Ed Minnix
975327648c
Remove commented-out code
2024-01-22 11:09:50 -05:00
Ed Minnix
51564200a1
Documentation for FlowSources library
2024-01-22 11:09:48 -05:00
Ed Minnix
83e66136ce
Change note
2024-01-22 11:09:46 -05:00
Ed Minnix
c530fbd9f8
C# Threat Modeling Tests
2024-01-22 11:09:45 -05:00
Ed Minnix
3c9c07ec40
Rename SourceNode.qll to FlowSources.qll
2024-01-22 11:09:43 -05:00
Ed Minnix
392eac5f9a
Refactor source node classes to use SourceNode superclass
...
Refactor the existing flowsource classes to use the `SourceNode` class
to specify which threat model they support.
2024-01-22 11:09:41 -05:00
Ed Minnix
d29df68c97
Introduce the SourceNode and ThreatModelFlowSource classes
...
1. Introduces the `SourceNode` class which allows dataflow nodes
representing sources to indicate the threat model they are associated
with.
2. Introduces the `ThreatModelFlowSource` class which represents a
source node which respects the threat model configuration
2024-01-22 11:09:39 -05:00
Ed Minnix
ad093fde4f
Add dependency on codeql/threat-models shared library
2024-01-22 11:09:38 -05:00
Tamas Vajk
de4e3963e7
C#: Try fallback nuget restore without nuget.config
2024-01-22 15:42:06 +01:00
Tamas Vajk
7c290ee2ba
C#: Add integration test with nuget.config
2024-01-22 15:36:38 +01:00
Michael Nebel
1bb6f4962d
C#: Match any {digit} in the format string.
2024-01-22 14:03:37 +01:00
Michael Nebel
b006b28e8a
C#: Add change note.
2024-01-22 11:28:27 +01:00
Michael Nebel
5016113a0f
C#: Add a string.Format sanitizer to url redirect and update expected test output.
2024-01-22 11:21:35 +01:00
Michael Nebel
884f3f1505
C#: Add string interpolation expression sanitizer to url redirect and update expected test output.
2024-01-22 11:21:19 +01:00
Michael Nebel
e33d5b5fb6
C#: Add some test examples for UrlRedirect using string interpolation and string.Format.
2024-01-22 09:42:23 +01:00
erik-krogh
8be7eadace
delete outdated deprecations
2024-01-22 09:11:35 +01:00
Joe Farebrother
4de19b3ec9
Merge pull request #15039 from joefarebrother/csharp-razor-flow-page-models
...
C#: Add flow steps from a PageModel to cshtml page.
2024-01-19 10:07:25 +00:00
Michael Nebel
24855ddc64
Merge pull request #15328 from michaelnebel/csharp/inlinearrays
...
C# 12: Inline array support.
2024-01-19 09:11:26 +01:00
Michael Nebel
cb53ca4e1f
Merge pull request #15367 from michaelnebel/csharp/nullablesimpletypesanitizer
...
C#: Consider nullable simple types as sanitizers.
2024-01-19 09:09:36 +01:00
Michael Nebel
43350b0664
C#: Add change note.
2024-01-18 13:55:18 +01:00
Michael Nebel
9e9b5292f2
C#: Add change note.
2024-01-18 13:50:52 +01:00
Michael B. Gale
d0003ce7be
C#: Rename query to ExtractedFiles
2024-01-18 12:47:11 +00:00
Michael Nebel
337ab611c9
C#: Update expected test output.
2024-01-18 12:53:48 +01:00
Michael Nebel
9460c91c8c
C#: Also consider nullable simple types (and datetime) as simple type sanitizers.
2024-01-18 12:53:29 +01:00
Michael Nebel
559842071a
C#: Add example of log forging alert for simple nullable types and updated expected test output.
2024-01-18 12:50:40 +01:00
Michael Nebel
f8f95e6a19
C#: Add models as data test for inline arrays.
2024-01-18 12:23:26 +01:00
Michael Nebel
1d88ca2388
C#: Add more InlineArray test cases.
2024-01-18 12:23:26 +01:00
Michael Nebel
70e7c92774
C#: Also check the namespace of the InlineArrayAttribute.
2024-01-18 11:09:01 +01:00
Michael Nebel
674838e698
C#: Add flow test for inline arrays.
2024-01-18 11:09:01 +01:00
Michael Nebel
f14b3265ab
C#: Move static methods in CollectionFlow as these impact result line numbers.
2024-01-18 11:09:00 +01:00
Michael Nebel
47505b3bfa
C#: Add array access test for an inline array.
2024-01-18 11:09:00 +01:00
Michael Nebel
0453bb86e0
C#: Update test output of existing expressions tests.
2024-01-18 11:09:00 +01:00
Michael Nebel
ae52779cf6
C#: Add inline array test to expressions.
2024-01-18 11:09:00 +01:00
Michael Nebel
de831d188f
C#: Add inline type array test.
2024-01-18 11:09:00 +01:00
Michael Nebel
8a97c8c28e
C#: Add QL support for InlineArrayType.
2024-01-18 11:09:00 +01:00
Michael B. Gale
a30791833d
C#: Report any extracted file as successfully extracted
2024-01-17 20:57:39 +00:00
Michael Nebel
fcb9e473c0
C#: Add upgrade and downgrade scripts.
2024-01-17 14:08:18 +01:00
Michael Nebel
83c16ae993
C#: Extract structs representing inline arrays as inline arrays.
2024-01-17 14:01:05 +01:00
Michael Nebel
5e692a882e
C#: Update dbscheme with a typekind for inline arrays.
2024-01-17 14:01:05 +01:00
Alexander Eyers-Taylor
934474681d
Merge pull request #15254 from github/post-release-prep/codeql-cli-2.16.0
...
Post-release preparation for codeql-cli-2.16.0
2024-01-16 14:50:40 +00:00
Michael Nebel
8d64d71583
C#: Move the gen kind enum script.
2024-01-16 14:18:41 +01:00
Rasmus Wriedt Larsen
6f45de1095
Merge pull request #15325 from RasmusWL/c#-filter-order
...
C#: Respect order of `LGTM_INDEX_FILTERS` in buildless extraction
2024-01-16 09:28:44 +01:00
github-actions[bot]
57df8b92df
Post-release preparation for codeql-cli-2.16.0
2024-01-15 15:00:50 +00:00
Rasmus Wriedt Larsen
13c236227f
C#: Apply suggestions from code review
...
Co-authored-by: Michael B. Gale <mbg@github.com >
2024-01-15 15:51:36 +01:00
Rasmus Wriedt Larsen
086e4f7f12
C#: Adjust test for LGTM_INDEX_FILTERS
2024-01-15 15:50:25 +01:00
Rasmus Wriedt Larsen
59d239b230
C#: Respect order of LGTM_INDEX_FILTERS in buildless extraction
...
That is, using `exclude:**/*\ninclude:**/*` should include everything.
2024-01-15 11:45:58 +01:00
Michael Nebel
275822f80d
Merge pull request #15296 from michaelnebel/csharp/getruntimeargument
...
C#: Improve getRuntimeArgumentForParameter to consider named arguments.
2024-01-12 15:57:17 +01:00
Michael Nebel
9becd0876f
Merge pull request #15179 from michaelnebel/modelgenrespectmanual
...
C#/Java: Increase precision of model generation.
2024-01-12 15:12:21 +01:00
Michael Nebel
dcce93ac4c
C#: Address more review comments.
2024-01-12 14:07:27 +01:00
Michael Nebel
c7045fbb99
C#: Add some test cases for excluding methods for model generation.
2024-01-12 13:35:23 +01:00
