hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 06:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,162 Commits 1,699 Branches 161 Tags
80ab35c3a0dfbc282009162684635fc81b08bd45
Commit Graph

293 Commits

Author SHA1 Message Date
Napalys Klicius
3369e16b1b Merge pull request #20254 from Napalys/cs/ldap-injection-qhelp 
CS: Update `cs/ldap-injection` qhelp
 2025-08-21 08:57:03 +02:00
Napalys Klicius
71a8e10f3d CS: added extra guidance in recommendation section for LDAPInjection 2025-08-20 13:37:02 +02:00
Napalys Klicius
c475bedf73 CS: removed dead links from LDAPInjection qhelp 2025-08-20 12:58:54 +02:00
Nora Dimitrijević
218fcbbec5 [DIFF-INFORMED] C#: HardcodedConnectionString 2025-07-21 11:28:55 +02:00
Nora Dimitrijević
634bfa914f C#: mass-add none() location overrides 2025-06-17 17:00:48 +02:00
Nora Dimitrijević
79e982af38 Merge pull request #19661 from d10c/d10c/csharp/diff-informed 
C#: mass enable diff-informed data flow
 2025-06-17 14:52:24 +02:00
Nora Dimitrijević
f2085c2293 C#: mass enable diff-informed data flow 
An auto-generated patch that enables diff-informed data flow in the obvious cases.

Builds on https://github.com/github/codeql/pull/18344 and https://github.com/github/codeql-patch/pull/88
 2025-06-11 18:56:25 +02:00
Chad Bentz
77e49f1f90 Merge branch 'main' into cwe-134 2025-06-06 11:16:10 -04:00
Chad Bentz
8a81aa1762 Set CWE-134 from 9.3 to 7.3 CVSS score for memory safe languages 
- Sync up to score given to javascript/ruby
 2025-05-19 14:43:08 -04:00
Michael Nebel
03ecd24469 Lower the precision of a range of harcoded password queries to remove them from query suites. 2025-05-19 09:26:45 +02:00
Michael Nebel
133e8d4897 C#: Include CompositeFormat.Parse as Format like method. 2025-05-12 15:44:59 +02:00
Owen Mansel-Chan
cf614a596d Fix cwe tags to include leading zero 2025-04-30 16:43:03 +01:00
Michael Nebel
062a2ad97d C#: Include exception property accesses in the exception information exposure query. 2024-10-23 13:08:08 +02:00
Rasmus Wriedt Larsen
8c10155eb7 mass rename to ActiveThreatModelSource 2024-09-12 10:16:55 +02:00
Chanel Young
716e2737d1 formatting 2024-06-05 09:01:10 -07:00
Chanel Young
5ee7004a62 fp case if encrypt set in initializer 2024-05-16 17:59:17 -07:00
Tom Hvitved
d8d7688f88 C#: Fix another bad join 2024-04-23 15:39:59 +02:00
Tom Hvitved
6aa4c5c187 C#: Fix a bad join 2024-04-23 11:47:55 +02:00
Joe Farebrother
3567c30020 Set precision to high 2024-04-16 09:41:46 +01:00
Joe Farebrother
6e130d24cd C#: Add missing query precision 2024-04-15 08:42:26 +01:00
Peter Stöckli
d62d68a40b C#: add hint regarding ECB to weak encryption QHelp 2024-03-22 12:08:30 +01:00
Erik Krogh Kristensen
a3da6c886b Merge pull request #15895 from erik-krogh/url-java-qhelp 
Java: update the url-redirection in the same style as the C# qhelp
 2024-03-18 21:10:07 +01:00
erik-krogh
ef8368cfc4 fix typo 2024-03-13 22:37:13 +01:00
Michael Nebel
560b355e0c C#: Remove hard-coded local sources from the uncontrolled-format-string query. 2024-03-13 14:26:30 +01:00
Edward Minnix III
58f2777532 Merge pull request #15629 from egregius313/egregius313/csharp/dataflow/threat-modeling/remove-stored-query-variants 
C#: Remove `Stored` variants of queries
 2024-03-10 22:17:03 -04:00
Ed Minnix
ec6e17360d Replace Main-method parameters with ThreatModelFlowSource 2024-03-07 12:30:08 -05:00
Ed Minnix
4dc605354c Second-order SQL injection 2024-03-01 12:51:59 -05:00
Ed Minnix
c95abd47ce Remove stored variants of queries 2024-03-01 12:51:51 -05:00
Ed Minnix
f488f23a48 Add LocalFlowSource back to UncontrolledFormatString 2024-02-29 12:06:59 -05:00
Ed Minnix
434fa20646 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:05 -05:00
Ed Minnix
b76795fd28 Refactor to using ThreatModelFlowSource 2024-02-29 12:03:03 -05:00
Ed Minnix
fd3738b10e Refactor to using SourceNode::getSourceType 2024-02-29 12:03:01 -05:00
Ed Minnix
f388a0f10c Deprecate direct uses of RemoteFlowSource and replace with ThreatModelFlowSource 2024-02-29 12:02:57 -05:00
Tom Hvitved
606a8fed0c Merge pull request #15406 from hvitved/csharp/no-stats-experiment 
C#: Remove all DB stats
 2024-02-26 13:40:37 +01:00
erik-krogh
a5eb2dd906 update the QHelp for cs/web/unvalidated-url-redirection with examples inspired by the JS QHelp 2024-02-15 12:41:01 +01:00
Tom Hvitved
15cf695188 C#: Fix various bad joins 2024-02-12 19:49:53 +01:00
erik-krogh
4e176236e7 add a definition of user 2024-02-06 09:21:35 +01:00
erik-krogh
44fe34a37d use the correct string type in the tainted-path examples 2024-02-06 09:20:27 +01:00
erik-krogh
a6b094cf53 delete the rendered markdown again 2024-02-05 13:54:13 +01:00
erik-krogh
a240618ae4 generate the new rendered markdown 2024-02-05 13:09:02 +01:00
erik-krogh
8160291be1 copy (and adjust) the path-injection QHelp from Java to C# 2024-02-05 13:08:44 +01:00
erik-krogh
9dfac3a4cc move qhelp samples to an examples folder 2024-02-05 11:20:24 +01:00
erik-krogh
b8dc633864 add cs/path-injection as markdown to make nicer diffs 2024-02-05 11:16:16 +01:00
Max Schaefer
706dee927d Merge pull request #15160 from github/max-schaefer/csharp-xss 
C#: Mention more XSS sanitisation options in query help.
 2023-12-20 15:39:25 +00:00
Max Schaefer
fea69263f3 Apply suggestions from code review 
Co-authored-by: Felicity Chapman <felicitymay@github.com>
 2023-12-20 15:06:03 +00:00
Max Schaefer
7c4275ad44 Address review comments. 2023-12-20 09:36:07 +00:00
Max Schaefer
dc8be7bbf0 Apply suggestions from code review 
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
 2023-12-19 15:09:42 +00:00
Max Schaefer
71dbd1a059 C#: Mention more XSS sanitisation options in query help. 2023-12-19 11:33:26 +00:00
Shati Patel
6284781a9b Update inconsistent CWE tags 
Most tags use the "external/cwe/cwe-xxx" format, except for these few queries. Updating them for consistency.
 2023-12-04 11:52:31 +00:00
Tamas Vajk
9a8ad7d590 C#: Update insecure randomness query description to match implementation 2023-11-17 08:48:38 +01:00