hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
83,874 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.5
Commit Graph

1577 Commits

Author SHA1 Message Date
Tom Hvitved
361ef0f50d C#: Include constructors in ValueOrRefType.hasCallable 2025-08-04 13:51:17 +02:00
Anders Schack-Mulligen
3b8234ecec SSA: Update data flow integration and BarrierGuard interface to use GuardValue. 2025-07-28 11:29:12 +02:00
Nora Dimitrijević
7f085e6bd9 [DIFF-INFORMED] C#: UnsafeDeserializationQuery 
57c8b6e229/csharp/ql/src/Security%20Features/CWE-502/UnsafeDeserializationUntrustedInput.ql (L59)
 2025-07-21 11:28:50 +02:00
Nora Dimitrijević
793f921291 [DIFF-INFORMED] C#: ConditionalBypass 
https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-807/ConditionalBypass.ql#L22
 2025-07-21 11:28:48 +02:00
Chris Smowton
d6a3b2e91f Merge pull request #20065 from smowton/smowton/fix/web.config 
C#: Make web.config match case insensitive (with change note)
 2025-07-16 09:52:34 +01:00
Hugo
6384cf2e4f Update predicate name 2025-07-16 00:35:14 +02:00
James Frank
b9acaa0cbd Make web.config match case insensitive 2025-07-15 15:34:42 -04:00
Hugo
fb693837e4 feat: add getASupertype() predicate in ValueOrRefType. 
Add the getASupertype() predicate in ValueOrRefType.
 2025-07-10 02:19:17 +02:00
Michael Nebel
2f208bddb6 Merge pull request #19877 from michaelnebel/csharp/microsoftdatasqlclient 
C#: Models for Microsoft.Data.SqlClient.
 2025-06-27 10:24:38 +02:00
Michael Nebel
f3eafd33ff C#: Exclude Microsoft.Data.SqlClient.SqlCommand from the best effort SqlSink creation. 2025-06-26 08:46:49 +02:00
Kasper Svendsen
2da8d61984 Run config/sync-files.py 2025-06-24 10:25:06 +02:00
Nora Dimitrijević
79e982af38 Merge pull request #19661 from d10c/d10c/csharp/diff-informed 
C#: mass enable diff-informed data flow
 2025-06-17 14:52:24 +02:00
Tom Hvitved
a188adc09b C#: Handle non-unique type arguments when computing generics strings 2025-06-17 09:30:49 +02:00
Nora Dimitrijević
f2085c2293 C#: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18344 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:56:25 +02:00
Michael Nebel
d2b8bd5760 C#: Remove explicit (trivial) type requirements on Debug.Assert methods. 2025-06-03 15:10:34 +02:00
Michael Nebel
36eab47ab4 C#: Do not assume that extension methods on nullable types do unsafe dereference. 2025-06-03 13:24:57 +02:00
Anders Schack-Mulligen
5b21188e0d C#: Sync. 2025-05-23 14:17:21 +02:00
Anders Schack-Mulligen
1d30103559 SSA: Distinguish between has and controls branch edge. 2025-05-23 09:56:22 +02:00
Michael Nebel
72d3814e08 C#: Include dictionary indexers and more methods in cs/gethashcode-is-not-defined. 2025-05-15 14:03:22 +02:00
Michael Nebel
a7ddfe2e89 C#: Address review comments. 2025-05-12 16:06:02 +02:00
Michael Nebel
133e8d4897 C#: Include CompositeFormat.Parse as Format like method. 2025-05-12 15:44:59 +02:00
Tom Hvitved
e79a906426 C#: Fix CFG for fall-through switch statements 2025-04-25 11:48:30 +02:00
Alexander Eyers-Taylor
ea83ecf802 Merge pull request #19327 from d10c/d10c/rtjo-csharp-jo-fix 
C#: Join order fix
 2025-04-24 12:34:22 +01:00
Michael Nebel
f2dddd6d5c C#: Hide the abstract FormatMethod class. 2025-04-24 08:54:47 +02:00
Michael Nebel
042c7e5186 C#: Generalize array logic to params collection like types. 2025-04-24 08:54:43 +02:00
Michael Nebel
f31235db43 C#: Improve format logic to take CompositeFormat and generics into account. 2025-04-24 08:54:39 +02:00
Michael Nebel
1d9d8780b3 C#: Remove some false positives and add more true positives for cs/invalid-string-format. 2025-04-24 08:54:34 +02:00
Michael Nebel
327ddb07a1 C#: Re-factor FormatMethod. 2025-04-24 08:54:30 +02:00
Nora Dimitrijević
7f5b48d485 C#: Fix join order in ExternalFlow::interpretElement/6 (only affects RTJO mode) 2025-04-17 15:52:13 +02:00
Michael Nebel
c15d1ab3bd C#: Consider an attribute to be authorization like, if it extends an attribute that has an authorization like name. 2025-04-14 14:25:31 +02:00
Michael Nebel
79688efacb Merge pull request #19194 from michaelnebel/csharp/enumsimpletype 
C#: Extend simple type sanitizers with enums and `System.DateTimeOffset`.
 2025-04-03 10:24:26 +02:00
Tamás Vajk
befc2fd7c1 Merge pull request #19145 from tamasvajk/tamasvajk/blazor/parameter-passing-jumpnode-2 
C#: Blazor: Support string literals as property names in jump nodes
 2025-04-03 10:07:59 +02:00
Michael Nebel
cf75493fe9 C#: Consider Enums and System.DateTimeOffset as having a sanitizing effect. 2025-04-02 11:21:05 +02:00
Michael Nebel
024712c073 C#: Temporarily comment out considering Enums as having a sanitizing effect. 2025-04-02 11:20:59 +02:00
Anders Schack-Mulligen
e6cf737f99 Merge pull request #19178 from aschackmull/csharp/pressa-useuse 
C#: Update PreSSA to reference the new use-use predicates.
 2025-04-02 10:30:36 +02:00
Ian Roof
1d81c77fcd C#: Enhanced LogForgingQuery to treat C# Enums as simple types. 2025-04-02 09:40:10 +02:00
Michael Nebel
f4105ee4af Merge pull request #19089 from michaelnebel/csharp/improvestringinterpolation 
C#: Extract string interpolation alignment and format.
 2025-04-01 13:40:15 +02:00
Tamas Vajk
a570a728bd Fix code quality 2025-04-01 10:29:55 +02:00
Tamás Vajk
398f041464 Update csharp/ql/lib/semmle/code/csharp/frameworks/microsoft/aspnetcore/Components.qll 
Co-authored-by: Michael Nebel <michaelnebel@github.com>
 2025-04-01 10:18:09 +02:00
Anders Schack-Mulligen
dbd99df85b C#: Update PreSSA to reference the new use-use predicates. 2025-04-01 10:03:20 +02:00
Anders Schack-Mulligen
a8b19d2b21 Merge pull request #19147 from aschackmull/ssa/writedef-source-refactor 
Ssa: Refactor data flow integration to make the input signature simpler
 2025-03-31 10:07:09 +02:00
Tamas Vajk
72fb6ed078 Restrict name based property lookup to opened component types 2025-03-28 16:04:39 +01:00
Edward Minnix III
52b889f008 Support when a property is specified by a string literal instead of a nameof expression 
In earlier versions of the Razor generator, a string literal was used
instead of a `nameof` expression in order to indicate the name of the
property being modified. This means we need to look up the property by
name instead of using a more explicit access.
 2025-03-28 16:04:36 +01:00
Tamás Vajk
342d4a6982 Merge pull request #19122 from tamasvajk/tamasvajk/blazor/parameter-passing-jumpnode 
C#: Blazor: Add non-local jump node for parameter passing
 2025-03-28 16:03:54 +01:00
Anders Schack-Mulligen
5a986f5327 SSA: Remove empty predicates and dead code. 2025-03-28 12:00:38 +01:00
Anders Schack-Mulligen
6e9ebca977 C#: Switch from ssaDefAssigns/ssaDefInitializesParam to ssaDefHasSource. 2025-03-28 11:57:29 +01:00
Anders Schack-Mulligen
0c74f21107 Merge pull request #19044 from aschackmull/ssa/useuse-trim 
Ssa: Trim the use-use relation to skip irrelevant nodes
 2025-03-28 11:55:34 +01:00
Tamas Vajk
42278eb6cf Add imports for specific jump nodes 2025-03-27 16:07:09 +01:00
Tamas Vajk
d824d24c49 Improve code quality 2025-03-27 10:31:48 +01:00
Tom Hvitved
023ffe22a0 C#: Make getPreUpdateNode Unique Again 2025-03-26 14:42:00 +01:00