hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
78,267 Commits 1,672 Branches 157 Tags
codeql-cli-2.21.1
Commit Graph

8535 Commits

Author SHA1 Message Date
Tony Torralba
3e96fe60c5 Go/Java/JS/Python/Ruby: Update the description and qhelp of the ZipSlip query 
All filesystem operations, not just writes, with paths built from untrusted archive entry names are dangerous
 2023-06-16 08:52:44 +02:00
Michael Nebel
981468f64e C#: Base tests for CWE-099 on stubs. 2023-06-15 16:05:46 +02:00
Michael Nebel
95fddaebef C#: Base tests for CWE-094 on stubs. 2023-06-15 16:05:46 +02:00
Michael Nebel
7d58a9c3d3 C#: Base tests for CWE-091 on stubs. 2023-06-15 16:05:46 +02:00
Michael Nebel
f4b5cbf7eb C#: Base tests for CWE-090 on stubs. 2023-06-15 16:05:45 +02:00
Michael Nebel
8e36a880f2 C#: Adjust paths relative to the test directory for CWE-089 test dependencies. 2023-06-15 16:05:45 +02:00
Michael Nebel
b674a8eab7 C#: Split the StoredXss test from XSS Asp test. Make the former based on stubs. 2023-06-15 16:05:45 +02:00
Michael Nebel
0d10f5ca2a C#: Base tests for CWE-078 on stubs. 2023-06-15 16:05:45 +02:00
Michael Nebel
47621ca602 C#: Base tests for CWE-022 on stubs. 2023-06-15 16:05:45 +02:00
Michael Nebel
d0844bbe6e C#: Base tests for CWE-020 on stubs. 2023-06-15 15:22:43 +02:00
Michael Nebel
3e8102a0c8 C#: Base tests for CWE-016 on stubs. 2023-06-15 15:22:43 +02:00
Michael Nebel
7dd88ddff6 C#: Base tests for CWE-011 on stubs. 2023-06-15 15:22:42 +02:00
Michael Nebel
47638123d0 Merge pull request #13150 from michaelnebel/csharp/removejumpstep 
C#: Remove jump step
 2023-06-15 12:53:37 +02:00
Jeroen Ketema
853bf2ae4e C#: Rewrite InlineFlowTest as a parameterized module 2023-06-15 10:51:59 +02:00
Michael Nebel
04736b6e10 C#: Add lost QL Doc. 2023-06-15 10:00:09 +02:00
github-actions[bot]
e6160b8e49 Add changed framework coverage reports 2023-06-15 00:18:04 +00:00
Joe Farebrother
12bb418375 Add change note 2023-06-14 16:12:34 +01:00
Joe Farebrother
9b31b61143 Broaden the scope of checks for authorization attributes 2023-06-14 16:07:41 +01:00
Joe Farebrother
7eea191005 Add tests for MVC cases 2023-06-14 16:07:41 +01:00
Joe Farebrother
1500089b86 Add test cases for webforms auth via web.config files 2023-06-14 16:07:41 +01:00
Joe Farebrother
1b6e7f9140 Add unit tests for webform case with auth in code 2023-06-14 16:07:41 +01:00
Joe Farebrother
57b3b2b2e3 Add qldoc + exclude empty methods 2023-06-14 16:07:40 +01:00
Joe Farebrother
582c4a7fbc Support virtual route mappings for webforms actions 2023-06-14 16:07:40 +01:00
Joe Farebrother
63b3e16a54 Support Authorize attribute 2023-06-14 16:07:40 +01:00
Joe Farebrother
29b5f14283 Add support for auth via xml using the physical path 2023-06-14 16:07:40 +01:00
Joe Farebrother
e93f3186fe Add missing function level access control query 2023-06-14 16:07:40 +01:00
Owen Mansel-Chan
3ff6d033d3 Rename to neverSkipInPathGraph 2023-06-14 15:29:54 +01:00
Owen Mansel-Chan
5f72ce0935 Add stub implementations of flowCheckNodeSpecific 2023-06-14 14:46:35 +01:00
Owen Mansel-Chan
e0f7437d40 Sync dataflow library 2023-06-14 14:29:56 +01:00
Jami
35591113c2 Merge branch 'main' into jcogs33/shared-sink-kind-validation 2023-06-14 08:06:34 -04:00
Michael Nebel
f26c514426 C#: Remove the JumpReturnKind and the related summary component stack. 2023-06-14 14:00:19 +02:00
Michael Nebel
afec9b05e9 Merge pull request #13147 from michaelnebel/csharp/entityframeworkrefactor 
C#: Use synthetic global in the EntityFramework code instead of jump steps.
 2023-06-14 13:47:56 +02:00
Michael Nebel
2200a2ae79 C#: Address review comments. 2023-06-14 11:25:31 +02:00
Anders Schack-Mulligen
1a4fca334f Merge pull request #13273 from aschackmull/dataflow/summarynode-refactor 
Dataflow: Refactor FlowSummaryImpl to synthesize nodes independently from DataFlow::Node.
 2023-06-14 09:38:36 +02:00
Michael Nebel
9690ff6177 C#: Address review comments. 2023-06-13 14:19:17 +02:00
Anders Schack-Mulligen
2d616d494e C#/Ruby: Add fields as per review comments. 2023-06-13 11:26:30 +02:00
Michael Nebel
577bbd531d C#: Base tests on stubs, move extractor options to options file and updated expected test output. 2023-06-13 10:17:42 +02:00
Tamás Vajk
aed6a75cd4 Merge pull request #13420 from tamasvajk/feature/standalone-mscorlib 
C#: Make sure System.Private.CoreLib is added only once as a reference in standalone extraction
 2023-06-13 09:29:16 +02:00
Anders Schack-Mulligen
bc7cb1ec47 C#: Fix some qltests. 2023-06-12 16:19:04 +02:00
Anders Schack-Mulligen
949d4491f9 C#: Remove summaries for void-returning Reverse methods. 2023-06-12 13:18:28 +02:00
Anders Schack-Mulligen
88fe0f089e C#: Fix expected output. 2023-06-12 13:17:55 +02:00
Anders Schack-Mulligen
f8ff575ff0 C#: Fix bugs in misc models. 2023-06-12 11:37:57 +02:00
Tamas Vajk
cdf1c2639d C#: Only include CoreLib.dll when UseMscorlib option is set 2023-06-12 11:03:26 +02:00
Jami Cogswell
9abe3e3da4 Shared: use a module as input to 'KindValidation' 2023-06-09 14:35:37 -04:00
Anders Schack-Mulligen
2ecce575a9 C#: Fix types of summary parameter nodes. 2023-06-09 15:39:28 +02:00
Anders Schack-Mulligen
98f51d7f29 Dataflow: Sync. 2023-06-09 15:39:28 +02:00
Anders Schack-Mulligen
6020e4d0e3 C#/Go/Python/Ruby/Swift: Fix some more references. 2023-06-09 15:30:38 +02:00
Anders Schack-Mulligen
5e6031724a C#: Adjust to FlowSummaryImpl changes. 2023-06-09 15:27:17 +02:00
Anders Schack-Mulligen
2cc5bde925 Dataflow: Sync. 2023-06-09 15:27:17 +02:00
Michael Nebel
5510d050c1 C#: Synthetic names only needs to rely on the output stack. 2023-06-09 11:40:04 +02:00