hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,294 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.3
Commit Graph

1551 Commits

Author SHA1 Message Date
Ed Minnix
392eac5f9a Refactor source node classes to use SourceNode superclass 
Refactor the existing flowsource classes to use the `SourceNode` class
to specify which threat model they support.
 2024-01-22 11:09:41 -05:00
Ed Minnix
d29df68c97 Introduce the SourceNode and ThreatModelFlowSource classes 
1. Introduces the `SourceNode` class which allows dataflow nodes
   representing sources to indicate the threat model they are associated
   with.
2. Introduces the `ThreatModelFlowSource` class which represents a
   source node which respects the threat model configuration
 2024-01-22 11:09:39 -05:00
Michael Nebel
1bb6f4962d C#: Match any {digit} in the format string. 2024-01-22 14:03:37 +01:00
Michael Nebel
5016113a0f C#: Add a string.Format sanitizer to url redirect and update expected test output. 2024-01-22 11:21:35 +01:00
Michael Nebel
884f3f1505 C#: Add string interpolation expression sanitizer to url redirect and update expected test output. 2024-01-22 11:21:19 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Joe Farebrother
4de19b3ec9 Merge pull request #15039 from joefarebrother/csharp-razor-flow-page-models 
C#: Add flow steps from a PageModel to cshtml page.
 2024-01-19 10:07:25 +00:00
Michael Nebel
24855ddc64 Merge pull request #15328 from michaelnebel/csharp/inlinearrays 
C# 12: Inline array support.
 2024-01-19 09:11:26 +01:00
Michael Nebel
9460c91c8c C#: Also consider nullable simple types (and datetime) as simple type sanitizers. 2024-01-18 12:53:29 +01:00
Michael Nebel
8a97c8c28e C#: Add QL support for InlineArrayType. 2024-01-18 11:09:00 +01:00
Michael Nebel
275822f80d Merge pull request #15296 from michaelnebel/csharp/getruntimeargument 
C#: Improve getRuntimeArgumentForParameter to consider named arguments.
 2024-01-12 15:57:17 +01:00
Michael Nebel
dcce93ac4c C#: Address more review comments. 2024-01-12 14:07:27 +01:00
Michael Nebel
c68f9b05cd C#: Address review comments. 2024-01-12 11:24:37 +01:00
Owen Mansel-Chan
6945289afc Merge pull request #15246 from owen-mc/java/manual-neutral-overrides-generated 
C#/Java: Manual neutral summaries should block generated summaries
 2024-01-12 10:05:18 +00:00
Michael Nebel
b03eecb5ab C#: Add support for named arguments in getRuntimeArgumentForParameter. 2024-01-11 16:19:24 +01:00
Michael Nebel
1770beea25 C#: Update QL doc for getRuntimeArgumentForParameter. 2024-01-11 09:07:15 +01:00
Michael Nebel
b2faf3618c C#: Add support for params parameters in getRuntimeArgumentForParameter. 2024-01-11 09:07:14 +01:00
Owen Mansel-Chan
7824e60acd Manual neutral summaries should block generated summaries 2024-01-10 22:25:06 +00:00
Owen Mansel-Chan
52563b01b7 Factor logic out into interpretNeutral 2024-01-10 22:25:04 +00:00
Tom Hvitved
c9cf2a899c Merge pull request #15260 from hvitved/dataflow/may-benefit-from-cctx-simplify 
Data flow: Remove column from `mayBenefitFromCallContext`
 2024-01-10 11:43:15 +01:00
Tom Hvitved
f90201eb56 Data flow: Remove column from mayBenefitFromCallContext 2024-01-09 11:34:43 +01:00
Tamas Vajk
e70cb1f259 Code quality improvement: simplify DataFlowPrivate::isParamsArg 2024-01-08 10:00:39 +01:00
Tamas Vajk
91637d49d4 Fix null dereference false positive 2024-01-08 10:00:39 +01:00
Tamas Vajk
7daeeef3a1 C#: Improve arg-param mapping logic to consider named arguments passed to params parameters 2024-01-08 10:00:39 +01:00
Tamas Vajk
9bb807431d C#: Improve arg-param mapping logic to consider arguments passed to params parameters 2024-01-08 10:00:39 +01:00
Joe Farebrother
e8c0fceb81 Use post-update nodes for this access in void handler 2024-01-04 14:25:39 +00:00
Joe Farebrother
7d11e4486e Adress reveiw comments - update tests to path-problem and support all this qualifiers 2024-01-04 14:25:39 +00:00
Joe Farebrother
cdeac9b7f8 Add change note + fix qldoc 2024-01-04 14:25:39 +00:00
Joe Farebrother
b9754df390 Add case for void-returning handler methods 2024-01-04 14:25:39 +00:00
Joe Farebrother
00892e127f Add unit test + fix flow step 2024-01-04 14:25:38 +00:00
Joe Farebrother
c3cd40fc69 Add flow steps from page models 2024-01-04 14:25:38 +00:00
Michael Nebel
31e12f7a06 C#: Recognize all overloads of String.Replace as a replace method. 2024-01-03 11:08:05 +01:00
Anders Schack-Mulligen
a1068ce2f9 Dataflow: deprecate references 2023-12-14 15:05:33 +01:00
Koen Vlaswinkel
7c141b9239 Merge pull request #15089 from github/koesie10/csharp-model-editor-generics 
C#: Fix names of generic types/methods in model editor queries
 2023-12-14 14:17:14 +01:00
Tom Hvitved
c8b4a215bc Merge pull request #14573 from hvitved/flow-summary-impl-param 
Move `FlowSummaryImpl.qll` to `dataflow` pack
 2023-12-14 12:24:15 +01:00
Tom Hvitved
098afb935b Address more review comments 2023-12-14 09:48:45 +01:00
Koen Vlaswinkel
e177f8783a C#: Share qualified name module for model editor queries 2023-12-13 13:48:44 +01:00
Michael Nebel
07a5ac31ae C#: Fixup tests. 2023-12-11 10:57:44 +01:00
Tom Hvitved
a2093c9aa2 C#: Use FlowSummaryImpl from dataflow pack 2023-12-10 11:25:43 +01:00
Anders Schack-Mulligen
64eb4ff753 Merge pull request #14983 from aschackmull/dataflow/deprecate-old-api 
Data Flow: Deprecate old data flow api.
 2023-12-08 14:27:25 +01:00
Tamas Vajk
89df59a083 C#: Add missing models and fix interpolated string flow into StringBuilder 2023-12-07 10:56:59 +01:00
Tamas Vajk
a705f6dc0d C#: Change StringBuilder flow models to not use Element access path 2023-12-06 15:54:34 +01:00
Michael Nebel
e6a5c50ebc Merge pull request #14953 from rpmrmartin/issue/14952 
C#: Fix a URL redirection from remote source false positive
 2023-12-05 13:02:56 +01:00
Anders Schack-Mulligen
67f0529cda Dataflow: Sync. 2023-12-04 12:36:57 +01:00
Michael Nebel
d160890aca C#: Re-factor to avoid multiple explicit casts. 2023-12-04 12:02:34 +01:00
Tom Hvitved
23d09ed7c6 Address review comment 2023-12-04 10:47:52 +01:00
Robert Martin
66b456d3c6 C#: Fix a URL redirection from remote source false positive 
When guarding the redirect with `HttpRequestBase.IsUrlLocalToHost()`
 2023-11-29 13:46:47 -07:00
Tom Hvitved
ccb9d9b8fa C#: Strengthen call-back heuristics by considering body-less methods 2023-11-27 21:15:06 +01:00
Joe Farebrother
befb1ccd84 Fix integration tests for windows 2023-11-23 10:56:45 +00:00
Joe Farebrother
e4edb19f43 Update to hasFullyQualifiedName 2023-11-23 10:56:45 +00:00