hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,850 Commits 1,671 Branches 157 Tags
01f9b42472c3e6bfc0c8cf93730cc1bf2e218807
Commit Graph

720 Commits

Author SHA1 Message Date
Luke Cartey
b1d5d5bf86 C#: ZipSlip - Refine StartsWith sanitizer. 
ZipSlip can be avoided by checking that the combined and resolved
path `StartsWith` the appropriate destination directory. Refine the
`StartsWith` sanitizer to:

 * Consider expressions guarded by an appropriate StartsWith check to be
sanitized.
 * Consider a StartsWith check to be inappropriate if it is checking the
result of `Path.Combine`, as that has not been appropriately resolved.

Tests have been updated to reflect this refinement.
 2018-08-24 14:27:25 +01:00
Tom Hvitved
d4551e5897 Merge pull request #81 from lukecartey/csharp/zipslip-reformat 
C#: ZipSlip - Rearrange query, add help and update doc
 2018-08-24 09:40:20 +02:00
calumgrant
04bccd0137 Merge pull request #55 from denislevin/denisl/cs/DontInstallRootCertificate 
cs: Don't Install Root Certificate (CWE-327)
 2018-08-23 17:36:50 +01:00
Luke Cartey
86a7df0ef5 C#: ZipSlip - Address doc team comments. 2018-08-23 15:57:00 +01:00
Luke Cartey
4f57456df1 C#: ZipSlip - Add spaces into bad example. 2018-08-21 13:06:29 +01:00
Luke Cartey
6959d80a28 C#: ZipSlip - Update help, compile and test samples. 2018-08-21 12:17:48 +01:00
Denis Levin
be3d2931e3 Changed query message text as requested 2018-08-20 14:02:33 -07:00
Luke Cartey
99d1cf70be C#: ZipSlip - Update name, description and message. 
This commit updates the name, description and message to better match
the house style for the security queries.
 2018-08-20 16:59:56 +01:00
Denis Levin
276deee68c Added comments to the test file. Fixed a typo. 2018-08-17 10:50:52 -07:00
Denis Levin
2a46a26d9e Update addressing review comments 2018-08-16 17:29:04 -07:00
calum
fc5963b831 C#: Rename filename in expected test output. 2018-08-14 13:00:25 +01:00
calum
82f0c389c7 C#: Update test references to use .NET Core, and change relative directory of moved test file. 2018-08-14 12:52:26 +01:00
Denis Levin
7492dabde0 cs: Don't Install Root Certificate (CWE-327) 2018-08-13 16:43:44 -07:00
Denis Levin
cee996c543 Adding .expected file to QLTest 2018-08-13 15:04:15 -07:00
Denis Levin
242fba3fd2 cs: Query for ZipSlip vulnerability (CVE-2018-1002200) 
Initial check in to validate the tests
 2018-08-13 14:56:45 -07:00
Tom Hvitved
323709b5ad C#: Generalize cs/constant-condition 2018-08-06 13:45:23 -07:00
calumgrant
e8df86ebf8 Merge pull request #4 from hvitved/csharp/whitespaces 
C#: Fix whitespaces
 2018-08-03 16:06:47 +01:00
Tom Hvitved
d05109df76 C#: Update queries in Bad Practices/Implementation Hiding 2018-08-03 14:19:58 +02:00
Tom Hvitved
5d498fda72 C#: Fix whitespaces 2018-08-03 14:10:44 +02:00
Pavel Avgustinov
b55526aa58 QL code and tests for C#/C++/JavaScript. 2018-08-02 17:53:23 +01:00