hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-19 11:51:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,021 Commits 1,782 Branches 169 Tags
274f014d31fc25a9bfd5bc7e6479c9c14f300dc1
Commit Graph

9671 Commits

Author SHA1 Message Date
Michael Nebel
e94d279234 Merge pull request #21984 from forks-felickz/felickz/razor-page-handler-sources 
C#: Add Razor Page handler method parameters as remote flow sources
 2026-06-16 13:15:51 +02:00
Michael Nebel
01454d76c2 Merge pull request #21881 from michaelnebel/csharp/propertycalls 
C#: Property- and Indexer call targets for partial overrides.
 2026-06-16 08:46:33 +02:00
Michael Nebel
859ad1d8d0 Merge pull request #21877 from michaelnebel/csharp/spanaccessrange 
C#: Extract `.Slice` method call when using a span in conjunction with a range.
 2026-06-16 08:42:57 +02:00
Chad Bentz
c08c0e9ae5 Merge branch 'main' into felickz/razor-page-handler-sources 2026-06-15 11:35:54 -04:00
Chad Bentz
4f1d6f472d Fix test comments: replace GOOD/BAD markers with flow source descriptions 
Per review feedback, GOOD/BAD markers don't apply to flow source
enumeration tests. Use descriptive comments instead.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-15 11:34:43 -04:00
Michael Nebel
c31b594bbc C#: Address review comments. 2026-06-15 16:17:46 +02:00
Michael Nebel
66db0d42a9 C#: Address review comment. 2026-06-15 15:41:19 +02:00
Michael Nebel
175c4f1b0d C#: Add models as data tests for compound assignment operators. 2026-06-15 13:26:39 +02:00
Michael Nebel
ab4f170780 Merge pull request #21909 from michaelnebel/csharp/refactoroperations 
C#: Refactor- and rename operation expressions.
 2026-06-15 12:35:39 +02:00
Michael Nebel
d0841d2283 C#: Address review comments. 2026-06-15 11:04:59 +02:00
Chad Bentz
23567eba3d C#: Add change note for Razor Page handler flow sources 
Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-12 19:53:00 -04:00
Chad Bentz
ce9e61dbfd C#: Add Razor Page handler method parameters as remote flow sources 
ASP.NET Core Razor Page handler method parameters (OnGet, OnPost, etc.)
were not modeled as remote flow sources, causing security queries like
SQL injection to miss vulnerabilities in PageModel subclasses.

This adds AspNetCorePageHandlerMethodParameter, analogous to the existing
AspNetCoreActionMethodParameter for MVC controllers, using the existing
PageModelClass.getAHandlerMethod() from Razor.qll.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-12 19:50:12 -04:00
Michael Nebel
346d140c87 C#: Add change-note. 2026-06-12 15:33:49 +02:00
Michael Nebel
9f0feb467a C#: Add upgrade/downgrade scripts. 2026-06-12 15:26:16 +02:00
Anders Schack-Mulligen
ff61344afa Cfg: Add support for until-statements. 2026-06-12 13:55:05 +02:00
Michael Nebel
8d46bfcbd4 C#: Update some of the QL docs. 2026-06-12 12:41:27 +02:00
Michael Nebel
f0640d78d2 C#: Deprecate the operation module. 2026-06-12 12:41:24 +02:00
Michael Nebel
fb9e4a8c40 C#: Move logical operation class from Operation.qll to LogicalOperation.qll. 2026-06-12 12:41:22 +02:00
Michael Nebel
3c407f77a9 C#: Update the QL library implementation for logical operations. 2026-06-12 12:41:19 +02:00
Michael Nebel
9465a1d063 C#: Update DB scheme for logical assignments and expressions (and some other minor changes). 2026-06-12 12:41:16 +02:00
Michael Nebel
072c4837d2 C#: Move bitwise operation classes from Operation.qll to BitwiseOperation.qll. 2026-06-12 12:41:14 +02:00
Michael Nebel
ee040da575 C#: Update test expected output. 2026-06-12 12:41:11 +02:00
Michael Nebel
524330c188 C#: Update the QL library implementation for Bitwise operations. 2026-06-12 12:41:09 +02:00
Michael Nebel
7d54669696 C#: Update DB scheme for bitwise assignments and expressions (and some other minor changes). 2026-06-12 12:41:06 +02:00
Michael Nebel
951a26a01a C#: Move arithmetic like classes from Operation.qll to ArithmeticOperation.qll. 2026-06-12 12:41:03 +02:00
Michael Nebel
2bbcc1e88c C#: Update the QL library implementation for Arithmetic operations. 2026-06-12 12:41:01 +02:00
Michael Nebel
d101e45efc C#: Update DB scheme for arithmetic assignments and expressions (and some other minor changes). 2026-06-12 12:40:58 +02:00
Anders Schack-Mulligen
f3ec7087e3 Cfg: Fix type. 2026-06-12 10:02:48 +02:00
Michael Nebel
0a0867a34f C#: Add change-note. 2026-06-12 10:01:13 +02:00
Michael Nebel
4f93dfbd6a C#: Update test expected output. 2026-06-12 10:01:10 +02:00
Michael Nebel
b280dd51f2 C#: Use the first getter/setter when calling a property (override can apply to only a getter or a setter). 2026-06-12 10:01:08 +02:00
Michael Nebel
d8e10b8c21 C#: Add some more properties test examples and update expected test output. 2026-06-12 10:01:05 +02:00
Michael Nebel
01b463f442 C#: Exclude function pointer calls for the DB isNotOk missing target. 2026-06-12 10:01:02 +02:00
Michael Nebel
90d888de7f C#: Remove using. 2026-06-12 09:41:30 +02:00
Michael Nebel
3f0af57c89 C#: Update test expected output. 2026-06-12 09:41:27 +02:00
Michael Nebel
a646dfc4b9 C#: Extract call target when Range is not hardcoded as call argument. 2026-06-12 09:41:22 +02:00
Michael Nebel
5633004757 C#: Add more tests. 2026-06-12 09:41:18 +02:00
Michael Nebel
6d13ff7952 C#: Address review comments. 2026-06-12 09:41:14 +02:00
Michael Nebel
05d41c7f8d C#: Update the test expected output. 2026-06-12 09:41:09 +02:00
Michael Nebel
d9be99c73d C#: Simplify the implementation to avoid introducing synthetic assignments. 2026-06-12 09:41:05 +02:00
Michael Nebel
330b4e7ebc C#: Address other CoPilot review comments. 2026-06-12 09:41:02 +02:00
Michael Nebel
0f7e36958d C#: Add test case. 2026-06-12 09:40:59 +02:00
Michael Nebel
02c37321d0 C#: Add case for open ended range. 2026-06-12 09:40:54 +02:00
Michael Nebel
2f473572fa C#: Add more testcases and update expected output. 2026-06-12 09:40:51 +02:00
Michael Nebel
edc1c150a0 C#: Update change note. 2026-06-12 09:40:47 +02:00
Michael Nebel
d9152392ce C#: Add test case and expected output. 2026-06-12 09:40:42 +02:00
Michael Nebel
9c9c89615e C#: Extract Slice and Substring operations and synthesize the call arguments, when using indexers in conjunction with ranges on spans and strings. 2026-06-12 09:40:39 +02:00
Michael Nebel
b8edde6d44 C#: Add change-note. 2026-06-12 09:40:35 +02:00
Michael Nebel
5c8857ada2 C#: Update DB quality expected test output. 2026-06-12 09:40:32 +02:00
Michael Nebel
01fe081f36 C#: Extract the indexer as the call target when using range expressions with spans. 2026-06-12 09:40:29 +02:00