hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-04 02:00:18 +01:00
Code Issues Packages Projects Releases Wiki Activity
71,609 Commits 1,673 Branches 157 Tags
633bac633c9d97e89b2024901fa58217c947e5ef
Commit Graph

281 Commits

Author SHA1 Message Date
Michael Nebel
062a2ad97d C#: Include exception property accesses in the exception information exposure query. 2024-10-23 13:08:08 +02:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Chanel Young
716e2737d1 formatting 2024-06-05 09:01:10 -07:00
Chanel Young
5ee7004a62 fp case if encrypt set in initializer 2024-05-16 17:59:17 -07:00
Tom Hvitved
d8d7688f88 C#: Fix another bad join 2024-04-23 15:39:59 +02:00
Tom Hvitved
6aa4c5c187 C#: Fix a bad join 2024-04-23 11:47:55 +02:00
Joe Farebrother
3567c30020 Set precision to high 2024-04-16 09:41:46 +01:00
Joe Farebrother
6e130d24cd C#: Add missing query precision 2024-04-15 08:42:26 +01:00
Peter Stöckli
d62d68a40b C#: add hint regarding ECB to weak encryption QHelp 2024-03-22 12:08:30 +01:00
Erik Krogh Kristensen
a3da6c886b Merge pull request #15895 from erik-krogh/url-java-qhelp 
Java: update the url-redirection in the same style as the C# qhelp
 2024-03-18 21:10:07 +01:00
erik-krogh
ef8368cfc4 fix typo 2024-03-13 22:37:13 +01:00
Michael Nebel
560b355e0c C#: Remove hard-coded local sources from the uncontrolled-format-string query. 2024-03-13 14:26:30 +01:00
Edward Minnix III
58f2777532 Merge pull request #15629 from egregius313/egregius313/csharp/dataflow/threat-modeling/remove-stored-query-variants 
C#: Remove `Stored` variants of queries
 2024-03-10 22:17:03 -04:00
Ed Minnix
ec6e17360d Replace Main-method parameters with ThreatModelFlowSource 2024-03-07 12:30:08 -05:00
Ed Minnix
4dc605354c Second-order SQL injection 2024-03-01 12:51:59 -05:00
Ed Minnix
c95abd47ce Remove stored variants of queries 2024-03-01 12:51:51 -05:00
Ed Minnix
f488f23a48 Add LocalFlowSource back to UncontrolledFormatString 2024-02-29 12:06:59 -05:00
Ed Minnix
434fa20646 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:05 -05:00
Ed Minnix
b76795fd28 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:03 -05:00
Ed Minnix
fd3738b10e Refactor to using SourceNode::getSourceType 2024-02-29 12:03:01 -05:00
Ed Minnix
f388a0f10c Deprecate direct uses of RemoteFlowSource and replace with ThreatModelFlowSource 2024-02-29 12:02:57 -05:00
Tom Hvitved
606a8fed0c Merge pull request #15406 from hvitved/csharp/no-stats-experiment 
C#: Remove all DB stats
 2024-02-26 13:40:37 +01:00
erik-krogh
a5eb2dd906 update the QHelp for cs/web/unvalidated-url-redirection with examples inspired by the JS QHelp 2024-02-15 12:41:01 +01:00
Tom Hvitved
15cf695188 C#: Fix various bad joins 2024-02-12 19:49:53 +01:00
erik-krogh
4e176236e7 add a definition of user 2024-02-06 09:21:35 +01:00
erik-krogh
44fe34a37d use the correct string type in the tainted-path examples 2024-02-06 09:20:27 +01:00
erik-krogh
a6b094cf53 delete the rendered markdown again 2024-02-05 13:54:13 +01:00
erik-krogh
a240618ae4 generate the new rendered markdown 2024-02-05 13:09:02 +01:00
erik-krogh
8160291be1 copy (and adjust) the path-injection QHelp from Java to C# 2024-02-05 13:08:44 +01:00
erik-krogh
9dfac3a4cc move qhelp samples to an examples folder 2024-02-05 11:20:24 +01:00
erik-krogh
b8dc633864 add cs/path-injection as markdown to make nicer diffs 2024-02-05 11:16:16 +01:00
Max Schaefer
706dee927d Merge pull request #15160 from github/max-schaefer/csharp-xss 
C#: Mention more XSS sanitisation options in query help.
 2023-12-20 15:39:25 +00:00
Max Schaefer
fea69263f3 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-12-20 15:06:03 +00:00
Max Schaefer
7c4275ad44 Address review comments. 2023-12-20 09:36:07 +00:00
Max Schaefer
dc8be7bbf0 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-12-19 15:09:42 +00:00
Max Schaefer
71dbd1a059 C#: Mention more XSS sanitisation options in query help. 2023-12-19 11:33:26 +00:00
Shati Patel
6284781a9b Update inconsistent CWE tags 
Most tags use the "external/cwe/cwe-xxx" format, except for these few queries. Updating them for consistency.
 2023-12-04 11:52:31 +00:00
Tamas Vajk
9a8ad7d590 C#: Update insecure randomness query description to match implementation 2023-11-17 08:48:38 +01:00
Tom Hvitved
b72f34591d C#: Use {get,has}FullyQualifiedName throughout 2023-11-10 08:46:15 +01:00
Joe Farebrother
3efbbb3645 Elaborate 'guess' to 'guess or determine' 2023-09-25 15:44:40 +01:00
Joe Farebrother
df5fcc92e7 Apply suggestions from docs review 
Co-authored-by: Sam Browning <106113886+sabrowning1@users.noreply.github.com>
 2023-09-25 10:13:56 +01:00
Joe Farebrother
4497e22195 Add an additional example and additional test cases for authorize attribute cases 2023-09-20 04:13:34 +01:00
Joe Farebrother
868836e747 Update severity 2023-09-15 16:40:12 +01:00
Joe Farebrother
eb2f5898bd Fix typos 2023-09-15 16:39:51 +01:00
Joe Farebrother
a022893f0f Add additional example to qhelp + additional resource 2023-09-15 10:25:27 +01:00
Joe Farebrother
9f25c71ca6 Apply minor reveiw suggstions 2023-09-15 10:25:26 +01:00
Joe Farebrother
4967fe0b77 Add change note + update query ID 2023-09-15 10:25:26 +01:00
Joe Farebrother
3e6750ba4c Add documentation 2023-09-15 10:25:26 +01:00
Joe Farebrother
f8b1b38438 Update alert message and make user checks more precise 2023-09-15 10:25:26 +01:00
Joe Farebrother
2edd73eb60 Fix typos in filepath + metadata, add severity 2023-09-15 10:25:26 +01:00