hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,672 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

5259 Commits

Author SHA1 Message Date
Michael Nebel
15906338dc Merge pull request #9923 from michaelnebel/csharp/webgoat 
C#: SQL Injection improvements for SQLite.
 2022-08-15 13:22:25 +02:00
Michael Nebel
79a716488b Merge pull request #10003 from michaelnebel/csharp/stubsenum 
C#: Stub generator improvements.
 2022-08-15 12:14:06 +02:00
Anders Schack-Mulligen
a3fb54c9de Merge pull request #10007 from aschackmull/dataflow/source-node-identity 
Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow
 2022-08-15 10:39:17 +02:00
Raul Garcia
e5f5d461f4 addressing feedback from PR review 2022-08-12 10:16:10 -07:00
Michael Nebel
af473db067 C#: Add function pointer test case in stub generation. 2022-08-12 14:56:52 +02:00
Tamás Vajk
1d56330baa Merge pull request #9782 from tamasvajk/cs/newtonsoft-deserialization 
C#: Fix unsafe deserialization with `JsonConvert.DeserializeObject`
 2022-08-12 14:46:41 +02:00
Michael Nebel
e9b184fa4c C#: Avoid multiple explicit casts in stub generator. 2022-08-12 13:34:50 +02:00
Michael Nebel
eb9057918c C#: Manual updates to .NET Core stubs to make it compile. 2022-08-12 13:12:33 +02:00
Michael Nebel
b4f7e07cc1 C#: Update .NET Core stubs. 2022-08-12 13:10:08 +02:00
Michael Nebel
0c58764643 C#: Update FunctionPointer expected output with specific CallingConvention printing. 2022-08-12 13:01:15 +02:00
Michael Nebel
d3047f6293 C#: Update calling convetion QL doc to comply with standard. 2022-08-12 13:01:15 +02:00
Michael Nebel
9ae17f93da C#: Stub generator support for function pointer types. 2022-08-12 13:01:15 +02:00
Michael Nebel
e2882f0706 C#: Re-generate stubs for the ASP.NET Core framework. 2022-08-12 13:01:15 +02:00
Michael Nebel
7c7c335b0e C#: Update stub generator expected output. 2022-08-12 13:01:15 +02:00
Michael Nebel
b052fbf41c C#: Add enum long type testcase. 2022-08-12 12:51:31 +02:00
Michael Nebel
f71d684a08 C#: Use explicit typing for enums in the stub generator. 2022-08-12 12:48:50 +02:00
Michael Nebel
9ff94120d8 C#: Update stub generator test(s) expected output. 2022-08-12 12:48:24 +02:00
Michael Nebel
284d88d906 C#: Update stub generator query to explicit include enum constants. 2022-08-12 12:48:24 +02:00
Michael Nebel
d023f840de C#: Add Enum examples in stub generator test code. 2022-08-12 12:48:24 +02:00
Raul Garcia
39e53a2932 Updates based on PR feedback. 1 pending change 2022-08-11 17:59:57 -07:00
Raul Garcia
0805b49914 Update csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-08-11 17:35:10 -07:00
Raul Garcia
6070e4f312 Update csharp/ql/src/experimental/Security Features/JsonWebTokenHandler/JsonWebTokenHandlerLib.qll 
Co-authored-by: Tom Hvitved <hvitved@github.com>
 2022-08-11 17:31:12 -07:00
github-actions[bot]
21d0c78376 Post-release preparation for codeql-cli-2.10.3 2022-08-11 23:20:39 +00:00
Tamas Vajk
740265dc38 Add change note 2022-08-11 13:32:49 +02:00
github-actions[bot]
57c4f9145b Release preparation for version 2.10.3 2022-08-11 11:12:15 +00:00
Erik Krogh Kristensen
73df8e4c7d Merge pull request #9832 from erik-krogh/misspellings 
Fix lots of misspellings
 2022-08-11 12:43:26 +02:00
Tamas Vajk
7a406d8e41 C#: Fix unsafe deserialization with JsonConvert.DeserializeObject 
Remove false positives when `JsonConvert.DeserializeObject` is called with not necessarily unsafe settings.
 2022-08-11 11:00:46 +02:00
Tamas Vajk
6e6bd208b1 C#: Add test case for JsonConvert.DeserializeObject in unsafe deserialization tests 2022-08-11 11:00:23 +02:00
Tamas Vajk
548d7ac37d C#: Regenerate Newtonsoft.Json test stub 
The newly generated stubs contain the actual values of enum constants.
 2022-08-11 10:52:48 +02:00
Michael Nebel
b817bd43ca Merge pull request #10005 from michaelnebel/csharp/constructorsummaries 
C#: Constructor summaries
 2022-08-11 09:16:05 +02:00
Michael Nebel
9cb4e4a61c C#: Update release note. 2022-08-11 08:57:10 +02:00
Tom Hvitved
e106edc04e Merge pull request #9989 from hvitved/csharp/lua-tracer-improvements2 
C#: Handle `dotnet exec csc.dll` and the likes in the Lua tracer
 2022-08-11 08:55:46 +02:00
Erik Krogh Kristensen
887f6557ed fix common misspellings throughout github/codeql 2022-08-10 23:21:41 +02:00
Tamás Vajk
b2c22dacc2 Merge pull request #9769 from tamasvajk/fix/ctor-field-flow 
C#: Fix dataflow for default constructors
 2022-08-10 15:06:25 +02:00
Anders Schack-Mulligen
abad133ab5 Dataflow: Fix identification of source PathNodes in the presence of source-to-source flow. 2022-08-10 15:02:56 +02:00
Michael Nebel
0d83b7cbd0 C#: Add release note. 2022-08-10 14:58:22 +02:00
Michael Nebel
da30436c44 C#: Update flow summaries test case with new summaries. 2022-08-10 14:49:20 +02:00
Michael Nebel
c3adb990a3 C#: Update SQL Injection with testcase with found vulnerability. 2022-08-10 14:49:20 +02:00
Michael Nebel
36a713510c C#: Add summary models for the FileStream constructor. 2022-08-10 14:49:20 +02:00
Michael Nebel
504160fee4 C#: Update expected file for Sql injection and Second Order sql injection (note that this is already a second order sql injection). 2022-08-10 14:49:20 +02:00
Michael Nebel
5c47ae3f98 C#: Add testcase for unsanitized filename used in Filestream. 2022-08-10 14:49:20 +02:00
Michael Nebel
1355931b50 C#: Update SecondOrder SQL Injection test case expected output with vulnerability from test case. 2022-08-10 14:49:19 +02:00
Michael Nebel
ced9ee5f5d C#: Update FlowSummaries test expected output after addition of new summaries. 2022-08-10 14:49:19 +02:00
Michael Nebel
736ae4f7d6 C#: Update FlowSummaries expected output. 2022-08-10 14:23:54 +02:00
Michael Nebel
5659db73d3 C#: Update alle manually written summaries for constructors to use Argument[Qualifier] instead of ReturnValue. 2022-08-10 14:17:16 +02:00
Tom Hvitved
2bb9e4859f C#: Handle dotnet exec csc.dll and the likes in the Lua tracer 2022-08-10 12:52:18 +02:00
Michael Nebel
f1cc7bb60c C#: Consider FileStreams StoredFlowSources and propagate taint via StreamReader. 2022-08-10 11:08:27 +02:00
Michael Nebel
2b51e03223 C#: Add SecondOrder SQL injection example, where reading from a file. 2022-08-10 11:08:27 +02:00
Michael Nebel
1e7e49a528 C#: Add relevant stubs. 2022-08-10 11:08:27 +02:00
Michael Nebel
344770f06a C#: Update Sqlinjection test query output with new results. 2022-08-10 11:08:27 +02:00