hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,558 Commits 1,671 Branches 157 Tags
revert-20885-js/local-module-exports
Commit Graph

9040 Commits

Author SHA1 Message Date
Luke Cartey
4f57456df1 C#: ZipSlip - Add spaces into bad example. 2018-08-21 13:06:29 +01:00
Luke Cartey
6453153393 C#: ZipSlip - Address review comments in module. 2018-08-21 12:18:27 +01:00
Luke Cartey
6959d80a28 C#: ZipSlip - Update help, compile and test samples. 2018-08-21 12:17:48 +01:00
Tom Hvitved
4560468cb8 C#: Update expected test output 2018-08-21 08:57:03 +02:00
Denis Levin
be3d2931e3 Changed query message text as requested 2018-08-20 14:02:33 -07:00
Luke Cartey
d6c58d6bd9 C#: ZipSlip - Add precision tag. 2018-08-20 16:59:57 +01:00
Luke Cartey
fa78d04f18 C#: ZipSlip - Add qhelp file. 
This adds a help file which describes the problem, provides
recommendations on how to fix it and an example.
 2018-08-20 16:59:56 +01:00
Luke Cartey
99d1cf70be C#: ZipSlip - Update name, description and message. 
This commit updates the name, description and message to better match
the house style for the security queries.
 2018-08-20 16:59:56 +01:00
Luke Cartey
112d104005 C#: ZipSlip - remove ZipSlip prefix from TaintTracking class name. 2018-08-20 16:18:13 +01:00
Luke Cartey
b6c9f844e8 C#: ZipSlip - refactor to use Source, Sink, Sanitizer 
This commit refactors the existing predicates to be classes extending
Source, Sink or Sanitizer, as appropriate.
 2018-08-20 16:17:03 +01:00
Luke Cartey
09b23878fd C#: ZipSlip, introduce source, sink, sanitizer classes. 2018-08-20 12:25:51 +01:00
Luke Cartey
3bc035fb5a C#: Reformat ZipSlip module. 
Reformat the ZipSlip module to adhere to the "QL Style Guide".
 2018-08-20 12:11:06 +01:00
Tom Hvitved
b1451b079e C#: Add CFG test that mixes finally splitting and catch splitting 2018-08-20 13:10:09 +02:00
Tom Hvitved
91ed111735 C#: Improve CFG for exception handlers 
Use generic CFG splitting to add a new type of split for exception handlers,
`ExceptionHandlerSplit`, which tags eachs node belonging to a `catch` clause
with the type of exception being caught. This allows for a more accurate CFG
for `try-catch` statements, where exception filters are handled properly.
 2018-08-20 13:08:28 +02:00
Tom Hvitved
a705b3afa5 C#: Generic control flow graph splitting 
Refactor existing logic for splitting control flow nodes belonging to a `finally`
block. A `Split` defines (1) when to enter the split, (2) when to stay in the split,
and (3) when to leave the split. With only these definitions, control flow splitting
is achieved by tagging each control flow element with the set of splits that apply
to it.
 2018-08-20 13:04:29 +02:00
Luke Cartey
80e4815125 C#: Extract ZipSlip library 2018-08-20 12:03:33 +01:00
Tom Hvitved
1365761f72 C#: Change toString() for FinallySplitControlFlowNode 2018-08-20 09:41:54 +02:00
Denis Levin
276deee68c Added comments to the test file. Fixed a typo. 2018-08-17 10:50:52 -07:00
Tom Hvitved
0edd0057fc C#: Do not use @kind graph in ql tests 2018-08-17 17:55:13 +02:00
Denis Levin
2a46a26d9e Update addressing review comments 2018-08-16 17:29:04 -07:00
Denis Levin
a09e7db08d Removing @precision high tag 2018-08-14 18:41:21 -07:00
calum
fc5963b831 C#: Rename filename in expected test output. 2018-08-14 13:00:25 +01:00
calum
82f0c389c7 C#: Update test references to use .NET Core, and change relative directory of moved test file. 2018-08-14 12:52:26 +01:00
Denis Levin
7492dabde0 cs: Don't Install Root Certificate (CWE-327) 2018-08-13 16:43:44 -07:00
Denis Levin
cee996c543 Adding .expected file to QLTest 2018-08-13 15:04:15 -07:00
Denis Levin
242fba3fd2 cs: Query for ZipSlip vulnerability (CVE-2018-1002200) 
Initial check in to validate the tests
 2018-08-13 14:56:45 -07:00
calum
9d010775b8 C#: Move query suite files into submodule. 2018-08-13 15:03:37 +01:00
Julian Tibble
bb9ce0e1fd C#: fix inconsistent type/constructor name 
The code sample for the self-assignment query help had a different name
for the class and it's (intended) constructor, so was invalid.
 2018-08-08 22:42:06 +01:00
semmle-qlci
6fc36f6621 Merge pull request #6 from hvitved/csharp/query/constant-condition 
Approved by calumgrant
 2018-08-08 06:45:07 +01:00
Tom Hvitved
3ccd582d17 Merge pull request #9 from calumgrant/cs/undeprecated-metric-queries 
C#: Add @ids for metric queries
 2018-08-06 22:55:39 +02:00
Tom Hvitved
323709b5ad C#: Generalize cs/constant-condition 2018-08-06 13:45:23 -07:00
Tom Hvitved
f7a515c8e9 C#: Prune CFG for obviously impossible nullness/matching edges 2018-08-06 13:45:23 -07:00
Tom Hvitved
9a1e148e85 C#: Various minor CFG bug fixes 2018-08-06 13:45:23 -07:00
Tom Hvitved
b161ff195b C#: Additional CFG tests 2018-08-06 13:45:23 -07:00
calumgrant
e8df86ebf8 Merge pull request #4 from hvitved/csharp/whitespaces 
C#: Fix whitespaces
 2018-08-03 16:06:47 +01:00
calum
05baae5b03 C#: Add @ids for metric queries and filter queries. 2018-08-03 15:33:57 +01:00
Tom Hvitved
d05109df76 C#: Update queries in Bad Practices/Implementation Hiding 2018-08-03 14:19:58 +02:00
Tom Hvitved
5d498fda72 C#: Fix whitespaces 2018-08-03 14:10:44 +02:00
Tom Hvitved
6b2d99b6ac C#: Add script for fixing whitespaces 2018-08-03 14:10:22 +02:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00