hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 1,672 Branches 157 Tags
codeql-cli-2.7.6
Commit Graph

127 Commits

Author SHA1 Message Date
Michael Nebel
59b71df2d6 C#: Use stubs for the CWE-601 testcase. 2021-11-30 15:32:19 +01:00
Michael Nebel
0b4d0d2772 C#: Use stubs for the CWE-838 testcase 2021-11-30 15:32:19 +01:00
Tom Hvitved
6d315a5d16 C#: Add subpaths predicate to XSS queries 2021-09-20 10:40:54 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Tom Hvitved
592a42231f C#: Fix test for InsecureSQLConnection.ql 2021-08-26 13:48:56 +02:00
Tamás Vajk
763de4fff9 Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix 
C#: Adding Membership.GeneratePassword() as a bad source of random data
 2021-08-19 11:16:26 +02:00
Tom Hvitved
44ff623d8c Merge pull request #5508 from edvraa/deserializers 
deserialization sinks
 2021-08-17 11:41:52 +02:00
Raul Garcia
2708326624 Update csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-08-05 16:33:01 -07:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Raul Garcia (MSFT)
7340a1293f Fixing query & test 2021-08-04 19:37:57 -07:00
edvraa
d1e41689bb Merge with main 2021-08-04 14:25:34 +03:00
edvraa
1682e993bc Merge with Main 2021-07-12 11:32:47 +03:00
Tom Hvitved
4de4753c67 C#: Remove Query.qll top-level modules 2021-07-04 09:35:27 +02:00
Tom Hvitved
c812d4e4e8 C#: Add Query suffix to libraries that should only be imported by queries 2021-07-04 09:35:26 +02:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
4900ecfabe Manual fixes 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Tamas Vajk
b0447089d9 C#: Change Dapper stub to nuget-based one (stub also System.Data.SqlClient) 2021-06-23 15:04:57 +02:00
edvraa
c9c9758e01 Make similarly named files in tests and qhelp in sync 2021-04-22 12:23:46 +03:00
edvraa
c3deb48efa Charpred for InstanceMethodSink 2021-04-16 17:19:42 +03:00
edvraa
3aedd2c1f4 Use TaintTracking2 2021-04-15 22:12:01 +03:00
Tamas Vajk
b4d35b52c3 C#: Add Console.Read* to local flow sources 2021-04-12 14:19:17 +02:00
Tamas Vajk
ffcb345916 C#: Add Dapper support to SQL injection queries 2021-04-06 17:06:20 +02:00
Tamas Vajk
98001c494f C#: Add Dapper stub and new SqlInjection test cases 2021-04-06 13:30:31 +02:00
Tom Hvitved
d4ce42ac4f Merge pull request #5416 from hvitved/csharp/rework-summaries 
C#: Rework flow summary implementation
 2021-03-26 09:47:15 +01:00
Tom Hvitved
b94c189946 C#: Remove VulnerablePackage.ql query 2021-03-25 09:50:24 +01:00
Tom Hvitved
6d6150d051 C#: Change some data-flow toString()s 2021-03-23 16:42:58 +01:00
edvraa
ac29184521 deserialization sinks 2021-03-20 21:50:46 +02:00
Tamas Vajk
3e0245a7fc Fix test case for RuntimeChecksBypass 2021-03-04 12:47:21 +01:00
Tamas Vajk
cb4ed90c5c Fix failing tests 2021-03-03 16:58:48 +01:00
Tom Hvitved
d53faa86dc C#: Restrict FormatInvalid.ql and UncontrolledFormatString.ql to calls with insertions 2020-12-18 10:53:11 +01:00
Tom Hvitved
6a55a22f18 Merge pull request #4781 from hvitved/csharp/persisten-cookie-tests 
C#: Add tests for `PersistentCookie.ql`
 2020-12-07 11:37:16 +01:00
Tom Hvitved
5d73566859 C#: Add tests for PersistentCookie.ql 2020-12-04 17:14:00 +01:00
Tamas Vajk
d55fbc8a05 Add test cases for safe API calls 2020-12-04 13:26:53 +01:00
Tamas Vajk
24670160c2 Address code review findings 2020-12-04 13:26:53 +01:00
Tamas Vajk
cd5c1f06ee C#: Add queries to check untrusted data flow to external APIs 2020-12-04 13:26:53 +01:00
Tom Hvitved
5d1a5920c7 C#: Reimplement flow-summary compilation 2020-10-14 14:15:34 +02:00
Faten Healy
c35a5d120a C#: Increasing required size of RSA key to 2048 2020-09-22 11:09:49 +02:00
Tom Hvitved
795c5784b0 C#: Precise data flow for collections 2020-06-26 13:40:05 +02:00
Tom Hvitved
54677189de C#: Introduce RemoteFlowSink class 2020-03-25 20:05:39 +01:00
Tom Hvitved
7ac25d2439 C#: Add more tests for cs/information-exposure-through-exception 2020-03-25 14:33:49 +01:00
Tom Hvitved
fc74a482a4 C#: More XPath injection sinks 2020-03-19 14:13:35 +01:00
Tom Hvitved
4b3cf72c1c C#: Teach XPath injection query about XPathNavigator 2020-03-19 13:38:16 +01:00
Tom Hvitved
7f0181ccff C#: Add XPathNavigator test for cs/xml/xpath-injection 2020-03-19 13:37:03 +01:00
Tom Hvitved
78380f5d59 Merge pull request #2658 from calumgrant/cs/serialization-check-bypass-type 
C#: Fix cs/serialization-check-bypass
 2020-02-12 10:26:01 +01:00
Calum Grant
803cb3f4d1 C#: Address review comment 
- Flow from expressions with a value is excluded.
 2020-02-10 16:02:29 +00:00
Calum Grant
7caae01ad1 C#: Exclude fields that are created 2020-01-29 15:47:12 +00:00
Calum Grant
3d460aeb44 C#: ZipSlip query reports alert at source 2020-01-21 15:17:06 +00:00
Calum Grant
41b4d70504 C#: Refactor, improve documentation and add tests for cs/serialization-check-bypass 2020-01-03 18:46:39 +00:00