hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,584 Commits 1,672 Branches 157 Tags
530b29ccdfb42bcb8173f270e2f89d76bc20c2bc
Commit Graph

4933 Commits

Author SHA1 Message Date
Tamas Vajk
7a406d8e41 C#: Fix unsafe deserialization with JsonConvert.DeserializeObject 
Remove false positives when `JsonConvert.DeserializeObject` is called with not necessarily unsafe settings.
 2022-08-11 11:00:46 +02:00
Tamas Vajk
6e6bd208b1 C#: Add test case for JsonConvert.DeserializeObject in unsafe deserialization tests 2022-08-11 11:00:23 +02:00
Tamas Vajk
548d7ac37d C#: Regenerate Newtonsoft.Json test stub 
The newly generated stubs contain the actual values of enum constants.
 2022-08-11 10:52:48 +02:00
Michael Nebel
b817bd43ca Merge pull request #10005 from michaelnebel/csharp/constructorsummaries 
C#: Constructor summaries
 2022-08-11 09:16:05 +02:00
Michael Nebel
9cb4e4a61c C#: Update release note. 2022-08-11 08:57:10 +02:00
Tom Hvitved
e106edc04e Merge pull request #9989 from hvitved/csharp/lua-tracer-improvements2 
C#: Handle `dotnet exec csc.dll` and the likes in the Lua tracer
 2022-08-11 08:55:46 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Tamás Vajk
b2c22dacc2 Merge pull request #9769 from tamasvajk/fix/ctor-field-flow 
C#: Fix dataflow for default constructors
 2022-08-10 15:06:25 +02:00
Anders Schack-Mulligen
abad133ab5 Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow. 2022-08-10 15:02:56 +02:00
Michael Nebel
0d83b7cbd0 C#: Add release note. 2022-08-10 14:58:22 +02:00
Michael Nebel
da30436c44 C#: Update flow summaries test case with new summaries. 2022-08-10 14:49:20 +02:00
Michael Nebel
c3adb990a3 C#: Update SQL Injection with testcase with found vulnerability. 2022-08-10 14:49:20 +02:00
Michael Nebel
36a713510c C#: Add summary models for the FileStream constructor. 2022-08-10 14:49:20 +02:00
Michael Nebel
504160fee4 C#: Update expected file for Sql injection and Second Order sql injection (note that this is already a second order sql injection). 2022-08-10 14:49:20 +02:00
Michael Nebel
5c47ae3f98 C#: Add testcase for unsanitized filename used in Filestream. 2022-08-10 14:49:20 +02:00
Michael Nebel
1355931b50 C#: Update SecondOrder SQL Injection test case expected output with vulnerability from test case. 2022-08-10 14:49:19 +02:00
Michael Nebel
ced9ee5f5d C#: Update FlowSummaries test expected output after addition of new summaries. 2022-08-10 14:49:19 +02:00
Michael Nebel
736ae4f7d6 C#: Update FlowSummaries expected output. 2022-08-10 14:23:54 +02:00
Michael Nebel
5659db73d3 C#: Update alle manually written summaries for constructors to use Argument[Qualifier] instead of ReturnValue. 2022-08-10 14:17:16 +02:00
Tom Hvitved
2bb9e4859f C#: Handle dotnet exec csc.dll and the likes in the Lua tracer 2022-08-10 12:52:18 +02:00
Michael Nebel
f1cc7bb60c C#: Consider FileStreams StoredFlowSources and propagate taint via StreamReader. 2022-08-10 11:08:27 +02:00
Michael Nebel
2b51e03223 C#: Add SecondOrder SQL injection example, where reading from a file. 2022-08-10 11:08:27 +02:00
Michael Nebel
1e7e49a528 C#: Add relevant stubs. 2022-08-10 11:08:27 +02:00
Michael Nebel
344770f06a C#: Update Sqlinjection test query output with new results. 2022-08-10 11:08:27 +02:00
Michael Nebel
fd67c34ee4 C#: Add sinks and summaries for adapters with tainted commands. 2022-08-10 11:08:27 +02:00
Michael Nebel
78cfb226a3 C#: Add some examples where adapter is used in conjunction with a tainted command. 2022-08-10 11:08:27 +02:00
Michael Nebel
86000f32e7 C#: Update SqlInjection query tests with new results. 2022-08-10 11:08:27 +02:00
Michael Nebel
aa13ab31e1 C#: Add SQLiteDataAdapter sinks. 2022-08-10 11:08:27 +02:00
Michael Nebel
1fb209990e C#: Add SQLiteDataAdapter examples. 2022-08-10 11:08:27 +02:00
Michael Nebel
ce9baaa1f3 C#: Update SQLInjection query test output. 2022-08-10 11:08:27 +02:00
Michael Nebel
6f9f771f58 C#: Add SQLiteCommand sinks. 2022-08-10 11:08:27 +02:00
Michael Nebel
d42752714c C#: Add SQLCommand examples. 2022-08-10 11:08:21 +02:00
Michael Nebel
7fc95fb49b Merge pull request #9988 from michaelnebel/csharp/updatestubs 
C#: Update .NET Core and ASP.NET Core Stubs.
 2022-08-10 11:02:35 +02:00
Michael Nebel
0aa64b3a8f Merge pull request #10001 from github/workflow/coverage/update 
Update CSV framework coverage reports
 2022-08-10 10:09:19 +02:00
github-actions[bot]
cb19ae2638 Add changed framework coverage reports 2022-08-10 00:16:31 +00:00
Erik Krogh Kristensen
559ec7ba56 Merge branch 'main' into repeatedWord 2022-08-09 21:22:47 +02:00
Michael Nebel
eb19090746 C#: Remove unused hand written stubs. 2022-08-09 15:23:43 +02:00
Michael Nebel
cdd1172cee C#: Use generated stubs in the RequireSSLAspNetCore like tests and update test results with new line numbers. 2022-08-09 15:18:34 +02:00
Michael Nebel
a23be5ca3b C#: Manually re-order the values in the CookieSecurePolicy enum. 2022-08-09 15:17:14 +02:00
Michael Nebel
98f8bed037 C#: Update CookieWithoutHttpOnlyAspNetCore tests to use generated stubs and update line numbers in test output. 2022-08-09 14:54:19 +02:00
Michael Nebel
77a321ee9a C#: Manually re-order the values in the HttpOnlyPolicy enum. 2022-08-09 14:52:54 +02:00
Michael Nebel
d6880f059d C#: Use generated stubs for CookieHttpOnlyFalseAspNetCore testcases and update test output with new line numbers. 2022-08-09 14:32:19 +02:00
Michael Nebel
3a908ac4b8 C#: Cleanup stub project references. 2022-08-09 14:15:00 +02:00
Michael Nebel
1a2fc2b565 C#: Remove unused stubs. 2022-08-09 14:14:00 +02:00
Michael Nebel
3ba893dfa8 C#: Remove System.Data.SqlClient 4.8.2 stub. 2022-08-09 13:15:44 +02:00
Michael Nebel
7c68947035 C#: Update flow summaries expected out as we now include ASP.NET Core as stubs for these tests. 2022-08-09 13:08:34 +02:00
Michael Nebel
6d96da1838 C#: Use ASP.NET Core stub instead of Microsoft.Extensions.Primitives and manual written ASP.NET Core stubs. 2022-08-09 13:08:34 +02:00
Michael Nebel
63b06d50b0 C#: Delete ServiceStack 5.11.0 and related projects. 2022-08-09 13:08:34 +02:00
Michael Nebel
094dcf989e C#: Update FlowSummaries test expected file (this is required since the .NET Runtime stubs have been updated). 2022-08-09 13:08:34 +02:00
Michael Nebel
d76b069bc5 C#: Manual changes to stubs to ensure compilation. 2022-08-09 13:08:34 +02:00