hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
64,975 Commits 1,672 Branches 157 Tags
d24f032d976778c25cee1ea74efb5ebbf9acc54d
Commit Graph

6053 Commits

Author SHA1 Message Date
Michael Nebel
d24f032d97 C#: Update other tests. 2024-03-19 14:20:43 +01:00
Michael Nebel
b39842501a C#: Update sink test expected output. 2024-03-19 14:20:42 +01:00
Michael Nebel
e32902ad47 C#: Update source expected test output. 2024-03-19 14:20:42 +01:00
Michael Nebel
5b37ee4ec7 Re-factor TestOutput into a param module. 2024-03-19 14:20:42 +01:00
Michael Nebel
90db9b330f C#: Add MaD source and sink test query to shared library. 2024-03-19 13:45:38 +01:00
Arthur Baars
dbf16827bf Merge pull request #15951 from github/aibaars/changenotes-fixes 
Fix minor formatting issues in changenotes
 2024-03-18 12:56:50 +01:00
Arthur Baars
a810165e35 Fix minor formatting issues in changenotes 2024-03-18 10:57:05 +01:00
Tom Hvitved
a13391bda1 Merge pull request #15802 from hvitved/dataflow/variable-capture-overlapping-paths 
Variable capture: Avoid overlapping and false-positive data flow paths
 2024-03-18 10:45:55 +01:00
Ed Minnix
71cf948650 Classes extending SourceNode for local and stored source models 
Queries such as `cs/sql-injection` cast their source to a `SourceNode`
in order to describe them. For example:

```ql
import semmle.code.csharp.security.dataflow.flowsources.FlowSources

string getSourceType(DataFlow::Node source) {
   result = source.(SourceNode).getSourceType()
}
```

Models as data source models are not included in `SourceNode` by
default, they must be wrapped with a class extending `SourceNode`.

This adds such classes, which wrap the
`sourceNode(DataFlow::Node,string)` predicate and assigns a
`getSourceType`.
 2024-03-14 22:23:54 -04:00
Michael Nebel
560b355e0c C#: Remove hard-coded local sources from the uncontrolled-format-string query. 2024-03-13 14:26:30 +01:00
Edward Minnix III
c190dd21db Merge pull request #15877 from egregius313/egregius313/csharp/mad/sources/windows-registry 
C#: Add source models for values from the Windows registry
 2024-03-12 16:41:42 -04:00
Tom Hvitved
dddba3228b Merge pull request #15867 from hvitved/dataflow/ap-limit 
Data flow: Add `ConfigSig::accessPathLimit`
 2024-03-12 14:57:51 +01:00
Michael Nebel
f59aaf1d75 C#: Add change note. 2024-03-12 11:12:55 +01:00
Michael Nebel
2e5155d1f8 C#: Remove all CIL related tests. 2024-03-12 11:12:55 +01:00
Ed Minnix
7745c2c2b7 Change note 2024-03-11 17:00:12 -04:00
Ed Minnix
bc745dfd5e Windows registry sources 2024-03-11 13:55:34 -04:00
Michael Nebel
f571ebdaf4 C#: Overall change note for C# 12 / .NET 8 support. 2024-03-11 14:43:14 +01:00
Tom Hvitved
da66281fef Sync files 2024-03-11 13:02:04 +01:00
Tom Hvitved
7a39f077d9 Data flow: Add ConfigSig::accessPathLimit 2024-03-11 13:01:58 +01:00
Ed Minnix
3fdc7e95df Add local models to CodeInjection tests 2024-03-10 22:20:54 -04:00
Ed Minnix
8187b00562 Change note 2024-03-10 22:20:52 -04:00
Ed Minnix
d300736c7e Remove AddLocalSource classes 2024-03-10 22:20:51 -04:00
Edward Minnix III
58f2777532 Merge pull request #15629 from egregius313/egregius313/csharp/dataflow/threat-modeling/remove-stored-query-variants 
C#: Remove `Stored` variants of queries
 2024-03-10 22:17:03 -04:00
Edward Minnix III
e7852f520f Merge pull request #15605 from egregius313/egregius313/csharp/dataflow/sources/commandargs-and-environment 
C#: Add more `environment` and `commandargs` sources for the C# Standard Library
 2024-03-08 14:10:09 -05:00
Michael Nebel
36a775502f Merge pull request #15851 from microsoft/54-csharp-add-missing-mad-for-httprequestmessage-upstream 
csharp update MaD for HttpRequestMessage
 2024-03-08 12:39:08 +01:00
Tom Hvitved
24e35f6f3d Update expected test output 2024-03-08 10:00:43 +01:00
Ed Minnix
7f950d8e0d Fix ExpandEnvironmentVariables test case 2024-03-07 21:48:05 -05:00
Lindsay Simpkins
7dd175d938 change note 2024-03-07 17:16:17 -08:00
Lindsay Simpkins
feb1ca29cc csharp update MaD for HttpRequestMessage 2024-03-07 15:00:05 -08:00
Michael Nebel
5b48bc4a3e C#: Delete the experimental IR queries. 2024-03-07 19:22:47 +01:00
Michael Nebel
48fcec82d6 Merge pull request #15736 from michaelnebel/csharp/disconnectfromdotnet 
C#: Deprecate dotnet and CIL in QL.
 2024-03-07 19:17:05 +01:00
Ed Minnix
608a3f907c Add type signature for methods with no overloads 2024-03-07 12:32:06 -05:00
Ed Minnix
1f64f5f8c9 Change note 2024-03-07 12:32:05 -05:00
Ed Minnix
f8c805de6b Microsoft.Extensions.Configuration models 2024-03-07 12:32:04 -05:00
Ed Minnix
ec6e17360d Replace Main-method parameters with ThreatModelFlowSource 2024-03-07 12:30:08 -05:00
Ed Minnix
a3f6bfe1df commandargs sources 2024-03-07 12:30:06 -05:00
Ed Minnix
51afe12ae1 Environment variable sources 2024-03-07 12:20:48 -05:00
Michael Nebel
73040bd30f C#: Use fully qualified name with types instead of label in IR queries. 2024-03-07 09:40:34 +01:00
Michael Nebel
990dec67d0 C#: Address more review comments. 2024-03-07 09:40:34 +01:00
Michael Nebel
43ee62ad64 C#: Update the NoDisposeCallOnLocalIDisposable and expected output. 2024-03-07 09:40:34 +01:00
Michael Nebel
eda345a5b8 C#: Address review comments. 2024-03-07 09:40:34 +01:00
Michael Nebel
e3380aa545 C#: Add change note. 2024-03-07 09:40:34 +01:00
Michael Nebel
7f6c84dda8 C#: Fix bad join order. 2024-03-07 09:40:34 +01:00
Michael Nebel
35b93063f9 C#: Deprecate dotnet and cil. 2024-03-07 09:40:34 +01:00
Michael Nebel
16375b0fe7 C#: Remove CIL dataflow tests. 2024-03-07 09:40:34 +01:00
Michael Nebel
37677142b9 C#: Update QL tests. 2024-03-07 09:40:33 +01:00
Michael Nebel
58a1353ddc C#: Clean up implementation and remove CIL dataflow implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
1638183d18 C#: Copy dotnet.Variable implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
6178acc070 C#: Copy dotnet.Type implementation. 2024-03-07 09:40:33 +01:00
Michael Nebel
81ce8dc02d C#: Copy dotnet.Parameterizable implementation. 2024-03-07 09:40:33 +01:00