hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
63,132 Commits 1,671 Branches 157 Tags
33b6ce7365c8c4dd2d666bd7fe9bff01e54c6dc4
Commit Graph

6819 Commits

Author SHA1 Message Date
Tamás Vajk
01b89508a8 Merge pull request #15424 from tamasvajk/standalone/logging 
C#: Improve log messages in buildless mode + some cleanup/refactoring
 2024-01-25 11:08:50 +01:00
Tamas Vajk
199b0578be C#: Log number of restored dotnet framework variants 2024-01-24 15:23:38 +01:00
Tamas Vajk
30095e3179 Refactor dotnet restore calls 2024-01-24 13:56:40 +01:00
Tamas Vajk
d742cd3e44 C#: Remove progress monitor from dependency fetcher, use logger directly 2024-01-24 12:29:02 +01:00
Tamas Vajk
13a8168c8e C#: Improve log messages in standalone extractor 2024-01-24 12:28:00 +01:00
Henry Mercer
3af42d57a0 Merge pull request #15402 from github/henrymercer/csharp-build-mode 
C#: Enable standalone extraction via `--build-mode`
 2024-01-24 09:01:03 +00:00
Michael Nebel
2be1ee8b34 Merge pull request #15394 from michaelnebel/csharp/urlredirect-sanitizer 
C#: Add more santizers to the `cs/web/unvalidated-url-redirection` query.
 2024-01-24 08:42:05 +01:00
Henry Mercer
0928c93989 Use TryGetValue 2024-01-23 20:43:19 +00:00
Henry Mercer
e73c1b7281 Be forgiving with casing of build mode environment variable 2024-01-23 20:35:43 +00:00
Henry Mercer
a75c8273f9 C#: Allow checking environment variables that may be undefined 
The build mode environment variable for instance is only set when a build mode is specified.
 2024-01-23 20:33:16 +00:00
Michael Nebel
10be0deeb5 C#: Add a couple more testcases. 2024-01-23 15:09:10 +01:00
Edward Minnix III
0e866a5447 Merge pull request #15359 from egregius313/egregius313/csharp/dataflow/threat-modeling/add-threatmodelflowsource 
C#: Threat Modeling - Introduce `ThreatModelFlowSource`
 2024-01-23 09:02:10 -05:00
Tamás Vajk
df8d453058 Merge pull request #15395 from tamasvajk/feature/standalone-nuget-restore-retry 
C#: Try fallback `dotnet restore` without nuget.config
 2024-01-23 14:45:00 +01:00
Erik Krogh Kristensen
f1d6f56621 Merge pull request #15393 from erik-krogh/deps-jan-2024 
All: delete outdated deprecations
 2024-01-23 13:52:38 +01:00
Michael Nebel
123e86e0e0 C#: Add dummy stats for inline_array_type. 2024-01-23 08:29:01 +01:00
Henry Mercer
6724dea54d C#: Enable standalone extraction via --build-mode 2024-01-22 19:12:07 +00:00
erik-krogh
865df920f9 add change-notes 2024-01-22 19:30:57 +01:00
Ed Minnix
a6c977c169 Use appropriate pack for test models 2024-01-22 12:24:21 -05:00
Ed Minnix
ff6d4c6ae6 Deprecation message 2024-01-22 11:09:53 -05:00
Ed Minnix
0ff12c07c7 Convert existing mapped-property classes to directly extend DatabaseInputSource 2024-01-22 11:09:51 -05:00
Ed Minnix
975327648c Remove commented-out code 2024-01-22 11:09:50 -05:00
Ed Minnix
51564200a1 Documentation for FlowSources library 2024-01-22 11:09:48 -05:00
Ed Minnix
83e66136ce Change note 2024-01-22 11:09:46 -05:00
Ed Minnix
c530fbd9f8 C# Threat Modeling Tests 2024-01-22 11:09:45 -05:00
Ed Minnix
3c9c07ec40 Rename SourceNode.qll to FlowSources.qll 2024-01-22 11:09:43 -05:00
Ed Minnix
392eac5f9a Refactor source node classes to use SourceNode superclass 
Refactor the existing flowsource classes to use the `SourceNode` class
to specify which threat model they support.
 2024-01-22 11:09:41 -05:00
Ed Minnix
d29df68c97 Introduce the SourceNode and ThreatModelFlowSource classes 
1. Introduces the `SourceNode` class which allows dataflow nodes
   representing sources to indicate the threat model they are associated
   with.
2. Introduces the `ThreatModelFlowSource` class which represents a
   source node which respects the threat model configuration
 2024-01-22 11:09:39 -05:00
Ed Minnix
ad093fde4f Add dependency on codeql/threat-models shared library 2024-01-22 11:09:38 -05:00
Tamas Vajk
de4e3963e7 C#: Try fallback nuget restore without nuget.config 2024-01-22 15:42:06 +01:00
Tamas Vajk
7c290ee2ba C#: Add integration test with nuget.config 2024-01-22 15:36:38 +01:00
Michael Nebel
1bb6f4962d C#: Match any {digit} in the format string. 2024-01-22 14:03:37 +01:00
Michael Nebel
b006b28e8a C#: Add change note. 2024-01-22 11:28:27 +01:00
Michael Nebel
5016113a0f C#: Add a string.Format sanitizer to url redirect and update expected test output. 2024-01-22 11:21:35 +01:00
Michael Nebel
884f3f1505 C#: Add string interpolation expression sanitizer to url redirect and update expected test output. 2024-01-22 11:21:19 +01:00
Michael Nebel
e33d5b5fb6 C#: Add some test examples for UrlRedirect using string interpolation and string.Format. 2024-01-22 09:42:23 +01:00
erik-krogh
8be7eadace delete outdated deprecations 2024-01-22 09:11:35 +01:00
Joe Farebrother
4de19b3ec9 Merge pull request #15039 from joefarebrother/csharp-razor-flow-page-models 
C#: Add flow steps from a PageModel to cshtml page.
 2024-01-19 10:07:25 +00:00
Michael Nebel
24855ddc64 Merge pull request #15328 from michaelnebel/csharp/inlinearrays 
C# 12: Inline array support.
 2024-01-19 09:11:26 +01:00
Michael Nebel
cb53ca4e1f Merge pull request #15367 from michaelnebel/csharp/nullablesimpletypesanitizer 
C#: Consider nullable simple types as sanitizers.
 2024-01-19 09:09:36 +01:00
Michael Nebel
43350b0664 C#: Add change note. 2024-01-18 13:55:18 +01:00
Michael Nebel
9e9b5292f2 C#: Add change note. 2024-01-18 13:50:52 +01:00
Michael B. Gale
d0003ce7be C#: Rename query to ExtractedFiles 2024-01-18 12:47:11 +00:00
Michael Nebel
337ab611c9 C#: Update expected test output. 2024-01-18 12:53:48 +01:00
Michael Nebel
9460c91c8c C#: Also consider nullable simple types (and datetime) as simple type sanitizers. 2024-01-18 12:53:29 +01:00
Michael Nebel
559842071a C#: Add example of log forging alert for simple nullable types and updated expected test output. 2024-01-18 12:50:40 +01:00
Michael Nebel
f8f95e6a19 C#: Add models as data test for inline arrays. 2024-01-18 12:23:26 +01:00
Michael Nebel
1d88ca2388 C#: Add more InlineArray test cases. 2024-01-18 12:23:26 +01:00
Michael Nebel
70e7c92774 C#: Also check the namespace of the InlineArrayAttribute. 2024-01-18 11:09:01 +01:00
Michael Nebel
674838e698 C#: Add flow test for inline arrays. 2024-01-18 11:09:01 +01:00
Michael Nebel
f14b3265ab C#: Move static methods in CollectionFlow as these impact result line numbers. 2024-01-18 11:09:00 +01:00