hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
49,684 Commits 1,672 Branches 157 Tags
dd31be43e07d901bafb543c8f65be8e9b5abb364
Commit Graph

5259 Commits

Author SHA1 Message Date
Michael Nebel
da0b9db57f C#: Update flow summary printing in test cases to reflect provenance. 2022-06-20 16:20:01 +02:00
Michael Nebel
2975e51652 C#: Update existing production models with provenance information. 2022-06-20 16:20:01 +02:00
Michael Nebel
32b69d3e0c C#: Update external models tests. 2022-06-20 16:20:01 +02:00
Michael Nebel
d6fa7db9f2 C#: Update CSV validation to the new format and improve test failure printing. 2022-06-20 16:20:01 +02:00
Michael Nebel
e3a5f7b8a3 C#: Introduce provenance column in CSV format for Models as data summaries, sources and sinks. 2022-06-20 16:20:01 +02:00
Michael Nebel
169ef55890 Update csharp/ql/src/Telemetry/ExternalLibraryUsage.ql 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-06-20 16:14:44 +02:00
Tamás Vajk
f737804035 Merge pull request #9610 from tamasvajk/fix/global-statements 
C#: Fix global statement extraction
 2022-06-20 12:54:36 +02:00
Michael Nebel
70203633a1 Merge pull request #9393 from michaelnebel/csharp/asptaintedmember 
C#: ASP.NET Core like members are tainted
 2022-06-20 12:11:16 +02:00
Tamas Vajk
51f0a928dc C#: Fix global statement extraction by extracting statements inside the implicit main method context 2022-06-20 10:09:11 +02:00
Rasmus Wriedt Larsen
ae44a941f9 Merge pull request #9421 from RasmusWL/inline-brackets 
Inline Expectation Tests: Allow `tag[foo bar]`
 2022-06-20 10:01:19 +02:00
Tamas Vajk
c460e5757b C#: Add extractor error test for global statement extraction 2022-06-20 09:42:18 +02:00
Tamás Vajk
be2dfffb76 Merge pull request #9564 from tamasvajk/fix/diagnostic-query-metadata 
C#: Change `kind` query metadata to `diagnostic` for compiler/extractor errors and messages
 2022-06-20 09:02:35 +02:00
Rasmus Wriedt Larsen
b65a10d1ef Inline Expectation Tests: sync 2022-06-17 17:38:19 +02:00
Anders Schack-Mulligen
1b374e262f C#: Replace deprecated barrier guards. 2022-06-16 11:25:29 +02:00
Anders Schack-Mulligen
456f02fd82 C#: Add BarrierGuard parameterised module. 2022-06-16 11:25:29 +02:00
Anders Schack-Mulligen
6518a01ded Dataflow: Sync. 2022-06-16 11:25:28 +02:00
Michael Nebel
9211d75b3d C#: Add change note. 2022-06-16 08:43:06 +02:00
Michael Nebel
1f2f2fff7f C#: Update testcases with examples. 2022-06-16 08:43:06 +02:00
Michael Nebel
e1c7003cde C#: Only consider directly public auto implemented properties with public getters and setters as being tainted. 2022-06-16 08:43:06 +02:00
Michael Nebel
ef0a3d0a79 C#: Add testcase for controller parameter types tainted members. 2022-06-16 08:38:31 +02:00
Michael Nebel
93007f89c8 C#: Move ASP Net Core stubs into stubs folder. 2022-06-16 08:38:31 +02:00
Ian Lynagh
5280cf4e91 CaptureSinkModels.ql: Fix typo 2022-06-15 20:19:15 +01:00
github-actions[bot]
1ed70d51d7 Post-release preparation for codeql-cli-2.9.4 2022-06-15 13:25:20 +00:00
Michael Nebel
9639dca33f C#: Consider all properties of ASP.NET Core like objects to also be sources of tainted data. 2022-06-15 15:13:37 +02:00
Tamas Vajk
aedf43f14a C#: Change kind query metadata to diagnostic for compiler/extractor errors and messages 2022-06-15 13:50:27 +02:00
Michael Nebel
9175421fa2 C#/Java: Update some QL Doc comments to comply with the standard and remove some redundant imports. 2022-06-15 11:32:54 +02:00
Michael Nebel
e3ecc5a66b C#: Add qlDoc to the restrict predicate. 2022-06-15 10:45:32 +02:00
github-actions[bot]
104ac05f49 Release preparation for version 2.9.4 2022-06-15 08:22:38 +00:00
Michael Nebel
d288b3d35d C#: Refactor and narrow number of displayed results of the External library usage query. 2022-06-14 16:41:48 +02:00
Michael Nebel
51d2eb621b C#: Refactor queries to use Results module and thus narrowing the number of returned results. 2022-06-14 16:40:53 +02:00
Michael Nebel
d5eebc8405 C#: Add a parameterized module for a telemetry result ordering predicate (will be needed to narrow the number of produced results). 2022-06-14 16:39:45 +02:00
Robert Marsh
5f77552c37 Merge branch 'main' into rdmarsh2/fix-ir-globals 2022-06-13 12:43:08 -04:00
Rasmus Wriedt Larsen
50196d099b Inline Expectation Tests: sync 2022-06-03 11:39:57 +02:00
Anders Schack-Mulligen
4f3751dfea Merge pull request #9316 from hvitved/dataflow/edges-get-a-successor-consistency 
Data flow: Make `PathGraph::edges/2` and `PathNode::getASuccessor/1` consistent
 2022-06-01 10:38:25 +02:00
Nick Rolfe
f417c12c5e Merge pull request #9332 from github/post-release-prep/codeql-cli-2.9.3 
Post-release preparation for codeql-cli-2.9.3
 2022-05-31 16:17:50 +01:00
github-actions[bot]
ed2f3409bc Post-release preparation for codeql-cli-2.9.3 2022-05-31 09:54:55 +00:00
github-actions[bot]
31c91a6faa Add changed framework coverage reports 2022-05-29 00:16:56 +00:00
Tom Hvitved
bcdef98392 Data flow: Sync files 2022-05-25 14:39:37 +02:00
Tom Hvitved
a4023b8a1d Data flow: Make PathGraph::edges/2 and PathNode::getASuccessor/1 consistent 2022-05-25 14:39:37 +02:00
Tom Hvitved
42f05dadc4 Data flow: Sync files 2022-05-25 14:21:22 +02:00
github-actions[bot]
1f1b364feb Release preparation for version 2.9.3 2022-05-25 07:46:48 +00:00
Michael Nebel
9cab92b16f C#: Update flow summaries test after rebase. The rebase included a fix to the isAutoGenerated predicate, which means that a summary is only considered autogenerated, if no hand-written version exist. This affects the printing as well. 2022-05-25 08:28:15 +02:00
Michael Nebel
5b405bb4cf C#: Update FlowSummaries test with generated printing (needed due to rebase). 2022-05-25 08:28:15 +02:00
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
75532432af C#: Update flow summaries test (note that the test doesn't correctly print the generated flag at the moment). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
268230ef19 C#: Add QlDoc to the Generated file. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00