hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity
65,186 Commits 1,673 Branches 157 Tags
0aa7de295bfa11a46d6f0a01dbc1b6e68c089bdc
Commit Graph

6077 Commits

Author SHA1 Message Date
Tamás Vajk
0aa7de295b Merge pull request #16004 from tamasvajk/feature/adjust-incorrect-compare-to 
C#: Simplify the output of `cs/wrong-compareto-signature` to remove e…
 2024-03-21 14:38:54 +01:00
Henry Mercer
4e3a6e2140 Merge pull request #15874 from github/henrymercer/mark-loc-as-telemetry 
Show lines of code data in debug mode only
 2024-03-21 12:20:09 +00:00
Tamas Vajk
9d655520cc Code quality improvement 2024-03-21 11:26:45 +01:00
Tamas Vajk
d0c09f43a9 Add change note 2024-03-21 11:13:42 +01:00
Tamas Vajk
9da8cb1165 C#: Simplify the output of cs/wrong-compareto-signature to remove entity locations 2024-03-21 10:27:55 +01:00
Michael Nebel
6619be3137 Merge pull request #15940 from michaelnebel/csharp/sourcesinktests 
C#: Source- and sink tests.
 2024-03-21 08:12:16 +01:00
Henry Mercer
a76832f4e0 Mark LOC queries as debug instead 2024-03-20 21:18:55 +00:00
Michael Nebel
969676975d C#: Address review comments. 2024-03-20 15:28:56 +01:00
Michael Nebel
d3aa2eed64 C#: Fix test. 2024-03-19 16:30:24 +01:00
Dave Bartolomeo
311ba8ea1b Merge from main to resolve conflicts 2024-03-19 10:41:31 -04:00
Tom Hvitved
ee3e38f0eb Simplify test interface in FlowSummaryImpl.qll 2024-03-19 14:35:00 +01:00
Michael Nebel
d24f032d97 C#: Update other tests. 2024-03-19 14:20:43 +01:00
Michael Nebel
b39842501a C#: Update sink test expected output. 2024-03-19 14:20:42 +01:00
Michael Nebel
e32902ad47 C#: Update source expected test output. 2024-03-19 14:20:42 +01:00
Michael Nebel
5b37ee4ec7 Re-factor TestOutput into a param module. 2024-03-19 14:20:42 +01:00
Michael Nebel
90db9b330f C#: Add MaD source and sink test query to shared library. 2024-03-19 13:45:38 +01:00
Erik Krogh Kristensen
a3da6c886b Merge pull request #15895 from erik-krogh/url-java-qhelp 
Java: update the url-redirection in the same style as the C# qhelp
 2024-03-18 21:10:07 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Tom Hvitved
e53357d376 Update expected test output 2024-03-18 14:49:32 +01:00
Arthur Baars
dbf16827bf Merge pull request #15951 from github/aibaars/changenotes-fixes 
Fix minor formatting issues in changenotes
 2024-03-18 12:56:50 +01:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Arthur Baars
a810165e35 Fix minor formatting issues in changenotes 2024-03-18 10:57:05 +01:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Ed Minnix
71cf948650 Classes extending SourceNode for local and stored source models 
Queries such as `cs/sql-injection` cast their source to a `SourceNode`
in order to describe them. For example:

```ql
import semmle.code.csharp.security.dataflow.flowsources.FlowSources

string getSourceType(DataFlow::Node source) {
   result = source.(SourceNode).getSourceType()
}
```

Models as data source models are not included in `SourceNode` by
default, they must be wrapped with a class extending `SourceNode`.

This adds such classes, which wrap the
`sourceNode(DataFlow::Node,string)` predicate and assigns a
`getSourceType`.
 2024-03-14 22:23:54 -04:00
erik-krogh
ef8368cfc4 fix typo 2024-03-13 22:37:13 +01:00
Michael Nebel
560b355e0c C#: Remove hard-coded local sources from the uncontrolled-format-string query. 2024-03-13 14:26:30 +01:00
Edward Minnix III
c190dd21db Merge pull request #15877 from egregius313/egregius313/csharp/mad/sources/windows-registry 
C#: Add source models for values from the Windows registry
 2024-03-12 16:41:42 -04:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Michael Nebel
f59aaf1d75 C#: Add change note. 2024-03-12 11:12:55 +01:00
Michael Nebel
2e5155d1f8 C#: Remove all CIL related tests. 2024-03-12 11:12:55 +01:00
Ed Minnix
7745c2c2b7 Change note 2024-03-11 17:00:12 -04:00
Tom Hvitved
257686eb9a C#: Implement new data flow interface 2024-03-11 20:56:38 +01:00
Ed Minnix
bc745dfd5e Windows registry sources 2024-03-11 13:55:34 -04:00
Henry Mercer
c325ff8a23 Mark lines of code queries as telemetry queries 
The new file coverage metrics are available in all supported GHES
versions. This PR tags lines of code queries as telemetry queries. Lines
of code information will still be available in the SARIF file, but it
will no longer be displayed in the logging output of the CLI.

The one exception is the metric queries for Java/Kotlin that provides
separate lines of code information for Java and Kotlin. I've kept these
since separate file coverage information for languages like Java and
Kotlin is only available for GHES 3.12 and later.
 2024-03-11 16:40:31 +00:00
Michael Nebel
f571ebdaf4 C#: Overall change note for C# 12 / .NET 8 support. 2024-03-11 14:43:14 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Ed Minnix
3fdc7e95df Add local models to CodeInjection tests 2024-03-10 22:20:54 -04:00
Ed Minnix
8187b00562 Change note 2024-03-10 22:20:52 -04:00
Ed Minnix
d300736c7e Remove AddLocalSource classes 2024-03-10 22:20:51 -04:00
Edward Minnix III
58f2777532 Merge pull request #15629 from egregius313/egregius313/csharp/dataflow/threat-modeling/remove-stored-query-variants 
C#: Remove `Stored` variants of queries
 2024-03-10 22:17:03 -04:00
Edward Minnix III
e7852f520f Merge pull request #15605 from egregius313/egregius313/csharp/dataflow/sources/commandargs-and-environment 
C#: Add more `environment` and `commandargs` sources for the C# Standard Library
 2024-03-08 14:10:09 -05:00
Michael Nebel
36a775502f Merge pull request #15851 from microsoft/54-csharp-add-missing-mad-for-httprequestmessage-upstream 
csharp update MaD for HttpRequestMessage
 2024-03-08 12:39:08 +01:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Ed Minnix
7f950d8e0d Fix ExpandEnvironmentVariables test case 2024-03-07 21:48:05 -05:00
Lindsay Simpkins
7dd175d938 change note 2024-03-07 17:16:17 -08:00
Lindsay Simpkins
feb1ca29cc csharp update MaD for HttpRequestMessage 2024-03-07 15:00:05 -08:00
Michael Nebel
5b48bc4a3e C#: Delete the experimental IR queries. 2024-03-07 19:22:47 +01:00
Michael Nebel
48fcec82d6 Merge pull request #15736 from michaelnebel/csharp/disconnectfromdotnet 
C#: Deprecate dotnet and CIL in QL.
 2024-03-07 19:17:05 +01:00
Ed Minnix
608a3f907c Add type signature for methods with no overloads 2024-03-07 12:32:06 -05:00