codeql

mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00

Author	SHA1	Message	Date
Tamás Vajk	82f61ca015	Merge pull request #6577 from tamasvajk/fix/cil-modified-pointer C#: Temporarily extract modified pointers as unmodified during CIL ex…	2021-09-02 10:48:51 +02:00
Tamás Vajk	e9ff6e8755	Merge pull request #6578 from tamasvajk/fix/cil-local-decoding C#: Handle non-critical exception in CIL local variable extraction	2021-09-01 12:52:53 +02:00
Tamas Vajk	b267d26ff8	C#: Fix completely broken type argument extraction in NoMetadataHandleType	2021-08-31 14:34:27 +02:00
Tamas Vajk	d6ae19c87d	C#: Handle non-critical exception in CIL local variable extraction	2021-08-31 14:29:53 +02:00
Tamas Vajk	0ba334bb22	C#: Temporarily extract modified pointers as unmodified during CIL extraction	2021-08-31 14:26:36 +02:00
Tom Hvitved	c8a5397085	Merge pull request #6513 from hvitved/csharp/cfg/shared C#: Make CFG library shared	2021-08-31 11:55:43 +02:00
Tom Hvitved	05b45da42f	Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`	2021-08-30 11:31:22 +02:00
Tom Hvitved	7e1efbdd8e	C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`	2021-08-26 13:48:57 +02:00
Tom Hvitved	592a42231f	C#: Fix test for `InsecureSQLConnection.ql`	2021-08-26 13:48:56 +02:00
Tom Hvitved	ab2bc38789	C#: Use shared logic in `NodeGraph.ql` test	2021-08-25 11:35:12 +02:00
Tom Hvitved	d405284d36	C#: Make CFG library shared	2021-08-25 11:35:11 +02:00
Tom Hvitved	01f7fdfea5	C#: Update call-context data-flow tests	2021-08-25 10:34:53 +02:00
Ian Lynagh	a9db1c52e5	All languages: Add getPrimaryQlClasses() This is a non-overridable predicate that concatenates all the getAPrimaryQlClass() results into a comma-separated string.	2021-08-23 15:49:10 +01:00
Andrew Eisenberg	c9f1c98390	Packaging: C# refactoring Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.	2021-08-19 14:09:35 -07:00
Tamás Vajk	763de4fff9	Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix C#: Adding Membership.GeneratePassword() as a bad source of random data	2021-08-19 11:16:26 +02:00
Tamas Vajk	d97525e21e	Fix minor quality issues in comment and change note	2021-08-19 09:30:23 +02:00
Erik Krogh Kristensen	dd59f79947	use min() instead of rank[1]()	2021-08-18 11:09:03 +02:00
Andrew Eisenberg	03d6b15401	Merge branch 'main' into aeisenberg/pack/cpp	2021-08-17 15:28:47 -07:00
Tom Hvitved	44ff623d8c	Merge pull request #5508 from edvraa/deserializers deserialization sinks	2021-08-17 11:41:52 +02:00
Andrew Eisenberg	e566fb9c5a	Packaging: Update suite-helpers qlpack Uses new style naming scheme.	2021-08-16 17:51:33 -07:00
Tamás Vajk	166a6b02f6	Merge pull request #6268 from tamasvajk/feature/generic-type-name C#: Remove type args/params from generic type names in extractor	2021-08-16 12:22:16 +02:00
Tamas Vajk	243424063a	Add pragma inline to getMember/Method/Callable	2021-08-10 13:25:56 +02:00
Tamas Vajk	51661bfa62	Add pragma noinline to fix uselessUpcast check	2021-08-10 13:24:30 +02:00
Tamas Vajk	91bd3d1a11	Cache getName to improve performance	2021-08-09 10:28:31 +02:00
Tom Hvitved	15db6dfb10	Merge pull request #6431 from hvitved/csharp/silence-xml-extraction C#: Silence XML extraction commands	2021-08-09 09:36:23 +02:00
Tamás Vajk	c1cf2a1c5f	Merge pull request #5579 from edvraa/cookies C#: HttpOnly and Secure cookie queries	2021-08-09 08:58:11 +02:00
Raul Garcia	2708326624	Update csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>	2021-08-05 16:33:01 -07:00
Raul Garcia (MSFT)	e117077761	Adding change-note	2021-08-05 15:29:18 -07:00
Tom Hvitved	5b5ed97421	C#: Silence XML extraction commands	2021-08-05 15:24:01 +02:00
Tom Hvitved	9eb3f28ef1	C#: Add missing `nodes` predicate to XSS queries	2021-08-05 13:53:52 +02:00
Tom Hvitved	6471092139	Merge pull request #6394 from github/p0/csharp-virtual-dispatch-limit C#: Guard against virtual dispatch branching too much.	2021-08-05 13:20:14 +02:00
Raul Garcia (MSFT)	7340a1293f	Fixing query & test	2021-08-04 19:37:57 -07:00
Raul Garcia (MSFT)	8544356f90	Adding `Membership.GeneratePassword()` as a bad source of random data because of the bias.	2021-08-04 17:12:00 -07:00
edvraa	db2f9add53	Post merge	2021-08-04 18:37:17 +03:00
edvraa	d1e41689bb	Merge with main	2021-08-04 14:25:34 +03:00
edvraa	e790ee7c2e	Fix formatting	2021-08-04 14:06:27 +03:00
Tamas Vajk	6405b89443	Add DB upgrade script to change generic type names to undecorated ones	2021-08-04 12:38:16 +02:00
Tamas Vajk	f1a596ee81	Fix code review findings	2021-08-04 12:38:16 +02:00
Tamas Vajk	62f5af9ac8	Fix TupleType::getName	2021-08-04 12:38:16 +02:00
Tamas Vajk	d3803b01e4	Fix nested generic type qualified names	2021-08-04 12:38:16 +02:00
Tamas Vajk	99fe9d8d07	Fix erroneous space in type name	2021-08-04 12:38:16 +02:00
Tamas Vajk	0cfd73c818	Adjust QL getName to the extracted undecorated names	2021-08-04 12:38:15 +02:00
Tamas Vajk	8df77060ba	C#: Remove type args/params from generic type names in extractor	2021-08-04 12:38:15 +02:00
Pavel Avgustinov	2be9f3e41e	C#: Guard against virtual dispatch branching too much. We have observed databases where dispatch to highly overridden virtual methots (like Enumerable.GetEnumerator) ends up branching to many thousands of overrides, if there is not sufficient type context to prune. This causes performance problems for analyses that use dataflow. As an immediate fix, this commit prevents branching to virtual method overrides if this would result in branching to 1,000 or more methods.	2021-08-02 09:40:16 +01:00
Tom Hvitved	7a475eb0a2	C#: Fix CSV overrides logic	2021-08-02 10:35:21 +02:00
Tom Hvitved	df29538840	C#: Add test that exhibits bug in CSV overrides logic	2021-08-02 10:35:21 +02:00
Arthur Baars	ed054acd8e	Merge pull request #6305 from intrigus-lgtm/patch-5 C# remove spurious spaces in <code> tag	2021-07-19 17:09:36 +02:00
Tom Hvitved	1c68d3f4cd	Merge pull request #6309 from hvitved/csharp/dead-store-of-local-perf C#: Improve performance of `DeadStoreOfLocal.ql`	2021-07-17 10:56:35 +02:00
Tom Hvitved	25706e0812	Merge pull request #6303 from hvitved/csharp/get-qual-name-nomagic C#: Two `pragma` performance fixes	2021-07-17 07:53:35 +02:00
Tom Hvitved	45ee21622d	C#: Cache `NamedElement::getQualifiedName()`	2021-07-16 10:25:07 +02:00

1 2 3 4 5 ...

3251 Commits