Tom Hvitved
15e4b7f95d
C#: Remove CP from HardcodedCredentials::getCredentialSink
2021-04-19 15:03:11 +02:00
edvraa
c3deb48efa
Charpred for InstanceMethodSink
2021-04-16 17:19:42 +03:00
Tom Hvitved
40b74167e0
C#: Improve performance of DisposeNotCalledOnException.ql
2021-04-16 14:34:16 +02:00
Tom Hvitved
946fcf1c82
C#: Speedup DispatchMethodOrAccessorCall::getAViableOverrider()
...
In addition to improved performance, the analysis no longer applies a closed-world
assumption to type parameters. That is, if the type of a receiver is a type parameter,
then the call may target any method of a compatible receiver type, not just the
types that actually instantiate the type parameter.
2021-04-16 10:43:17 +02:00
edvraa
a412581556
reintroduce UnsafeDeserializer
2021-04-15 22:32:42 +03:00
edvraa
3aedd2c1f4
Use TaintTracking2
2021-04-15 22:12:01 +03:00
edvraa
773556e5e0
Use hasFlow where path is not needed
2021-04-15 16:27:09 +03:00
edvraa
1581a27d3d
Simplify getTarget check
2021-04-15 16:24:36 +03:00
Tom Hvitved
0f24db8759
C#: Improve performance of SsaImpl::CallGraph::SimpleDelegateAnalysis
2021-04-15 11:25:27 +02:00
edvraa
b027fddc7e
Remove redundant check
2021-04-15 00:14:09 +03:00
edvraa
3a9d1f46fd
Hide implementation details
2021-04-15 00:09:19 +03:00
edvraa
a4fd70aa3d
Use don't care expression
2021-04-14 23:35:38 +03:00
Tom Hvitved
36fe72246b
C#: Add change note
2021-04-14 09:22:16 +02:00
Tom Hvitved
4810308b16
C#: Add Customizations.qll
2021-04-14 09:16:31 +02:00
Tom Hvitved
9b0ef2fe21
Merge pull request #5654 from hvitved/csharp/autobuilder/pwsh
...
C#: First try `pwsh` and then `powershell` when calling `dotnet-install.ps1`
2021-04-13 13:15:01 +02:00
Tom Hvitved
15c103e42d
C#: Remove code duplication in BuildScripts.cs
2021-04-13 10:57:15 +02:00
Tom Hvitved
dfc91b8331
C#: Simplify dotnet-install.ps1 invocation
...
Using the pattern from https://docs.microsoft.com/en-us/dotnet/core/tools/dotnet-install-script .
2021-04-12 17:33:33 +02:00
Tom Hvitved
d35a501121
Merge pull request #5583 from lcartey/cs/restrict-jump-to-def
...
C#: Exclude jump-to-def information for elements with too many locations
2021-04-12 16:52:20 +02:00
Tom Hvitved
7d2a60e910
Merge pull request #5640 from hvitved/dataflow/path-step-perf
...
Data flow: Prevent bad join-order in `pathStep`
2021-04-12 14:40:46 +02:00
Tamas Vajk
b4d35b52c3
C#: Add Console.Read* to local flow sources
2021-04-12 14:19:17 +02:00
Tom Hvitved
5446532e1d
C#: Update auto-builder tests
2021-04-12 14:01:55 +02:00
Tom Hvitved
c7686b1838
C#: First try pwsh and then powershell when calling dotnet-install.ps1
2021-04-12 13:01:14 +02:00
Tom Hvitved
f130616369
Data flow: Make getLocalCc private again
2021-04-09 16:22:58 +02:00
Tamás Vajk
992a4df12f
Merge pull request #5619 from tamasvajk/feature/fix-default-argument-value-extraction
...
C# Improve default argument value extraction
2021-04-09 14:58:35 +02:00
Tom Hvitved
6874b8d4b3
Data flow: Prevent bad join-order in pathStep
2021-04-09 14:24:47 +02:00
Tamas Vajk
46197e6e69
Address review comments
2021-04-09 13:39:37 +02:00
Tom Hvitved
c9c4c067b6
Merge pull request #5633 from hvitved/csharp/get-a-source-type-perf
...
C#: Improve performance of `Dispatch::SimpleTypeDataFlow::getASourceType()`
2021-04-09 11:42:34 +02:00
Tamás Vajk
a335bb0115
Merge pull request #5609 from tamasvajk/feature/dapper
...
C#: Dapper support
2021-04-09 10:52:17 +02:00
Tamas Vajk
d7f0b9a7fa
Add change note
2021-04-09 09:58:37 +02:00
Tamas Vajk
749db379ca
Address code review findings
2021-04-09 09:55:37 +02:00
Tamas Vajk
dbb3d3dc17
Add change note
2021-04-09 09:50:55 +02:00
Tamás Vajk
8adaee05b6
Merge pull request #5453 from tamasvajk/feature/use_codeql_stubs
...
C#: Adjust make_stubs.py to use codeql instead of odasa
2021-04-08 16:16:05 +02:00
Tamas Vajk
e5160929eb
Remove ODASA reference from make_stubs.py
2021-04-08 15:04:02 +02:00
Tom Hvitved
036e181bc1
C#: Improve performance of Dispatch::SimpleTypeDataFlow::getASourceType()
2021-04-08 14:27:28 +02:00
Tom Hvitved
716568ebd1
Merge pull request #5623 from hvitved/csharp/enclosing
...
C#: Compute enclosing callable as a transitive closure
2021-04-08 14:20:09 +02:00
Tom Hvitved
9820116734
Merge pull request #5603 from hvitved/csharp/dataflow/no-unique
...
C#: Remove `unique` wrappers from `DataFlow::Node::get(EnclosingCallable|ControlFlowNode)`
2021-04-08 14:19:34 +02:00
Tamas Vajk
a790eb8110
Fix for unconstrained generic types
2021-04-08 12:20:01 +02:00
Tamas Vajk
a8cbdc92b9
Add more test cases
2021-04-08 12:17:19 +02:00
Tamas Vajk
551a7ce9e5
Fix expression value of struct default argument values
2021-04-08 12:14:53 +02:00
Tamas Vajk
c069c3384e
Fix tests
2021-04-08 12:07:36 +02:00
Tamas Vajk
cb9a9db356
C# Improve default argument value extraction
2021-04-08 12:07:22 +02:00
Tamas Vajk
2ac1e60406
C#: Add parameter default value tests
2021-04-08 12:04:18 +02:00
Tom Hvitved
1cf30d2a9e
C#: Compute enclosing callable as a transitive closure
2021-04-07 17:44:41 +02:00
Tamas Vajk
ffcb345916
C#: Add Dapper support to SQL injection queries
2021-04-06 17:06:20 +02:00
Tom Hvitved
f45916efda
Merge pull request #5605 from hvitved/csharp/exclude-dependency-queries
...
C#: Remove mentions of `exclude-dependency-queries.yml`
2021-04-06 14:58:49 +02:00
Tamas Vajk
98001c494f
C#: Add Dapper stub and new SqlInjection test cases
2021-04-06 13:30:31 +02:00
Tom Hvitved
e0e58b24ea
C#: Remove mentions of exclude-dependency-queries.yml
2021-04-06 11:50:36 +02:00
Tom Hvitved
e852540254
C#: Remove unique wrappers from DataFlow::Node::get(EnclosingCallable|ControlFlowNode)
2021-04-06 09:56:09 +02:00
Luke Cartey
480ce39618
C#: Exclude jump-to-def information for elements with too many locations
...
In databases which include multiple duplicated files, we can get an
explosion of definition locations that can cause this query to produce
too many results for the CodeQL toolchain. This commit restricts the
definitions.ql query to producing definition/uses for definitions with
fewer than 10 locations. This replicates the logic used in the C++
definitions.qll library which faces similar problems.
2021-04-01 11:23:31 +01:00
edvraa
13080703b9
Make query symmetric
2021-03-31 15:59:19 +03:00
