Merge pull request #2209 from hvitved/csharp/deserialized-delegate

Approved by calumgrant, jf205
This commit is contained in:
semmle-qlci 2019-11-04 12:32:04 +00:00 коммит произвёл GitHub
Родитель b075103198 ceea96e03f
Коммит fa5388b5f3
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
2 изменённых файлов: 2 добавлений и 4 удалений

Просмотреть файл

@ -8,6 +8,7 @@ The following changes in version 1.23 affect C# analysis in all applications.
| **Query** | **Tags** | **Purpose** |
|-----------------------------|-----------|--------------------------------------------------------------------|
| Deserialized delegate (`cs/deserialized-delegate`) | security, external/cwe/cwe-502 | Finds unsafe deserialization of delegate types. |
| Unsafe year argument for 'DateTime' constructor (`cs/unsafe-year-construction`) | reliability, date-time | Finds incorrect manipulation of `DateTime` values, which could lead to invalid dates. |
| Mishandling the Japanese era start date (`cs/mishandling-japanese-era`) | reliability, date-time | Finds hard-coded Japanese era start dates that could be invalid. |

Просмотреть файл

@ -5,14 +5,11 @@
* @kind problem
* @id cs/deserialized-delegate
* @problem.severity warning
* @precision high
* @tags security
* external/cwe/cwe-502
*/
/*
* consider: @precision high
*/
import csharp
import semmle.code.csharp.frameworks.system.linq.Expressions
import semmle.code.csharp.serialization.Deserializers