codeql

mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00

Author	SHA1	Message	Date
Michael Nebel	ce6fd8ac5f	Merge pull request #13432 from michaelnebel/updateissupported Java/C#: Update telemetry queries to report callables with sink/source neutrals as being supported.	2023-08-22 08:39:38 +02:00
Jeroen Ketema	2d0f73d7c2	Merge pull request #13881 from jketema/shared-taint-tracking Introduce shared taint tracking library	2023-08-21 12:45:49 +02:00
Michael Nebel	106ba11e10	Address review comments.	2023-08-21 09:59:02 +02:00
Michael Nebel	d66fe08661	Add QLDoc for the getKind predicate.	2023-08-21 09:59:02 +02:00
Michael Nebel	6840a6dafe	C#: Re-factor NeutralCallable to include all neutrals and introduce NeutralSummaryCallable. Also include printing of the neutral kind in FlowSummaries testcase.	2023-08-21 09:59:00 +02:00
Tom Hvitved	7cc01ea8b5	Merge pull request #13595 from hvitved/csharp/use-shared-cfg-pack C#: Adopt shared CFG construction library from shared `controlflow` pack	2023-08-17 10:37:09 +02:00
Jeroen Ketema	33e8310625	Merge branch 'main' into shared-taint-tracking	2023-08-17 00:14:25 +02:00
Tom Hvitved	26b76171ca	C#: Fix `getMadRepresentationSpecific`	2023-08-15 13:23:21 +02:00
Tom Hvitved	7dac819730	C#: Fix bad join order Before ``` Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb in 6096ms on iteration 4 (delta size: 592145). Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@8254eapb on iteration 4 running pipeline standard with tuple counts: 204507 ~0% {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0 204507 ~0% {3} r2 = JOIN r1 WITH _@callable#f_ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#j__#join_rhs ON FIRST 1 OUTPUT Rhs.1, Lhs.0, Lhs.1 17844283 ~0% {3} r3 = JOIN r2 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff_10#join_rhs ON FIRST 1 OUTPUT Lhs.1, Rhs.1, Lhs.2 592145 ~0% {2} r4 = JOIN r3 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.1 592145 ~0% {2} r5 = r4 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1) return r5 ``` After ``` Evaluated recursive predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 in 310ms on iteration 4 (delta size: 592145). Evaluated relational algebra for predicate Stmt#3baf294a::TryStmt::getATriedElement#ff@4adecd47 on iteration 4 running pipeline standard with tuple counts: 204507 ~0% {2} r1 = SCAN Stmt#3baf294a::TryStmt::getATriedElement#ff#prev_delta OUTPUT In.1, In.0 204507 ~0% {2} r2 = r1 AND NOT _statements_10#join_rhs#antijoin_rhs#13(Lhs.0) 592145 ~2% {3} r3 = JOIN r2 WITH Element#baf0c59e::Element::getAChild#0#dispred#ff ON FIRST 1 OUTPUT Lhs.0, Lhs.1, Rhs.1 592145 ~0% {3} r4 = JOIN r3 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 1 OUTPUT Lhs.2, Rhs.1, Lhs.1 592145 ~0% {2} r5 = JOIN r4 WITH ControlFlowElement#9501aa28::ControlFlowElement::getEnclosingCallable#0#dispred#ff ON FIRST 2 OUTPUT Lhs.2, Lhs.0 592145 ~0% {2} r6 = r5 AND NOT Stmt#3baf294a::TryStmt::getATriedElement#ff#prev(Lhs.0, Lhs.1) return r6 ```	2023-08-09 11:28:06 +02:00
Chad Bentz	d4b5a4d4f4	Merge branch 'main' into csharp-hardcoded-cred-identity-fp	2023-08-07 15:09:01 -04:00
Jeroen Ketema	8b6a7985db	Refactor the traint-tracking library to follow the dataflow library refactoring	2023-08-07 15:23:15 +02:00
Jeroen Ketema	5d2984b7a5	Merge branch 'main' into shared-taint-tracking	2023-08-07 15:22:29 +02:00
Tom Hvitved	05cf796c54	C#: Adjust to data flow refactor	2023-08-07 11:35:21 +02:00
Chad Bentz	5a106fd5d6	Removes false positive creds from NetCore Identity	2023-08-04 21:46:35 +00:00
Jeroen Ketema	747cd1745a	Update all languages to use the shared taint-tracking library	2023-08-04 22:53:25 +02:00
Tom Hvitved	b69188fee9	C#: Adopt shared CFG construction library from shared `controlflow` pack	2023-08-03 14:12:24 +02:00
Mathias Vorreiter Pedersen	3007fdab5e	Sync identical files.	2023-08-02 14:33:33 +02:00
Anders Schack-Mulligen	5c9a839ac7	C#: Adjust to use the qlpack data-flow api.	2023-08-01 13:47:09 +02:00
Owen Mansel-Chan	9b2b58a823	Sync files	2023-07-26 21:48:10 +01:00
Anders Schack-Mulligen	95d17045c9	Dataflow: Sync.	2023-07-19 11:41:15 +02:00
Anders Schack-Mulligen	80a799df01	Merge pull request #13735 from aschackmull/dataflow/forcehighprecision-fix Dataflow: Fix forceHighPrecision for length-2 prefixes.	2023-07-14 11:42:35 +02:00
Anders Schack-Mulligen	91de43f918	C#/Java/Ruby: Remove superfluous module members.	2023-07-13 11:38:35 +02:00
Anders Schack-Mulligen	837df2ad37	Dataflow: Sync.	2023-07-13 10:55:39 +02:00
Ed Minnix	9618c0b0a1	C#: Add default implementation of StateConfigSig::isAdditionalFlowStep/4	2023-07-12 15:06:25 -04:00
Ed Minnix	a3c30992b1	C#: Add default implementation of StateConfigSig::isBarrier/2	2023-07-12 15:06:25 -04:00
Mathias Vorreiter Pedersen	83d0dec0fb	DataFlow: Sync identical files.	2023-07-06 14:00:00 +01:00
Joe Farebrother	c10a66809d	Merge pull request #13094 from joefarebrother/csharp-missing-access-control C#: Add query for missing function level access control	2023-07-05 17:40:59 +01:00
Michael Nebel	238f390738	Merge pull request #13452 from michaelnebel/refactorstackprinting Re-factor printing of summary component stacks.	2023-07-04 08:29:10 +02:00
Michael Nebel	243c592447	Address review comments.	2023-07-03 17:01:08 +02:00
Michael Nebel	b942cd9085	C#: Address review comments.	2023-07-03 14:36:07 +02:00
Michael Nebel	62fc1b641c	C#: Adjust the model generator to produce kinds for neutrals.	2023-07-03 14:36:06 +02:00
Michael Nebel	4ee2d628fe	C#: Re-factor printing of summary component stacks.	2023-07-03 14:36:06 +02:00
Chuan-kai Lin	ce464a7d69	Remove pragma[assume_small_delta]	2023-06-30 11:09:29 -07:00
Tom Hvitved	160771e673	C#: Avoid combinatorial explosions in GVN construction for types	2023-06-27 10:08:53 +02:00
Joe Farebrother	b2d54842a6	Apply review suggestion Co-authored-by: Michael Nebel <michaelnebel@github.com>	2023-06-23 17:00:52 +01:00
Mathew Payne	0fcc1cb588	Merge branch 'main' into csharp-ext	2023-06-22 13:30:08 +01:00
Joe Farebrother	52841e9005	Apply review suggestions - minor fixes	2023-06-22 11:30:58 +01:00
Joe Farebrother	270bcc3740	fix qhelp and remove commented out code	2023-06-22 11:20:58 +01:00
Jami	5259a6ecfc	Merge pull request #13324 from jcogs33/jcogs33/shared-sink-kind-validation Shared: share MaD kind validation across languages	2023-06-20 11:56:12 -04:00
Mathew Payne	62b3d5ea19	Merge branch 'main' into csharp-ext	2023-06-20 16:17:35 +01:00
Owen Mansel-Chan	cdc1c2c1aa	Merge pull request #13454 from owen-mc/go/add-mad-content-for-pointer-content Go: Add models-as-data content for pointer content	2023-06-20 14:26:07 +01:00
Owen Mansel-Chan	d7c97f8759	Merge pull request #13455 from owen-mc/dataflow/add-flowCheckNodeSpecific Dataflow: add language-specific hook for breaking up big step relation	2023-06-20 13:24:26 +01:00
Owen Mansel-Chan	04ff89e1fe	Update access path documentation	2023-06-20 11:05:05 +01:00
Mathew Payne	8347a410b7	Merge branch 'main' into csharp-ext	2023-06-19 13:25:07 +01:00
Mathew Payne	a6a86acd9a	Fix formatting for ExternalFlow	2023-06-19 12:44:01 +01:00
Mathew Payne	4597210519	Update csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-06-19 12:03:46 +01:00
Mathew Payne	861ac177b8	Update csharp/ql/lib/semmle/code/csharp/security/dataflow/CommandInjectionQuery.qll Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-06-19 12:03:38 +01:00
Michael Nebel	04736b6e10	C#: Add lost QL Doc.	2023-06-15 10:00:09 +02:00
Joe Farebrother	9b31b61143	Broaden the scope of checks for authorization attributes	2023-06-14 16:07:41 +01:00
Joe Farebrother	1500089b86	Add test cases for webforms auth via web.config files	2023-06-14 16:07:41 +01:00

... 7 8 9 10 11 ...

1470 Commits