hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

4933 Commits

Author SHA1 Message Date
Michael Nebel
73b6697ea6 C#: Add ServiceStack 6.2.0 and friends. 2022-08-09 13:08:17 +02:00
Michael Nebel
b90a404658 Merge pull request #9636 from michaelnebel/csharp/sinkmodelcsv 
C#: Convert Sinks to CSV format for SymmetricAlgorithm.
 2022-08-09 09:05:12 +02:00
Tom Hvitved
dd465e739b Code review suggestion 2022-08-09 07:46:27 +02:00
Tamas Vajk
36c913061c C#: Fix dataflow for default constructors 2022-08-09 07:46:27 +02:00
Tamas Vajk
1a92fc90e0 C#: Add test to demonstrate missing dataflow for default constructors 2022-08-09 07:46:27 +02:00
Michael Nebel
6febbc5966 C#: Update .NET Core and ASP.NET Core. 2022-08-08 13:29:20 +02:00
Anders Schack-Mulligen
aa3655678e Merge pull request #9823 from aschackmull/dataflow/stage-module 
Dataflow: Replace stage duplication with parameterised modules.
 2022-08-08 10:56:32 +02:00
Michael Nebel
cebd49af9d Merge pull request #9968 from michaelnebel/csharp/aspreviewcomment 
C#: Simplification of AspNetCoreRemoteFlowSourceMember.
 2022-08-08 09:44:02 +02:00
Tom Hvitved
400071091c C#: Also disable shared compilation in the tracer for dotnet msbuild 2022-08-05 14:17:16 +02:00
Anders Schack-Mulligen
3d47875b60 Dataflow: Generate shorter RA/DIL names. 2022-08-05 11:00:56 +02:00
Anders Schack-Mulligen
d3dcc3ce3a Dataflow: Sync. 2022-08-05 11:00:56 +02:00
Michael Nebel
64e8660904 C#: Simplification of AspNetCoreRemoteFlowSourceMember. 2022-08-04 14:18:25 +02:00
Tom Hvitved
bc6a74b4dd C#: Disable CLR tracer 
Also remove old tracer configs, as we now use the Lua tracer.
 2022-08-04 13:11:07 +02:00
Alex Ford
8e3548efb3 Merge branch 'main' into post-release-prep/codeql-cli-2.10.2 2022-08-02 20:29:26 +01:00
Michael Nebel
02165e8ee1 Merge pull request #9327 from michaelnebel/csharp/dotnetruntimerefresh 
C#: Re-create summary models and include source and sink models as well.
 2022-08-01 16:15:54 +02:00
Raul Garcia
5a7b6532a9 Updated to handle lambda statements (previously false negatives) + a couple of bug fixes. 2022-07-29 13:47:53 -07:00
github-actions[bot]
e8747d3176 Post-release preparation for codeql-cli-2.10.2 2022-07-28 20:00:09 +00:00
github-actions[bot]
212786ed91 Release preparation for version 2.10.2 2022-07-28 13:38:35 +00:00
Paolo Tranquilli
9b26921cb6 Control flow: add order disambuigation customization 2022-07-28 09:11:42 +02:00
Paolo Tranquilli
ebf650c0c0 Control Flow: add more ordering for edges 2022-07-27 15:01:17 +02:00
Raul Garcia
9b79668ed2 Addressing some of the feedback. Work still pending 2022-07-20 10:58:01 -07:00
Raul Garcia
7f725137e5 Addressing some of the feedback. Work pending. 2022-07-20 10:56:44 -07:00
Cornelius Riemenschneider
e9e5d948b3 C#: Implement proper dotnet build handling in the Lua tracing config. 
For proper C# tracing, `dotnet build` needs the parameter
/p:UseSharedCompilation=false. However, we can't pass that to the other
subcommands of `dotnet`, therefore we need to figure out which subcommand
of `dotnet` is being invoked.
 2022-07-20 10:11:36 +00:00
Asger F
b9bdee6651 Merge branch 'main' into post-release-prep/codeql-cli-2.10.1 2022-07-19 16:24:35 +02:00
Michael Nebel
6603024488 C#: Allow encryption- prefix for sinks in CsvValidation. 2022-07-18 14:32:31 +02:00
Michael Nebel
57ba0c4e5d C#: Move sinks into System.Security.Cryptography framework code. 2022-07-18 14:28:49 +02:00
Michael Nebel
c91d49a0fe C#: Add provenance column to CSV format for SymmetricAlgorithm. 2022-07-18 14:28:49 +02:00
Michael Nebel
66232a8054 C#: Fix typo. 2022-07-18 14:28:49 +02:00
Michael Nebel
a5b7e2a2e1 C#: Convert set Key of SymmetricAlgorithm to Csv sink. 2022-07-18 14:28:49 +02:00
Michael Nebel
032448041d C#: Convert CreateSymmetricKey to CSV sink. 2022-07-18 14:28:49 +02:00
Michael Nebel
1d405dba14 C#: Collapse Sink classes. 2022-07-18 14:28:49 +02:00
Michael Nebel
383ad51682 C#: Use CSV format for CreateEncryptor and CreateDecryptor sinks. 2022-07-18 14:28:49 +02:00
Michael Nebel
e6e82ef56d C#: Update test with Decrypt example. 2022-07-18 14:28:49 +02:00
Michael Nebel
52a9fb0de7 C#: Add test for decrypt. 2022-07-18 14:28:49 +02:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen
85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Raul Garcia
5d89a5d164 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Taus <tausbn@github.com>
 2022-07-11 08:42:50 -07:00
Raul Garcia
156bc34cda Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-11 08:41:05 -07:00
Raul Garcia
f8994d04d6 Clean up 2022-07-07 11:49:05 -07:00
Raul Garcia
97d9fd9846 Update security-validation-disabled.ql 2022-07-05 15:18:56 -07:00
Raul Garcia
56060e0610 Update csharp/ql/src/experimental/Security Features/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.qhelp 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2022-07-05 13:57:28 -07:00
Raul Garcia
fcb01ef28d Merge branch 'github:main' into Token_validation 2022-07-01 17:37:05 -07:00
Raul Garcia
62c28571c6 making changes based on feedback during PR 2022-07-01 17:35:02 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Andrew Eisenberg
a3f4d1bf66 Move contextual queries from src to lib 
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
 2022-06-29 07:51:26 -07:00