hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-23 04:06:37 +01:00
Code Issues Packages Projects Releases Wiki Activity
40,238 Commits 1,672 Branches 157 Tags
ff55efff9920a48a97ddd9625be67aa71741e204
Commit Graph

138 Commits

Author SHA1 Message Date
Michael Nebel
ba7238d6e2 C#: Update XML Injectiont test output after rebase (query has been turned into a path-problem and the output is now affected by the added summaries for NameValueCollection). 2022-05-25 08:28:15 +02:00
Michael Nebel
c8ede58704 C#: Flow summaries has now been added for Exception stack trace, but not for ToString. The latter will be encoded as an extra taintstep in the analysis. To reduce noise for all uses of an exception itself an isSanitizerIn is introduced. 2022-05-25 08:28:15 +02:00
Michael Nebel
4d6d1c8376 C#: Since NameValueCollection now has a flow summary for the string indexer it is no longer consider an unsafe external api, which is why it has disappared from the result. 2022-05-25 08:28:14 +02:00
Michael Nebel
ee027f845c C#: Since NameValueCollection now has a flow summary for the indexer it is considered a SafeExternalApiCallable and will thus not be included in the result of the test. 2022-05-25 08:28:14 +02:00
Michael Nebel
e2d6cd20c7 C#: Update tests due to new summaries for ProcessStartInfo. 2022-05-25 08:28:14 +02:00
Michael Nebel
9b8636aa23 C#: Update test because we now have a flow summary the string indexer for NameValueCollection. 2022-05-25 08:28:14 +02:00
Michael Nebel
3c347cab98 C#: Update test output to reflect that the query is now a path-problem query. 2022-05-05 13:13:25 +02:00
Michael Nebel
53000cf9f0 C#: Update the XSS expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
7e6d88d959 C#: Only use stubs for XSS test. 2022-01-05 16:44:03 +01:00
Michael Nebel
24543a2245 C#: Update the UrlRedirect expected file. 2022-01-05 16:44:03 +01:00
Michael Nebel
47ab2061d8 C#: Replace StringValues stub from stubs.cs with the stub in Microsoft.Extensions.Primitives. 2022-01-05 16:44:03 +01:00
Michael Nebel
59b71df2d6 C#: Use stubs for the CWE-601 testcase. 2021-11-30 15:32:19 +01:00
Michael Nebel
0b4d0d2772 C#: Use stubs for the CWE-838 testcase 2021-11-30 15:32:19 +01:00
Tom Hvitved
6d315a5d16 C#: Add subpaths predicate to XSS queries 2021-09-20 10:40:54 +02:00
Anders Schack-Mulligen
f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Tom Hvitved
592a42231f C#: Fix test for InsecureSQLConnection.ql 2021-08-26 13:48:56 +02:00
Tamás Vajk
763de4fff9 Merge pull request #6425 from raulgarciamsft/insecureRandom_potential_fix 
C#: Adding Membership.GeneratePassword() as a bad source of random data
 2021-08-19 11:16:26 +02:00
Tom Hvitved
44ff623d8c Merge pull request #5508 from edvraa/deserializers 
deserialization sinks
 2021-08-17 11:41:52 +02:00
Raul Garcia
2708326624 Update csharp/ql/test/query-tests/Security Features/CWE-338/InsecureRandomness.cs 
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
 2021-08-05 16:33:01 -07:00
Tom Hvitved
9eb3f28ef1 C#: Add missing nodes predicate to XSS queries 2021-08-05 13:53:52 +02:00
Raul Garcia (MSFT)
7340a1293f Fixing query & test 2021-08-04 19:37:57 -07:00
edvraa
d1e41689bb Merge with main 2021-08-04 14:25:34 +03:00
edvraa
1682e993bc Merge with Main 2021-07-12 11:32:47 +03:00
Tom Hvitved
4de4753c67 C#: Remove Query.qll top-level modules 2021-07-04 09:35:27 +02:00
Tom Hvitved
c812d4e4e8 C#: Add Query suffix to libraries that should only be imported by queries 2021-07-04 09:35:26 +02:00
Tamas Vajk
5e2770339f Add adjusted expected files 2021-07-01 16:09:11 +02:00
Tamas Vajk
03d1a3e0ad Trim test files + remove duplicate newlines 2021-07-01 16:09:11 +02:00
Tamas Vajk
4900ecfabe Manual fixes 2021-07-01 16:09:11 +02:00
Tamas Vajk
c29d11087b C#: Start using 'options' files in tests 2021-07-01 16:08:47 +02:00
Tamas Vajk
b0447089d9 C#: Change Dapper stub to nuget-based one (stub also System.Data.SqlClient) 2021-06-23 15:04:57 +02:00
edvraa
c9c9758e01 Make similarly named files in tests and qhelp in sync 2021-04-22 12:23:46 +03:00
edvraa
c3deb48efa Charpred for InstanceMethodSink 2021-04-16 17:19:42 +03:00
edvraa
3aedd2c1f4 Use TaintTracking2 2021-04-15 22:12:01 +03:00
Tamas Vajk
b4d35b52c3 C#: Add Console.Read* to local flow sources 2021-04-12 14:19:17 +02:00
Tamas Vajk
ffcb345916 C#: Add Dapper support to SQL injection queries 2021-04-06 17:06:20 +02:00
Tamas Vajk
98001c494f C#: Add Dapper stub and new SqlInjection test cases 2021-04-06 13:30:31 +02:00
Tom Hvitved
d4ce42ac4f Merge pull request #5416 from hvitved/csharp/rework-summaries 
C#: Rework flow summary implementation
 2021-03-26 09:47:15 +01:00
Tom Hvitved
b94c189946 C#: Remove VulnerablePackage.ql query 2021-03-25 09:50:24 +01:00
Tom Hvitved
6d6150d051 C#: Change some data-flow toString()s 2021-03-23 16:42:58 +01:00
edvraa
ac29184521 deserialization sinks 2021-03-20 21:50:46 +02:00
Tamas Vajk
3e0245a7fc Fix test case for RuntimeChecksBypass 2021-03-04 12:47:21 +01:00
Tamas Vajk
cb4ed90c5c Fix failing tests 2021-03-03 16:58:48 +01:00
Tom Hvitved
d53faa86dc C#: Restrict FormatInvalid.ql and UncontrolledFormatString.ql to calls with insertions 2020-12-18 10:53:11 +01:00
Tom Hvitved
6a55a22f18 Merge pull request #4781 from hvitved/csharp/persisten-cookie-tests 
C#: Add tests for `PersistentCookie.ql`
 2020-12-07 11:37:16 +01:00
Tom Hvitved
5d73566859 C#: Add tests for PersistentCookie.ql 2020-12-04 17:14:00 +01:00
Tamas Vajk
d55fbc8a05 Add test cases for safe API calls 2020-12-04 13:26:53 +01:00
Tamas Vajk
24670160c2 Address code review findings 2020-12-04 13:26:53 +01:00
Tamas Vajk
cd5c1f06ee C#: Add queries to check untrusted data flow to external APIs 2020-12-04 13:26:53 +01:00
Tom Hvitved
5d1a5920c7 C#: Reimplement flow-summary compilation 2020-10-14 14:15:34 +02:00
Faten Healy
c35a5d120a C#: Increasing required size of RSA key to 2048 2020-09-22 11:09:49 +02:00