hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-12 18:44:00 +02:00
Code Issues Packages Projects Releases Wiki Activity
86,731 Commits 1,740 Branches 164 Tags
628f85aebcf23ee9a7a944c8ca8d00aefc00b8eb
Commit Graph

367 Commits

Author SHA1 Message Date
Gregro
a59c865328 let interprocedural analysis handle source-available extension methods for LogForgingLogMessageSink's 2026-03-21 20:05:08 +00:00
Gregro
d0c48893f5 update test helper to use more robust .ReplaceLineEndings() sanitizer 2026-03-21 20:05:08 +00:00
Gregro
d99247cf13 Clarify static extension method class name 2026-03-21 20:05:08 +00:00
Gregro
a9eb801fea C#: Fix false positives in cs/log-forging for extension methods 2026-03-21 20:05:08 +00:00
Owen Mansel-Chan
45eb14975a C#: Inline expectation should have space after $ 
This was a regex-find-replace from `// \$(?! )` (using a negative lookahead) to `// $ `.
 2026-03-04 12:45:02 +00:00
Paolo Tranquilli
f79bd3f4cf C#: accept location changes in test 2026-02-05 12:14:59 +01:00
Paolo Tranquilli
4973523404 C#: Fix CSRF query to check antiforgery attributes on base classes 
Fixes https://github.com/github/codeql/discussions/21255
 2026-02-04 09:42:20 +01:00
Tom Hvitved
fe0634574d C#: Add more tests for InsecureDirectObjectReference.ql 2026-02-02 11:09:26 +01:00
Michael Nebel
a671810edf C#: Update test options files to point to the new stubs versions. 2026-01-05 15:23:34 +01:00
Tom Hvitved
776f6cd56f C#: Add NHibernate SQL injection tests 2025-12-11 13:30:26 +01:00
Chris Smowton
5bb31afc83 C# CSRF query: add support for ASP.NET Core 2025-12-08 11:51:01 +00:00
Joe Farebrother
d8eeae781b Add additional test case for httponly cookies set to true 2025-11-10 14:13:36 +00:00
Joe Farebrother
6ba7ece2f0 Add httponly tests for aspnet core + fixes 2025-11-10 14:13:19 +00:00
Joe Farebrother
ae0b997c31 Add system.web tests for httponly cookie 2025-11-10 14:13:14 +00:00
Joe Farebrother
a9b97f7065 Add tests for insecure cookie using system.web 2025-11-10 14:13:09 +00:00
Joe Farebrother
bb010fee6b Add tests for secure cookie using aspnetcore 2025-11-10 14:13:04 +00:00
Paolo Tranquilli
c3fd06c8a4 Csharp: fix cs/web/missing-x-frame-options to also consider location elements 
As explained in

https://learn.microsoft.com/en-us/previous-versions/aspnet/ms178692(v=vs.100),

it is possible to add `system.webServer` elements nested inside
`location` elements in `Web.config`.
 2025-10-17 11:27:31 +02:00
Michael Nebel
191dae47fd C#: Add a stub for the System.Uri class for the CWE-611 test. 2025-10-01 14:44:54 -07:00
Michael Nebel
be123cf2bc C#: Update test expected output. 2025-08-25 14:52:41 +02:00
Michael Nebel
70bf61dc57 C#: Convert Deserialization tests to use inline expectations. 2025-07-16 08:41:58 +02:00
Michael Nebel
8ee16f68a7 C#: Update test expected output. 2025-07-16 08:41:48 +02:00
Michael Nebel
4036140f4b C#: Add Deserialize testcase. 2025-07-16 08:41:45 +02:00
Michael Nebel
becd46a47e C#: Add MaD models for Microsoft.Data.SqlClient. 2025-06-26 08:51:10 +02:00
Michael Nebel
f3eafd33ff C#: Exclude Microsoft.Data.SqlClient.SqlCommand from the best effort SqlSink creation. 2025-06-26 08:46:49 +02:00
Michael Nebel
ed7f68279f C#: Add cs/sql-injection tests for APIs in Microsoft.Data.SqlClient. 2025-06-26 08:44:50 +02:00
Michael Nebel
bb85e24121 C#: Convert SQL injection test to use inline expectations. 2025-06-25 14:53:09 +02:00
Tom Hvitved
84e93e2dc5 C#: Add another test for MissingAccessControl.ql 2025-06-20 11:49:30 +02:00
Michael Nebel
7531a95d22 Merge pull request #19271 from michaelnebel/csharp/uncontrolled-format-string 
C#: Improve precision of `cs/uncontrolled-format-string`.
 2025-05-14 10:39:38 +02:00
Michael Nebel
05dc9b6d34 C#: Remove dependency to ASP.NET in the System.Web.cs stub file. 2025-05-12 17:36:10 -04:00
Michael Nebel
ffd6b2677c C#: Cleanup test options files. 2025-05-12 17:33:21 -04:00
Michael Nebel
c96003f265 C#: Update test expected output. 2025-05-12 15:45:01 +02:00
Michael Nebel
3838a7b0d6 C#: Add a testcase for CompositeFormat.Parse for cs/uncontrolled-format-string. 2025-05-12 15:44:58 +02:00
Michael Nebel
c16be43f15 C#: Convert cs/uncontrolled-format-string tests to use test inline expectations. 2025-05-12 15:44:56 +02:00
Sid Gawri
4e3ac93f70 fix unit tests part 2 2025-05-09 16:24:42 -04:00
Sid Gawri
d600eb42cf add new stubs 2025-05-02 17:25:02 -04:00
Michael Nebel
f11aec3592 C#: Update test expected output. 2025-04-14 14:26:51 +02:00
Michael Nebel
2e7e276806 C#: Add test case for authorization attribute that extends Authorize. 2025-04-14 14:18:30 +02:00
Michael Nebel
8d571672e9 C#: Convert cs/missing-access-control to inline expectations test. 2025-04-14 13:54:43 +02:00
Michael Nebel
d7f5ce2492 C#: Update log forging expected test output. 2025-04-02 11:21:07 +02:00
Michael Nebel
08159896f3 C#: Convert cs/log-forging tests to inline expectations. 2025-04-02 11:21:03 +02:00
Michael Nebel
60e3b4351a C#: Fix simple types testcases. 2025-04-02 11:21:01 +02:00
Ian Roof
1d81c77fcd C#: Enhanced LogForgingQuery to treat C# Enums as simple types. 2025-04-02 09:40:10 +02:00
Michael Nebel
8781d6762c C#: Update test options files to point to the new stubs. 2025-01-31 10:36:57 +01:00
Michael Nebel
82f8a796e1 C#: Update all test util paths to point to the new location. 2024-12-12 13:21:31 +01:00
Tom Hvitved
95e9d013cc Update expected test output 2024-11-04 12:07:06 +01:00
Tom Hvitved
8ba80fd022 C#: Post-processing query for inline test expectations 2024-10-29 13:35:31 +01:00
Michael Nebel
82ff545424 C#: Re-factor test for CWE-611/UntrustedDataInsecureXml.ql to pretty print models in test case. 2024-10-28 10:36:32 +01:00
Michael Nebel
146c88fabb C#: Update test expected output where the results are not affected. 2024-10-23 13:08:21 +02:00
Michael Nebel
5495a211f2 C#: Update exception information exposure expected output. 2024-10-23 13:08:19 +02:00
Michael Nebel
20b5a7b6f0 C#: Update expected test output. 2024-10-23 13:08:10 +02:00