hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,920 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.2
Commit Graph

2302 Commits

Author SHA1 Message Date
Arthur Baars
c219b1a3c7 Merge pull request #16013 from github/rc/3.13 
Merge rc/3.13 into main
 2024-03-21 16:04:58 +01:00
Michael Nebel
6619be3137 Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Michael Nebel
90db9b330f C#: Add MaD source and sink test query to shared library. 2024-03-19 13:45:38 +01:00
Tom Hvitved
529e901fb1 C#: Switch to shared XML.qll implementation 2024-03-19 13:14:42 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Ed Minnix
71cf948650 Classes extending SourceNode for local and stored source models 
Queries such as `cs/sql-injection` cast their source to a `SourceNode`
in order to describe them. For example:

```ql
import semmle.code.csharp.security.dataflow.flowsources.FlowSources

string getSourceType(DataFlow::Node source) {
   result = source.(SourceNode).getSourceType()
}
```

Models as data source models are not included in `SourceNode` by
default, they must be wrapped with a class extending `SourceNode`.

This adds such classes, which wrap the
`sourceNode(DataFlow::Node,string)` predicate and assigns a
`getSourceType`.
 2024-03-14 22:23:54 -04:00
Edward Minnix III
c190dd21db Merge pull request #15877 from egregius313/egregius313/csharp/mad/sources/windows-registry 
C#: Add source models for values from the Windows registry
 2024-03-12 16:41:42 -04:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Michael Nebel
f59aaf1d75 C#: Add change note. 2024-03-12 11:12:55 +01:00
Ed Minnix
7745c2c2b7 Change note 2024-03-11 17:00:12 -04:00
Tom Hvitved
257686eb9a C#: Implement new data flow interface 2024-03-11 20:56:38 +01:00
Ed Minnix
bc745dfd5e Windows registry sources 2024-03-11 13:55:34 -04:00
Michael Nebel
f571ebdaf4 C#: Overall change note for C# 12 / .NET 8 support. 2024-03-11 14:43:14 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Ed Minnix
d300736c7e Remove AddLocalSource classes 2024-03-10 22:20:51 -04:00
Edward Minnix III
e7852f520f Merge pull request #15605 from egregius313/egregius313/csharp/dataflow/sources/commandargs-and-environment 
C#: Add more `environment` and `commandargs` sources for the C# Standard Library
 2024-03-08 14:10:09 -05:00
Lindsay Simpkins
7dd175d938 change note 2024-03-07 17:16:17 -08:00
Lindsay Simpkins
feb1ca29cc csharp update MaD for HttpRequestMessage 2024-03-07 15:00:05 -08:00
Michael Nebel
48fcec82d6 Merge pull request #15736 from michaelnebel/csharp/disconnectfromdotnet 
C#: Deprecate dotnet and CIL in QL.
 2024-03-07 19:17:05 +01:00
Ed Minnix
608a3f907c Add type signature for methods with no overloads 2024-03-07 12:32:06 -05:00
Ed Minnix
1f64f5f8c9 Change note 2024-03-07 12:32:05 -05:00
Ed Minnix
f8c805de6b Microsoft.Extensions.Configuration models 2024-03-07 12:32:04 -05:00
Ed Minnix
a3f6bfe1df commandargs sources 2024-03-07 12:30:06 -05:00
Ed Minnix
51afe12ae1 Environment variable sources 2024-03-07 12:20:48 -05:00
Michael Nebel
990dec67d0 C#: Address more review comments. 2024-03-07 09:40:34 +01:00
Michael Nebel
eda345a5b8 C#: Address review comments. 2024-03-07 09:40:34 +01:00
Michael Nebel
e3380aa545 C#: Add change note. 2024-03-07 09:40:34 +01:00
Michael Nebel
7f6c84dda8 C#: Fix bad join order. 2024-03-07 09:40:34 +01:00
Michael Nebel
35b93063f9 C#: Deprecate dotnet and cil. 2024-03-07 09:40:34 +01:00
Michael Nebel
58a1353ddc C#: Clean up implementation and remove CIL dataflow implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
1638183d18 C#: Copy dotnet.Variable implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
6178acc070 C#: Copy dotnet.Type implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
81ce8dc02d C#: Copy dotnet.Parameterizable implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
92447dc743 C#: Copy dotnet.Namespace implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
7ba25b23a5 C#: Copy dotnet.Generics implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
eb5cb2a7bf C#: Copy dotnet.Expr implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
215808d7e9 C#: Copy dotnet.Declaration implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
cdf3d47031 C#: Copy dotnet.Element implementation. 2024-03-07 09:40:32 +01:00
Michael Nebel
c606ab09a5 C#: Copy dotnet.Callable implementation. 2024-03-07 09:40:32 +01:00
github-actions[bot]
dc9092c9ec Post-release preparation for codeql-cli-2.16.4 2024-03-06 22:19:33 +00:00
github-actions[bot]
2f058ffb4d Release preparation for version 2.16.4 2024-03-06 20:56:51 +00:00
Angela P Wen
ce31f8641a Revert "Release preparation for version 2.16.4" 2024-03-06 12:07:33 -08:00
Ed Minnix
527041348e Add comment about Memory<T> 2024-03-06 10:39:31 -05:00
Ed Minnix
e065390185 Add .Element modifier to Memory<T> arguments in MaD models 2024-03-06 10:39:30 -05:00
Ed Minnix
27ba51cf9d Change note 2024-03-06 10:39:28 -05:00
Ed Minnix
ca55b92281 Change System.IO.TextReader models to transfer taint to out parameter instead of return value 
Some of the `System.IO.TextReader` models transfered taint to
`ReturnValue`, when there is a more relevant out-parameter/array.
 2024-03-06 10:39:25 -05:00