hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
74,247 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.1
Commit Graph

613 Commits

Author SHA1 Message Date
Michael Nebel
7c7c335b0e C#: Update stub generator expected output. 2022-08-12 13:01:15 +02:00
Michael Nebel
b052fbf41c C#: Add enum long type testcase. 2022-08-12 12:51:31 +02:00
Michael Nebel
9ff94120d8 C#: Update stub generator test(s) expected output. 2022-08-12 12:48:24 +02:00
Michael Nebel
d023f840de C#: Add Enum examples in stub generator test code. 2022-08-12 12:48:24 +02:00
Tamas Vajk
7a406d8e41 C#: Fix unsafe deserialization with JsonConvert.DeserializeObject 
Remove false positives when `JsonConvert.DeserializeObject` is called with not necessarily unsafe settings.
 2022-08-11 11:00:46 +02:00
Tamas Vajk
6e6bd208b1 C#: Add test case for JsonConvert.DeserializeObject in unsafe deserialization tests 2022-08-11 11:00:23 +02:00
Michael Nebel
c3adb990a3 C#: Update SQL Injection with testcase with found vulnerability. 2022-08-10 14:49:20 +02:00
Michael Nebel
504160fee4 C#: Update expected file for Sql injection and Second Order sql injection (note that this is already a second order sql injection). 2022-08-10 14:49:20 +02:00
Michael Nebel
5c47ae3f98 C#: Add testcase for unsanitized filename used in Filestream. 2022-08-10 14:49:20 +02:00
Michael Nebel
1355931b50 C#: Update SecondOrder SQL Injection test case expected output with vulnerability from test case. 2022-08-10 14:49:19 +02:00
Michael Nebel
2b51e03223 C#: Add SecondOrder SQL injection example, where reading from a file. 2022-08-10 11:08:27 +02:00
Michael Nebel
344770f06a C#: Update Sqlinjection test query output with new results. 2022-08-10 11:08:27 +02:00
Michael Nebel
78cfb226a3 C#: Add some examples where adapter is used in conjunction with a tainted command. 2022-08-10 11:08:27 +02:00
Michael Nebel
86000f32e7 C#: Update SqlInjection query tests with new results. 2022-08-10 11:08:27 +02:00
Michael Nebel
1fb209990e C#: Add SQLiteDataAdapter examples. 2022-08-10 11:08:27 +02:00
Michael Nebel
ce9baaa1f3 C#: Update SQLInjection query test output. 2022-08-10 11:08:27 +02:00
Michael Nebel
d42752714c C#: Add SQLCommand examples. 2022-08-10 11:08:21 +02:00
Michael Nebel
7fc95fb49b Merge pull request #9988 from michaelnebel/csharp/updatestubs 
C#: Update .NET Core and ASP.NET Core Stubs.
 2022-08-10 11:02:35 +02:00
Michael Nebel
3ba893dfa8 C#: Remove System.Data.SqlClient 4.8.2 stub. 2022-08-09 13:15:44 +02:00
Michael Nebel
6d96da1838 C#: Use ASP.NET Core stub instead of Microsoft.Extensions.Primitives and manual written ASP.NET Core stubs. 2022-08-09 13:08:34 +02:00
Michael Nebel
66232a8054 C#: Fix typo. 2022-07-18 14:28:49 +02:00
Michael Nebel
e6e82ef56d C#: Update test with Decrypt example. 2022-07-18 14:28:49 +02:00
Michael Nebel
52a9fb0de7 C#: Add test for decrypt. 2022-07-18 14:28:49 +02:00
Michael Nebel
93007f89c8 C#: Move ASP Net Core stubs into stubs folder. 2022-06-16 08:38:31 +02:00
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Michael Nebel
3c347cab98 C#: Update test output to reflect that the query is now a path-problem query. 2022-05-05 13:13:25 +02:00
Tom Hvitved
a0e003e33c C#: Add FP test for cs/useless-cast-to-self 2022-04-29 11:59:51 +02:00
Tom Hvitved
02b11084bc C#: Add more tests for cs/useless-cast-to-self 2022-04-06 09:36:59 +02:00
Michael Nebel
bfb206c810 C#: Let ExternalApi extend DataFlowCallable instead of Callable. 2022-03-29 14:52:57 +02:00
Michael Nebel
4f00666591 C#: Add query and test case for supported external taint. 2022-03-29 14:49:37 +02:00
Michael Nebel
18b1b51d07 C#: Add test for known sources telemetry query. 2022-03-29 14:49:37 +02:00
Michael Nebel
a7ece69f2b C#: Add test for supported sinks query. 2022-03-29 14:49:37 +02:00
Michael Nebel
e4f6321851 C#: Add test for unsupported uses of library code. 2022-03-29 14:49:37 +02:00
Michael Nebel
e014cae7df C#: Add test and output for all library usages. 2022-03-29 14:49:37 +02:00
Michael Nebel
7cef859253 C#: Add sample code file that calls both supported and unsupported library code with respect to flow summaries. 2022-03-29 14:49:37 +02:00
Michael Nebel
5babb0e66a C#: Update stubs to include one more known sink method. 2022-03-29 11:07:57 +02:00
Tamas Vajk
4748d2c6e2 C# Exclude dynamic casts from useless casts check 2022-02-28 14:58:59 +01:00
Tamas Vajk
422c2d5ccb C#: Add dynamic casts to useless upcast test 2022-02-21 16:10:00 +01:00
Tom Hvitved
984e01ecf0 C#: Remove FPs from cs/dereferenced-value-may-be-null 
Apply a conservative approach by filtering out results for accesses to
captured nullable values, when there is an (implicit) call to the capturing
callable which is `null`-guarded. For example:

```
bool M(int? i, IEnumerable<int> @is)
{
    if (i.HasValue)
        return @is.Any(j => j == i.Value); // GOOD
    return false;
}
```
 2022-02-08 14:01:57 +01:00
Tom Hvitved
7948d965a0 C#: Add nullness tests for captured variables 2022-02-08 13:52:29 +01:00
Tom Hvitved
c4ad237a5c C#: Update expected test output 2022-02-02 19:25:30 +01:00
Michael Nebel
2eea6ca5fd C#: Example record type with autogenerated Deconstruct method. 2022-01-19 11:04:53 +01:00
Michael Nebel
53000cf9f0 C#: Update the XSS expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
7e6d88d959 C#: Only use stubs for XSS test. 2022-01-05 16:44:03 +01:00
Michael Nebel
24543a2245 C#: Update the UrlRedirect expected file. 2022-01-05 16:44:03 +01:00