codeql

mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00

Author	SHA1	Message	Date
Anders Schack-Mulligen	7ec1fa2ebe	Dataflow: Sync.	2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen	3c3d71d4a0	Dataflow: Sync	2021-09-07 12:51:42 +02:00
Tamás Vajk	1dc712f54d	Merge pull request #6629 from tamasvajk/feature/dispatch-fix C#: Fix dispatch library to handle summarized callables with no runti…	2021-09-07 12:35:45 +02:00
Tamas Vajk	203ca3f91b	C#: improve stubbing to escape more member names (not just fields)	2021-09-07 12:34:23 +02:00
Tamás Vajk	7befdc9c5c	Merge pull request #6627 from tamasvajk/feature/stub-readme C#: Add readme to stub folder	2021-09-07 12:09:52 +02:00
Tamás Vajk	c63fd4a254	Merge pull request #6260 from tamasvajk/feature/method-name C#: Change generic method names to include <> and type args/params	2021-09-07 12:09:27 +02:00
Tamas Vajk	3a9cf639bd	Change ServiceStack redis sinks to code injection instead of SQL injection	2021-09-06 16:59:31 +02:00
Tamas Vajk	5fa9f16c01	Adjust ServiceStack CSV rows with generic method names	2021-09-06 16:45:21 +02:00
Tamas Vajk	f6366e1e1f	Merge branch 'feature/method-name' into feature/service-stack	2021-09-06 15:52:08 +02:00
Tamas Vajk	207d8f6030	Merge branch 'main' into feature/service-stack	2021-09-06 15:46:43 +02:00
Tamas Vajk	5014ef2337	C#: Add ServiceStack support with CSV data model	2021-09-06 14:06:37 +02:00
Tamas Vajk	43ccc14162	Add ServiceStack stubs and empty test referencing it	2021-09-06 14:05:41 +02:00
Tamas Vajk	e3a49f8213	C#: improve stubbing to escape more member names (not just fields)	2021-09-06 14:02:42 +02:00
Tamas Vajk	270b56af1b	Extend runtime callables to interface members with default implementation	2021-09-06 14:02:42 +02:00
Tamas Vajk	39a88d2e43	Fix dispatch library to handle summarized callables with no runtime target	2021-09-06 14:02:42 +02:00
Tamas Vajk	648197db35	C#: Fix dispatch library to handle summarized callables with no runtime target	2021-09-06 13:45:43 +02:00
Tamas Vajk	0d88d18781	C#: Add readme to stub folder	2021-09-06 13:42:36 +02:00
Andrew Eisenberg	bb9911e06f	Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency	2021-09-06 04:40:58 -07:00
Tamas Vajk	b7f13a7e1f	C#: Change generic method names to include <> and type args/params	2021-09-06 11:48:22 +02:00
Andrew Eisenberg	6a47fcaf1f	Packaging: Normalize all qlpack.yml files for all languages This commit ensures consistency among all of our qlpacks. Here are the changes: 1. Ensure only modern references are used (codeql-{lang} is converted to codeql/{lang}-all or codeql/{lang}-queries where appropriate). 2. Use consistent version numbers. All languages are at 0.0.2 except javascript, which is 0.0.3. 3. Convert all `libraryPathDependencies` to `dependencies` with version constraints 4. Dependencies from query packs to other packs are always `"*"` since these dependencies are always from source and we should get the latest. 5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must be strict since there is a tight connection between the libary and its relevant upgrades.	2021-09-03 11:53:28 -07:00
Tamas Vajk	c02a743835	Revert redundant order by	2021-09-03 16:51:32 +02:00
Tamas Vajk	3560853f36	C#: Fix ordering of stubbed type members, implemented interfaces, and location comments	2021-09-03 09:53:34 +02:00
Tom Hvitved	c3ecae503b	Data flow: Sync files	2021-09-01 19:58:47 +02:00
Tom Hvitved	136c8b5192	Data flow: Improve `callMayFlowThroughFwd` join order Before: ``` [2021-08-25 09:56:29] (1395s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@111fb3: 15495496 ~5% {5} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.3, In.4, In.2 'config', In.0 'call', In.1 1450611958 ~6335% {5} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlow#fffff_03412#join_rhs ON FIRST 3 OUTPUT Lhs.3 'call', Lhs.4, Lhs.2 'config', Rhs.3, Rhs.4 7043648 ~20415% {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 5 OUTPUT Lhs.0 'call', Lhs.2 'config' return r3 ``` After: ``` [2021-08-25 10:57:02] (2652s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@d3e27b: 15495496 ~0% {6} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.0 'call', In.1, In.2 'config', In.3, In.4, In.2 'config' 9236888 ~22% {7} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Rhs.4, Lhs.4, Lhs.5, Lhs.0 'call', Lhs.2 'config' 7043648 ~20415% {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlow#fffff ON FIRST 5 OUTPUT Lhs.5 'call', Lhs.6 'config' return r3 ```	2021-09-01 19:57:29 +02:00
Tom Hvitved	c8a5397085	Merge pull request #6513 from hvitved/csharp/cfg/shared C#: Make CFG library shared	2021-08-31 11:55:43 +02:00
Tom Hvitved	7fc536db15	Data flow: Add precise call contexts to stage 2	2021-08-31 10:44:33 +02:00
Tom Hvitved	789e2e48cf	C#: Remove temporary dispatch restriction	2021-08-30 14:49:04 +02:00
Tom Hvitved	05b45da42f	Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`	2021-08-30 11:31:22 +02:00
Tom Hvitved	7e1efbdd8e	C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`	2021-08-26 13:48:57 +02:00
Tom Hvitved	592a42231f	C#: Fix test for `InsecureSQLConnection.ql`	2021-08-26 13:48:56 +02:00
Tom Hvitved	ab2bc38789	C#: Use shared logic in `NodeGraph.ql` test	2021-08-25 11:35:12 +02:00
Tom Hvitved	d405284d36	C#: Make CFG library shared	2021-08-25 11:35:11 +02:00
Tom Hvitved	01f7fdfea5	C#: Update call-context data-flow tests	2021-08-25 10:34:53 +02:00
Ian Lynagh	a9db1c52e5	All languages: Add getPrimaryQlClasses() This is a non-overridable predicate that concatenates all the getAPrimaryQlClass() results into a comma-separated string.	2021-08-23 15:49:10 +01:00
Andrew Eisenberg	c9f1c98390	Packaging: C# refactoring Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.	2021-08-19 14:09:35 -07:00
Tamás Vajk	763de4fff9	Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix C#: Adding Membership.GeneratePassword() as a bad source of random data	2021-08-19 11:16:26 +02:00
Tamas Vajk	d97525e21e	Fix minor quality issues in comment and change note	2021-08-19 09:30:23 +02:00
Erik Krogh Kristensen	dd59f79947	use min() instead of rank[1]()	2021-08-18 11:09:03 +02:00
Andrew Eisenberg	03d6b15401	Merge branch 'main' into aeisenberg/pack/cpp	2021-08-17 15:28:47 -07:00
Tom Hvitved	44ff623d8c	Merge pull request #5508 from edvraa/deserializers deserialization sinks	2021-08-17 11:41:52 +02:00
Andrew Eisenberg	e566fb9c5a	Packaging: Update suite-helpers qlpack Uses new style naming scheme.	2021-08-16 17:51:33 -07:00
Tamás Vajk	166a6b02f6	Merge pull request #6268 from tamasvajk/feature/generic-type-name C#: Remove type args/params from generic type names in extractor	2021-08-16 12:22:16 +02:00
Tamas Vajk	2437546009	Merge branch 'main' into feature/service-stack	2021-08-10 15:16:17 +02:00
Tamas Vajk	243424063a	Add pragma inline to getMember/Method/Callable	2021-08-10 13:25:56 +02:00
Tamas Vajk	51661bfa62	Add pragma noinline to fix uselessUpcast check	2021-08-10 13:24:30 +02:00
Tamas Vajk	91bd3d1a11	Cache getName to improve performance	2021-08-09 10:28:31 +02:00
Tamás Vajk	c1cf2a1c5f	Merge pull request #5579 from edvraa/cookies C#: HttpOnly and Secure cookie queries	2021-08-09 08:58:11 +02:00
Raul Garcia	2708326624	Update csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2021-08-05 16:33:01 -07:00
Tom Hvitved	9eb3f28ef1	C#: Add missing `nodes` predicate to XSS queries	2021-08-05 13:53:52 +02:00
Tom Hvitved	6471092139	Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit C#: Guard against virtual dispatch branching too much.	2021-08-05 13:20:14 +02:00

... 5 6 7 8 9 ...

3083 Commits