hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 01:33:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
26,003 Commits 1,671 Branches 157 Tags
e58b90ef1c670308976b6e901b202a4c4ab665a3
Commit Graph

1253 Commits

Author SHA1 Message Date
Tamas Vajk
9ab6c29cd3 Extend runtime callables to cover interface members with default implementation 2021-09-08 15:07:49 +02:00
Anders Schack-Mulligen
2b7882e6e5 Merge pull request #5032 from aschackmull/dataflow/subpaths 
Dataflow: Add subpaths query predicate.
 2021-09-08 11:52:41 +02:00
Tamas Vajk
469993f6d3 C#: Fix member order (yet again) in stubbing 
With explicit interface implementation, the same member name can show up multiple times in a type declaration. This commit defines an explicit order
for these members.
 2021-09-07 15:26:03 +02:00
Tom Hvitved
bef05f885c C#: Update CIL data flow tests 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Tamás Vajk
c63fd4a254 Merge pull request #6260 from tamasvajk/feature/method-name 
C#: Change generic method names to include <> and type args/params
 2021-09-07 12:09:27 +02:00
Andrew Eisenberg
bb9911e06f Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency 2021-09-06 04:40:58 -07:00
Tamas Vajk
b7f13a7e1f C#: Change generic method names to include <> and type args/params 2021-09-06 11:48:22 +02:00
Andrew Eisenberg
6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Tamas Vajk
3560853f36 C#: Fix ordering of stubbed type members, implemented interfaces, and location comments 2021-09-03 09:53:34 +02:00
Tom Hvitved
c8a5397085 Merge pull request #6513 from hvitved/csharp/cfg/shared 
C#: Make CFG library shared
 2021-08-31 11:55:43 +02:00
Tom Hvitved
05b45da42f Merge pull request #6556 from hvitved/csharp/insecure-sql-conn-flow 
C#: Use data flow instead of taint tracking in `InsecureSQLConnection.ql`
 2021-08-30 11:31:22 +02:00
Tom Hvitved
592a42231f C#: Fix test for InsecureSQLConnection.ql 2021-08-26 13:48:56 +02:00
Tom Hvitved
ab2bc38789 C#: Use shared logic in NodeGraph.ql test 2021-08-25 11:35:12 +02:00
Tom Hvitved
d405284d36 C#: Make CFG library shared 2021-08-25 11:35:11 +02:00
Tom Hvitved
01f7fdfea5 C#: Update call-context data-flow tests 2021-08-25 10:34:53 +02:00
Ian Lynagh
a9db1c52e5 All languages: Add getPrimaryQlClasses() 
This is a non-overridable predicate that concatenates all the
getAPrimaryQlClass() results into a comma-separated string.
 2021-08-23 15:49:10 +01:00
Andrew Eisenberg
c9f1c98390 Packaging: C# refactoring 
Split c# pack into `codeql/csharp-all` and `codeql/csharp-queries`.
 2021-08-19 14:09:35 -07:00
Tamás Vajk
763de4fff9 Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix 
C#: Adding Membership.GeneratePassword() as a bad source of random data
 2021-08-19 11:16:26 +02:00
Tom Hvitved
44ff623d8c Merge pull request #5508 from edvraa/deserializers 
deserialization sinks
 2021-08-17 11:41:52 +02:00
Tamás Vajk
c1cf2a1c5f Merge pull request #5579 from edvraa/cookies 
C#: HttpOnly and Secure cookie queries
 2021-08-09 08:58:11 +02:00
Raul Garcia
2708326624 Update csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-08-05 16:33:01 -07:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Raul Garcia (MSFT)
7340a1293f Fixing query & test 2021-08-04 19:37:57 -07:00
edvraa
d1e41689bb Merge with main 2021-08-04 14:25:34 +03:00
Tom Hvitved
7a475eb0a2 C#: Fix CSV overrides logic 2021-08-02 10:35:21 +02:00
Tom Hvitved
df29538840 C#: Add test that exhibits bug in CSV overrides logic 2021-08-02 10:35:21 +02:00
edvraa
1682e993bc Merge with Main 2021-07-12 11:32:47 +03:00
edvraa
d0e9a01edc Rename files 2021-07-12 01:13:40 +03:00
edvraa
5c9a3d5ce7 Single Secure query 2021-07-12 01:13:39 +03:00
edvraa
07327984b0 Single HttpOnly query 2021-07-12 01:13:39 +03:00
edvraa
89c4102462 HttpOnly and Secure cookie queries 2021-07-12 01:13:39 +03:00
Tom Hvitved
4de4753c67 C#: Remove Query.qll top-level modules 2021-07-04 09:35:27 +02:00
Tom Hvitved
c812d4e4e8 C#: Add Query suffix to libraries that should only be imported by queries 2021-07-04 09:35:26 +02:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
4900ecfabe Manual fixes 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Tamás Vajk
10a6089739 Merge pull request #6148 from tamasvajk/feature/try-csv-source-models 
C#: Start using CSV based flow models
 2021-06-30 12:58:42 +02:00
Tamas Vajk
0946ae2ae9 Fix review findings 2021-06-30 11:39:51 +02:00
Tamas Vajk
a90a86bcbf Fix flow from Element of Argument[0] for Int32.TryParse(ReadOnlySpan<Char>,... 2021-06-28 11:20:32 +02:00
Tamas Vajk
b7a43dccd3 C#: Migrate System.Int32 flow summaries to CSV 2021-06-28 11:20:32 +02:00
Tom Hvitved
4f8a103df2 C#: Add active preprocessor conditions as suffix in all TRAP .push instructions 2021-06-28 10:34:42 +02:00
Tom Hvitved
7a9f9e245f C#: Handle CSV data-flow summaries with out/ref parameters 2021-06-24 18:34:25 +02:00
Tamás Vajk
173be0cce0 Merge pull request #6144 from tamasvajk/feature/stub-dapper 
C#: Change Dapper stub to nuget-based one (stub also System.Data.SqlC…
 2021-06-24 11:41:12 +02:00
Tamás Vajk
8518e7c5a3 Merge pull request #6146 from tamasvajk/feature/stub-nhibernate 
C#: Change nHibernate stub to nuget-based one
 2021-06-23 18:00:45 +02:00
Tamas Vajk
b0447089d9 C#: Change Dapper stub to nuget-based one (stub also System.Data.SqlClient) 2021-06-23 15:04:57 +02:00
Tamas Vajk
f352bcb0a3 C#: Change nHibernate stub to nuget-based one 2021-06-23 13:55:19 +02:00
Tamas Vajk
e200ecde4a C#: Change Newtonsoft.Json stub to nuget-based one 2021-06-23 13:49:11 +02:00
Tamas Vajk
09dd615c6b Regenerate stubs (add System.Void struct) 2021-06-23 11:38:41 +02:00