hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 03:06:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
8,778 Commits 1,672 Branches 157 Tags
rc/1.23
Commit Graph

69 Commits

Author SHA1 Message Date
Tom Hvitved
46bc804562 Merge pull request #2286 from calumgrant/cs/windows-tests 
C#: Make qltests pass on all platforms
 2019-11-13 16:21:08 +01:00
Calum Grant
d64c244257 C#: Fix test for AspLine. 2019-11-08 15:48:56 +00:00
Tom Hvitved
eb990525d7 C#: Add precision tags to UnsafeDeserialization[UntrustedInput].ql 2019-10-28 14:19:40 +01:00
Tom Hvitved
4ac32c4b12 C#: Fix more tests 2019-10-24 13:00:14 +02:00
Geoffrey White
0427b1eb3f C#: Fix more tests. 2019-10-23 18:20:44 +01:00
Raul Garcia (MSFT)
cb8dcf7db2 Publishing queries to the OSS Semmle repository 2019-10-22 09:55:39 +01:00
Tom Hvitved
09e4e7901a C#: Update expected test output 2019-09-18 13:36:15 +02:00
Anders Schack-Mulligen
6299625b3d C#: Adjust qltest expected output. 2019-09-12 11:00:49 +02:00
Tom Hvitved
c5d9d74c0a C#: Nested field flow 2019-08-23 09:25:05 +02:00
Tom Hvitved
6749bbd438 C#: Make use of extra data flow copies 2019-08-07 10:41:43 +02:00
Tom Hvitved
b7d6165d42 C#: Convert cs/web/xss to a path-problem 2019-08-01 15:58:57 -07:00
Tom Hvitved
949b3601d0 C#: Address review comments 2019-05-15 14:10:42 +02:00
Tom Hvitved
c6a471e4b6 C#: Adopt shared data flow implementation 
- General refactoring to fit with the shared data flow implementation.
- Move CFG splitting logic into `ControlFlowReachability.qll`.
- Replace `isAdditionalFlowStepIntoCall()` with `TaintedParameterNode`.
- Redefine `ReturnNode` to be the actual values that are returned, which should
  yield better path information.
- No longer consider overrides in CIL calls.
 2019-05-06 14:54:11 +02:00
Tom Hvitved
b48576d7b9 C#: Address review comments 2019-03-10 15:45:31 +01:00
Tom Hvitved
8959d528a1 Merge remote-tracking branch 'upstream/rc/1.20' into csharp/dataflow/performance 2019-03-10 15:07:18 +01:00
Tom Hvitved
e6f7632d4c C#: Introduce data flow return nodes 
Before this change,

```
flowOutOfCallableStep(CallNode call, ReturnNode ret, OutNode out, CallContext cc)
```

would compute all combinations of call sites `call` and returned expressions `ret`
up front.

Now, we instead introduce explicit return nodes, so each callable has exactly
one return node (as well as one for each `out`/`ref` parameter). There is then
local flow from a returned expression to the relevant return node, and
`flowOutOfCallableStep()` computes combinations of call sites and return nodes.

Not only does this result in better performance, it also makes `flowOutOfCallableStep()`
symmetric to `flowIntoCallableStep()`, where each argument is mapped to a parameter,
and not to all reads of that parameter.
 2019-03-07 12:16:06 +01:00
Tom Hvitved
440809623b C#: Fix whitespaces 2019-03-06 08:15:46 +01:00
calum
15341965e0 C#: Update cs/use-of-vulnerable-package to detect CVE-2019-0657 2019-02-21 11:48:48 +00:00
Calum Grant
eef1abfa69 Merge pull request #743 from hvitved/csharp/dataflow-splitting 
C#: Teach data flow library about CFG splitting
 2019-01-28 16:31:24 +00:00
calum
c9ffb38e4b C#: Add sources and sinks in Winforms. Update some queries with new sources and sinks. 2019-01-18 15:42:44 +00:00
Tom Hvitved
b2f99dbbc7 C#: Teach data flow library about CFG splitting 
Data flow nodes for expressions do not take CFG splitting into account. Example:

```
if (b)
    x = tainted;
x = x.ToLower();
if (!b)
    Use(x);
```

Flow is incorrectly reported from `tainted` to `x` in `Use(x)`, because the step
from `tainted` to `x.ToLower()` throws away the information that `b = true`.

The solution is to remember the splitting in data flow expression nodes, that is,
to represent the exact control flow node instead of just the expression. With that
we get flow from `tainted` to `[b = true] x.ToLower()`, but not from `tainted` to
`[b = false] x.ToLower()`.

The data flow API remains unchanged, but in order for analyses to fully benefit from
CFG splitting, sanitizers in particular should be CFG-based instead of expression-based:

```
if (b)
   x = tainted;
   if (IsInvalid(x))
       return;
Use(x);
```

If the call to `IsInvalid()` is a sanitizer, then defining an expression node to be
a sanitizer using `GuardedExpr` will be too conservative (`x` in `Use(x)` is in fact
not guarded). However, `[b = true] x` in `[b = true] Use(x)` is guarded, and to help
defining guard-based sanitizers, the class `GuardedDataFlowNode` has been introduced.
 2019-01-16 10:39:27 +01:00
Max Schaefer
b4f400fb23 Merge remote-tracking branch 'upstream/next' into qlucie/master 2019-01-04 10:35:57 +00:00
Tom Hvitved
1366638f06 C#: Fix whitespaces 2018-12-12 13:13:13 +01:00
calum
6b2e339ec5 C#: Address QL review comments. 2018-11-22 11:45:41 +00:00
calum
1bfa4d59e7 C#: Documentation for cs/uncontrolled-format-string 2018-11-22 11:21:35 +00:00
calum
fb09360ad6 C#: New query for cs/uncontrolled-string-format 2018-11-22 11:21:35 +00:00
Tom Hvitved
201f64ef8e Merge pull request #367 from calumgrant/cs/path-problems 
C#: Update all security queries to path-problems
 2018-11-22 12:02:11 +01:00
calum
69ab1ed5bd C#: Add nodes predicate to all path queries. 2018-11-21 12:35:05 +00:00
calum
1aa5e24108 C#: Remove duplicate results from cs/use-of-vulnerable-package 2018-11-16 16:50:35 +00:00
calum
cf4b04a3ee C#: Address review comments - adding .getNode() where appropriate. 2018-11-16 11:52:20 +00:00
calum
e908b090fd C#: Always use PathNode in a path-problem query. 2018-11-16 10:32:24 +00:00
calum
eddc52852d C#: Convert security queries to path-problem and update qltest expected output. 2018-11-16 10:31:20 +00:00
Tom Hvitved
dd6fd400aa Merge pull request #335 from calumgrant/cs/cwe-937 
C#: New query VulnerablePackage
 2018-11-12 10:34:53 +01:00
Tom Hvitved
67e64f21d8 C#: Fix whitespaces 2018-11-07 08:52:38 +01:00
semmle-qlci
33c02fe928 Merge pull request #355 from hvitved/csharp/guards-logic 
Approved by calumgrant
 2018-11-06 19:06:30 +00:00
calum
c003150ed8 C#: Add missing file. 2018-11-02 16:46:49 +00:00
calum
29df7f5e96 C#: Mark false-negatives. 2018-11-02 16:46:49 +00:00
calum
7fa442d127 C#: Merge tests. 2018-11-02 16:46:49 +00:00
calum
ae96b347e2 C#: Address review comments. 2018-11-02 16:46:49 +00:00
calum
62fb693924 C#: Tidy up code and fix performance of remote flow sources. 2018-11-02 16:45:48 +00:00
calum
2090d69c3f C#: Tidy up tests. 2018-11-02 16:45:48 +00:00
calum
697e66e312 C#: Move test into subdirectory. 2018-11-02 16:45:48 +00:00
calum
d6e6ae66b8 C#: qltest stubs for UrlRedirect.ASPNETCore 2018-11-02 16:45:47 +00:00
calum
4655acadb2 C#: Stubs for XSSFlowASPNetCore test. 2018-11-02 16:45:47 +00:00
calum
8b8d2f9bef C#: Add auto-generated stubs. 2018-11-02 16:45:47 +00:00
Denis Levin
ba9cb5e22d cs: Adding sources and sinks for ASPNET.Core 
Inintial query checkin.
Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them.
The packages.config should include this:
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" />
  <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" />
  <package id="Microsoft.NETCore.App" version="2.0.0" />
  <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
 2018-11-02 16:45:47 +00:00
Tom Hvitved
665173692c C#: Fix whitespaces 2018-10-30 13:15:46 +01:00
calum
61232cb08e C#: Address review comments in QL. 2018-10-19 16:33:04 +01:00
Tom Hvitved
b233961a9a C#: Add assertion tests 2018-10-19 14:05:30 +02:00
calum
3de1f3b101 C#: Query and qltest for VulnerablePackage. 2018-10-18 10:23:51 +01:00