hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,451 Commits 1,671 Branches 157 Tags
codeql-cli-2.21.4
Commit Graph

340 Commits

Author SHA1 Message Date
calum
cf4b04a3ee C#: Address review comments - adding .getNode() where appropriate. 2018-11-16 11:52:20 +00:00
calum
e908b090fd C#: Always use PathNode in a path-problem query. 2018-11-16 10:32:24 +00:00
calum
eddc52852d C#: Convert security queries to path-problem and update qltest expected output. 2018-11-16 10:31:20 +00:00
Tom Hvitved
dd6fd400aa Merge pull request #335 from calumgrant/cs/cwe-937 
C#: New query VulnerablePackage
 2018-11-12 10:34:53 +01:00
Tom Hvitved
67e64f21d8 C#: Fix whitespaces 2018-11-07 08:52:38 +01:00
semmle-qlci
33c02fe928 Merge pull request #355 from hvitved/csharp/guards-logic 
Approved by calumgrant
 2018-11-06 19:06:30 +00:00
calum
c003150ed8 C#: Add missing file. 2018-11-02 16:46:49 +00:00
calum
29df7f5e96 C#: Mark false-negatives. 2018-11-02 16:46:49 +00:00
calum
7fa442d127 C#: Merge tests. 2018-11-02 16:46:49 +00:00
calum
ae96b347e2 C#: Address review comments. 2018-11-02 16:46:49 +00:00
calum
62fb693924 C#: Tidy up code and fix performance of remote flow sources. 2018-11-02 16:45:48 +00:00
calum
2090d69c3f C#: Tidy up tests. 2018-11-02 16:45:48 +00:00
calum
697e66e312 C#: Move test into subdirectory. 2018-11-02 16:45:48 +00:00
calum
d6e6ae66b8 C#: qltest stubs for UrlRedirect.ASPNETCore 2018-11-02 16:45:47 +00:00
calum
4655acadb2 C#: Stubs for XSSFlowASPNetCore test. 2018-11-02 16:45:47 +00:00
calum
8b8d2f9bef C#: Add auto-generated stubs. 2018-11-02 16:45:47 +00:00
Denis Levin
ba9cb5e22d cs: Adding sources and sinks for ASPNET.Core 
Inintial query checkin.
Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them.
The packages.config should include this:
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" />
  <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" />
  <package id="Microsoft.NETCore.App" version="2.0.0" />
  <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
 2018-11-02 16:45:47 +00:00
Tom Hvitved
665173692c C#: Fix whitespaces 2018-10-30 13:15:46 +01:00
calum
61232cb08e C#: Address review comments in QL. 2018-10-19 16:33:04 +01:00
Tom Hvitved
b233961a9a C#: Add assertion tests 2018-10-19 14:05:30 +02:00
calum
3de1f3b101 C#: Query and qltest for VulnerablePackage. 2018-10-18 10:23:51 +01:00
Tom Hvitved
c064b1f41d Merge pull request #103 from lukecartey/csharp/zipslip-update 
C#: ZipSlip - Refine sanitizers
 2018-10-10 10:47:23 +02:00
Luke Cartey
1a90f7df2c C#: ZipSlip - Address review comments. 
- Add backticks
 - Add extra test.
 2018-10-03 11:38:48 +01:00
Tom Hvitved
809da42f00 C#: Synchronize a few test files 
Synchronized test files with the examples used in query help.
 2018-08-30 21:46:37 +02:00
Luke Cartey
b1d5d5bf86 C#: ZipSlip - Refine StartsWith sanitizer. 
ZipSlip can be avoided by checking that the combined and resolved
path `StartsWith` the appropriate destination directory. Refine the
`StartsWith` sanitizer to:

 * Consider expressions guarded by an appropriate StartsWith check to be
sanitized.
 * Consider a StartsWith check to be inappropriate if it is checking the
result of `Path.Combine`, as that has not been appropriately resolved.

Tests have been updated to reflect this refinement.
 2018-08-24 14:27:25 +01:00
Tom Hvitved
d4551e5897 Merge pull request #81 from lukecartey/csharp/zipslip-reformat 
C#: ZipSlip - Rearrange query, add help and update doc
 2018-08-24 09:40:20 +02:00
calumgrant
04bccd0137 Merge pull request #55 from denislevin/denisl/cs/DontInstallRootCertificate 
cs: Don't Install Root Certificate (CWE-327)
 2018-08-23 17:36:50 +01:00
Luke Cartey
86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Luke Cartey
4f57456df1 C#: ZipSlip - Add spaces into bad example. 2018-08-21 13:06:29 +01:00
Luke Cartey
6959d80a28 C#: ZipSlip - Update help, compile and test samples. 2018-08-21 12:17:48 +01:00
Denis Levin
be3d2931e3 Changed query message text as requested 2018-08-20 14:02:33 -07:00
Luke Cartey
99d1cf70be C#: ZipSlip - Update name, description and message. 
This commit updates the name, description and message to better match
the house style for the security queries.
 2018-08-20 16:59:56 +01:00
Denis Levin
276deee68c Added comments to the test file. Fixed a typo. 2018-08-17 10:50:52 -07:00
Denis Levin
2a46a26d9e Update addressing review comments 2018-08-16 17:29:04 -07:00
calum
fc5963b831 C#: Rename filename in expected test output. 2018-08-14 13:00:25 +01:00
calum
82f0c389c7 C#: Update test references to use .NET Core, and change relative directory of moved test file. 2018-08-14 12:52:26 +01:00
Denis Levin
7492dabde0 cs: Don't Install Root Certificate (CWE-327) 2018-08-13 16:43:44 -07:00
Denis Levin
cee996c543 Adding .expected file to QLTest 2018-08-13 15:04:15 -07:00
Denis Levin
242fba3fd2 cs: Query for ZipSlip vulnerability (CVE-2018-1002200) 
Initial check in to validate the tests
 2018-08-13 14:56:45 -07:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00