
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
Microsoft.CodeAnalysis.CSharp.Workspaces (4.14)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.14)
System.Buffers (>= 4.5.1)
Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
System.Buffers (>= 4.6)
System.Collections.Immutable (>= 9.0)
System.Composition (>= 9.0)
System.IO.Pipelines (>= 9.0)
System.Memory (>= 4.5.5)
System.Numerics.Vectors (>= 4.5)
System.Memory (>= 4.6)
System.Numerics.Vectors (>= 4.6)
System.Reflection.Metadata (>= 9.0)
System.Runtime.CompilerServices.Unsafe (>= 6.0)
System.Text.Encoding.CodePages (>= 7.0)
System.Threading.Channels (>= 7.0)
System.Threading.Tasks.Extensions (>= 4.5.4)
System.Runtime.CompilerServices.Unsafe (>= 6.1)
System.Text.Encoding.CodePages (>= 8.0)
System.Threading.Channels (>= 8.0)
System.Threading.Tasks.Extensions (>= 4.6)
Microsoft.CodeAnalysis.Analyzers (3.11)
Microsoft.CodeAnalysis.Common (4.14)
Microsoft.CodeAnalysis.Common (5.0)
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
System.Collections.Immutable (>= 9.0)
System.Reflection.Metadata (>= 9.0)
Microsoft.CodeAnalysis.CSharp (4.14)
Microsoft.CodeAnalysis.CSharp (5.0)
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
Microsoft.CodeAnalysis.Common (4.14)
System.Collections.Immutable (>= 9.0)
System.Reflection.Metadata (>= 9.0)
Microsoft.CodeAnalysis.CSharp.Workspaces (4.14)
Microsoft.CodeAnalysis.Common (5.0)
Microsoft.CodeAnalysis.CSharp.Workspaces (5.0)
Humanizer.Core (>= 2.14.1)
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
Microsoft.CodeAnalysis.Common (4.14)
Microsoft.CodeAnalysis.CSharp (4.14)
Microsoft.CodeAnalysis.Workspaces.Common (4.14)
System.Collections.Immutable (>= 9.0)
Microsoft.CodeAnalysis.Common (5.0)
Microsoft.CodeAnalysis.CSharp (5.0)
Microsoft.CodeAnalysis.Workspaces.Common (5.0)
System.Composition (>= 9.0)
System.IO.Pipelines (>= 9.0)
System.Reflection.Metadata (>= 9.0)
System.Threading.Channels (>= 7.0)
Microsoft.CodeAnalysis.VisualBasic (4.14)
Microsoft.CodeAnalysis.VisualBasic (5.0)
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
Microsoft.CodeAnalysis.Common (4.14)
System.Collections.Immutable (>= 9.0)
System.Reflection.Metadata (>= 9.0)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (4.14)
Microsoft.CodeAnalysis.Common (5.0)
Microsoft.CodeAnalysis.VisualBasic.Workspaces (5.0)
Humanizer.Core (>= 2.14.1)
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
Microsoft.CodeAnalysis.Common (4.14)
Microsoft.CodeAnalysis.VisualBasic (4.14)
Microsoft.CodeAnalysis.Workspaces.Common (4.14)
System.Collections.Immutable (>= 9.0)
Microsoft.CodeAnalysis.Common (5.0)
Microsoft.CodeAnalysis.VisualBasic (5.0)
Microsoft.CodeAnalysis.Workspaces.Common (5.0)
System.Composition (>= 9.0)
System.IO.Pipelines (>= 9.0)
System.Reflection.Metadata (>= 9.0)
System.Threading.Channels (>= 7.0)
Microsoft.CodeAnalysis.Workspaces.Common (4.14)
Microsoft.CodeAnalysis.Workspaces.Common (5.0)
Humanizer.Core (>= 2.14.1)
Microsoft.CodeAnalysis.Analyzers (>= 3.11)
Microsoft.CodeAnalysis.Common (4.14)
System.Collections.Immutable (>= 9.0)
Microsoft.CodeAnalysis.Common (5.0)
System.Composition (>= 9.0)
System.IO.Pipelines (>= 9.0)
System.Reflection.Metadata (>= 9.0)
System.Threading.Channels (>= 7.0)
Microsoft.CodeCoverage (18.0)
Microsoft.Extensions.ObjectPool (9.0.10)
Microsoft.NET.StringTools (17.14.28)
Microsoft.NET.Test.Sdk (18.0)
Microsoft.CodeCoverage (>= 18.0)
Microsoft.TestPlatform.TestHost (>= 18.0)
Microsoft.NETCore.Platforms (7.0.4)
Microsoft.NETCore.Targets (5.0)
Microsoft.TestPlatform.ObjectModel (18.0)
Microsoft.CodeCoverage (18.0.1)
Microsoft.Extensions.ObjectPool (10.0)
Microsoft.NET.StringTools (18.0.2)
Microsoft.NET.Test.Sdk (18.0.1)
Microsoft.CodeCoverage (>= 18.0.1)
Microsoft.TestPlatform.TestHost (>= 18.0.1)
Microsoft.TestPlatform.ObjectModel (18.0.1)
System.Reflection.Metadata (>= 8.0)
Microsoft.TestPlatform.TestHost (18.0)
Microsoft.TestPlatform.ObjectModel (>= 18.0)
Microsoft.TestPlatform.TestHost (18.0.1)
Microsoft.TestPlatform.ObjectModel (>= 18.0.1)
Newtonsoft.Json (>= 13.0.3)
Microsoft.Win32.Primitives (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
Mono.Posix.NETStandard (1.0)
MSBuild.StructuredLogger (2.3.71)
MSBuild.StructuredLogger (2.3.113)
Microsoft.Build.Framework (>= 17.5)
Microsoft.Build.Utilities.Core (>= 17.5)
System.Collections.Immutable (>= 8.0)
NaturalSort.Extension (4.4)
NaturalSort.Extension (4.4.1)
Newtonsoft.Json (13.0.4)
NuGet.Versioning (7.0.1)
System.Buffers (4.6.1)
System.Collections.Immutable (9.0.10)
System.Composition (9.0.10)
System.Composition.AttributedModel (>= 9.0.10)
System.Composition.Convention (>= 9.0.10)
System.Composition.Hosting (>= 9.0.10)
System.Composition.Runtime (>= 9.0.10)
System.Composition.TypedParts (>= 9.0.10)
System.Composition.AttributedModel (9.0.10)
System.Composition.Convention (9.0.10)
System.Composition.AttributedModel (>= 9.0.10)
System.Composition.Hosting (9.0.10)
System.Composition.Runtime (>= 9.0.10)
System.Composition.Runtime (9.0.10)
System.Composition.TypedParts (9.0.10)
System.Composition.AttributedModel (>= 9.0.10)
System.Composition.Hosting (>= 9.0.10)
System.Composition.Runtime (>= 9.0.10)
System.Configuration.ConfigurationManager (9.0.10)
System.Diagnostics.EventLog (>= 9.0.10)
System.Security.Cryptography.ProtectedData (>= 9.0.10)
System.Diagnostics.EventLog (9.0.10)
System.IO (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
System.Text.Encoding (>= 4.3)
System.Threading.Tasks (>= 4.3)
System.IO.FileSystem (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.IO (>= 4.3)
System.IO.FileSystem.Primitives (>= 4.3)
System.Runtime (>= 4.3)
System.Runtime.Handles (>= 4.3)
System.Text.Encoding (>= 4.3)
System.Threading.Tasks (>= 4.3)
System.IO.FileSystem.Primitives (4.3)
System.Runtime (>= 4.3)
System.IO.Pipelines (9.0.10)
System.Collections.Immutable (10.0)
System.Composition (10.0)
System.Composition.AttributedModel (>= 10.0)
System.Composition.Convention (>= 10.0)
System.Composition.Hosting (>= 10.0)
System.Composition.Runtime (>= 10.0)
System.Composition.TypedParts (>= 10.0)
System.Composition.AttributedModel (10.0)
System.Composition.Convention (10.0)
System.Composition.AttributedModel (>= 10.0)
System.Composition.Hosting (10.0)
System.Composition.Runtime (>= 10.0)
System.Composition.Runtime (10.0)
System.Composition.TypedParts (10.0)
System.Composition.AttributedModel (>= 10.0)
System.Composition.Hosting (>= 10.0)
System.Composition.Runtime (>= 10.0)
System.Configuration.ConfigurationManager (10.0)
System.Diagnostics.EventLog (>= 10.0)
System.Security.Cryptography.ProtectedData (>= 10.0)
System.Diagnostics.EventLog (10.0)
System.IO.Pipelines (10.0)
System.Memory (4.6.3)
System.Net.Primitives (4.3.1)
Microsoft.NETCore.Platforms (>= 1.1.1)
Microsoft.NETCore.Targets (>= 1.1.3)
System.Runtime (>= 4.3.1)
System.Runtime.Handles (>= 4.3)
System.Numerics.Vectors (4.6.1)
System.Reflection.Metadata (9.0.10)
System.Reflection.MetadataLoadContext (9.0.10)
System.Runtime (4.3.1)
Microsoft.NETCore.Platforms (>= 1.1.1)
Microsoft.NETCore.Targets (>= 1.1.3)
System.Reflection.Metadata (10.0)
System.Reflection.MetadataLoadContext (10.0)
System.Runtime.CompilerServices.Unsafe (6.1.2)
System.Runtime.Handles (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
System.Security.Cryptography.ProtectedData (9.0.10)
System.Security.Principal (4.3)
System.Runtime (>= 4.3)
System.Text.Encoding (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
System.Text.Encoding.CodePages (9.0.10)
System.Threading.Channels (9.0.10)
System.Threading.Tasks (4.3)
Microsoft.NETCore.Platforms (>= 1.1)
Microsoft.NETCore.Targets (>= 1.1)
System.Runtime (>= 4.3)
System.Security.Cryptography.ProtectedData (10.0)
System.Text.Encoding.CodePages (10.0)
System.Threading.Channels (10.0)
System.Threading.Tasks.Extensions (4.6.3)
System.Threading.ThreadPool (4.3)
System.Runtime (>= 4.3)
System.Runtime.Handles (>= 4.3)
xunit (2.9.3)
xunit.analyzers (>= 1.18)
xunit.assert (>= 2.9.3)
xunit.core (2.9.3)
xunit.abstractions (2.0.3)
xunit.analyzers (1.24)
xunit.analyzers (1.26)
xunit.assert (2.9.3)
xunit.core (2.9.3)
xunit.extensibility.core (2.9.3)

128
csharp/paket.main.bzl generated
View File

File diff suppressed because one or more lines are too long

2
csharp/ql/integration-tests/all-platforms/autobuild/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

16
csharp/ql/integration-tests/all-platforms/binlog/Files.expected
View File

@@ -1,10 +1,10 @@
| a/A.cs:0:0:0:0 | a/A.cs |
| a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
| a/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net9.0/test.AssemblyInfo.cs |
| a/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net9.0/test.GlobalUsings.g.cs |
| a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
| a/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net10.0/test.AssemblyInfo.cs |
| a/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net10.0/test.GlobalUsings.g.cs |
| b/B.cs:0:0:0:0 | b/B.cs |
| b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
| b/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net9.0/test.AssemblyInfo.cs |
| b/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net9.0/test.GlobalUsings.g.cs |
| generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
| generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
| b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
| b/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net10.0/test.AssemblyInfo.cs |
| b/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net10.0/test.GlobalUsings.g.cs |
| generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
| generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |

2
csharp/ql/integration-tests/all-platforms/binlog/a/test.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/binlog/b/test.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/binlog/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

16
csharp/ql/integration-tests/all-platforms/binlog_multiple/Files.expected
View File

@@ -1,10 +1,10 @@
| a/A.cs:0:0:0:0 | a/A.cs |
| a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
| a/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net9.0/test.AssemblyInfo.cs |
| a/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net9.0/test.GlobalUsings.g.cs |
| a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | a/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
| a/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | a/obj/Debug/net10.0/test.AssemblyInfo.cs |
| a/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | a/obj/Debug/net10.0/test.GlobalUsings.g.cs |
| b/B.cs:0:0:0:0 | b/B.cs |
| b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
| b/obj/Debug/net9.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net9.0/test.AssemblyInfo.cs |
| b/obj/Debug/net9.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net9.0/test.GlobalUsings.g.cs |
| generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
| generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net9.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
| b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | b/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
| b/obj/Debug/net10.0/test.AssemblyInfo.cs:0:0:0:0 | b/obj/Debug/net10.0/test.AssemblyInfo.cs |
| b/obj/Debug/net10.0/test.GlobalUsings.g.cs:0:0:0:0 | b/obj/Debug/net10.0/test.GlobalUsings.g.cs |
| generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/a/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |
| generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs:0:0:0:0 | generated/b/test.csproj (net10.0)/System.Text.RegularExpressions.Generator/System.Text.RegularExpressions.Generator.RegexGenerator/RegexGenerator.g.cs |

2
csharp/ql/integration-tests/all-platforms/binlog_multiple/a/test.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/binlog_multiple/b/test.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/binlog_multiple/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/BlazorTest.csproj
View File

@@ -1,7 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/blazor/BlazorTest/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

27
csharp/ql/integration-tests/all-platforms/blazor/Files.expected
View File

@@ -8,15 +8,18 @@
| BlazorTest/Components/Routes.razor:0:0:0:0 | BlazorTest/Components/Routes.razor |
| BlazorTest/Components/_Imports.razor:0:0:0:0 | BlazorTest/Components/_Imports.razor |
| BlazorTest/Program.cs:0:0:0:0 | BlazorTest/Program.cs |
| BlazorTest/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
| BlazorTest/obj/Debug/net9.0/BlazorTest.AssemblyInfo.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/BlazorTest.AssemblyInfo.cs |
| BlazorTest/obj/Debug/net9.0/BlazorTest.GlobalUsings.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/BlazorTest.GlobalUsings.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
| BlazorTest/obj/Debug/net10.0/BlazorTest.AssemblyInfo.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/BlazorTest.AssemblyInfo.cs |
| BlazorTest/obj/Debug/net10.0/BlazorTest.GlobalUsings.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/BlazorTest.GlobalUsings.g.cs |
| BlazorTest/obj/Debug/net10.0/EmbeddedAttribute.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/EmbeddedAttribute.cs |
| BlazorTest/obj/Debug/net10.0/ValidatableTypeAttribute.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/ValidatableTypeAttribute.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_App_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_MainLayout_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Layout_NavMenu_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyInput_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_MyOutput_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_Error_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Routes_razor.g.cs |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs:0:0:0:0 | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components__Imports_razor.g.cs |

6
csharp/ql/integration-tests/all-platforms/blazor/XSS.expected
View File

@@ -3,8 +3,8 @@
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
edges
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
models
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
@@ -14,5 +14,5 @@ nodes
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
| BlazorTest/obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
| BlazorTest/obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
subpaths

2
csharp/ql/integration-tests/all-platforms/blazor/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/BlazorTest.csproj
View File

@@ -1,7 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/BlazorTest/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/conditional_compilation/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/conditional_compilation/test.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

11
csharp/ql/integration-tests/all-platforms/cshtml/Files.expected
View File

@@ -1,7 +1,8 @@
| Program.cs:0:0:0:0 | Program.cs |
| Views/Home/Index.cshtml:0:0:0:0 | Views/Home/Index.cshtml |
| obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs:0:0:0:0 | obj/Debug/net9.0/.NETCoreApp,Version=v9.0.AssemblyAttributes.cs |
| obj/Debug/net9.0/cshtml.AssemblyInfo.cs:0:0:0:0 | obj/Debug/net9.0/cshtml.AssemblyInfo.cs |
| obj/Debug/net9.0/cshtml.GlobalUsings.g.cs:0:0:0:0 | obj/Debug/net9.0/cshtml.GlobalUsings.g.cs |
| obj/Debug/net9.0/cshtml.RazorAssemblyInfo.cs:0:0:0:0 | obj/Debug/net9.0/cshtml.RazorAssemblyInfo.cs |
| obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs:0:0:0:0 | obj/Debug/net9.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs |
| obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs:0:0:0:0 | obj/Debug/net10.0/.NETCoreApp,Version=v10.0.AssemblyAttributes.cs |
| obj/Debug/net10.0/cshtml.AssemblyInfo.cs:0:0:0:0 | obj/Debug/net10.0/cshtml.AssemblyInfo.cs |
| obj/Debug/net10.0/cshtml.GlobalUsings.g.cs:0:0:0:0 | obj/Debug/net10.0/cshtml.GlobalUsings.g.cs |
| obj/Debug/net10.0/cshtml.RazorAssemblyInfo.cs:0:0:0:0 | obj/Debug/net10.0/cshtml.RazorAssemblyInfo.cs |
| obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs:0:0:0:0 | obj/Debug/net10.0/generated/Microsoft.AspNetCore.App.SourceGenerators/Microsoft.AspNetCore.SourceGenerators.PublicProgramSourceGenerator/PublicTopLevelProgram.Generated.g.cs |
| obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs:0:0:0:0 | obj/Debug/net10.0/generated/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Views_Home_Index_cshtml.g.cs |

2
csharp/ql/integration-tests/all-platforms/cshtml/cshtml.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/cshtml/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/cshtml_standalone/cshtml.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/cshtml_standalone/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/cshtml_standalone_disabled/cshtml.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/cshtml_standalone_disabled/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/cshtml.csproj
View File

@@ -1,7 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk.Web">
<PropertyGroup>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/cshtml_standalone_flowsteps/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/diag_dotnet_incompatible/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/diag_missing_project_files/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/diag_missing_xamarin_sdk/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/diag_missing_xamarin_sdk/test.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
<LanguageTargets>$(MSBuildExtensionsPath)\Xamarin\iOS\Xamarin.iOS.CSharp.targets</LanguageTargets>

2
csharp/ql/integration-tests/all-platforms/diag_recursive_generics/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/diag_recursive_generics/test.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
</PropertyGroup>
<Target Name="DeleteBinObjFolders" BeforeTargets="Clean">

2
csharp/ql/integration-tests/all-platforms/dotnet_10/test.py
View File

@@ -1,9 +1,7 @@
import pytest
@pytest.mark.skip(reason=".NET 10 info command crashes")
def test1(codeql, csharp):
codeql.database.create()
@pytest.mark.skip(reason=".NET 10 info command crashes")
def test2(codeql, csharp):
codeql.database.create(build_mode="none")

2
csharp/ql/integration-tests/all-platforms/dotnet_build/dotnet_build.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/dotnet_build/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/dotnet_no_args_inject/dotnet_build.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/dotnet_no_args_inject/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/dotnet_pack/dotnet_pack.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/dotnet_pack/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/dotnet_publish/dotnet_publish.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/dotnet_publish/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

2
csharp/ql/integration-tests/all-platforms/dotnet_run/dotnet_run.csproj
View File

@@ -2,7 +2,7 @@
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net9.0</TargetFramework>
<TargetFramework>net10.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>

2
csharp/ql/integration-tests/all-platforms/dotnet_run/global.json
View File

@@ -1,5 +1,5 @@
{
"sdk": {
"version": "9.0.304"
"version": "10.0.100"
}
}

Some files were not shown because too many files have changed in this diff Show More