hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

3356 Commits

Author SHA1 Message Date
Tamas Vajk
ce68e458e0 C#: Add QlDoc for predicates in Helpers 2020-08-26 11:21:44 +02:00
Tamas Vajk
048428a6fa C#: Add missinq QlDoc for Serialization classes, remove unused DangerousCallable 2020-08-26 11:21:44 +02:00
Tamas Vajk
36a9e47178 C#: Add missing QlDoc for dotnet base constructs 2020-08-26 09:13:01 +02:00
Calum Grant
a93a84fb2e Merge pull request #4065 from hvitved/csharp/dataflow-type-restriction 
C#: Restrict `DataFlowType` to types belonging to `Node`s
 2020-08-21 11:57:29 +01:00
Tom Hvitved
b8cde180b9 C#: Order top-level elements by location in PrintAst.qll 2020-08-21 06:17:37 +02:00
Tamás Vajk
2a8ff8785a C#: Add AST printing (#4038) 2020-08-20 14:24:43 +02:00
Tom Hvitved
6dc1244410 Merge pull request #4064 from hvitved/csharp/gvn-speedup 
C#: Speed up `Implements.qll` and `Unification.qll`
 2020-08-20 10:11:36 +02:00
Tom Hvitved
acb08287ab C#: Rename isComplete() to isFullyConstructed() 2020-08-18 13:38:46 +02:00
Tom Hvitved
bdf4ae5f27 C#: Increase accessPathLimit from 3 to 5 2020-08-18 13:30:16 +02:00
Anders Schack-Mulligen
f75f5ab125 Merge pull request #3838 from hvitved/dataflow/flow-fwd-ctx 
Data flow: Use precise call contexts in `flowFwd()`
 2020-08-18 13:06:11 +02:00
Tom Hvitved
a2fc92b9db Data flow: Address review comments 2020-08-17 15:46:43 +02:00
Tom Hvitved
357109a410 C#: Use DataFlow3 instead of DataFlow2 in Xml.qll to avoid overlap 
`semmle.code.csharp.frameworks.system.Xml` is imported in `LibraryTypeDataFlow.qll`,
and therefore part of the default namespace. This means that the use of `DataFlow2`
inside `Xml.qll` overlaps with some queries. Bumping to `DataFlow3` resolves the issue.
 2020-08-14 14:33:12 +02:00
Tom Hvitved
9ebf8d1d58 Data flow: Sync files 2020-08-14 11:04:45 +02:00
Tom Hvitved
2d29fa1d15 Data flow: Use precise call contexts in flowFwd() 2020-08-14 11:04:45 +02:00
Tom Hvitved
46f10fc032 C#: Restrict DataFlowType to types belonging to Nodes 2020-08-13 13:16:10 +02:00
Tom Hvitved
dcccdee227 C#: Speed up Implements.qll and Unification.qll 
Restrict constructed GVN types to those that are complete, and reduce
intermediate string construction in `toString()` computations.
 2020-08-13 13:11:04 +02:00
Tom Hvitved
c20d763490 Merge pull request #3951 from raulgarciamsft/users/raulgarciamsft/dataset_serialization 
C#: DataSet serialization
 2020-08-07 12:54:10 +02:00
Raul Garcia
3682a902de Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qhelp 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-08-06 12:09:02 -07:00
Raul Garcia (MSFT)
aa27eaf7e0 Addrssing the comments from https://github.com/github/codeql/pull/3951#discussion_r464894547 that I missed previously 2020-08-04 15:50:58 -07:00
Tom Hvitved
63115a36f7 Merge pull request #3994 from hvitved/csharp/dataflow/library-aps-adjust 
C#: More type-based adjustment of library-flow access paths
 2020-08-04 14:33:54 +02:00
Raul Garcia (MSFT)
c52064af78 Fixing problems based on CR feedback. 
https://github.com/github/codeql/pull/3951#pullrequestreview-458987208
 2020-08-03 16:39:41 -07:00
Raul Garcia (MSFT)
a5dab4e768 removing a redundant line 2020-07-30 17:05:42 -07:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Tom Hvitved
07f1e133f3 C#: More type-based adjustment of library-flow access paths 
This change removes the restriction that only access paths of length 1 can
have the head adjusted, based on type information from the call to the relevant
library-code callable.
 2020-07-30 15:48:41 +02:00
Tom Hvitved
632713c475 Merge pull request #3986 from hvitved/csharp/null-maybe-null-coalescing-assignment 
C#: Fix false-positives in `cs/dereferenced-value-may-be-null`
 2020-07-30 14:20:00 +02:00
Tom Hvitved
05307b8757 C#: Remove more FPs in cs/dereferenced-value-may-be-null 2020-07-30 12:16:59 +02:00
Raul Garcia (MSFT)
6f845b0044 Using CodeQL AutoFormat 2020-07-29 18:01:46 -07:00
Raul Garcia (MSFT)
7923c480af Fixing queries based on suggestions/comments. 
TODO: Auto-formatting is still pending (need guidance on how to enable it on my environment). Thanks
 2020-07-29 17:14:37 -07:00
Raul Garcia
83e9d052d9 Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll 
Co-authored-by: Jaroslav Lobačevski <novaisas@gmail.com>
 2020-07-29 16:24:13 -07:00
Tom Hvitved
4345b167ec Merge pull request #3935 from github/henrymercer/fix-broken-doc-link 
C#: Fix broken link to ECMA-335
 2020-07-29 10:04:08 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Raul Garcia (MSFT)
55473c65f1 Improving documentation 2020-07-20 13:54:23 -07:00
Raul Garcia (MSFT)
9d7d6b39cb Small fixes based on feedback 2020-07-20 11:14:59 -07:00
Calum Grant
79f412ff54 C#: Fix tags typo 2020-07-17 15:30:33 +01:00
Raul Garcia (MSFT)
5387294168 Moving to experimental as requested 2020-07-16 09:32:17 -07:00
Raul Garcia (MSFT)
3e0481b889 Queries to help on the detection based on misuse of DataSet and DataTable serialization that could lead to security problems. 
https://go.microsoft.com/fwlink/?linkid=2132227
 2020-07-14 17:54:54 -07:00
Calum Grant
dcff87fb2e Merge pull request #3366 from hvitved/csharp/dataflow/arrays 
C#: Precise data-flow for collections
 2020-07-14 17:12:29 +01:00
Mathias Vorreiter Pedersen
002f930dba C#: Sync identical files 2020-07-09 15:54:42 +02:00
Henry Mercer
3d711b8cd1 C#: Fix broken link to ECMA-335 2020-07-09 13:15:22 +01:00
Anders Schack-Mulligen
67db1df00c C++/C#/JavaScript/Python: Port Location qldoc update. 2020-07-07 11:39:27 +02:00
Tom Hvitved
527a099a26 C#: Fix CFG for conditional method calls with out parameters 2020-07-02 13:12:53 +02:00
Jonas Jensen
62a656de0f Merge pull request #3860 from dbartol/codeql-c-analysis-team/40/2 
C++: QLDoc cleanup
 2020-07-02 08:32:44 +02:00
Dave Bartolomeo
f0215d1748 C++: Fix typo 2020-07-01 11:57:56 -04:00
Dave Bartolomeo
566d7fad63 C++: Autoformat some more 2020-07-01 10:14:35 -04:00
Tom Hvitved
9e3a6e8d5e Merge remote-tracking branch 'upstream/master' into csharp/dataflow/arrays 2020-07-01 14:50:26 +02:00
Anders Schack-Mulligen
7d057598d8 Merge pull request #3857 from jbj/flowthrough-bigstep-perf 
C++: Remove big-step relation in flow-through code
 2020-07-01 14:23:23 +02:00
Anders Schack-Mulligen
38b73ff684 Merge pull request #3854 from hvitved/dataflow/node-type-interface 
Data flow: Replace `getErasedRepr()` and `Node::getTypeBound()` with `getNodeType()`
 2020-07-01 11:37:19 +02:00
semmle-qlci
ef109d91ed Merge pull request #3842 from hvitved/csharp/dataflow/remove-viable-impl 
Approved by aschackmull
 2020-07-01 08:14:57 +01:00
Tom Hvitved
ed2077b2f4 Merge pull request #3841 from gavinl/master 
QHELP: Encryption using ECB.qhelp grammar
 2020-07-01 08:45:35 +02:00