hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,644 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.1
Commit Graph

701 Commits

Author SHA1 Message Date
Michael Nebel
78cfb226a3 C#: Add some examples where adapter is used in conjunction with a tainted command. 2022-08-10 11:08:27 +02:00
Michael Nebel
86000f32e7 C#: Update SqlInjection query tests with new results. 2022-08-10 11:08:27 +02:00
Michael Nebel
1fb209990e C#: Add SQLiteDataAdapter examples. 2022-08-10 11:08:27 +02:00
Michael Nebel
ce9baaa1f3 C#: Update SQLInjection query test output. 2022-08-10 11:08:27 +02:00
Michael Nebel
d42752714c C#: Add SQLCommand examples. 2022-08-10 11:08:21 +02:00
Michael Nebel
7fc95fb49b Merge pull request #9988 from michaelnebel/csharp/updatestubs 
C#: Update .NET Core and ASP.NET Core Stubs.
 2022-08-10 11:02:35 +02:00
Michael Nebel
3ba893dfa8 C#: Remove System.Data.SqlClient 4.8.2 stub. 2022-08-09 13:15:44 +02:00
Michael Nebel
6d96da1838 C#: Use ASP.NET Core stub instead of Microsoft.Extensions.Primitives and manual written ASP.NET Core stubs. 2022-08-09 13:08:34 +02:00
Michael Nebel
66232a8054 C#: Fix typo. 2022-07-18 14:28:49 +02:00
Michael Nebel
e6e82ef56d C#: Update test with Decrypt example. 2022-07-18 14:28:49 +02:00
Michael Nebel
52a9fb0de7 C#: Add test for decrypt. 2022-07-18 14:28:49 +02:00
Michael Nebel
93007f89c8 C#: Move ASP Net Core stubs into stubs folder. 2022-06-16 08:38:31 +02:00
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Michael Nebel
3c347cab98 C#: Update test output to reflect that the query is now a path-problem query. 2022-05-05 13:13:25 +02:00
Tom Hvitved
a0e003e33c C#: Add FP test for cs/useless-cast-to-self 2022-04-29 11:59:51 +02:00
Tom Hvitved
02b11084bc C#: Add more tests for cs/useless-cast-to-self 2022-04-06 09:36:59 +02:00
Michael Nebel
bfb206c810 C#: Let ExternalApi extend DataFlowCallable instead of Callable. 2022-03-29 14:52:57 +02:00
Michael Nebel
4f00666591 C#: Add query and test case for supported external taint. 2022-03-29 14:49:37 +02:00
Michael Nebel
18b1b51d07 C#: Add test for known sources telemetry query. 2022-03-29 14:49:37 +02:00
Michael Nebel
a7ece69f2b C#: Add test for supported sinks query. 2022-03-29 14:49:37 +02:00
Michael Nebel
e4f6321851 C#: Add test for unsupported uses of library code. 2022-03-29 14:49:37 +02:00
Michael Nebel
e014cae7df C#: Add test and output for all library usages. 2022-03-29 14:49:37 +02:00
Michael Nebel
7cef859253 C#: Add sample code file that calls both supported and unsupported library code with respect to flow summaries. 2022-03-29 14:49:37 +02:00
Michael Nebel
5babb0e66a C#: Update stubs to include one more known sink method. 2022-03-29 11:07:57 +02:00
Tamas Vajk
4748d2c6e2 C# Exclude dynamic casts from useless casts check 2022-02-28 14:58:59 +01:00
Tamas Vajk
422c2d5ccb C#: Add dynamic casts to useless upcast test 2022-02-21 16:10:00 +01:00
Tom Hvitved
984e01ecf0 C#: Remove FPs from cs/dereferenced-value-may-be-null 
Apply a conservative approach by filtering out results for accesses to
captured nullable values, when there is an (implicit) call to the capturing
callable which is `null`-guarded. For example:

```
bool M(int? i, IEnumerable<int> @is)
{
    if (i.HasValue)
        return @is.Any(j => j == i.Value); // GOOD
    return false;
}
```
 2022-02-08 14:01:57 +01:00
Tom Hvitved
7948d965a0 C#: Add nullness tests for captured variables 2022-02-08 13:52:29 +01:00
Tom Hvitved
c4ad237a5c C#: Update expected test output 2022-02-02 19:25:30 +01:00
Michael Nebel
2eea6ca5fd C#: Example record type with autogenerated Deconstruct method. 2022-01-19 11:04:53 +01:00
Michael Nebel
53000cf9f0 C#: Update the XSS expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
7e6d88d959 C#: Only use stubs for XSS test. 2022-01-05 16:44:03 +01:00
Michael Nebel
24543a2245 C#: Update the UrlRedirect expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
47ab2061d8 C#: Replace StringValues stub from stubs.cs with the stub in Microsoft.Extensions.Primitives. 2022-01-05 16:44:03 +01:00
Michael Nebel
83c05f72d9 C#: Update the expected output from MinimalStubsFromSource as the stubs are now considered library code and thus produced as a part of the minimal stub. 2022-01-05 15:35:42 +01:00
Michael Nebel
69f42b9c74 C#: Update remaining tests. 2021-12-09 15:21:08 +01:00
Michael Nebel
59b71df2d6 C#: Use stubs for the CWE-601 testcase. 2021-11-30 15:32:19 +01:00
Michael Nebel
0b4d0d2772 C#: Use stubs for the CWE-838 testcase 2021-11-30 15:32:19 +01:00
Tom Hvitved
70e41b180e Merge pull request #6800 from hvitved/csharp/constant-cond-tuple-discard 
C#: Filter discards in tuples in `ConstantCondition.ql`
 2021-10-04 14:38:45 +02:00
Tom Hvitved
a315640082 C#: Address review comments 2021-10-04 13:15:26 +02:00
Tom Hvitved
f06632a8e7 C#: Filter discards in tuples in ConstantCondition.ql 2021-10-04 13:04:18 +02:00
Tom Hvitved
682a2aae3a C#: Filter using var _ = ... results from DeadStoreOfLocal.ql 2021-10-04 10:45:44 +02:00
Tom Hvitved
6d315a5d16 C#: Add subpaths predicate to XSS queries 2021-09-20 10:40:54 +02:00
Anders Schack-Mulligen
2b7882e6e5 Merge pull request #5032 from aschackmull/dataflow/subpaths 
Dataflow: Add subpaths query predicate.
 2021-09-08 11:52:41 +02:00
Tamas Vajk
469993f6d3 C#: Fix member order (yet again) in stubbing 
With explicit interface implementation, the same member name can show up multiple times in a type declaration. This commit defines an explicit order
for these members.
 2021-09-07 15:26:03 +02:00