hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,246 Commits 1,672 Branches 157 Tags
codeql-cli-2.23.0
Commit Graph

38 Commits

Author SHA1 Message Date
Michael Nebel
82f8a796e1 C#: Update all test util paths to point to the new location. 2024-12-12 13:21:31 +01:00
Michael Nebel
97f9340a0a C#: Update security related tests and expected output to pretty print MaD. 2024-08-13 16:10:04 +02:00
Michael Nebel
854c6fa813 C#: Update expected test output after .NET 8 models update. 2024-06-13 09:24:13 +02:00
Michael Nebel
e2758f2abb C#: Update expected test output. 2024-05-31 15:06:16 +02:00
Michael Nebel
0985a3a5f6 C#: Update expected test output. 2024-05-31 12:49:58 +02:00
Michael Nebel
90538d4b4c C#: Update expected test output. 2024-05-31 12:49:48 +02:00
Michael Nebel
dc34cb0aae C#: Update all MaD ids in the tests. 2024-04-12 13:24:18 +02:00
Anders Schack-Mulligen
647f9aba82 C#: Update some expected output (uninteresting). 2024-04-12 09:20:18 +02:00
Tom Hvitved
303a2bb63a C#: Update expected test output 2024-02-22 21:04:55 +01:00
Anders Schack-Mulligen
21a6520cd3 C#: Add empty provenance column to expected files. 2024-02-09 11:32:07 +01:00
Michael Nebel
47621ca602 C#: Base tests for CWE-022 on stubs. 2023-06-15 16:05:45 +02:00
Tom Hvitved
3c173df69e C#: Update expected test output 2023-05-15 09:35:20 +02:00
Mathias Vorreiter Pedersen
177dd76da6 C#: Accept consistency changes. 2023-05-03 20:30:06 +01:00
erik-krogh
326666ac85 update the alert-messages of csharp queries 2022-09-26 14:01:39 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Tom Hvitved
5d1a5920c7 C#: Reimplement flow-summary compilation 2020-10-14 14:15:34 +02:00
Calum Grant
3d460aeb44 C#: ZipSlip query reports alert at source 2020-01-21 15:17:06 +00:00
Tom Hvitved
78ddb37a8c C#: Track type information in data flow 
This commit adds type information to data flow paths, by mapping node types onto
the smaller set of GVN types, and implementing `ppReprType()`.

The effect is a mere change in `DataFlow::PathNode::toString()`; no type-based
pruning is done yet.
 2019-12-10 15:46:28 +01:00
Anders Schack-Mulligen
6299625b3d C#: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Tom Hvitved
c6a471e4b6 C#: Adopt shared data flow implementation 
- General refactoring to fit with the shared data flow implementation.
- Move CFG splitting logic into `ControlFlowReachability.qll`.
- Replace `isAdditionalFlowStepIntoCall()` with `TaintedParameterNode`.
- Redefine `ReturnNode` to be the actual values that are returned, which should
  yield better path information.
- No longer consider overrides in CIL calls.
 2019-05-06 14:54:11 +02:00
calum
69ab1ed5bd C#: Add nodes predicate to all path queries. 2018-11-21 12:35:05 +00:00
calum
eddc52852d C#: Convert security queries to path-problem and update qltest expected output. 2018-11-16 10:31:20 +00:00
Tom Hvitved
665173692c C#: Fix whitespaces 2018-10-30 13:15:46 +01:00
Luke Cartey
1a90f7df2c C#: ZipSlip - Address review comments. 
- Add backticks
 - Add extra test.
 2018-10-03 11:38:48 +01:00
Luke Cartey
b1d5d5bf86 C#: ZipSlip - Refine StartsWith sanitizer. 
ZipSlip can be avoided by checking that the combined and resolved
path `StartsWith` the appropriate destination directory. Refine the
`StartsWith` sanitizer to:

 * Consider expressions guarded by an appropriate StartsWith check to be
sanitized.
 * Consider a StartsWith check to be inappropriate if it is checking the
result of `Path.Combine`, as that has not been appropriately resolved.

Tests have been updated to reflect this refinement.
 2018-08-24 14:27:25 +01:00
Luke Cartey
86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Luke Cartey
4f57456df1 C#: ZipSlip - Add spaces into bad example. 2018-08-21 13:06:29 +01:00
Luke Cartey
6959d80a28 C#: ZipSlip - Update help, compile and test samples. 2018-08-21 12:17:48 +01:00
Luke Cartey
99d1cf70be C#: ZipSlip - Update name, description and message. 
This commit updates the name, description and message to better match
the house style for the security queries.
 2018-08-20 16:59:56 +01:00
calum
fc5963b831 C#: Rename filename in expected test output. 2018-08-14 13:00:25 +01:00
calum
82f0c389c7 C#: Update test references to use .NET Core, and change relative directory of moved test file. 2018-08-14 12:52:26 +01:00
Denis Levin
cee996c543 Adding .expected file to QLTest 2018-08-13 15:04:15 -07:00
Denis Levin
242fba3fd2 cs: Query for ZipSlip vulnerability (CVE-2018-1002200) 
Initial check in to validate the tests
 2018-08-13 14:56:45 -07:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00