1577 Commits

Author	SHA1	Message	Date
Tom Hvitved	b72f34591d	C#: Use {get,has}FullyQualifiedName throughout	2023-11-10 08:46:15 +01:00
Tom Hvitved	66dc5501e8	C#: Deprecate {get,has}QualifiedName and replace with {get,has}FullyQualifiedName	2023-11-10 08:46:01 +01:00
Tom Hvitved	76e6f81075	C#: Allow for explicit interface names in MaD consistency check	2023-11-09 08:34:36 +01:00
Tom Hvitved	11c113bbd5	C#: Use new format for generics when parsing MaD rows	2023-11-09 08:34:36 +01:00
Tom Hvitved	74f483a6f5	C#: Update model conversion queries	2023-11-09 08:34:35 +01:00
Tom Hvitved	6f4311d656	C#: Include type parameters when printing MaD rows with generics	2023-11-09 08:34:06 +01:00
Tom Hvitved	b2512eb212	Merge pull request #14678 from hvitved/csharp/mad-operator-fix ... C#: Correctly parse operator names in MaD	2023-11-07 15:11:01 +01:00
Tom Hvitved	af7b295c59	Address review comments	2023-11-07 13:01:19 +01:00
Tom Hvitved	12cd1c1011	C#: Deprecate UnboundGenericType::getInstanceType/0	2023-11-06 13:01:57 +01:00
Tom Hvitved	3e3ea51e69	C#: Correctly parse operator names in MaD	2023-11-05 20:58:47 +01:00
Tom Hvitved	2a33a86c9d	C#: Merge ExternalFlow.qll and ExternalFlowExtensions.qll, and move to internal	2023-11-05 20:58:47 +01:00
Tom Hvitved	12d856737a	Address review comments	2023-11-02 12:38:35 +01:00
Tom Hvitved	c717e346fb	C#: Move qualified name computation into QualifiedName.qll	2023-11-01 16:21:55 +01:00
Tom Hvitved	6ad8a4db1c	C#: Only use getTypeRef when there is not already a type available	2023-10-27 14:11:55 +02:00
Anders Schack-Mulligen	6882504397	C#: Fix compilation	2023-10-25 14:31:49 +02:00
Anders Schack-Mulligen	5ded55cd9f	C#: Sync Bound.qll	2023-10-25 14:08:48 +02:00
Joe Farebrother	fe2468e7d0	Merge pull request #14498 from joefarebrother/csharp-missing-access-control ... C#: Fix FP in Missing Function Level Access Control and Insecure Direct Object Reference	2023-10-16 10:46:19 +01:00
Joe Farebrother	915352861d	Check for generic base types in Missing Function Level Access Control and Insecure Direct Object Reference.	2023-10-13 14:22:45 +01:00
Tony Torralba	0cea3f8531	Remove library annotations	2023-10-13 12:46:56 +02:00
Tamas Vajk	267fd23b26	C#: Include the void type in value types	2023-10-11 12:01:17 +02:00
erik-krogh	4bc4e0845d	delete the deprecated isBarrierGuard predicate from the shared dataflow library, and its uses	2023-10-07 21:48:49 +02:00
Asger F	0d96ed8aee	Merge pull request #14305 from asgerf/shared/flow-state-inout-barriers ... Shared: add in/out barriers with flow state	2023-09-28 11:07:23 +02:00
Anders Schack-Mulligen	5feb2f7622	Merge pull request #14321 from aschackmull/shared/filesystem ... All languages: Use shared FileSystem library and minor regex performance improvement.	2023-09-28 10:51:05 +02:00
Koen Vlaswinkel	0f4f98787c	Merge pull request #14200 from github/koesie10/add-csharp-model-editor-queries ... C#: Add VS Code model editor queries	2023-09-28 10:12:57 +02:00
Anders Schack-Mulligen	20cbab9e8f	C#: Minor simplification.	2023-09-28 08:58:55 +02:00
Joe Farebrother	7c230d61a8	Merge pull request #13882 from joefarebrother/csharp-insecure-direct-object-ref ... C#: Add query for Insecure Direct Object Reference	2023-09-25 20:29:54 +01:00
Tom Hvitved	4183fbe7cb	Merge pull request #14295 from hvitved/csharp/lambda-type-flow ... C#: Improve lambda dispatch using type flow	2023-09-25 19:19:51 +02:00
Joe Farebrother	d7c1be40d9	Fix codescanning alert by tweaking imported modules	2023-09-25 15:47:05 +01:00
Tom Hvitved	ae06040a48	Address review comments	2023-09-25 14:30:08 +02:00
Asger F	d501856519	Update DataFlowImpl.qll copies	2023-09-25 10:05:29 +02:00
Tom Hvitved	8f35c99f16	C#: Improve lambda dispatch using type flow	2023-09-23 11:41:03 +02:00
Anders Schack-Mulligen	66da997b7b	Dataflow: Make use of defaults for language-specific hooks.	2023-09-22 14:54:22 +02:00
Michael Nebel	45432f211c	C#: Identify whether callables in the source code are supported in terms of MaD.	2023-09-20 13:01:24 +02:00
Joe Farebrother	475fe3a2a5	Attempt to improve performance in checksUser	2023-09-20 03:18:20 +01:00
Anders Schack-Mulligen	b13d026434	Dataflow: Review fixes.	2023-09-18 13:15:26 +02:00
Joe Farebrother	68ad5b7c00	Restrict logic for checking for id parameters on index expressions for performance	2023-09-15 16:35:29 +01:00
Joe Farebrother	6d704be7d2	Rewrite checks for index expressions in terms of dataflow	2023-09-15 10:25:27 +01:00
Joe Farebrother	a2dce6be14	Check for authorize attributes in more namespaces and on overridden methods	2023-09-15 10:25:27 +01:00
Joe Farebrother	ac45050545	Add checks for authorization attributes	2023-09-15 10:25:27 +01:00
Joe Farebrother	0a27da08d6	Minor changes from review suggestions to shared logic between this and missing access control ... Use case insensitive regex, factor out page load to improve possible bad joins make needsAuth not a member predicate	2023-09-15 10:25:27 +01:00
Joe Farebrother	9f25c71ca6	Apply minor reveiw suggstions	2023-09-15 10:25:26 +01:00
Joe Farebrother	f8b1b38438	Update alert message and make user checks more precise	2023-09-15 10:25:26 +01:00
Joe Farebrother	251f875304	Fix filenme typo	2023-09-15 10:25:26 +01:00
Joe Farebrother	5d1289672b	Add IDOR query	2023-09-15 10:25:26 +01:00
Joe Farebrother	a510a7b4c0	Add insecure direct object reference definitions and factor out those from missing access control	2023-09-15 10:25:26 +01:00
Anders Schack-Mulligen	1750d00fbe	C#: Add localMustFlowStep	2023-09-13 15:43:46 +02:00
Tom Hvitved	53302117a1	C#: Implement missingArgumentCallExclude and multipleArgumentCallExclude	2023-09-12 20:05:11 +02:00
Tom Hvitved	ecbf2d8b13	C#: Exclude CIL arguments from ArgumentNode when they are compiled from source	2023-09-08 14:14:06 +02:00
Tom Hvitved	55aedbc46c	C#: Fix logic for flow into property writes	2023-09-04 15:42:50 +02:00
Tom Hvitved	73370e7282	Merge pull request #14100 from hvitved/dataflow/consistency-pack ... Data flow: Add consistency checks to shared ql pack	2023-08-31 11:47:40 +02:00