Michael Nebel
|
c439beb4b4
|
C#: Introduce a class for ref structs.
|
2025-01-03 16:26:57 +01:00 |
|
Michael Nebel
|
ef9f09ebfc
|
C#: Do not consider ref struct as being convertible to object, dynamic and valuetype.
|
2025-01-03 15:36:04 +01:00 |
|
Michael Nebel
|
41dc4a5503
|
C#: Add extractor support for the allows ref struct general type parameter constraint.
|
2025-01-03 15:36:00 +01:00 |
|
Michael Nebel
|
d9158c8cd5
|
Fixup of second commit.
|
2025-01-03 15:35:59 +01:00 |
|
Michael Nebel
|
958d8f1f01
|
C#: Add extractor support for the notnull general type parameter constraint.
|
2025-01-03 15:35:49 +01:00 |
|
Michael Nebel
|
fe4ec59b4e
|
C#: Address review comments.
|
2025-01-02 11:21:29 +01:00 |
|
Michael Nebel
|
8f5b8f494f
|
C#: Update dispatch logic and other libraries to handle params collection types.
|
2025-01-02 11:13:10 +01:00 |
|
Michael Nebel
|
bd9f656be2
|
C#: Add ql doc to TestLibrary.
|
2024-12-17 14:40:01 +01:00 |
|
Michael Nebel
|
a91c1dc715
|
C#: Move external api declarations to the library pack.
|
2024-12-17 14:39:59 +01:00 |
|
Tom Hvitved
|
fc70024f52
|
C#: Remove false-positive reflection calls in dataflow
|
2024-12-11 14:15:58 +01:00 |
|
Anders Schack-Mulligen
|
03fdceb0fd
|
Merge pull request #18191 from aschackmull/dataflow/remove-deprecated-lib
Dataflow: Delete the old configuration-class based api.
|
2024-12-04 11:31:46 +01:00 |
|
Mathias Vorreiter Pedersen
|
919405e586
|
C#: Support mixing dynamic properties and fields (instead of just properties) and accept test changes.
|
2024-12-03 19:36:42 +00:00 |
|
Anders Schack-Mulligen
|
dbb260dfd2
|
C#: Remove reference to the deleted api.
|
2024-12-03 20:08:44 +01:00 |
|
Mathias Vorreiter Pedersen
|
041df780c1
|
C#: Add field-flow through dynamic members.
|
2024-12-03 17:34:55 +00:00 |
|
Anders Schack-Mulligen
|
0d9e578857
|
C#: Delete deprecated data flow api.
|
2024-12-03 14:42:34 +01:00 |
|
Tom Hvitved
|
fbeb6f3940
|
Shared: Move shared logic into FlowSummaryImpl.qll
|
2024-12-03 09:11:11 +01:00 |
|
Michael Nebel
|
8041f00bf5
|
C#: Address more review comments.
|
2024-11-07 09:24:26 +01:00 |
|
Michael Nebel
|
e9c9519d90
|
C#: Address review comments.
|
2024-11-06 16:29:20 +01:00 |
|
Michael Nebel
|
5c389355d0
|
C#: Simplify delegate read and store steps (remove dependency on parameter).
|
2024-11-06 16:29:17 +01:00 |
|
Michael Nebel
|
fe854812ec
|
C#: Add read and store steps for delegate calls.
|
2024-11-06 16:29:13 +01:00 |
|
Anders Schack-Mulligen
|
b556590ef8
|
Merge pull request #17663 from aschackmull/dataflow/speculative-flow
Dataflow: Add support for speculative taint flow.
|
2024-10-31 08:12:43 +01:00 |
|
Tom Hvitved
|
7910af159c
|
C#: Take mapped locations into account in Comments.qll
|
2024-10-28 14:21:10 +01:00 |
|
Michael Nebel
|
b2b1a3ea65
|
C#: Consider string.ReplaceLineEndings(string) as a sanitizer for log forging.
|
2024-10-21 12:03:59 +02:00 |
|
Anders Schack-Mulligen
|
c20f12fa6c
|
Add qldoc.
|
2024-10-16 14:35:23 +02:00 |
|
Anders Schack-Mulligen
|
7b43100af5
|
C#: Add support for speculative taint flow.
|
2024-10-16 14:35:19 +02:00 |
|
Anders Schack-Mulligen
|
c80627a3d3
|
Dataflow: add plumbing for adding provenance to state-steps.
|
2024-10-16 14:35:18 +02:00 |
|
Tom Hvitved
|
5d925d36d3
|
C#: Adopt shared ConditionalCompletionSplitting implementation
|
2024-10-09 11:02:15 +02:00 |
|
Chad Bentz
|
2458d16426
|
Clarify threat model flow sources comment in LogForgingQuery.qll
|
2024-10-01 23:04:22 -04:00 |
|
Anders Schack-Mulligen
|
6081ba5902
|
Merge pull request #17604 from aschackmull/java/neutral-overrides
Java/C#: Add overrides to the interpretation of neutral MaD models.
|
2024-10-01 14:55:54 +02:00 |
|
Anders Schack-Mulligen
|
a8f55d93cb
|
C#: Add overrides to the interpretation of neutral MaD models.
|
2024-09-30 15:23:27 +02:00 |
|
Tom Hvitved
|
7c473c38c0
|
Merge pull request #17585 from hvitved/shared/cfg-scope-no-first-consistency
Shared: Add CFG consistency check for scopes with missing entry points
|
2024-09-26 14:05:08 +02:00 |
|
Rasmus Wriedt Larsen
|
381ea93ec3
|
Merge pull request #17424 from RasmusWL/active-threat-model-source
Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`
|
2024-09-26 13:08:17 +02:00 |
|
Michael Nebel
|
297d32180c
|
Merge pull request #17582 from michaelnebel/csharp/attributecollectionsinks
C#: `AttributeCollection` is no longer considered a HTML sink.
|
2024-09-26 09:17:31 +02:00 |
|
Michael Nebel
|
1dcc6ac2b1
|
C#: Address review comments.
|
2024-09-25 17:06:19 +02:00 |
|
Tom Hvitved
|
1bd504bf61
|
C#: Restrict CfgScope
|
2024-09-25 16:43:15 +02:00 |
|
Michael Nebel
|
d00e27916d
|
C#: No longer consider attribute collections as HTML sinks.
|
2024-09-25 14:12:59 +02:00 |
|
Chuan-kai Lin
|
1cd8af54f2
|
Merge pull request #17190 from github/cklin/diff-informed-java-queries
Java: add support for alert location restrictions
|
2024-09-23 08:39:24 -07:00 |
|
Rasmus Wriedt Larsen
|
63c3a71d95
|
Merge branch 'main' into active-threat-model-source
|
2024-09-23 11:18:14 +02:00 |
|
Anders Schack-Mulligen
|
3a1e50dcf9
|
Dataflow: Simplify diff-informed implementation and tweak flag name.
|
2024-09-20 07:07:10 -07:00 |
|
Chris Smowton
|
0deefaddc5
|
Merge pull request #17483 from smowton/smowton/feature/csharp-dataflow-fewer-nodes-including-virtual-dispatch
C#: Restrict dataflow node creation to source and source-referenced entities [virtual-dispatch-inclusive variant]
|
2024-09-19 15:33:47 +01:00 |
|
Chris Smowton
|
bc9eb993b8
|
Remove unnecessary fromSource conditions
|
2024-09-19 15:08:08 +01:00 |
|
Michael Nebel
|
4a9e3ee3aa
|
Merge pull request #17363 from michaelnebel/modelgen/fieldbasedimprovements
C#/Java: Content based model generation improvements.
|
2024-09-19 10:49:11 +02:00 |
|
Michael Nebel
|
24a101297c
|
Merge pull request #15884 from michaelnebel/csharp/cleanupcil
C#: CIL and Dotnet cleanup (removal).
|
2024-09-18 11:43:41 +02:00 |
|
Michael Nebel
|
295861d577
|
Merge pull request #17459 from michaelnebel/csharp/accessormad
C#: Add MaD support for `Attribute.Getter` and `Attribute.Setter`.
|
2024-09-18 09:11:51 +02:00 |
|
Chris Smowton
|
3e91f0f53f
|
Expand range of callables requiring nodes to include unbound declarations of generic instantiations, static targets, and methods that have a body even if not flagged fromSource
|
2024-09-17 15:00:15 +01:00 |
|
Chris Smowton
|
349268cbf7
|
Expand the range of callables used in source to include potential virtual dispatch targets and referenced callables (e.g., in assigning a delegate)
|
2024-09-17 15:00:14 +01:00 |
|
Chris Smowton
|
66f48f767e
|
Restrict dataflow node creation to source and source-referenced entities
|
2024-09-17 15:00:13 +01:00 |
|
Tom Hvitved
|
d680a549bd
|
Merge pull request #16936 from hvitved/csharp/ssa-integration
C#: Adopt shared SSA data-flow integration
|
2024-09-17 13:45:31 +02:00 |
|
Michael Nebel
|
8d0cb07ba2
|
C#: Update the internal MaD attribute documentation.
|
2024-09-17 09:27:37 +02:00 |
|
Michael Nebel
|
308aca632e
|
C#: Make support for Attribute.Getter and Attribute.Setter in MaD.
|
2024-09-16 15:45:09 +02:00 |
|