hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-25 06:37:07 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,208 Commits 1,786 Branches 169 Tags
66eaeebd1e690f2cbff2166f464d5ccb825acf87
Commit Graph

1806 Commits

Author SHA1 Message Date
Anders Schack-Mulligen
f844cd3754 Java/C#: Adapt to signature change. 2026-06-18 11:00:30 +02:00
Michael Nebel
e94d279234 Merge pull request #21984 from forks-felickz/felickz/razor-page-handler-sources 
C#: Add Razor Page handler method parameters as remote flow sources
 2026-06-16 13:15:51 +02:00
Michael Nebel
01454d76c2 Merge pull request #21881 from michaelnebel/csharp/propertycalls 
C#: Property- and Indexer call targets for partial overrides.
 2026-06-16 08:46:33 +02:00
Chad Bentz
c08c0e9ae5 Merge branch 'main' into felickz/razor-page-handler-sources 2026-06-15 11:35:54 -04:00
Michael Nebel
c31b594bbc C#: Address review comments. 2026-06-15 16:17:46 +02:00
Michael Nebel
ab4f170780 Merge pull request #21909 from michaelnebel/csharp/refactoroperations 
C#: Refactor- and rename operation expressions.
 2026-06-15 12:35:39 +02:00
Michael Nebel
d0841d2283 C#: Address review comments. 2026-06-15 11:04:59 +02:00
Chad Bentz
ce9e61dbfd C#: Add Razor Page handler method parameters as remote flow sources 
ASP.NET Core Razor Page handler method parameters (OnGet, OnPost, etc.)
were not modeled as remote flow sources, causing security queries like
SQL injection to miss vulnerabilities in PageModel subclasses.

This adds AspNetCorePageHandlerMethodParameter, analogous to the existing
AspNetCoreActionMethodParameter for MVC controllers, using the existing
PageModelClass.getAHandlerMethod() from Razor.qll.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
 2026-06-12 19:50:12 -04:00
Anders Schack-Mulligen
ff61344afa Cfg: Add support for until-statements. 2026-06-12 13:55:05 +02:00
Michael Nebel
8d46bfcbd4 C#: Update some of the QL docs. 2026-06-12 12:41:27 +02:00
Michael Nebel
f0640d78d2 C#: Deprecate the operation module. 2026-06-12 12:41:24 +02:00
Michael Nebel
fb9e4a8c40 C#: Move logical operation class from Operation.qll to LogicalOperation.qll. 2026-06-12 12:41:22 +02:00
Michael Nebel
3c407f77a9 C#: Update the QL library implementation for logical operations. 2026-06-12 12:41:19 +02:00
Michael Nebel
072c4837d2 C#: Move bitwise operation classes from Operation.qll to BitwiseOperation.qll. 2026-06-12 12:41:14 +02:00
Michael Nebel
524330c188 C#: Update the QL library implementation for Bitwise operations. 2026-06-12 12:41:09 +02:00
Michael Nebel
951a26a01a C#: Move arithmetic like classes from Operation.qll to ArithmeticOperation.qll. 2026-06-12 12:41:03 +02:00
Michael Nebel
2bbcc1e88c C#: Update the QL library implementation for Arithmetic operations. 2026-06-12 12:41:01 +02:00
Anders Schack-Mulligen
f3ec7087e3 Cfg: Fix type. 2026-06-12 10:02:48 +02:00
Michael Nebel
b280dd51f2 C#: Use the first getter/setter when calling a property (override can apply to only a getter or a setter). 2026-06-12 10:01:08 +02:00
Anders Schack-Mulligen
01173bf383 Cfg: Fold getTryInit into indexed getBody. 2026-06-08 14:03:12 +02:00
BazookaMusic
d2972cb53f Add back alias for module 2026-06-04 11:08:49 +02:00
BazookaMusic
f34275636c No duplicate Ssa and remove release changenot 2026-06-03 11:54:24 +02:00
BazookaMusic
0a801440b9 review comments 2026-06-03 10:48:50 +02:00
BazookaMusic
c610af88d3 fix comment and add overlay[local?] 2026-06-01 18:18:37 +02:00
Sotiris Dragonas
019a5c01ad Merge branch 'main' into bazookamusic/range-analysis-bound-move-to-shared 2026-06-01 18:10:02 +02:00
BazookaMusic
71a363545a formatting 2026-06-01 15:24:06 +02:00
Michael Nebel
ed8b9c29cc Merge pull request #21866 from michaelnebel/csharp/refreturnindexerproperty 
C#: Property- and Indexer calls for ref return properties and indexers.
 2026-05-28 12:31:17 +02:00
BazookaMusic
acb5c0e70f missed changes 2026-05-27 17:23:45 +02:00
Owen Mansel-Chan
039b5927f0 C#: update ForStmt wrapper class 2026-05-21 13:45:30 +01:00
Michael Nebel
c3bb5e8eff C#: Use ref return getters for properties/indexers in write contexts. 2026-05-19 14:24:00 +02:00
Michael Nebel
7a1a90b5a4 C#: Address review comment. 2026-05-19 13:23:22 +02:00
Michael Nebel
fa2d633596 C#: Address co-pilot review comments. 2026-05-13 09:24:59 +02:00
Michael Nebel
0c3ab803ef C#: Update the dispatch logic to account for all instance operator calls. 2026-05-13 09:24:51 +02:00
Michael Nebel
27e6b5c0fa C#: Introduce a class for instance mutator operator calls. 2026-05-13 09:24:48 +02:00
Michael Nebel
4ae4d7d78d C#: Update condition for UnaryOperators to also handle user-defined instance increment and decrement operators. 2026-05-13 09:24:35 +02:00
Anders Schack-Mulligen
072166ba88 C#/Java: Adjust Guards instantiations. 2026-05-07 13:46:52 +02:00
Anders Schack-Mulligen
48785a0a76 Cfg: Rework CFG for switch case patterns. 2026-05-07 13:07:07 +02:00
Anders Schack-Mulligen
02f5fe9a42 C#: Address some review comments. 2026-05-04 11:49:24 +02:00
Tom Hvitved
1f3a8319ed Update csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
 2026-05-04 09:41:00 +02:00
Anders Schack-Mulligen
439a67a3fe C#: Fix toString for capture definitions. 2026-05-01 10:26:50 +02:00
Anders Schack-Mulligen
5fbba0e9fe C#: Delete ParameterDefaultDefinition. 2026-05-01 10:24:23 +02:00
Anders Schack-Mulligen
d3df5ce110 C#: Deprecate ParameterDefinition in favour of SsaParameterInit. 2026-05-01 10:22:53 +02:00
Anders Schack-Mulligen
ff8ab191d1 C#: Drop caching for deprecated predicates. 2026-04-30 13:58:55 +02:00
Anders Schack-Mulligen
77807c83f8 C#: Exclude entry definitions from qualifier definitions. 2026-04-30 13:56:21 +02:00
Anders Schack-Mulligen
e0421dbf53 C#: Reinstate toString for SSA data flow nodes. 2026-04-30 13:56:16 +02:00
Anders Schack-Mulligen
bedadc9f04 C#: Deprecate some SSA internals. 2026-04-30 13:54:21 +02:00
Anders Schack-Mulligen
55b83ca22a C#: Deprecate Ssa::Definition in favour of SsaDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
de96b5acfd C#: Deprecate Ssa::ImplicitDefinition. 2026-04-30 13:54:20 +02:00
Anders Schack-Mulligen
80d5e27b46 C#: Deprecate Ssa::ImplicitEntryDefinition. 2026-04-30 13:54:15 +02:00
Anders Schack-Mulligen
65f647a8c0 C#: Replace Ssa::UncertainDefinition with SsaUncertainWrite. 2026-04-30 13:49:23 +02:00