9130 Commits

Author	SHA1	Message	Date
Tom Hvitved	aa604425a5	Merge pull request #20305 from hvitved/csharp/dataflow-base-non-exact-type ... C#: Fix context-sensitive dispatch when using `base` qualifier	2025-09-01 09:20:15 +02:00
Henry Mercer	55869f28c3	Specify default queries in codeql-extractor.yml	2025-08-29 17:34:45 +01:00
Tom Hvitved	611eca41b9	Add change note	2025-08-29 10:22:11 +02:00
Tom Hvitved	aa3f4e1eca	C#: Fix context-sensitive dispatch when using base qualifier	2025-08-28 13:24:47 +02:00
Tom Hvitved	c2bb3797b0	C#: Add data flow test	2025-08-28 11:57:03 +02:00
Michael Nebel	73ce2a2f57	C#: Convert Blazor test to use pretty print models processing.	2025-08-28 11:46:08 +02:00
Michael Nebel	7394a80bf3	C#: Add change-note.	2025-08-25 14:53:23 +02:00
Michael Nebel	be123cf2bc	C#: Update test expected output.	2025-08-25 14:52:41 +02:00
Michael Nebel	311e3ac8b5	C#: Taint entire return for Byte- and Char array summaries.	2025-08-25 14:39:29 +02:00
Chris Smowton	1829060fab	Merge remote-tracking branch 'origin/main' into smowton/admin/merge-rc319-into-main	2025-08-21 16:33:37 +01:00
Michael Nebel	c89f2e309d	Merge pull request #20089 from michaelnebel/csharp/allowsinkimplicitread ... C#: Allow implicit collection reads in sink nodes.	2025-08-21 15:29:52 +02:00
Napalys Klicius	3369e16b1b	Merge pull request #20254 from Napalys/cs/ldap-injection-qhelp ... CS: Update `cs/ldap-injection` qhelp	2025-08-21 08:57:03 +02:00
Michael Nebel	ebfbc71104	C#: Address more review comments.	2025-08-21 08:07:17 +02:00
Napalys Klicius	71a8e10f3d	CS: added extra guidance in recommendation section for LDAPInjection	2025-08-20 13:37:02 +02:00
Napalys Klicius	c475bedf73	CS: removed dead links from LDAPInjection qhelp	2025-08-20 12:58:54 +02:00
Michael Nebel	b42c366250	C#: Address review comments.	2025-08-20 08:50:23 +02:00
github-actions[bot]	42e3d31c49	Post-release preparation for codeql-cli-2.22.4	2025-08-18 14:42:42 +00:00
github-actions[bot]	90d29994c8	Release preparation for version 2.22.4	2025-08-18 14:06:09 +00:00
Michael Nebel	4b0c725367	C#: Add change note.	2025-08-18 12:56:15 +02:00
Michael Nebel	7431ee8df9	C#: Update the barrier in HashWithoutSalt to avoid an FP. It worked by accident before as we didn't allow implicit element reads at sinks.	2025-08-18 12:56:13 +02:00
Michael Nebel	1d25a20c9c	C#: Update the external flow test and expected test output.	2025-08-18 12:56:12 +02:00
Michael Nebel	abd0b2e2f9	C#: Update test expected output.	2025-08-18 12:56:10 +02:00
Michael Nebel	81751ea591	C#: Allow implicit reads from collections in argument nodes (sinks and additional flow steps) for default taint tracking configurations.	2025-08-18 12:56:09 +02:00
Michael Nebel	d8215a35c0	C#: Add example of failing taint flow for collections in sinks.	2025-08-18 12:56:07 +02:00
Nora Dimitrijević	8000e7c442	Merge pull request #20074 from d10c/d10c/diff-informed-phase-3-csharp ... C#: Diff-informed queries: phase 3 (non-trivial locations)	2025-08-15 12:07:47 +02:00
Michael B. Gale	e1ffb323a0	C#: Replace input interpolation with environment variable	2025-08-15 09:00:28 +01:00
Tom Hvitved	6e90823bd9	Merge pull request #20158 from hvitved/csharp/has-callable-constructor ... C#: Include constructors in `ValueOrRefType.hasCallable`	2025-08-05 12:59:29 +02:00
github-actions[bot]	fb4b0aac53	Post-release preparation for codeql-cli-2.22.3	2025-08-04 17:18:08 +00:00
github-actions[bot]	fd82aeb1f8	Release preparation for version 2.22.3	2025-08-04 15:47:57 +00:00
Tom Hvitved	361ef0f50d	C#: Include constructors in ValueOrRefType.hasCallable	2025-08-04 13:51:17 +02:00
Anders Schack-Mulligen	3b8234ecec	SSA: Update data flow integration and BarrierGuard interface to use GuardValue.	2025-07-28 11:29:12 +02:00
github-actions[bot]	37cc78255a	Post-release preparation for codeql-cli-2.22.2	2025-07-22 14:22:20 +00:00
Nick Rolfe	43d14c28c2	Tweak changenotes	2025-07-22 15:06:09 +01:00
github-actions[bot]	997547b8ef	Release preparation for version 2.22.2	2025-07-22 14:04:14 +00:00
Nick Rolfe	825c813095	Revert "Release preparation for version 2.22.2"	2025-07-22 14:33:45 +01:00
Nick Rolfe	74cd982aca	Tweak changenotes	2025-07-22 09:51:52 +01:00
github-actions[bot]	c8632b70b7	Release preparation for version 2.22.2	2025-07-21 16:45:45 +00:00
Nick Rolfe	ad9b637bec	Revert "Merge pull request #19994 from github/post-release-prep/codeql-cli-2.22.2" ... This reverts commit e5b4a15e35, reversing changes made to 33e63109bb.	2025-07-21 15:18:59 +01:00
Nora Dimitrijević	218fcbbec5	[DIFF-INFORMED] C#: HardcodedConnectionString	2025-07-21 11:28:55 +02:00
Nora Dimitrijević	b2fd58eea4	[DIFF-INFORMED] C#: ThreadUnsafeCryptoTransformLambda	2025-07-21 11:28:53 +02:00
Nora Dimitrijević	7f085e6bd9	[DIFF-INFORMED] C#: UnsafeDeserializationQuery ... 57c8b6e229/csharp/ql/src/Security%20Features/CWE-502/UnsafeDeserializationUntrustedInput.ql (L59)	2025-07-21 11:28:50 +02:00
Nora Dimitrijević	793f921291	[DIFF-INFORMED] C#: ConditionalBypass ... https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/csharp/ql/src/Security%20Features/CWE-807/ConditionalBypass.ql#L22	2025-07-21 11:28:48 +02:00
github-actions[bot]	2f84a4a5b5	Add changed framework coverage reports	2025-07-18 00:25:03 +00:00
Michael Nebel	01738c2e42	Merge pull request #19940 from michaelnebel/csharp/fixmodels ... C#: Improve some existing manual models.	2025-07-17 07:58:14 +02:00
Michael Nebel	e9fdca7d39	C#: Address review comments.	2025-07-16 11:12:25 +02:00
Chris Smowton	d6a3b2e91f	Merge pull request #20065 from smowton/smowton/fix/web.config ... C#: Make web.config match case insensitive (with change note)	2025-07-16 09:52:34 +01:00
Chris Smowton	a537c0091e	change note	2025-07-16 09:06:38 +01:00
Michael Nebel	70bf61dc57	C#: Convert Deserialization tests to use inline expectations.	2025-07-16 08:41:58 +02:00
Michael Nebel	8f8b0428ab	C#: Add change-note.	2025-07-16 08:41:56 +02:00
Michael Nebel	eba901f610	C#: Update flow summaries expected output.	2025-07-16 08:41:55 +02:00