hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
17,676 Commits 1,671 Branches 157 Tags
yo-h/java15
Commit Graph

237 Commits

Author SHA1 Message Date
Tom Hvitved
33fcbc958d C#: Consider as expressions as maybe-null in cs/dereferenced-value-may-be-null 2018-12-20 14:54:48 +01:00
Tom Hvitved
ccda1c8d3d C#: Add nullness test using an as expression 2018-12-20 14:54:48 +01:00
Tom Hvitved
b2500a0c26 Merge branch 'master' into csharp/maybe-null-path-query 2018-12-19 20:22:19 +01:00
calumgrant
dbd0c7e80a Merge pull request #674 from hvitved/csharp/cache-get-label 
C#: Cache `NamedElement::getLabel()`
 2018-12-17 14:24:01 +00:00
Tom Hvitved
91e4f7ad83 C#: Make cs/dereferenced-value-may-be-null a path query 2018-12-14 12:07:16 +00:00
Tom Hvitved
e2f271bddb C#: Add more guard implication steps 2018-12-14 12:03:32 +00:00
Tom Hvitved
078dc7b6c0 C#: Fix false positives in cs/dereferenced-value-may-be-null 2018-12-14 12:03:32 +00:00
Tom Hvitved
287ce4e683 C#: Add more nullness tests 2018-12-14 12:03:32 +00:00
Aditya Sharad
f92456fcad Merge master into next. 
Conflict in `cpp/ql/test/library-tests/sideEffects/functions/sideEffects.expected`,
resolved by accepting test output (combining changes).
 2018-12-12 17:26:18 +00:00
Tom Hvitved
1366638f06 C#: Fix whitespaces 2018-12-12 13:13:13 +01:00
calum
3037b2b197 C#: Sync the -Good and -Bad files in the qltest to match the sample. 2018-12-12 11:36:00 +00:00
Tom Hvitved
fce805834e C#: Address review comments 2018-12-07 09:40:49 +01:00
Tom Hvitved
4739a6334e C#: Fix a bug and generalize guards implication logic 2018-12-03 15:33:00 +01:00
Tom Hvitved
3b0d1599ad C#: Teach guards library about unique assignments 
For example, in

```
void M(object x)
{
    var y = x == null ? 1 : 2;
    if (y == 2)
        x.ToString();
}
```

the guard `y == 2` implies that the guard `x == null` must be false,
as the assignment of `2` to `y` is unique.
 2018-11-30 17:43:10 +01:00
Tom Hvitved
ab9aa7d338 C#: Teach guards library about conditional assignments 
For example, in

```
void M(object x)
{
    var y = x != null ? "" : null;
    if (y != null)
        x.ToString();
}
```

the guard `y != null` implies that the guard `x != null` must be true.
 2018-11-30 17:41:36 +01:00
Tom Hvitved
80144a00c8 C#: Update nullness analyses 
Port the SSA-based logic from the Java nullness analyses.
 2018-11-30 17:41:31 +01:00
Tom Hvitved
d2a431e6f3 C#: Add more nullness tests 
Port many of the nullness test from Java, as well as add new tests.
 2018-11-30 17:02:05 +01:00
Jonas Jensen
9babb4366b Merge remote-tracking branch 'upstream/master' into mergeback-20181130 2018-11-30 10:13:33 +01:00
calum
6c6d7e4fff C#: Fix false-positives in cs/index-out-of-bounds. 2018-11-28 17:42:08 +00:00
calum
6b2e339ec5 C#: Address QL review comments. 2018-11-22 11:45:41 +00:00
calum
1bfa4d59e7 C#: Documentation for cs/uncontrolled-format-string 2018-11-22 11:21:35 +00:00
calum
fb09360ad6 C#: New query for cs/uncontrolled-string-format 2018-11-22 11:21:35 +00:00
Tom Hvitved
201f64ef8e Merge pull request #367 from calumgrant/cs/path-problems 
C#: Update all security queries to path-problems
 2018-11-22 12:02:11 +01:00
calum
69ab1ed5bd C#: Add nodes predicate to all path queries. 2018-11-21 12:35:05 +00:00
calum
1aa5e24108 C#: Remove duplicate results from cs/use-of-vulnerable-package 2018-11-16 16:50:35 +00:00
calum
cf4b04a3ee C#: Address review comments - adding .getNode() where appropriate. 2018-11-16 11:52:20 +00:00
calum
e908b090fd C#: Always use PathNode in a path-problem query. 2018-11-16 10:32:24 +00:00
calum
eddc52852d C#: Convert security queries to path-problem and update qltest expected output. 2018-11-16 10:31:20 +00:00
semmle-qlci
536f3f36b8 Merge pull request #428 from hvitved/csharp/more-guards 
Approved by calumgrant
 2018-11-15 15:07:56 +00:00
Tom Hvitved
dd6fd400aa Merge pull request #335 from calumgrant/cs/cwe-937 
C#: New query VulnerablePackage
 2018-11-12 10:34:53 +01:00
Tom Hvitved
5921a9ea51 C#: Teach guards library about assertions 2018-11-08 20:21:34 +01:00
Tom Hvitved
67e64f21d8 C#: Fix whitespaces 2018-11-07 08:52:38 +01:00
semmle-qlci
33c02fe928 Merge pull request #355 from hvitved/csharp/guards-logic 
Approved by calumgrant
 2018-11-06 19:06:30 +00:00
calum
c003150ed8 C#: Add missing file. 2018-11-02 16:46:49 +00:00
calum
29df7f5e96 C#: Mark false-negatives. 2018-11-02 16:46:49 +00:00
calum
7fa442d127 C#: Merge tests. 2018-11-02 16:46:49 +00:00
calum
ae96b347e2 C#: Address review comments. 2018-11-02 16:46:49 +00:00
calum
62fb693924 C#: Tidy up code and fix performance of remote flow sources. 2018-11-02 16:45:48 +00:00
calum
2090d69c3f C#: Tidy up tests. 2018-11-02 16:45:48 +00:00
calum
697e66e312 C#: Move test into subdirectory. 2018-11-02 16:45:48 +00:00
calum
d6e6ae66b8 C#: qltest stubs for UrlRedirect.ASPNETCore 2018-11-02 16:45:47 +00:00
calum
4655acadb2 C#: Stubs for XSSFlowASPNetCore test. 2018-11-02 16:45:47 +00:00
calum
8b8d2f9bef C#: Add auto-generated stubs. 2018-11-02 16:45:47 +00:00
Denis Levin
ba9cb5e22d cs: Adding sources and sinks for ASPNET.Core 
Inintial query checkin.
Note: tests require Nuget packages with ASPNET and ASPNETCore in Packages directory, and won't compile without them.
The packages.config should include this:
  <package id="Microsoft.AspNet.Mvc" version="5.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNet.WebPages" version="3.2.3" targetFramework="net461" />
  <package id="Microsoft.AspNetCore.Antiforgery" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Authorization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cors" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Cryptography.Internal" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.DataProtection.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Diagnostics" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Diagnostics.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting" version="1.1.3" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Hosting.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Hosting.Server.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Html.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Http.Features" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.HttpOverrides" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.JsonPatch" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Localization" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ApiExplorer" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Cors" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.DataAnnotations" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Formatters.Json" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Localization" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.Razor.Host" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.TagHelpers" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Mvc.ViewFeatures" version="1.1.3" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Razor.Runtime" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCaching.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.ResponseCompression" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Rewrite" version="1.0.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Routing" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Routing.Abstractions" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.AspNetCore.Server.Kestrel" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.Kestrel.Https" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.Server.WebListener" version="1.1.4" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.StaticFiles" version="1.1.2" targetFramework="net452" />
  <package id="Microsoft.AspNetCore.WebUtilities" version="1.1.2" targetFramework="net451" />
  <package id="Microsoft.Extensions.DependencyInjection.Abstractions" version="1.1.1" targetFramework="net451" />
  <package id="Microsoft.Extensions.Primitives" version="2.1.0" targetFramework="net451" />
  <package id="Microsoft.NETCore.App" version="2.0.0" />
  <package id="Microsoft.AspNetCore.Mvc" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Core" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Mvc.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Extensions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Abstractions" version="2.1.0" />
  <package id="Microsoft.AspNetCore.Http.Features" version="2.1.0" />
 2018-11-02 16:45:47 +00:00
Tom Hvitved
665173692c C#: Fix whitespaces 2018-10-30 13:15:46 +01:00
Tom Hvitved
3f6fb0f573 Merge pull request #364 from calumgrant/cs/extractor/fix-violations 
C#: Remove results from cs/local-shadows-member
 2018-10-29 11:25:23 +01:00
calumgrant
ec2bf914c8 Merge pull request #339 from hvitved/csharp/cfg/assertions 
C#: Detect constantly failing assertions in the CFG
 2018-10-26 10:32:23 +01:00
calum
3041756207 C#: Allow constructor parameters to shadow class members. 2018-10-24 17:48:51 +01:00
calum
5a4af0c2b2 C#: Update test case for LockOrder. 2018-10-19 18:13:03 +01:00
calum
5864e57398 C#: Improvements to LockOrder.ql. Detect inter-procedural locks, and tidy up the tests. 2018-10-19 18:11:49 +01:00