hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

1551 Commits

Author SHA1 Message Date
Michael Nebel
8fa9191434 C#: Deprecate the getFullyQualifiedName predicate. 2024-04-08 13:46:44 +02:00
Michael Nebel
2fb9c2db6f C#: Remove deprecated qualifiedName predicates. 2024-04-08 13:46:44 +02:00
Tom Hvitved
c2f91a5ccf Merge pull request #16104 from hvitved/csharp/more-compiler-generated 
C#: Mark more expressions as compiler generated
 2024-04-04 09:09:16 +02:00
Tom Hvitved
fc02938687 Merge pull request #16088 from hvitved/csharp/library-property-store 
C#: Include all non-source-code properties in data flow
 2024-04-04 09:04:00 +02:00
Tom Hvitved
813f5b99e7 C#: Update PrintAST query 2024-04-03 20:03:02 +02:00
Tom Hvitved
1dc13cc169 Merge pull request #15923 from hvitved/shared-xml-impl 
Properly shared `XML.qll` implementation
 2024-04-03 11:39:50 +02:00
Tom Hvitved
64e82bb00e C#: Include all non-source-code properties in data flow 2024-04-03 10:22:36 +02:00
Geoffrey White
4a4c77e81d Remove claims about models-as-data that require you to select a parameter from non-Java languages. We believe this is only possible in Java. 2024-03-25 15:41:00 +00:00
Michael Nebel
6619be3137 Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Michael Nebel
90db9b330f C#: Add MaD source and sink test query to shared library. 2024-03-19 13:45:38 +01:00
Tom Hvitved
529e901fb1 C#: Switch to shared XML.qll implementation 2024-03-19 13:14:42 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Ed Minnix
71cf948650 Classes extending SourceNode for local and stored source models 
Queries such as `cs/sql-injection` cast their source to a `SourceNode`
in order to describe them. For example:

```ql
import semmle.code.csharp.security.dataflow.flowsources.FlowSources

string getSourceType(DataFlow::Node source) {
   result = source.(SourceNode).getSourceType()
}
```

Models as data source models are not included in `SourceNode` by
default, they must be wrapped with a class extending `SourceNode`.

This adds such classes, which wrap the
`sourceNode(DataFlow::Node,string)` predicate and assigns a
`getSourceType`.
 2024-03-14 22:23:54 -04:00
Edward Minnix III
c190dd21db Merge pull request #15877 from egregius313/egregius313/csharp/mad/sources/windows-registry 
C#: Add source models for values from the Windows registry
 2024-03-12 16:41:42 -04:00
Tom Hvitved
257686eb9a C#: Implement new data flow interface 2024-03-11 20:56:38 +01:00
Ed Minnix
bc745dfd5e Windows registry sources 2024-03-11 13:55:34 -04:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Ed Minnix
d300736c7e Remove AddLocalSource classes 2024-03-10 22:20:51 -04:00
Edward Minnix III
e7852f520f Merge pull request #15605 from egregius313/egregius313/csharp/dataflow/sources/commandargs-and-environment 
C#: Add more `environment` and `commandargs` sources for the C# Standard Library
 2024-03-08 14:10:09 -05:00
Ed Minnix
a3f6bfe1df commandargs sources 2024-03-07 12:30:06 -05:00
Ed Minnix
51afe12ae1 Environment variable sources 2024-03-07 12:20:48 -05:00
Michael Nebel
990dec67d0 C#: Address more review comments. 2024-03-07 09:40:34 +01:00
Michael Nebel
eda345a5b8 C#: Address review comments. 2024-03-07 09:40:34 +01:00
Michael Nebel
7f6c84dda8 C#: Fix bad join order. 2024-03-07 09:40:34 +01:00
Michael Nebel
35b93063f9 C#: Deprecate dotnet and cil. 2024-03-07 09:40:34 +01:00
Michael Nebel
58a1353ddc C#: Clean up implementation and remove CIL dataflow implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
1638183d18 C#: Copy dotnet.Variable implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
6178acc070 C#: Copy dotnet.Type implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
81ce8dc02d C#: Copy dotnet.Parameterizable implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
92447dc743 C#: Copy dotnet.Namespace implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
7ba25b23a5 C#: Copy dotnet.Generics implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
eb5cb2a7bf C#: Copy dotnet.Expr implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
215808d7e9 C#: Copy dotnet.Declaration implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
cdf3d47031 C#: Copy dotnet.Element implementation. 2024-03-07 09:40:32 +01:00
Michael Nebel
c606ab09a5 C#: Copy dotnet.Callable implementation. 2024-03-07 09:40:32 +01:00
Tom Hvitved
a92e394a7c C#: Variable capture follow-up 2024-03-04 19:36:30 +01:00
Ed Minnix
86ceeebd89 Change handling of LocalSource in queries 
1. Change `LocalSource` to extend `DataFlow::Node`, thus removed from
   the definiton of `Source`
2. Add a private class `AddLocalSource` which extends `Source`. This
   allows us to currently preserve the inclusion of local sources, while
   making it easier to remove it in the future.
 2024-02-29 12:03:17 -05:00
Ed Minnix
3563c7ef03 Modify deprecated RemoteSource classes to extend DataFlow::Node directly. 
Since `ThreatModelFlowSource` contains `RemoteFlowSource` by default, we
can safely remove the `RemoteSource` from the default of the queries.
 2024-02-29 12:03:16 -05:00
Ed Minnix
af749e221b Remove commented out code 2024-02-29 12:03:13 -05:00
Ed Minnix
f237d2aeda Refactor to use ThreatModelFlowSource 2024-02-29 12:03:12 -05:00
Ed Minnix
434fa20646 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:05 -05:00
Ed Minnix
1086abca63 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:04 -05:00
Ed Minnix
31d4d0ca57 Move getSourceType to SourceNode 2024-02-29 12:03:00 -05:00
Ed Minnix
f388a0f10c Deprecate direct uses of RemoteFlowSource and replace with ThreatModelFlowSource 2024-02-29 12:02:57 -05:00
Ed Minnix
bd0137a721 Deprecated direct use of RemoteFlowSource and use ThreatModelFlowSource instead 2024-02-29 12:02:55 -05:00
Michael Nebel
14d046ef18 Merge pull request #15710 from michaelnebel/csharp/refreadonlyparameters 
C# 12: Ref readonly parameters.
 2024-02-29 09:59:12 +01:00
Tom Hvitved
297a17975d Merge pull request #15665 from hvitved/csharp/variable-capture 
C#: Adopt shared variable capture library
 2024-02-28 15:13:03 +01:00
Michael Nebel
692d7036a0 C#: Add extractor and QL library support for ref readonly parameters. 2024-02-28 13:44:28 +01:00
Michael Nebel
4bbaf687ad Merge pull request #15723 from michaelnebel/csharp/experimentalattribute 
C# 12: Experimental attribute.
 2024-02-28 13:06:09 +01:00