hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 10:46:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
75,734 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.4
Commit Graph

3366 Commits

Author SHA1 Message Date
Mathias Vorreiter Pedersen
472363b86e Merge branch 'main' into mathiasvp/read-step-without-memory-operands 2020-09-01 11:08:52 +02:00
Mathias Vorreiter Pedersen
91a23096bb C#: Sync identical files 2020-09-01 10:54:54 +02:00
Tom Hvitved
4e963a8a8e Merge pull request #4165 from hvitved/csharp/foreach-guard 
C#: Fix bug in guards logic for `foreach` loops
 2020-08-31 14:32:09 +02:00
Tom Hvitved
b205702853 C#: Fix bug in guards logic for foreach loops 2020-08-28 15:19:11 +02:00
Rasmus Lerchedahl Petersen
6b8d9f2a77 Merge branch 'main' of github.com:github/codeql into SharedDataflow_PostUpdateNodes 2020-08-28 13:01:14 +02:00
Rasmus Lerchedahl Petersen
9503c5d8bb Python: Add post-update nodes 2020-08-28 12:59:11 +02:00
Tamas Vajk
29eaacdeaf Fix typos and comment styling 2020-08-28 08:41:46 +02:00
Tamas Vajk
fcd426210f C#: Add missing QlDoc for code duplication 2020-08-27 14:43:16 +02:00
Tamas Vajk
8a4754f8d7 C#: Add missing QlDoc for frameworks 2020-08-26 11:48:02 +02:00
Tamas Vajk
4be15af06a C#: Add missing QlDoc for various predicates 2020-08-26 11:34:20 +02:00
Tamas Vajk
ce68e458e0 C#: Add QlDoc for predicates in Helpers 2020-08-26 11:21:44 +02:00
Tamas Vajk
048428a6fa C#: Add missinq QlDoc for Serialization classes, remove unused DangerousCallable 2020-08-26 11:21:44 +02:00
Tamas Vajk
36a9e47178 C#: Add missing QlDoc for dotnet base constructs 2020-08-26 09:13:01 +02:00
Calum Grant
a93a84fb2e Merge pull request #4065 from hvitved/csharp/dataflow-type-restriction 
C#: Restrict `DataFlowType` to types belonging to `Node`s
 2020-08-21 11:57:29 +01:00
Tom Hvitved
b8cde180b9 C#: Order top-level elements by location in PrintAst.qll 2020-08-21 06:17:37 +02:00
Tamás Vajk
2a8ff8785a C#: Add AST printing (#4038) 2020-08-20 14:24:43 +02:00
Tom Hvitved
6dc1244410 Merge pull request #4064 from hvitved/csharp/gvn-speedup 
C#: Speed up `Implements.qll` and `Unification.qll`
 2020-08-20 10:11:36 +02:00
Tom Hvitved
acb08287ab C#: Rename isComplete() to isFullyConstructed() 2020-08-18 13:38:46 +02:00
Tom Hvitved
bdf4ae5f27 C#: Increase accessPathLimit from 3 to 5 2020-08-18 13:30:16 +02:00
Anders Schack-Mulligen
f75f5ab125 Merge pull request #3838 from hvitved/dataflow/flow-fwd-ctx 
Data flow: Use precise call contexts in `flowFwd()`
 2020-08-18 13:06:11 +02:00
Tom Hvitved
a2fc92b9db Data flow: Address review comments 2020-08-17 15:46:43 +02:00
Tom Hvitved
357109a410 C#: Use DataFlow3 instead of DataFlow2 in Xml.qll to avoid overlap 
`semmle.code.csharp.frameworks.system.Xml` is imported in `LibraryTypeDataFlow.qll`,
and therefore part of the default namespace. This means that the use of `DataFlow2`
inside `Xml.qll` overlaps with some queries. Bumping to `DataFlow3` resolves the issue.
 2020-08-14 14:33:12 +02:00
Tom Hvitved
9ebf8d1d58 Data flow: Sync files 2020-08-14 11:04:45 +02:00
Tom Hvitved
2d29fa1d15 Data flow: Use precise call contexts in flowFwd() 2020-08-14 11:04:45 +02:00
Tom Hvitved
46f10fc032 C#: Restrict DataFlowType to types belonging to Nodes 2020-08-13 13:16:10 +02:00
Tom Hvitved
dcccdee227 C#: Speed up Implements.qll and Unification.qll 
Restrict constructed GVN types to those that are complete, and reduce
intermediate string construction in `toString()` computations.
 2020-08-13 13:11:04 +02:00
Tom Hvitved
c20d763490 Merge pull request #3951 from raulgarciamsft/users/raulgarciamsft/dataset_serialization 
C#: DataSet serialization
 2020-08-07 12:54:10 +02:00
Raul Garcia
3682a902de Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qhelp 
Co-authored-by: James Fletcher <42464962+jf205@users.noreply.github.com>
 2020-08-06 12:09:02 -07:00
Raul Garcia (MSFT)
aa27eaf7e0 Addrssing the comments from https://github.com/github/codeql/pull/3951#discussion_r464894547 that I missed previously 2020-08-04 15:50:58 -07:00
Tom Hvitved
63115a36f7 Merge pull request #3994 from hvitved/csharp/dataflow/library-aps-adjust 
C#: More type-based adjustment of library-flow access paths
 2020-08-04 14:33:54 +02:00
Raul Garcia (MSFT)
c52064af78 Fixing problems based on CR feedback. 
https://github.com/github/codeql/pull/3951#pullrequestreview-458987208
 2020-08-03 16:39:41 -07:00
Raul Garcia (MSFT)
a5dab4e768 removing a redundant line 2020-07-30 17:05:42 -07:00
Arthur Baars
7e72ef350e Merge pull request #3975 from aibaars/lgtm-suites 
CodeQL: complete LGTM suites
 2020-07-30 18:39:01 +02:00
Tom Hvitved
07f1e133f3 C#: More type-based adjustment of library-flow access paths 
This change removes the restriction that only access paths of length 1 can
have the head adjusted, based on type information from the call to the relevant
library-code callable.
 2020-07-30 15:48:41 +02:00
Tom Hvitved
632713c475 Merge pull request #3986 from hvitved/csharp/null-maybe-null-coalescing-assignment 
C#: Fix false-positives in `cs/dereferenced-value-may-be-null`
 2020-07-30 14:20:00 +02:00
Tom Hvitved
05307b8757 C#: Remove more FPs in cs/dereferenced-value-may-be-null 2020-07-30 12:16:59 +02:00
Raul Garcia (MSFT)
6f845b0044 Using CodeQL AutoFormat 2020-07-29 18:01:46 -07:00
Raul Garcia (MSFT)
7923c480af Fixing queries based on suggestions/comments. 
TODO: Auto-formatting is still pending (need guidance on how to enable it on my environment). Thanks
 2020-07-29 17:14:37 -07:00
Raul Garcia
83e9d052d9 Update csharp/ql/src/experimental/Security Features/Serialization/DataSetSerialization.qll 
Co-authored-by: Jaroslav Lobačevski <novaisas@gmail.com>
 2020-07-29 16:24:13 -07:00
Tom Hvitved
4345b167ec Merge pull request #3935 from github/henrymercer/fix-broken-doc-link 
C#: Fix broken link to ECMA-335
 2020-07-29 10:04:08 +02:00
Arthur Baars
c4041e55ba CodeQL: complete LGTM suites 2020-07-28 20:40:44 +02:00
Tom Hvitved
d39a33655f C#: Fix false-positives in cs/dereferenced-value-may-be-null 
Dereferencing an expression of a nullable type should only be reported when
the expression is not clearly non-null.
 2020-07-28 16:27:36 +02:00
Raul Garcia (MSFT)
55473c65f1 Improving documentation 2020-07-20 13:54:23 -07:00
Raul Garcia (MSFT)
9d7d6b39cb Small fixes based on feedback 2020-07-20 11:14:59 -07:00
Calum Grant
79f412ff54 C#: Fix tags typo 2020-07-17 15:30:33 +01:00
Raul Garcia (MSFT)
5387294168 Moving to experimental as requested 2020-07-16 09:32:17 -07:00
Raul Garcia (MSFT)
3e0481b889 Queries to help on the detection based on misuse of DataSet and DataTable serialization that could lead to security problems. 
https://go.microsoft.com/fwlink/?linkid=2132227
 2020-07-14 17:54:54 -07:00
Calum Grant
dcff87fb2e Merge pull request #3366 from hvitved/csharp/dataflow/arrays 
C#: Precise data-flow for collections
 2020-07-14 17:12:29 +01:00
Mathias Vorreiter Pedersen
002f930dba C#: Sync identical files 2020-07-09 15:54:42 +02:00
Henry Mercer
3d711b8cd1 C#: Fix broken link to ECMA-335 2020-07-09 13:15:22 +01:00