hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 18:33:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

3366 Commits

Author SHA1 Message Date
Rasmus Wriedt Larsen
8f52089475 C#: Fix CWE tag for cs/insufficient-key-size 
Since this targets

CWE-326 Inadequate Encryption Strength

> The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
> \- https://cwe.mitre.org/data/definitions/326.html

and not

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

> The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
> \- https://cwe.mitre.org/data/definitions/327.html

This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql
 2021-09-07 12:59:10 +02:00
Tamas Vajk
203ca3f91b C#: improve stubbing to escape more member names (not just fields) 2021-09-07 12:34:23 +02:00
Tamás Vajk
7befdc9c5c Merge pull request #6627 from tamasvajk/feature/stub-readme 
C#: Add readme to stub folder
 2021-09-07 12:09:52 +02:00
Tamás Vajk
c63fd4a254 Merge pull request #6260 from tamasvajk/feature/method-name 
C#: Change generic method names to include <> and type args/params
 2021-09-07 12:09:27 +02:00
Tamas Vajk
0d88d18781 C#: Add readme to stub folder 2021-09-06 13:42:36 +02:00
Andrew Eisenberg
bb9911e06f Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency 2021-09-06 04:40:58 -07:00
Tamas Vajk
b7f13a7e1f C#: Change generic method names to include <> and type args/params 2021-09-06 11:48:22 +02:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Tamas Vajk
c02a743835 Revert redundant order by 2021-09-03 16:51:32 +02:00
Tamas Vajk
3560853f36 C#: Fix ordering of stubbed type members, implemented interfaces, and location comments 2021-09-03 09:53:34 +02:00
Tom Hvitved
7e1efbdd8e C#: Use data flow instead of taint tracking in InsecureSQLConnection.ql 2021-08-26 13:48:57 +02:00
Andrew Eisenberg
c9f1c98390 Packaging: C# refactoring 
Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.
 2021-08-19 14:09:35 -07:00
Tamás Vajk
763de4fff9 Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix 
C#: Adding Membership.GeneratePassword() as a bad source of random data
 2021-08-19 11:16:26 +02:00
Tamas Vajk
d97525e21e Fix minor quality issues in comment and change note 2021-08-19 09:30:23 +02:00
Erik Krogh Kristensen
dd59f79947 use min() instead of rank[1]() 2021-08-18 11:09:03 +02:00
Andrew Eisenberg
03d6b15401 Merge branch 'main' into aeisenberg/pack/cpp 2021-08-17 15:28:47 -07:00
Tom Hvitved
44ff623d8c Merge pull request #5508 from edvraa/deserializers 
deserialization sinks
 2021-08-17 11:41:52 +02:00
Andrew Eisenberg
e566fb9c5a Packaging: Update suite-helpers qlpack 
Uses new style naming scheme.
 2021-08-16 17:51:33 -07:00
Tamás Vajk
166a6b02f6 Merge pull request #6268 from tamasvajk/feature/generic-type-name 
C#: Remove type args/params from generic type names in extractor
 2021-08-16 12:22:16 +02:00
Tamas Vajk
243424063a Add pragma inline to getMember/Method/Callable 2021-08-10 13:25:56 +02:00
Tamas Vajk
51661bfa62 Add pragma noinline to fix uselessUpcast check 2021-08-10 13:24:30 +02:00
Tamas Vajk
91bd3d1a11 Cache getName to improve performance 2021-08-09 10:28:31 +02:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Tom Hvitved
6471092139 Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit 
C#: Guard against virtual dispatch branching too much.
 2021-08-05 13:20:14 +02:00
Raul Garcia (MSFT)
7340a1293f Fixing query & test 2021-08-04 19:37:57 -07:00
Raul Garcia (MSFT)
8544356f90 Adding Membership.GeneratePassword() as a bad source of random data because of the bias. 2021-08-04 17:12:00 -07:00
edvraa
db2f9add53 Post merge 2021-08-04 18:37:17 +03:00
edvraa
d1e41689bb Merge with main 2021-08-04 14:25:34 +03:00
edvraa
e790ee7c2e Fix formatting 2021-08-04 14:06:27 +03:00
Tamas Vajk
6405b89443 Add DB upgrade script to change generic type names to undecorated ones 2021-08-04 12:38:16 +02:00
Tamas Vajk
f1a596ee81 Fix code review findings 2021-08-04 12:38:16 +02:00
Tamas Vajk
62f5af9ac8 Fix TupleType::getName 2021-08-04 12:38:16 +02:00
Tamas Vajk
d3803b01e4 Fix nested generic type qualified names 2021-08-04 12:38:16 +02:00
Tamas Vajk
99fe9d8d07 Fix erroneous space in type name 2021-08-04 12:38:16 +02:00
Tamas Vajk
0cfd73c818 Adjust QL getName to the extracted undecorated names 2021-08-04 12:38:15 +02:00
Pavel Avgustinov
2be9f3e41e C#: Guard against virtual dispatch branching too much. 
We have observed databases where dispatch to highly overridden
virtual methots (like Enumerable.GetEnumerator) ends up branching
to many thousands of overrides, if there is not sufficient type
context to prune. This causes performance problems for analyses
that use dataflow.

As an immediate fix, this commit prevents branching to virtual
method overrides if this would result in branching to 1,000 or
more methods.
 2021-08-02 09:40:16 +01:00
Tom Hvitved
7a475eb0a2 C#: Fix CSV overrides logic 2021-08-02 10:35:21 +02:00
Arthur Baars
ed054acd8e Merge pull request #6305 from intrigus-lgtm/patch-5 
C# remove spurious spaces in <code> tag
 2021-07-19 17:09:36 +02:00
Tom Hvitved
1c68d3f4cd Merge pull request #6309 from hvitved/csharp/dead-store-of-local-perf 
C#: Improve performance of `DeadStoreOfLocal.ql`
 2021-07-17 10:56:35 +02:00
Tom Hvitved
25706e0812 Merge pull request #6303 from hvitved/csharp/get-qual-name-nomagic 
C#: Two `pragma` performance fixes
 2021-07-17 07:53:35 +02:00
Tom Hvitved
45ee21622d C#: Cache NamedElement::getQualifiedName() 2021-07-16 10:25:07 +02:00
Tom Hvitved
8321d5f312 Merge pull request #6293 from hvitved/csharp/ssa/remove-redundant-conjunct 
C#: Remove redundant conjunct in `ssaDefReachesReadWithinBlock`
 2021-07-16 06:15:34 +02:00
Tom Hvitved
c53502a84a C#: Improve performance of DeadStoreOfLocal.ql 2021-07-15 22:26:07 +02:00
intrigus-lgtm
7aa19ea00f C# remove spurious spaces in <code> tag 2021-07-15 19:34:36 +02:00
intrigus-lgtm
88bd464296 C# remove spurious spaces in <code> tag 2021-07-15 19:34:13 +02:00
intrigus-lgtm
f587db4385 C# remove spurious spaces in <code> tag 2021-07-15 19:33:24 +02:00
Tom Hvitved
4180528d02 C#: Do not inline getLeafTypeAt 2021-07-15 15:41:16 +02:00
Tom Hvitved
7e4d761aa3 C#: Add nomagic to NamedElement::getQualifiedName() 2021-07-15 15:40:26 +02:00
Arthur Baars
a47002c6d8 Merge pull request #6302 from github/aibaars/drop-spaces 
C# remove spurious spaces in <code> tag
 2021-07-15 14:57:21 +02:00