hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

1543 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
f833fe0e6e Merge pull request #20300 from aschackmull/cfg/successortype 
Shared: Add a shared SuccessorType implementation
 2025-09-02 14:09:35 +02:00
Michael Nebel
39d3741a91 Merge pull request #20326 from michaelnebel/csharp/ql4ql 
C#: Fix some Ql4Ql violations.
 2025-09-02 11:44:22 +02:00
Anders Schack-Mulligen
3d4d347150 SuccessorType: Address review comments. 2025-09-02 11:10:00 +02:00
Michael Nebel
ef4b41ab6d C#: Replace exists with any. 2025-09-02 09:26:37 +02:00
Michael Nebel
7491352278 C#: Fix some Ql4Ql violations. 2025-09-01 14:57:30 +02:00
Anders Schack-Mulligen
bbf7995100 C#: Fix caching dependencies. 2025-09-01 13:48:25 +02:00
Anders Schack-Mulligen
144e34c669 Shared: Use shared SuccessorType in shared Cfg and BasicBlock libs. 2025-09-01 13:43:32 +02:00
Anders Schack-Mulligen
8b50ac291f C#: Use shared SuccessorType. 2025-09-01 12:53:24 +02:00
Anders Schack-Mulligen
09b2c5abf0 BasicBlock: Replace entryBlock predicate with subclass. 2025-09-01 11:48:44 +02:00
Anders Schack-Mulligen
f459ddc40a Languages: Adapt to api changes. 2025-09-01 11:26:33 +02:00
Anders Schack-Mulligen
bb3abc815f SSA: Update input to use member predicates. 2025-09-01 11:19:48 +02:00
Tom Hvitved
aa3f4e1eca C#: Fix context-sensitive dispatch when using base qualifier 2025-08-28 13:24:47 +02:00
Michael Nebel
ebfbc71104 C#: Address more review comments. 2025-08-21 08:07:17 +02:00
Michael Nebel
b42c366250 C#: Address review comments. 2025-08-20 08:50:23 +02:00
Michael Nebel
81751ea591 C#: Allow implicit reads from collections in argument nodes (sinks and additional flow steps) for default taint tracking configurations. 2025-08-18 12:56:09 +02:00
Nora Dimitrijević
8000e7c442 Merge pull request #20074 from d10c/d10c/diff-informed-phase-3-csharp 
C#: Diff-informed queries: phase 3 (non-trivial locations)
 2025-08-15 12:07:47 +02:00
Tom Hvitved
361ef0f50d C#: Include constructors in ValueOrRefType.hasCallable 2025-08-04 13:51:17 +02:00
Anders Schack-Mulligen
3b8234ecec SSA: Update data flow integration and BarrierGuard interface to use GuardValue. 2025-07-28 11:29:12 +02:00
Nora Dimitrijević
7f085e6bd9 [DIFF-INFORMED] C#: UnsafeDeserializationQuery 
57c8b6e229/csharp/ql/src/Security%20Features/CWE-502/UnsafeDeserializationUntrustedInput.ql (L59)
 2025-07-21 11:28:50 +02:00
Nora Dimitrijević
793f921291 [DIFF-INFORMED] C#: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-807/ConditionalBypass.ql#L22
 2025-07-21 11:28:48 +02:00
Chris Smowton
d6a3b2e91f Merge pull request #20065 from smowton/smowton/fix/web.config 
C#: Make web.config match case insensitive (with change note)
 2025-07-16 09:52:34 +01:00
Hugo
6384cf2e4f Update predicate name 2025-07-16 00:35:14 +02:00
James Frank
b9acaa0cbd Make web.config match case insensitive 2025-07-15 15:34:42 -04:00
Hugo
fb693837e4 feat: add getASupertype() predicate in ValueOrRefType. 
Add the getASupertype() predicate in ValueOrRefType.
 2025-07-10 02:19:17 +02:00
Michael Nebel
2f208bddb6 Merge pull request #19877 from michaelnebel/csharp/microsoftdatasqlclient 
C#: Models for Microsoft.Data.SqlClient.
 2025-06-27 10:24:38 +02:00
Michael Nebel
f3eafd33ff C#: Exclude Microsoft.Data.SqlClient.SqlCommand from the best effort SqlSink creation. 2025-06-26 08:46:49 +02:00
Kasper Svendsen
2da8d61984 Run config/sync-files.py 2025-06-24 10:25:06 +02:00
Nora Dimitrijević
79e982af38 Merge pull request #19661 from d10c/d10c/csharp/diff-informed 
C#: mass enable diff-informed data flow
 2025-06-17 14:52:24 +02:00
Tom Hvitved
a188adc09b C#: Handle non-unique type arguments when computing generics strings 2025-06-17 09:30:49 +02:00
Nora Dimitrijević
f2085c2293 C#: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18344 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:56:25 +02:00
Michael Nebel
d2b8bd5760 C#: Remove explicit (trivial) type requirements on Debug.Assert methods. 2025-06-03 15:10:34 +02:00
Michael Nebel
36eab47ab4 C#: Do not assume that extension methods on nullable types do unsafe dereference. 2025-06-03 13:24:57 +02:00
Anders Schack-Mulligen
5b21188e0d C#: Sync. 2025-05-23 14:17:21 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Michael Nebel
72d3814e08 C#: Include dictionary indexers and more methods in cs/gethashcode-is-not-defined. 2025-05-15 14:03:22 +02:00
Michael Nebel
a7ddfe2e89 C#: Address review comments. 2025-05-12 16:06:02 +02:00
Michael Nebel
133e8d4897 C#: Include CompositeFormat.Parse as Format like method. 2025-05-12 15:44:59 +02:00
Tom Hvitved
e79a906426 C#: Fix CFG for fall-through switch statements 2025-04-25 11:48:30 +02:00
Alexander Eyers-Taylor
ea83ecf802 Merge pull request #19327 from d10c/d10c/rtjo-csharp-jo-fix 
C#: Join order fix
 2025-04-24 12:34:22 +01:00
Michael Nebel
f2dddd6d5c C#: Hide the abstract FormatMethod class. 2025-04-24 08:54:47 +02:00
Michael Nebel
042c7e5186 C#: Generalize array logic to params collection like types. 2025-04-24 08:54:43 +02:00
Michael Nebel
f31235db43 C#: Improve format logic to take CompositeFormat and generics into account. 2025-04-24 08:54:39 +02:00
Michael Nebel
1d9d8780b3 C#: Remove some false positives and add more true positives for cs/invalid-string-format. 2025-04-24 08:54:34 +02:00
Michael Nebel
327ddb07a1 C#: Re-factor FormatMethod. 2025-04-24 08:54:30 +02:00
Nora Dimitrijević
7f5b48d485 C#: Fix join order in ExternalFlow::interpretElement/6 (only affects RTJO mode) 2025-04-17 15:52:13 +02:00
Michael Nebel
c15d1ab3bd C#: Consider an attribute to be authorization like, if it extends an attribute that has an authorization like name. 2025-04-14 14:25:31 +02:00
Michael Nebel
79688efacb Merge pull request #19194 from michaelnebel/csharp/enumsimpletype 
C#: Extend simple type sanitizers with enums and `System.DateTimeOffset`.
 2025-04-03 10:24:26 +02:00
Tamás Vajk
befc2fd7c1 Merge pull request #19145 from tamasvajk/tamasvajk/blazor/parameter-passing-jumpnode-2 
C#: Blazor: Support string literals as property names in jump nodes
 2025-04-03 10:07:59 +02:00
Michael Nebel
cf75493fe9 C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect. 2025-04-02 11:21:05 +02:00
Michael Nebel
024712c073 C#: Temporarily comment out considering Enums as having a sanitizing effect. 2025-04-02 11:20:59 +02:00