codeql

mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00

Author	SHA1	Message	Date
Andrew Eisenberg	bbb2637bcc	QlPacks: Add the defaultSuite to query packs that are missing it Also, change some examples pack names from `codeql-lang-examples` to `codeql/lang-examples`. This doesn't affect behaviour since internally, the legacy name is converted to the modern name.	2021-10-12 11:54:50 -07:00
Mathias Vorreiter Pedersen	b089e6d84e	C++/C#: Fix QLDoc of 'CopyInstruction'.	2021-10-05 09:14:20 +01:00
Tom Hvitved	70e41b180e	Merge pull request #6800 from hvitved/csharp/constant-cond-tuple-discard C#: Filter discards in tuples in `ConstantCondition.ql`	2021-10-04 14:38:45 +02:00
Tom Hvitved	a315640082	C#: Address review comments	2021-10-04 13:15:26 +02:00
Tom Hvitved	f06632a8e7	C#: Filter discards in tuples in `ConstantCondition.ql`	2021-10-04 13:04:18 +02:00
Tom Hvitved	682a2aae3a	C#: Filter `using var _ = ...` results from `DeadStoreOfLocal.ql`	2021-10-04 10:45:44 +02:00
Rasmus Wriedt Larsen	987b573709	Fix `hasLocationInfo` URL reference Follow up to https://github.com/github/codeql/pull/5830	2021-09-29 13:47:58 +02:00
Porcuiney Hairs	b9c08167f3	C# : Add query to detect SSRF	2021-09-29 04:14:22 +05:30
Mathias Vorreiter Pedersen	24214002a1	C#/C++: Sync identical files.	2021-09-24 13:13:09 +01:00
Mathias Vorreiter Pedersen	35baff8bac	C#/C++: Sync identical files.	2021-09-22 13:32:29 +01:00
Tamás Vajk	f90d1fd70e	Merge pull request #6636 from tamasvajk/fix/stubbing-2 C#: Fix member order (yet again) in stubbing	2021-09-07 17:37:29 +02:00
Rasmus Wriedt Larsen	995a8192a9	Merge pull request #6635 from github/RasmusWL/fix-csharp-cwe-tag C#: Fix CWE tag for `cs/insufficient-key-size`	2021-09-07 15:54:42 +02:00
Tamas Vajk	469993f6d3	C#: Fix member order (yet again) in stubbing With explicit interface implementation, the same member name can show up multiple times in a type declaration. This commit defines an explicit order for these members.	2021-09-07 15:26:03 +02:00
Rasmus Wriedt Larsen	8f52089475	C#: Fix CWE tag for `cs/insufficient-key-size` Since this targets CWE-326 Inadequate Encryption Strength > The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. > \- https://cwe.mitre.org/data/definitions/326.html and not CWE-327: Use of a Broken or Risky Cryptographic Algorithm > The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. > \- https://cwe.mitre.org/data/definitions/327.html This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql	2021-09-07 12:59:10 +02:00
Tamas Vajk	203ca3f91b	C#: improve stubbing to escape more member names (not just fields)	2021-09-07 12:34:23 +02:00
Tamás Vajk	7befdc9c5c	Merge pull request #6627 from tamasvajk/feature/stub-readme C#: Add readme to stub folder	2021-09-07 12:09:52 +02:00
Tamás Vajk	c63fd4a254	Merge pull request #6260 from tamasvajk/feature/method-name C#: Change generic method names to include <> and type args/params	2021-09-07 12:09:27 +02:00
Tamas Vajk	0d88d18781	C#: Add readme to stub folder	2021-09-06 13:42:36 +02:00
Andrew Eisenberg	bb9911e06f	Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency	2021-09-06 04:40:58 -07:00
Tamas Vajk	b7f13a7e1f	C#: Change generic method names to include <> and type args/params	2021-09-06 11:48:22 +02:00
Andrew Eisenberg	6a47fcaf1f	Packaging: Normalize all qlpack.yml files for all languages This commit ensures consistency among all of our qlpacks. Here are the changes: 1. Ensure only modern references are used (codeql-{lang} is converted to codeql/{lang}-all or codeql/{lang}-queries where appropriate). 2. Use consistent version numbers. All languages are at 0.0.2 except javascript, which is 0.0.3. 3. Convert all `libraryPathDependencies` to `dependencies` with version constraints 4. Dependencies from query packs to other packs are always `"*"` since these dependencies are always from source and we should get the latest. 5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must be strict since there is a tight connection between the libary and its relevant upgrades.	2021-09-03 11:53:28 -07:00
Tamas Vajk	c02a743835	Revert redundant order by	2021-09-03 16:51:32 +02:00
Tamas Vajk	3560853f36	C#: Fix ordering of stubbed type members, implemented interfaces, and location comments	2021-09-03 09:53:34 +02:00
Tom Hvitved	7e1efbdd8e	C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`	2021-08-26 13:48:57 +02:00
Andrew Eisenberg	c9f1c98390	Packaging: C# refactoring Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.	2021-08-19 14:09:35 -07:00
Tamás Vajk	763de4fff9	Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix C#: Adding Membership.GeneratePassword() as a bad source of random data	2021-08-19 11:16:26 +02:00
Tamas Vajk	d97525e21e	Fix minor quality issues in comment and change note	2021-08-19 09:30:23 +02:00
Erik Krogh Kristensen	dd59f79947	use min() instead of rank[1]()	2021-08-18 11:09:03 +02:00
Andrew Eisenberg	03d6b15401	Merge branch 'main' into aeisenberg/pack/cpp	2021-08-17 15:28:47 -07:00
Tom Hvitved	44ff623d8c	Merge pull request #5508 from edvraa/deserializers deserialization sinks	2021-08-17 11:41:52 +02:00
Andrew Eisenberg	e566fb9c5a	Packaging: Update suite-helpers qlpack Uses new style naming scheme.	2021-08-16 17:51:33 -07:00
Tamás Vajk	166a6b02f6	Merge pull request #6268 from tamasvajk/feature/generic-type-name C#: Remove type args/params from generic type names in extractor	2021-08-16 12:22:16 +02:00
Tamas Vajk	243424063a	Add pragma inline to getMember/Method/Callable	2021-08-10 13:25:56 +02:00
Tamas Vajk	51661bfa62	Add pragma noinline to fix uselessUpcast check	2021-08-10 13:24:30 +02:00
Tamas Vajk	91bd3d1a11	Cache getName to improve performance	2021-08-09 10:28:31 +02:00
Tamás Vajk	c1cf2a1c5f	Merge pull request #5579 from edvraa/cookies C#: HttpOnly and Secure cookie queries	2021-08-09 08:58:11 +02:00
Tom Hvitved	9eb3f28ef1	C#: Add missing `nodes` predicate to XSS queries	2021-08-05 13:53:52 +02:00
Tom Hvitved	6471092139	Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit C#: Guard against virtual dispatch branching too much.	2021-08-05 13:20:14 +02:00
Raul Garcia (MSFT)	7340a1293f	Fixing query & test	2021-08-04 19:37:57 -07:00
Raul Garcia (MSFT)	8544356f90	Adding `Membership.GeneratePassword()` as a bad source of random data because of the bias.	2021-08-04 17:12:00 -07:00
edvraa	db2f9add53	Post merge	2021-08-04 18:37:17 +03:00
edvraa	d1e41689bb	Merge with main	2021-08-04 14:25:34 +03:00
edvraa	e790ee7c2e	Fix formatting	2021-08-04 14:06:27 +03:00
Tamas Vajk	6405b89443	Add DB upgrade script to change generic type names to undecorated ones	2021-08-04 12:38:16 +02:00
Tamas Vajk	f1a596ee81	Fix code review findings	2021-08-04 12:38:16 +02:00
Tamas Vajk	62f5af9ac8	Fix TupleType::getName	2021-08-04 12:38:16 +02:00
Tamas Vajk	d3803b01e4	Fix nested generic type qualified names	2021-08-04 12:38:16 +02:00
Tamas Vajk	99fe9d8d07	Fix erroneous space in type name	2021-08-04 12:38:16 +02:00
Tamas Vajk	0cfd73c818	Adjust QL getName to the extracted undecorated names	2021-08-04 12:38:15 +02:00
Pavel Avgustinov	2be9f3e41e	C#: Guard against virtual dispatch branching too much. We have observed databases where dispatch to highly overridden virtual methots (like Enumerable.GetEnumerator) ends up branching to many thousands of overrides, if there is not sufficient type context to prune. This causes performance problems for analyses that use dataflow. As an immediate fix, this commit prevents branching to virtual method overrides if this would result in branching to 1,000 or more methods.	2021-08-02 09:40:16 +01:00

... 21 22 23 24 25 ...

3379 Commits