зеркало из https://github.com/github/codeql.git
Merge pull request #2209 from hvitved/csharp/deserialized-delegate
Approved by calumgrant, jf205
This commit is contained in:
Коммит
fa5388b5f3
|
@ -8,6 +8,7 @@ The following changes in version 1.23 affect C# analysis in all applications.
|
|||
|
||||
| **Query** | **Tags** | **Purpose** |
|
||||
|-----------------------------|-----------|--------------------------------------------------------------------|
|
||||
| Deserialized delegate (`cs/deserialized-delegate`) | security, external/cwe/cwe-502 | Finds unsafe deserialization of delegate types. |
|
||||
| Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) | reliability, date-time | Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. |
|
||||
| Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) | reliability, date-time | Finds hard-coded Japanese era start dates that could be invalid. |
|
||||
|
||||
|
|
|
@ -5,14 +5,11 @@
|
|||
* @kind problem
|
||||
* @id cs/deserialized-delegate
|
||||
* @problem.severity warning
|
||||
* @precision high
|
||||
* @tags security
|
||||
* external/cwe/cwe-502
|
||||
*/
|
||||
|
||||
/*
|
||||
* consider: @precision high
|
||||
*/
|
||||
|
||||
import csharp
|
||||
import semmle.code.csharp.frameworks.system.linq.Expressions
|
||||
import semmle.code.csharp.serialization.Deserializers
|
||||
|
|
Загрузка…
Ссылка в новой задаче