Calum Grant
41b4d70504
C#: Refactor, improve documentation and add tests for cs/serialization-check-bypass
2020-01-03 18:46:39 +00:00
Calum Grant
3db900b183
C#: Remove false positive and update test output
...
C#: Mark results as GOOD
2019-12-27 12:07:19 +00:00
Calum Grant
fd0225ca59
C#: Add test
2019-12-27 11:44:39 +00:00
Calum Grant
a059c13f6c
C#: Add test for tuple expressions.
2019-12-23 15:18:28 +00:00
Calum Grant
63afb30797
C#: Tests for tuple expressions.
2019-12-23 15:18:21 +00:00
Anders Schack-Mulligen
2443f10823
C#: Update .expected file.
2019-12-18 10:40:18 +01:00
semmle-qlci
8ad11b98d0
Merge pull request #2538 from hvitved/csharp/missing-to-string
...
Approved by calumgrant
2019-12-17 19:23:47 +00:00
Tom Hvitved
9dde1ce76a
C#: No taint-tracking steps for ternary conditionals
...
Ternary conditionals `b ? x : y` mistakenly had taint-tracking steps from both
`b`, `x`, and `y` to the conditional expression itself. Flow from `b` was not
intented, and flow from `x` and `y` is already part of ordinary data flow.
2019-12-17 13:53:39 +01:00
Anders Schack-Mulligen
ca08097b56
Java/C++/C#: Fix Java Content.getType and getContainerType to match C# and fix C# tests.
2019-12-17 11:51:58 +01:00
Tom Hvitved
f1193d084b
C#: Add missing toString() relations
2019-12-16 19:38:46 +01:00
Anders Schack-Mulligen
0eacadb309
C#: Fix unit test.
2019-12-16 16:17:19 +01:00
Tom Hvitved
b7484e63ee
C#: Recognize Code Contract assertions
2019-12-11 16:54:42 +01:00
Tom Hvitved
5429448eeb
C#: Add tests for Code Contracts
2019-12-11 16:51:42 +01:00
Tom Hvitved
abcb6b8aab
C#: Type-based pruning for data flow
2019-12-10 15:48:48 +01:00
Tom Hvitved
54088248a1
C#: Use source declarations in field flow
2019-12-10 15:46:31 +01:00
Tom Hvitved
a344707baa
C#: Add more data flow tests
...
Add tests that exhibit missing type pruning.
2019-12-10 15:46:31 +01:00
Tom Hvitved
78ddb37a8c
C#: Track type information in data flow
...
This commit adds type information to data flow paths, by mapping node types onto
the smaller set of GVN types, and implementing `ppReprType()`.
The effect is a mere change in `DataFlow::PathNode::toString()`; no type-based
pruning is done yet.
2019-12-10 15:46:28 +01:00
Calum Grant
3049bf2c85
Merge pull request #2358 from cldrn/ASPNetPagesValidateRequest
...
Adds CodeQL query to check for Pages with disabled built-in validation
2019-12-09 13:05:03 +00:00
Tom Hvitved
25265bddc7
Merge pull request #2494 from calumgrant/cs/roslyn-3.4
...
C#: Upgrade Roslyn to 3.4
2019-12-09 12:21:30 +01:00
Calum Grant
964f2f25dc
Merge pull request #2462 from hvitved/csharp/localvars-refactor
...
C#: Handle tuple patterns in `is` expressions
2019-12-06 12:59:14 +00:00
Calum Grant
4b0a149704
C#: Update qltest output.
2019-12-06 12:41:20 +00:00
Calum Grant
5e6b7be5b8
C#: Update nullability tests.
2019-12-06 12:41:20 +00:00
Calum Grant
59ce8842bb
Merge branch 'master' of git.semmle.com:Semmle/ql into ASPNetPagesValidateRequest
...
# Conflicts:
# change-notes/1.24/analysis-csharp.md
2019-12-05 15:58:47 +00:00
Calum Grant
73c8888361
Merge pull request #2356 from cldrn/ASPNetRequestValidationMode
...
Adds CodeQL query to check for insecure RequestValidationMode in ASP.NET
2019-12-04 17:02:08 +00:00
Dave Bartolomeo
50dc5e2ba3
Merge pull request #2438 from rdmarsh2/rdmarsh/ir-line-number-ids
...
C++/C#: use line numbers for instruction IDs
2019-12-03 18:48:28 -08:00
Robert Marsh
1b802c7e18
C#: accept test change
2019-12-02 13:59:19 -08:00
Calum Grant
fcd13dc595
Merge remote-tracking branch 'upstream/master' into ASPNetRequestValidationMode
...
# Conflicts:
# change-notes/1.24/analysis-csharp.md
2019-12-02 12:03:11 +00:00
semmle-qlci
dc7a0c1b91
Merge pull request #2442 from hvitved/csharp/dataflow/conversion-operator
...
Approved by calumgrant
2019-12-02 11:01:35 +00:00
Calum Grant
30a2620a8c
C#: Tidy up docs, query metadata and add tests.
2019-11-29 10:31:58 +00:00
Tom Hvitved
a062d7d41c
C#: Add regression test
2019-11-29 10:10:24 +01:00
Tom Hvitved
04cecc04dd
C#: Update EntityFrameworkCore test
2019-11-28 15:28:50 +01:00
Tom Hvitved
af453d081e
C#: Only track taint through conversion operators defined in libraries
2019-11-28 15:21:04 +01:00
Calum Grant
d001c3c2d2
C#: Restructure files.
2019-11-27 17:29:53 +00:00
Calum Grant
c906a8238d
C#: Edit qhelp for cs/insecure-request-validation-mode
2019-11-27 16:37:37 +00:00
Tom Hvitved
39aaa38486
C#: Update EntityFramework test
2019-11-27 10:28:12 +01:00
Jonas Jensen
c05cc77a91
Merge pull request #2421 from dbartol/dbartol/IndirectAlias
...
C++/C#: Cleanup in preparation for indirect alias analysis
2019-11-26 21:59:17 +01:00
Tom Hvitved
71e958eabc
C#: Add taint-tracking steps through conversion operator calls
2019-11-26 13:53:50 +01:00
Tom Hvitved
acb069f69b
C#: Add data flow tests for conversion operators
2019-11-26 13:53:17 +01:00
Tom Hvitved
fede9aed04
Merge pull request #2355 from cldrn/AspNetMaxRequestLength
...
CodeQL query to check for insecure MaxLengthRequest values in ASP.NET applications
2019-11-25 17:02:22 +01:00
Tom Hvitved
795959ef8d
C#: Update expected test output
2019-11-25 13:41:12 +01:00
Dave Bartolomeo
51ff262cbc
C++/C#: Add IR SSA sanity tests
2019-11-22 13:16:05 -07:00
Paulino Calderon
85eda8c978
Brings security tests from other PRs
2019-11-19 13:04:19 -05:00
Calum Grant
b9d1c38753
Merge pull request #2371 from max-schaefer/rc/1.23
...
Merge rc/1.23 into master
2019-11-18 14:15:31 +00:00
semmle-qlci
ed4657c201
Merge pull request #2340 from hvitved/csharp/nunit-assertions
...
Approved by calumgrant
2019-11-18 13:02:49 +00:00
Tom Hvitved
c95db9e6f8
Merge pull request #2331 from calumgrant/cs/default-interface-methods
...
C#: Tests for default interface methods
2019-11-15 16:36:47 +01:00
Tom Hvitved
20a1cb6fc8
C#: Teach assertion library about (classical) NUnit assertions
...
This commit adds support for (classical) NUnit assertions (see
https://github.com/nunit/docs/wiki/Assertions ). Modern constraint-based assertions,
such as `Assert.That(o, Is.Not.Null)` are currently not supported, because they
would require a restructuring of the assertion library.
2019-11-15 14:07:28 +01:00
Tom Hvitved
f9bff172d4
C#: Add missing assignment data flow steps
2019-11-15 11:36:05 +01:00
Tom Hvitved
f8791c884f
C#: Add more data flow tests for assignments
2019-11-15 11:30:40 +01:00
Calum Grant
aac360463b
C#: Tests for default interface methods.
2019-11-15 10:13:04 +00:00
Calum Grant
f3c92c5527
C#: Address review comment
2019-11-14 17:14:51 +00:00
