codeql

mirror of https://github.com/github/codeql.git synced 2026-03-06 15:49:08 +01:00

Author	SHA1	Message	Date
Tom Hvitved	3027ed2ca8	C#: Include arguments to `ILogger` extension method calls in `LogMessageSink`	2023-05-16 16:04:58 +02:00
Tom Hvitved	3c173df69e	C#: Update expected test output	2023-05-15 09:35:20 +02:00
Mathias Vorreiter Pedersen	77001a070b	Merge branch 'main' into identity-consistency-check	2023-05-03 22:01:06 +01:00
Mathias Vorreiter Pedersen	177dd76da6	C#: Accept consistency changes.	2023-05-03 20:30:06 +01:00
Michael Nebel	0e17fa79c4	C#: Update expected test output.	2023-05-03 13:09:35 +02:00
Anders Schack-Mulligen	6025feebd9	C#: Update expected output.	2023-04-27 10:24:24 +02:00
Joe Farebrother	a9d34458de	Merge pull request #12658 from joefarebrother/csharp-sensitive-data C#: Add local filesystem writes as External Location sinks	2023-04-25 10:14:48 +01:00
Michael Nebel	91150af11e	C#: Re-factor HardcodedConnectionString to use the new API.	2023-04-13 10:08:39 +02:00
Joe Farebrother	37f1770623	Add unit tests for private information query	2023-04-05 13:57:23 +01:00
Joe Farebrother	941df4f274	Add test for cleartext storage	2023-04-05 13:57:23 +01:00
Michael Nebel	32ea8420a9	C#: Move the existing tests into separate folders to emulate separate projects and add some more tests.	2023-03-27 10:42:14 +02:00
Michael Nebel	0ed48616a7	C#: Use stubs for CWE-321/HardcodedSymmetricEncryptionKey.	2023-01-31 13:21:00 +01:00
Michael Nebel	f3555b1076	C#: Update options files as some classes has been moved to other dll's.	2023-01-31 13:21:00 +01:00
Michael Nebel	14888d4382	C#: Use stubs for CWE-327 test cases.	2023-01-31 13:21:00 +01:00
erik-krogh	887062d339	update cs/assembly-path-injection and cs/hardcoded-key to path-problems	2022-11-11 10:55:36 +01:00
erik-krogh	318718c428	update expected output	2022-09-30 14:51:41 +02:00
erik-krogh	7098e7b102	change more queries to start with "This "	2022-09-30 13:29:18 +02:00
erik-krogh	77eeabe8e5	changed to address review	2022-09-29 13:39:59 +02:00
erik-krogh	326666ac85	update the alert-messages of csharp queries	2022-09-26 14:01:39 +02:00
Michael Nebel	9ace52114c	C#: Update expected test output.	2022-09-23 13:06:48 +02:00
Michael Nebel	7c74cc6420	C#: Update expected test output - including false positive.	2022-09-23 13:04:04 +02:00
Michael Nebel	e45e06b675	C#: Add LogForging testcase based on ASP.NET.	2022-09-23 13:02:42 +02:00
Michael Nebel	39402b842e	C#: Add ASP.NET Core stubs to LogForging tests.	2022-09-23 12:59:15 +02:00
Michael Nebel	96a46a007f	C#: Use stubs in the CWE-117 LogForging test.	2022-09-23 12:49:12 +02:00
erik-krogh	7e0bd5bde4	update expected output of tests	2022-08-22 21:41:47 +02:00
Tom Hvitved	f275885258	C#: Add a cshtml-based XSS test	2022-08-18 15:24:04 +02:00
Michael Nebel	15906338dc	Merge pull request #9923 from michaelnebel/csharp/webgoat C#: SQL Injection improvements for SQLite.	2022-08-15 13:22:25 +02:00
Tamas Vajk	7a406d8e41	C#: Fix unsafe deserialization with `JsonConvert.DeserializeObject` Remove false positives when `JsonConvert.DeserializeObject` is called with not necessarily unsafe settings.	2022-08-11 11:00:46 +02:00
Tamas Vajk	6e6bd208b1	C#: Add test case for `JsonConvert.DeserializeObject` in unsafe deserialization tests	2022-08-11 11:00:23 +02:00
Michael Nebel	c3adb990a3	C#: Update SQL Injection with testcase with found vulnerability.	2022-08-10 14:49:20 +02:00
Michael Nebel	504160fee4	C#: Update expected file for Sql injection and Second Order sql injection (note that this is already a second order sql injection).	2022-08-10 14:49:20 +02:00
Michael Nebel	5c47ae3f98	C#: Add testcase for unsanitized filename used in Filestream.	2022-08-10 14:49:20 +02:00
Michael Nebel	1355931b50	C#: Update SecondOrder SQL Injection test case expected output with vulnerability from test case.	2022-08-10 14:49:19 +02:00
Michael Nebel	2b51e03223	C#: Add SecondOrder SQL injection example, where reading from a file.	2022-08-10 11:08:27 +02:00
Michael Nebel	344770f06a	C#: Update Sqlinjection test query output with new results.	2022-08-10 11:08:27 +02:00
Michael Nebel	78cfb226a3	C#: Add some examples where adapter is used in conjunction with a tainted command.	2022-08-10 11:08:27 +02:00
Michael Nebel	86000f32e7	C#: Update SqlInjection query tests with new results.	2022-08-10 11:08:27 +02:00
Michael Nebel	1fb209990e	C#: Add SQLiteDataAdapter examples.	2022-08-10 11:08:27 +02:00
Michael Nebel	ce9baaa1f3	C#: Update SQLInjection query test output.	2022-08-10 11:08:27 +02:00
Michael Nebel	d42752714c	C#: Add SQLCommand examples.	2022-08-10 11:08:21 +02:00
Michael Nebel	7fc95fb49b	Merge pull request #9988 from michaelnebel/csharp/updatestubs C#: Update .NET Core and ASP.NET Core Stubs.	2022-08-10 11:02:35 +02:00
Michael Nebel	3ba893dfa8	C#: Remove System.Data.SqlClient 4.8.2 stub.	2022-08-09 13:15:44 +02:00
Michael Nebel	6d96da1838	C#: Use ASP.NET Core stub instead of Microsoft.Extensions.Primitives and manual written ASP.NET Core stubs.	2022-08-09 13:08:34 +02:00
Michael Nebel	66232a8054	C#: Fix typo.	2022-07-18 14:28:49 +02:00
Michael Nebel	e6e82ef56d	C#: Update test with Decrypt example.	2022-07-18 14:28:49 +02:00
Michael Nebel	52a9fb0de7	C#: Add test for decrypt.	2022-07-18 14:28:49 +02:00
Michael Nebel	93007f89c8	C#: Move ASP Net Core stubs into stubs folder.	2022-06-16 08:38:31 +02:00
Michael Nebel	ba7238d6e2	C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection).	2022-05-25 08:28:15 +02:00
Michael Nebel	c8ede58704	C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced.	2022-05-25 08:28:15 +02:00
Michael Nebel	4d6d1c8376	C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result.	2022-05-25 08:28:14 +02:00

1 2 3 4

185 Commits