hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

3543 Commits

Author SHA1 Message Date
Tom Hvitved
51f4f57617 C#: Use cs/ prefix in all query IDs 2021-11-03 10:25:21 +01:00
CodeQL CI
5d62aa5b29 Merge pull request #6994 from erik-krogh/redundant-cast 
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
 2021-11-02 03:45:48 -07:00
Tamás Vajk
18b08060ae Merge pull request #5110 from porcupineyhairs/ssrfCsharp 
C# : Add query to detect SSRF
 2021-11-02 09:50:28 +01:00
Erik Krogh Kristensen
d36c66cfca remove redundant inline casts in arguments where the type is inferred by the call target 2021-10-29 14:37:56 +02:00
Erik Krogh Kristensen
e75448ebb0 remove redundant inline casts 2021-10-28 16:35:53 +02:00
Mathias Vorreiter Pedersen
8135dcefdd Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-10-28 12:36:25 +01:00
Mathias Vorreiter Pedersen
13ce2569d7 C++/C#: Sync identical IR files· 2021-10-28 10:52:00 +01:00
Porcuiney Hairs
9fe822f41c Include suggestions from review 2021-10-22 00:55:01 +05:30
Tamas Vajk
c7c35401e0 C#: Remove cartesian product in stubbing (GeneratedType::getStub) 2021-10-19 12:56:23 +02:00
Geoffrey White
f08d2ee759 Merge branch 'main' into setliterals 2021-10-14 14:39:39 +01:00
Geoffrey White
3983587682 C#: Set literals. 2021-10-14 14:22:39 +01:00
Erik Krogh Kristensen
a358a192c4 add explicit this to all calls to class predicates 2021-10-14 10:11:55 +02:00
Mathias Vorreiter Pedersen
a2371370ff Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Mathias Vorreiter Pedersen
7690625114 C#: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:11:50 +01:00
Andrew Eisenberg
bbb2637bcc QlPacks: Add the defaultSuite to query packs that are missing it 
Also, change some examples pack names from `codeql-lang-examples` to
`codeql/lang-examples`. This doesn't affect behaviour since internally,
the legacy name is converted to the modern name.
 2021-10-12 11:54:50 -07:00
Mathias Vorreiter Pedersen
b089e6d84e C++/C#: Fix QLDoc of 'CopyInstruction'. 2021-10-05 09:14:20 +01:00
Tom Hvitved
70e41b180e Merge pull request #6800 from hvitved/csharp/constant-cond-tuple-discard 
C#: Filter discards in tuples in `ConstantCondition.ql`
 2021-10-04 14:38:45 +02:00
Tom Hvitved
a315640082 C#: Address review comments 2021-10-04 13:15:26 +02:00
Tom Hvitved
f06632a8e7 C#: Filter discards in tuples in ConstantCondition.ql 2021-10-04 13:04:18 +02:00
Tom Hvitved
682a2aae3a C#: Filter using var _ = ... results from DeadStoreOfLocal.ql 2021-10-04 10:45:44 +02:00
Rasmus Wriedt Larsen
987b573709 Fix hasLocationInfo URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Porcuiney Hairs
b9c08167f3 C# : Add query to detect SSRF 2021-09-29 04:14:22 +05:30
Mathias Vorreiter Pedersen
24214002a1 C#/C++: Sync identical files. 2021-09-24 13:13:09 +01:00
Mathias Vorreiter Pedersen
35baff8bac C#/C++: Sync identical files. 2021-09-22 13:32:29 +01:00
Tamás Vajk
f90d1fd70e Merge pull request #6636 from tamasvajk/fix/stubbing-2 
C#: Fix member order (yet again) in stubbing
 2021-09-07 17:37:29 +02:00
Rasmus Wriedt Larsen
995a8192a9 Merge pull request #6635 from github/RasmusWL/fix-csharp-cwe-tag 
C#: Fix CWE tag for `cs/insufficient-key-size`
 2021-09-07 15:54:42 +02:00
Tamas Vajk
469993f6d3 C#: Fix member order (yet again) in stubbing 
With explicit interface implementation, the same member name can show up multiple times in a type declaration. This commit defines an explicit order
for these members.
 2021-09-07 15:26:03 +02:00
Rasmus Wriedt Larsen
8f52089475 C#: Fix CWE tag for cs/insufficient-key-size 
Since this targets

CWE-326 Inadequate Encryption Strength

> The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
> \- https://cwe.mitre.org/data/definitions/326.html

and not

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

> The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
> \- https://cwe.mitre.org/data/definitions/327.html

This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql
 2021-09-07 12:59:10 +02:00
Tamas Vajk
203ca3f91b C#: improve stubbing to escape more member names (not just fields) 2021-09-07 12:34:23 +02:00
Tamás Vajk
7befdc9c5c Merge pull request #6627 from tamasvajk/feature/stub-readme 
C#: Add readme to stub folder
 2021-09-07 12:09:52 +02:00
Tamás Vajk
c63fd4a254 Merge pull request #6260 from tamasvajk/feature/method-name 
C#: Change generic method names to include <> and type args/params
 2021-09-07 12:09:27 +02:00
Tamas Vajk
0d88d18781 C#: Add readme to stub folder 2021-09-06 13:42:36 +02:00
Andrew Eisenberg
bb9911e06f Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency 2021-09-06 04:40:58 -07:00
Tamas Vajk
b7f13a7e1f C#: Change generic method names to include <> and type args/params 2021-09-06 11:48:22 +02:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Tamas Vajk
c02a743835 Revert redundant order by 2021-09-03 16:51:32 +02:00
Tamas Vajk
3560853f36 C#: Fix ordering of stubbed type members, implemented interfaces, and location comments 2021-09-03 09:53:34 +02:00
Tom Hvitved
7e1efbdd8e C#: Use data flow instead of taint tracking in InsecureSQLConnection.ql 2021-08-26 13:48:57 +02:00
Andrew Eisenberg
c9f1c98390 Packaging: C# refactoring 
Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.
 2021-08-19 14:09:35 -07:00
Tamás Vajk
763de4fff9 Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix 
C#: Adding Membership.GeneratePassword() as a bad source of random data
 2021-08-19 11:16:26 +02:00
Tamas Vajk
d97525e21e Fix minor quality issues in comment and change note 2021-08-19 09:30:23 +02:00
Erik Krogh Kristensen
dd59f79947 use min() instead of rank[1]() 2021-08-18 11:09:03 +02:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Tom Hvitved
44ff623d8c Merge pull request #5508 from edvraa/deserializers 
deserialization sinks
 2021-08-17 11:41:52 +02:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Tamás Vajk
166a6b02f6 Merge pull request #6268 from tamasvajk/feature/generic-type-name 
C#: Remove type args/params from generic type names in extractor
 2021-08-16 12:22:16 +02:00
Tamas Vajk
243424063a Add pragma inline to getMember/Method/Callable 2021-08-10 13:25:56 +02:00
Tamas Vajk
51661bfa62 Add pragma noinline to fix uselessUpcast check 2021-08-10 13:24:30 +02:00
Tamas Vajk
91bd3d1a11 Cache getName to improve performance 2021-08-09 10:28:31 +02:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00