hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

1598 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
a8f55d93cb C#: Add overrides to the interpretation of neutral MaD models. 2024-09-30 15:23:27 +02:00
Tom Hvitved
7c473c38c0 Merge pull request #17585 from hvitved/shared/cfg-scope-no-first-consistency 
Shared: Add CFG consistency check for scopes with missing entry points
 2024-09-26 14:05:08 +02:00
Rasmus Wriedt Larsen
381ea93ec3 Merge pull request #17424 from RasmusWL/active-threat-model-source 
Go/Java/C#: Rename `ThreatModelFlowSource` to `ActiveThreatModelSource`
 2024-09-26 13:08:17 +02:00
Michael Nebel
297d32180c Merge pull request #17582 from michaelnebel/csharp/attributecollectionsinks 
C#: `AttributeCollection` is no longer considered a HTML sink.
 2024-09-26 09:17:31 +02:00
Michael Nebel
1dcc6ac2b1 C#: Address review comments. 2024-09-25 17:06:19 +02:00
Tom Hvitved
1bd504bf61 C#: Restrict CfgScope 2024-09-25 16:43:15 +02:00
Michael Nebel
d00e27916d C#: No longer consider attribute collections as HTML sinks. 2024-09-25 14:12:59 +02:00
Chuan-kai Lin
1cd8af54f2 Merge pull request #17190 from github/cklin/diff-informed-java-queries 
Java: add support for alert location restrictions
 2024-09-23 08:39:24 -07:00
Rasmus Wriedt Larsen
63c3a71d95 Merge branch 'main' into active-threat-model-source 2024-09-23 11:18:14 +02:00
Anders Schack-Mulligen
3a1e50dcf9 Dataflow: Simplify diff-informed implementation and tweak flag name. 2024-09-20 07:07:10 -07:00
Chris Smowton
0deefaddc5 Merge pull request #17483 from smowton/smowton/feature/csharp-dataflow-fewer-nodes-including-virtual-dispatch 
C#: Restrict dataflow node creation to source and source-referenced entities [virtual-dispatch-inclusive variant]
 2024-09-19 15:33:47 +01:00
Chris Smowton
bc9eb993b8 Remove unnecessary fromSource conditions 2024-09-19 15:08:08 +01:00
Michael Nebel
4a9e3ee3aa Merge pull request #17363 from michaelnebel/modelgen/fieldbasedimprovements 
C#/Java: Content based model generation improvements.
 2024-09-19 10:49:11 +02:00
Michael Nebel
24a101297c Merge pull request #15884 from michaelnebel/csharp/cleanupcil 
C#: CIL and Dotnet cleanup (removal).
 2024-09-18 11:43:41 +02:00
Michael Nebel
295861d577 Merge pull request #17459 from michaelnebel/csharp/accessormad 
C#: Add MaD support for `Attribute.Getter` and `Attribute.Setter`.
 2024-09-18 09:11:51 +02:00
Chris Smowton
3e91f0f53f Expand range of callables requiring nodes to include unbound declarations of generic instantiations, static targets, and methods that have a body even if not flagged fromSource 2024-09-17 15:00:15 +01:00
Chris Smowton
349268cbf7 Expand the range of callables used in source to include potential virtual dispatch targets and referenced callables (e.g., in assigning a delegate) 2024-09-17 15:00:14 +01:00
Chris Smowton
66f48f767e Restrict dataflow node creation to source and source-referenced entities 2024-09-17 15:00:13 +01:00
Tom Hvitved
d680a549bd Merge pull request #16936 from hvitved/csharp/ssa-integration 
C#: Adopt shared SSA data-flow integration
 2024-09-17 13:45:31 +02:00
Michael Nebel
8d0cb07ba2 C#: Update the internal MaD attribute documentation. 2024-09-17 09:27:37 +02:00
Michael Nebel
308aca632e C#: Make support for Attribute.Getter and Attribute.Setter in MaD. 2024-09-16 15:45:09 +02:00
Michael Nebel
3c97bcb790 C#: Exclude properties from the Attribute selection. 2024-09-16 15:45:03 +02:00
Tom Hvitved
d0eae97bcf Address review comment 2024-09-16 14:46:23 +02:00
Michael Nebel
a6f95c577a C#: Remove deprecated predicates. 2024-09-16 14:12:05 +02:00
Michael Nebel
21b3daa2c0 C#: Delete Dotnet and CIL library code. 2024-09-16 14:12:01 +02:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Chuan-kai Lin
ff78bebf19 Shared support for alert filtering 2024-09-11 13:18:26 -07:00
Tamas Vajk
da3c5f44f2 C#: Include .razor files in File::fromSource 2024-09-11 16:13:42 +02:00
Michael Nebel
e94890280a C#: Sync changes and make language specific parts. 2024-09-10 15:23:51 +02:00
Rasmus Wriedt Larsen
038bc832a7 Go/Java/C#: Rename to ActiveThreatModelSource 
As part of adding support for threat-models to Python/JS (see
https://github.com/github/codeql/pull/17203), we ran into some trouble
with name clashes.

Naming in existing languages supporting threat-models:
- `SourceNode` (for QL only modeling)
- `ThreatModelFlowSource` (for active sources from QL or data-extensions)

However, since we use `LocalSourceNode` in Python, and `SourceNode` in
JS (for local source nodes), it seems a bit confusing to follow the same
naming convention as other languages, and we had to come up with new names.

Initially I used `ThreatModelSource` for the "QL only modeling", but
that meant that we needed a new name to represent the active sources
coming from either QL or data-extensions... for this I came up with
`ActiveThreatModelSource`, and I really liked it. To me, it's much
clearer that this class only contains the currently active threat
model sources.

So to align languages, I got approval from @michaelnebel to rename the
existing classes.
 2024-09-10 14:46:15 +02:00
Erik Krogh Kristensen
4258119ba3 Merge branch 'main' into del-deps-sep-2024 2024-09-04 12:43:41 +02:00
erik-krogh
0fdd06fff5 use my script to delete outdated deprecations 2024-09-03 20:30:58 +02:00
Michael Nebel
6e81d74558 C#: Add support for synthetic fields in MaD for C#. 2024-09-02 11:13:11 +02:00
Tom Hvitved
4ef4ede0b1 C#: Do not calculate field-based SSA for enums 2024-08-30 11:19:07 +02:00
Michael Nebel
20d9fd11ac Merge pull request #17288 from michaelnebel/shared/contentflow 
Shared: ContentFlow.
 2024-08-23 09:52:27 +02:00
Michael Nebel
d935c47231 C#: Use the shared content flow implementation. 2024-08-22 15:46:01 +02:00
Michael Nebel
bd69b96752 Merge pull request #17273 from michaelnebel/csharp/sqlinject 
C#: ASP.NET Controller is allowed to be abstract.
 2024-08-22 11:18:48 +02:00
Tom Hvitved
d41d7c8246 Merge pull request #17207 from hvitved/csharp/content-set 
C#: Implement `ContentSet`
 2024-08-22 10:55:11 +02:00
Tom Hvitved
e94fabcc19 Address review comment 2024-08-22 08:27:15 +02:00
Michael Nebel
79718f1cd6 C#: Remove requirement that a controller is not allowed to be abstract. 2024-08-21 13:00:15 +02:00
Anders Schack-Mulligen
993bfee096 Merge pull request #17259 from aschackmull/dataflow/remove-srcsink-grouping 
Dataflow: Remove src/sink grouping feature
 2024-08-20 14:42:33 +02:00
Anders Schack-Mulligen
8470e91c16 Legacy Dataflow: Sync. 2024-08-20 10:07:57 +02:00
Rasmus Wriedt Larsen
43b61dd2aa C#: Support stdin in LocalFlowSource 2024-08-15 15:45:20 +02:00
Michael Nebel
f0817dc07c C#/Java: Use a parameterized module for making the source and sink callable classes. 2024-08-14 09:50:38 +02:00
Tom Hvitved
89a2381165 C#: Adopt shared SSA data-flow integration 2024-08-14 08:39:17 +02:00
Tom Hvitved
f6ec56a977 C#: Implement ContentSet 2024-08-13 15:27:36 +02:00
Tom Hvitved
3395dc9e71 Merge pull request #16576 from hvitved/csharp/static-field-side-effect 
C#: Add support for flow through side-effects on static fields
 2024-08-13 14:16:28 +02:00
Tom Hvitved
fbcb4498fe Merge pull request #16817 from hvitved/csharp/multi-body-dataflow-dispatch 
C#: Restrict multi-body dataflow dispatch based on file-system distance
 2024-08-13 12:15:22 +02:00
Michael Nebel
4a5c9f0ec4 Merge pull request #17007 from michaelnebel/shared/neutralimplementation 
C#/Java/Go: Neutrals are split into separate classes.
 2024-08-12 13:58:12 +02:00
Tom Hvitved
1bcac50db1 C#: Add support for flow through side-effects on static fields 2024-08-12 10:01:51 +02:00