hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,000 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.3
Commit Graph

1506 Commits

Author SHA1 Message Date
Tom Hvitved
23d09ed7c6 Address review comment 2023-12-04 10:47:52 +01:00
Robert Martin
66b456d3c6 C#: Fix a URL redirection from remote source false positive 
When guarding the redirect with `HttpRequestBase.IsUrlLocalToHost()`
 2023-11-29 13:46:47 -07:00
Tom Hvitved
ccb9d9b8fa C#: Strengthen call-back heuristics by considering body-less methods 2023-11-27 21:15:06 +01:00
Joe Farebrother
befb1ccd84 Fix integration tests for windows 2023-11-23 10:56:45 +00:00
Joe Farebrother
e4edb19f43 Update to hasFullyQualifiedName 2023-11-23 10:56:45 +00:00
Joe Farebrother
f24c042d04 Rename Razor Page class to Razor View class 2023-11-23 10:56:45 +00:00
Joe Farebrother
aa3fd6add0 Fix standalone tests 2023-11-23 10:56:45 +00:00
Joe Farebrother
82fbae3e5a Handle standalone extraction case in which generated files list absolute paths 2023-11-23 10:56:45 +00:00
Joe Farebrother
26c048a650 Minor refactoring 2023-11-23 10:56:44 +00:00
Joe Farebrother
e2e4642037 Remove redundant import 2023-11-23 10:56:44 +00:00
Joe Farebrother
7a098dde50 Remove AdditionalTaintStep (redundant with NonLocalJumpNode) 2023-11-23 10:56:44 +00:00
Joe Farebrother
9af44ed0a2 Convert flow steps to value steps 2023-11-23 10:56:44 +00:00
Joe Farebrother
96bddde7c1 Review suggestions - Remove unneeded import in tests, rename RazorPage to RazorPageClass 2023-11-23 10:56:44 +00:00
Joe Farebrother
ef15980bb6 Remove unnecessary check for the name parameter as parameter 1 2023-11-23 10:56:43 +00:00
Joe Farebrother
2416040854 Review suggestions - make import private and update change note 2023-11-23 10:56:43 +00:00
Joe Farebrother
047f8e485a Make the additional flow steps generally applicible to all queries 2023-11-23 10:56:43 +00:00
Joe Farebrother
0ed7b3c3ad Update qldoc 2023-11-23 10:56:43 +00:00
Joe Farebrother
826111dc08 Separate area view discovery list for increased precision 2023-11-23 10:56:42 +00:00
Joe Farebrother
f2c3d83d9e Add tests for area cases 2023-11-23 10:56:42 +00:00
Joe Farebrother
f1b0f1a35d Use shared filepath normalization libary 2023-11-23 10:56:42 +00:00
Joe Farebrother
7194113a64 Add areas 2023-11-23 10:56:42 +00:00
Joe Farebrother
7691cbce87 Add additional test cases 2023-11-23 10:56:42 +00:00
Joe Farebrother
f84b2a96af Add support for view locations defined in code through RazoeViewEngineOptions 2023-11-23 10:56:42 +00:00
Joe Farebrother
ac3f642b45 Unit tests - Write script to aid generating necessary code from .cshtml files. 2023-11-23 10:56:41 +00:00
Joe Farebrother
12a579e0aa Add relative filepath lookup 2023-11-23 10:56:41 +00:00
Joe Farebrother
40a7223620 Implement xss flow step for absolute filepath case 2023-11-23 10:56:41 +00:00
Tom Hvitved
979bcf4ef3 Merge pull request #14868 from hvitved/ssa/locations 
SSA: Add locations to ease debugging
 2023-11-22 13:26:41 +01:00
Tom Hvitved
1a6886cf99 SSA: Add locations to ease debugging 2023-11-22 08:37:02 +01:00
Tamas Vajk
253c658ad2 C#: Tolerate missing call targets in LogMessageSink 2023-11-21 10:13:18 +01:00
Tom Hvitved
b72f34591d C#: Use {get,has}FullyQualifiedName throughout 2023-11-10 08:46:15 +01:00
Tom Hvitved
66dc5501e8 C#: Deprecate {get,has}QualifiedName and replace with {get,has}FullyQualifiedName 2023-11-10 08:46:01 +01:00
Tom Hvitved
76e6f81075 C#: Allow for explicit interface names in MaD consistency check 2023-11-09 08:34:36 +01:00
Tom Hvitved
11c113bbd5 C#: Use new format for generics when parsing MaD rows 2023-11-09 08:34:36 +01:00
Tom Hvitved
74f483a6f5 C#: Update model conversion queries 2023-11-09 08:34:35 +01:00
Tom Hvitved
6f4311d656 C#: Include type parameters when printing MaD rows with generics 2023-11-09 08:34:06 +01:00
Tom Hvitved
b2512eb212 Merge pull request #14678 from hvitved/csharp/mad-operator-fix 
C#: Correctly parse operator names in MaD
 2023-11-07 15:11:01 +01:00
Tom Hvitved
af7b295c59 Address review comments 2023-11-07 13:01:19 +01:00
Tom Hvitved
12cd1c1011 C#: Deprecate UnboundGenericType::getInstanceType/0 2023-11-06 13:01:57 +01:00
Tom Hvitved
3e3ea51e69 C#: Correctly parse operator names in MaD 2023-11-05 20:58:47 +01:00
Tom Hvitved
2a33a86c9d C#: Merge ExternalFlow.qll and ExternalFlowExtensions.qll, and move to internal 2023-11-05 20:58:47 +01:00
Tom Hvitved
12d856737a Address review comments 2023-11-02 12:38:35 +01:00
Tom Hvitved
c717e346fb C#: Move qualified name computation into QualifiedName.qll 2023-11-01 16:21:55 +01:00
Tom Hvitved
6ad8a4db1c C#: Only use getTypeRef when there is not already a type available 2023-10-27 14:11:55 +02:00
Anders Schack-Mulligen
6882504397 C#: Fix compilation 2023-10-25 14:31:49 +02:00
Anders Schack-Mulligen
5ded55cd9f C#: Sync Bound.qll 2023-10-25 14:08:48 +02:00
Joe Farebrother
fe2468e7d0 Merge pull request #14498 from joefarebrother/csharp-missing-access-control 
C#: Fix FP in Missing Function Level Access Control and Insecure Direct Object Reference
 2023-10-16 10:46:19 +01:00
Joe Farebrother
915352861d Check for generic base types in Missing Function Level Access Control and Insecure Direct Object Reference. 2023-10-13 14:22:45 +01:00
Tony Torralba
0cea3f8531 Remove library annotations 2023-10-13 12:46:56 +02:00
Tamas Vajk
267fd23b26 C#: Include the void type in value types 2023-10-11 12:01:17 +02:00
erik-krogh
4bc4e0845d delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses 2023-10-07 21:48:49 +02:00