hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

1538 Commits

Author SHA1 Message Date
Michael Nebel
39d3741a91 Merge pull request #20326 from michaelnebel/csharp/ql4ql 
C#: Fix some Ql4Ql violations.
 2025-09-02 11:44:22 +02:00
Michael Nebel
ef4b41ab6d C#: Replace exists with any. 2025-09-02 09:26:37 +02:00
Michael Nebel
7491352278 C#: Fix some Ql4Ql violations. 2025-09-01 14:57:30 +02:00
Anders Schack-Mulligen
09b2c5abf0 BasicBlock: Replace entryBlock predicate with subclass. 2025-09-01 11:48:44 +02:00
Anders Schack-Mulligen
f459ddc40a Languages: Adapt to api changes. 2025-09-01 11:26:33 +02:00
Anders Schack-Mulligen
bb3abc815f SSA: Update input to use member predicates. 2025-09-01 11:19:48 +02:00
Tom Hvitved
aa3f4e1eca C#: Fix context-sensitive dispatch when using base qualifier 2025-08-28 13:24:47 +02:00
Michael Nebel
ebfbc71104 C#: Address more review comments. 2025-08-21 08:07:17 +02:00
Michael Nebel
b42c366250 C#: Address review comments. 2025-08-20 08:50:23 +02:00
Michael Nebel
81751ea591 C#: Allow implicit reads from collections in argument nodes (sinks and additional flow steps) for default taint tracking configurations. 2025-08-18 12:56:09 +02:00
Nora Dimitrijević
8000e7c442 Merge pull request #20074 from d10c/d10c/diff-informed-phase-3-csharp 
C#: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:07:47 +02:00
Tom Hvitved
361ef0f50d C#: Include constructors in ValueOrRefType.hasCallable 2025-08-04 13:51:17 +02:00
Anders Schack-Mulligen
3b8234ecec SSA: Update data flow integration and BarrierGuard interface to use GuardValue. 2025-07-28 11:29:12 +02:00
Nora Dimitrijević
7f085e6bd9 [DIFF-INFORMED] C#: UnsafeDeserializationQuery 
57c8b6e229/csharp/ql/src/Security%20Features/CWE-502/UnsafeDeserializationUntrustedInput.ql (L59)
 2025-07-21 11:28:50 +02:00
Nora Dimitrijević
793f921291 [DIFF-INFORMED] C#: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-807/ConditionalBypass.ql#L22
 2025-07-21 11:28:48 +02:00
Chris Smowton
d6a3b2e91f Merge pull request #20065 from smowton/smowton/fix/web.config 
C#: Make web.config match case insensitive (with change note)
 2025-07-16 09:52:34 +01:00
Hugo
6384cf2e4f Update predicate name 2025-07-16 00:35:14 +02:00
James Frank
b9acaa0cbd Make web.config match case insensitive 2025-07-15 15:34:42 -04:00
Hugo
fb693837e4 feat: add getASupertype() predicate in ValueOrRefType. 
Add the getASupertype() predicate in ValueOrRefType.
 2025-07-10 02:19:17 +02:00
Michael Nebel
2f208bddb6 Merge pull request #19877 from michaelnebel/csharp/microsoftdatasqlclient 
C#: Models for Microsoft.Data.SqlClient.
 2025-06-27 10:24:38 +02:00
Michael Nebel
f3eafd33ff C#: Exclude Microsoft.Data.SqlClient.SqlCommand from the best effort SqlSink creation. 2025-06-26 08:46:49 +02:00
Kasper Svendsen
2da8d61984 Run config/sync-files.py 2025-06-24 10:25:06 +02:00
Nora Dimitrijević
79e982af38 Merge pull request #19661 from d10c/d10c/csharp/diff-informed 
C#: mass enable diff-informed data flow
 2025-06-17 14:52:24 +02:00
Tom Hvitved
a188adc09b C#: Handle non-unique type arguments when computing generics strings 2025-06-17 09:30:49 +02:00
Nora Dimitrijević
f2085c2293 C#: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18344 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:56:25 +02:00
Michael Nebel
d2b8bd5760 C#: Remove explicit (trivial) type requirements on Debug.Assert methods. 2025-06-03 15:10:34 +02:00
Michael Nebel
36eab47ab4 C#: Do not assume that extension methods on nullable types do unsafe dereference. 2025-06-03 13:24:57 +02:00
Anders Schack-Mulligen
5b21188e0d C#: Sync. 2025-05-23 14:17:21 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Michael Nebel
72d3814e08 C#: Include dictionary indexers and more methods in cs/gethashcode-is-not-defined. 2025-05-15 14:03:22 +02:00
Michael Nebel
a7ddfe2e89 C#: Address review comments. 2025-05-12 16:06:02 +02:00
Michael Nebel
133e8d4897 C#: Include CompositeFormat.Parse as Format like method. 2025-05-12 15:44:59 +02:00
Tom Hvitved
e79a906426 C#: Fix CFG for fall-through switch statements 2025-04-25 11:48:30 +02:00
Alexander Eyers-Taylor
ea83ecf802 Merge pull request #19327 from d10c/d10c/rtjo-csharp-jo-fix 
C#: Join order fix
 2025-04-24 12:34:22 +01:00
Michael Nebel
f2dddd6d5c C#: Hide the abstract FormatMethod class. 2025-04-24 08:54:47 +02:00
Michael Nebel
042c7e5186 C#: Generalize array logic to params collection like types. 2025-04-24 08:54:43 +02:00
Michael Nebel
f31235db43 C#: Improve format logic to take CompositeFormat and generics into account. 2025-04-24 08:54:39 +02:00
Michael Nebel
1d9d8780b3 C#: Remove some false positives and add more true positives for cs/invalid-string-format. 2025-04-24 08:54:34 +02:00
Michael Nebel
327ddb07a1 C#: Re-factor FormatMethod. 2025-04-24 08:54:30 +02:00
Nora Dimitrijević
7f5b48d485 C#: Fix join order in ExternalFlow::interpretElement/6 (only affects RTJO mode) 2025-04-17 15:52:13 +02:00
Michael Nebel
c15d1ab3bd C#: Consider an attribute to be authorization like, if it extends an attribute that has an authorization like name. 2025-04-14 14:25:31 +02:00
Michael Nebel
79688efacb Merge pull request #19194 from michaelnebel/csharp/enumsimpletype 
C#: Extend simple type sanitizers with enums and `System.DateTimeOffset`.
 2025-04-03 10:24:26 +02:00
Tamás Vajk
befc2fd7c1 Merge pull request #19145 from tamasvajk/tamasvajk/blazor/parameter-passing-jumpnode-2 
C#: Blazor: Support string literals as property names in jump nodes
 2025-04-03 10:07:59 +02:00
Michael Nebel
cf75493fe9 C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect. 2025-04-02 11:21:05 +02:00
Michael Nebel
024712c073 C#: Temporarily comment out considering Enums as having a sanitizing effect. 2025-04-02 11:20:59 +02:00
Anders Schack-Mulligen
e6cf737f99 Merge pull request #19178 from aschackmull/csharp/pressa-useuse 
C#: Update PreSSA to reference the new use-use predicates.
 2025-04-02 10:30:36 +02:00
Ian Roof
1d81c77fcd C#: Enhanced LogForgingQuery to treat C# Enums as simple types. 2025-04-02 09:40:10 +02:00
Michael Nebel
f4105ee4af Merge pull request #19089 from michaelnebel/csharp/improvestringinterpolation 
C#: Extract string interpolation alignment and format.
 2025-04-01 13:40:15 +02:00
Tamas Vajk
a570a728bd Fix code quality 2025-04-01 10:29:55 +02:00
Tamás Vajk
398f041464 Update csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2025-04-01 10:18:09 +02:00