Tom Hvitved
71fa2166ee
Apply suggestions from code review
...
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com >
2026-04-22 17:06:31 +02:00
Tom Hvitved
39cd86a48e
C#: Move handling of callables into shared control flow library
2026-04-22 14:11:57 +02:00
Michael Nebel
bca51a986c
Merge pull request #21612 from michaelnebel/csharp/legacyasptaintedmember
...
C#: Taint members of types in ASP.NET user context.
2026-04-22 09:28:27 +02:00
Anders Schack-Mulligen
f912731cd4
Merge pull request #21565 from aschackmull/csharp/cfg2
...
C#: Replace CFG with the shared implementation
2026-04-21 15:50:38 +02:00
Owen Mansel-Chan
6efb21314a
Merge pull request #21523 from owen-mc/docs/mad/barriers
...
Document models-as-data barriers and barrier guards and add change notes
2026-04-21 13:49:19 +01:00
Michael Nebel
8b93ce2747
C#: Add ASP.NET test case for a collection type.
2026-04-21 14:27:06 +02:00
Michael Nebel
2d6197fd7d
C#: Generalize ASP.NET taint members to collection types.
2026-04-21 14:27:03 +02:00
Michael Nebel
f826262f1d
C#: Re-factor CollectionType into an abstract class and introduce getElementType predicate.
2026-04-21 14:26:59 +02:00
Michael Nebel
1055084305
C#: Address review comments.
2026-04-21 13:40:07 +02:00
Michael Nebel
dc0e7d4988
C#: Add change-note.
2026-04-21 13:40:04 +02:00
Michael Nebel
8060d2ff24
C#: Streamline the implementation for ASP.NET Core tainted members.
2026-04-21 13:40:02 +02:00
Michael Nebel
921d93e427
C#: Add an ASP.NET flow source example when using the WebMethod attribute.
2026-04-21 13:39:59 +02:00
Michael Nebel
dba1b7539f
C#: Taint members of types used in ASP.NET remote flow source context.
2026-04-21 13:39:56 +02:00
Michael Nebel
77da545ab4
C#: Reclassify some sources as AspNetRemoteFlowSource.
2026-04-21 13:39:54 +02:00
Michael Nebel
0062eb1209
C#: Update remote flow sources test to also report tainted members.
2026-04-21 13:39:51 +02:00
Anders Schack-Mulligen
a2a4e8288e
C#: Deprecate ControlFlowElement.getAControlFlowNode and remove some splitting quantification.
2026-04-21 11:14:05 +02:00
Anders Schack-Mulligen
9de02b7ae6
Cfg: Use consistent casing in additional node tags.
2026-04-21 10:56:10 +02:00
Anders Schack-Mulligen
b6f50f5992
C#: Simplify.
2026-04-20 14:43:28 +02:00
Anders Schack-Mulligen
3ceb96a45f
C#: Eliminate Completion.qll.
2026-04-20 14:43:28 +02:00
Anders Schack-Mulligen
e928c224ae
C#/Cfg: Some simple review fixes.
2026-04-20 14:43:27 +02:00
github-actions[bot]
a0bab539bb
Post-release preparation for codeql-cli-2.25.3
2026-04-20 12:40:34 +00:00
github-actions[bot]
c861d99802
Release preparation for version 2.25.3
2026-04-20 09:27:23 +00:00
Tom Hvitved
7bfdfbefa9
Add change note
2026-04-17 13:57:08 +02:00
Tom Hvitved
0235df8758
C#: Improve alert message for RedundantToStringCall.ql
2026-04-17 13:55:00 +02:00
Tom Hvitved
426962e348
C#: Fix FPs in RedundantToStringCall.ql
2026-04-17 09:37:19 +02:00
Tom Hvitved
33e9c02079
C#: Add more tests for RedundantToStringCall.ql
2026-04-17 09:33:13 +02:00
Tom Hvitved
597d81038a
Merge pull request #21708 from github/copilot/fix-missed-opportunity-to-use-select
...
Fix false positive in `MissedSelectOpportunity` when foreach body uses `await`
2026-04-15 11:32:02 +02:00
Owen Mansel-Chan
8f17b73796
Fix link formatting in change notes
2026-04-14 15:27:37 +01:00
Owen Mansel-Chan
c86ba38a4e
Add change notes
2026-04-14 15:27:31 +01:00
Henry Mercer
43c9b95e6f
Merge branch 'main' into post-release-prep/codeql-cli-2.25.2
2026-04-14 13:56:52 +01:00
Tom Hvitved
878cfd720c
C#: Use inline test expectations
2026-04-14 14:41:28 +02:00
Anders Schack-Mulligen
e0952948ba
Merge pull request #21701 from aschackmull/csharp/intvalue
...
C#: Introduce Expr.getIntValue.
2026-04-14 11:23:29 +02:00
Owen Mansel-Chan
7458674470
Merge pull request #21584 from owen-mc/shared/update-mad-comments
...
Shared: update code comments explaining models-as-data format to include barriers and barrier guards
2026-04-14 09:30:28 +01:00
copilot-swe-agent[bot]
3483050526
Fix false positive in MissedSelectOpportunity for async/await loops
...
Agent-Logs-Url: https://github.com/github/codeql/sessions/3e8f4320-2bf4-45f5-b9ea-dad41d522d84
Co-authored-by: hvitved <3667920+hvitved@users.noreply.github.com >
2026-04-14 08:18:02 +00:00
Anders Schack-Mulligen
d3e580fd0e
C#: Introduce Expr.getIntValue.
2026-04-13 14:52:38 +02:00
Anders Schack-Mulligen
88160ef2e2
C#: Add change note.
2026-04-13 10:05:30 +02:00
Anders Schack-Mulligen
d5c9fd1085
C#/Cfg: A bit more qldoc.
2026-04-10 15:47:25 +02:00
Anders Schack-Mulligen
452913f336
C#: Improve perf of UnsynchronizedStaticAccess.ql.
2026-04-10 15:47:25 +02:00
Anders Schack-Mulligen
aaf9bb2e9e
C#: Accept fewer CallContextSpecificCall due to no splitting.
2026-04-10 15:47:24 +02:00
Anders Schack-Mulligen
2d5a1840f4
C#: Accept new CFG in tests.
2026-04-10 15:47:24 +02:00
Anders Schack-Mulligen
bbd403dbc3
C#: Rework DataFlowCallable-to-cfg relation in terms of basic blocks for performance.
2026-04-10 15:47:23 +02:00
Anders Schack-Mulligen
bfbd0f77e8
C#: Fix some bad join orders.
2026-04-10 15:47:23 +02:00
Anders Schack-Mulligen
1d9c0ae388
C#: Fix perf.
2026-04-10 15:47:22 +02:00
Anders Schack-Mulligen
371bc3012e
C#: CFG and data flow nodes now exist for LHSs.
2026-04-10 15:47:22 +02:00
Anders Schack-Mulligen
a7d4b00d06
C#: Accept changed location for phi nodes.
2026-04-10 15:47:21 +02:00
Anders Schack-Mulligen
a69581966b
C#: Accept CFG changes for "first" relation.
2026-04-10 15:47:21 +02:00
Anders Schack-Mulligen
a997d9f80c
C#: Accept fixed consistency check.
2026-04-10 15:47:20 +02:00
Anders Schack-Mulligen
773881f333
C#: Accept data flow inconsistency check for read+write calls.
2026-04-10 15:47:20 +02:00
Anders Schack-Mulligen
88256eeee8
C#: GuardedExpr no longer contains expressions guarded solely by disjunctions.
2026-04-10 15:47:19 +02:00
Anders Schack-Mulligen
e90243c348
C#: Accept irrelevant changes.
...
The additions are unintentional, but the fault lies with the shared
SignAnalysis code. The removals are due to compile-time constant
initializers no longer having CFG nodes.
2026-04-10 15:47:19 +02:00
