github
/
codeql
зеркало из https://github.com/github/codeql.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
30 102 коммитов 1 541 ветка 132 Теги 497 MiB
Граф коммитов

3625 Коммитов

Автор SHA1 Сообщение Дата
Michael Nebel c3996b00d5 C#: Update the Microsoft.NETCore.App stub 2021-11-24 13:09:06 +01:00
Michael Nebel e153a65216 C#: Update flow summaries test for EntityFramework to print results in CSV syntax 2021-11-24 12:09:20 +01:00
Michael Nebel 914d3d86af C#: Update flow summaries test to print results in CSV syntax 2021-11-24 12:09:20 +01:00
Michael Nebel 3a7d51d2ee C#: Don't throw away ReturnKind information, when printing flow summaries. Note that any non NormalReturnKind printed summary will not be in the flow summary CSV language 2021-11-24 12:09:20 +01:00
Michael Nebel e607c51292 C#: Initial implementation of csv printing in FlowSummaries test 2021-11-24 12:09:20 +01:00
Rasmus Wriedt Larsen b2611fe198 Merge branch 'main' into redos-cwe-1333 2021-11-24 10:42:43 +01:00
Paolo Tranquilli 055017de49 fix how non existing locations are accounted for 2021-11-23 15:28:16 +00:00
Paolo Tranquilli 9538ac73e4 account for non-existing locations 2021-11-23 15:28:16 +00:00
Paolo Tranquilli d626745ab1 fix `ThisArgumentOperand` location 
The correct check to do to choose between using `getAnyDef` and `getUse`
is to check whether the location is an instance of UknonwnLocation.
 2021-11-23 15:28:16 +00:00
Paolo Tranquilli e99a040884 implement review suggestions 2021-11-23 15:28:16 +00:00
Paolo Tranquilli 30805d964c add `ThisArgumentOperand` special case 2021-11-23 15:28:15 +00:00
Paolo Tranquilli 0ff9520575 ...and syncing files again 2021-11-23 15:28:15 +00:00
Paolo Tranquilli 5202f963dd C++: sync Operand source 2021-11-23 15:28:15 +00:00
Tom Hvitved 0bd587b395 Shared SSA: Sync files 2021-11-23 13:30:37 +01:00
Tom Hvitved 9d072a12ed
Merge pull request #7098 from github/ruby/desugar-for-1 
Ruby: Desugar `for` loops as calls to `each`
 2021-11-23 11:35:49 +01:00
Tom Hvitved 39e3254fe0
Merge pull request #7182 from hvitved/csharp/self-assignment-bad-magic 
C#: Fix bad magic `Element::fromSource` in context of `SelfAssignment.ql`
 2021-11-22 10:57:48 +01:00
Tom Hvitved 47fd64fc44
Merge pull request #7130 from hvitved/cfg/dead-end-consistency 
Shared CFG: Add "dead end" consistency query
 2021-11-19 13:49:53 +01:00
Tom Hvitved a393bff6cb C#: Fix bad magic `Element::getLocation` in context of `SelfAssignment.ql` 2021-11-19 12:44:07 +01:00
Tom Hvitved 34feafd4fa C#: Do not pass in `TSourceVariable` IPA type into shared SSA library 2021-11-19 11:53:25 +01:00
Tom Hvitved 4068cc9c3a Shared SSA: Sync files 2021-11-19 11:31:28 +01:00
Tom Hvitved fd0e318eb1 C#: Document inconsistency in one test 2021-11-19 09:43:51 +01:00
Tom Hvitved 923ca134e8 Shared CFG: Add "dead end" consistency query 2021-11-19 09:14:38 +01:00
Erik Krogh Kristensen 62730e7a4b
Merge pull request #7174 from erik-krogh/fixCSharpImport 
C#: move Linq/Helpers.qll to the lib folder
 2021-11-18 19:40:53 +01:00
Tom Hvitved a4538de3a3 Shared CFG: Rename `TNode` to `TCfgNode` 
This is in order to avoid name clash with the often so-named IPA type for data-
flow nodes. The name clash is not problematic because they are both in scope,
but because (cached) IPA types with overlapping names are known to sometimes
result in re-evaluation of cached stages, when one of the IPA types gets an
internal `#2` suffix in one query run, and the other IPA type gets the suffix
in another run.
 2021-11-18 19:15:36 +01:00
Tom Hvitved 2f7250a0b3
Merge pull request #7160 from hvitved/csharp/cfg/static-scope 
C#: Extend `(Annotated)ExitNode` to also cover static fields
 2021-11-18 19:15:06 +01:00
Erik Krogh Kristensen 63ecae5426 update imports 2021-11-18 17:31:17 +01:00
Erik Krogh Kristensen 2d78cce7a5 move Linq/Helpers to the lib folder 2021-11-18 16:59:34 +01:00
Tom Hvitved a89be2e3f8 C#: Extend `(Annotated)ExitNode` to also cover static fields 2021-11-17 20:50:38 +01:00
Tom Hvitved 3da73b9001 C#: Update expected test output 2021-11-17 10:49:49 +01:00
Tom Hvitved 58dd75881c C#: Update flow summary to avoid negative recursion 2021-11-17 10:39:13 +01:00
Tom Hvitved 0c1285f5d9 Data flow: Restrict derived flow summaries 2021-11-17 10:39:12 +01:00
Anders Schack-Mulligen c70d384d28
Merge pull request #7045 from aschackmull/dataflow/hidden-ret-subpaths 
Data flow: Support hidden return nodes in subpaths predicate
 2021-11-16 15:04:51 +01:00
Tom Hvitved f01b9005b1
Merge pull request #7122 from hvitved/csharp/expose-repr-perf 
C#: Replace `localFlow` with `localFlowStep` in recursive predicate
 2021-11-15 21:11:21 +01:00
Tom Hvitved 723ac818d9 Shared CFG: Update `breakInvariant4` consistency test 2021-11-15 11:43:49 +01:00
Tom Hvitved b5d37ae0fe C#: Update CFG consistency checks 2021-11-12 17:07:37 +01:00
Tom Hvitved 9ee1c49bac C#: Replace `localFlow` with `localFlowStep` in recursive predicate 2021-11-12 14:04:38 +01:00
Tom Hvitved 67ebebbaeb C#: Add consistency queries 2021-11-12 13:10:46 +01:00
Michael Nebel 9ea320c53c Update all PrintAst.qlref to point to new location of PrintAst.ql 2021-11-11 15:19:15 +01:00
Michael Nebel 5a4557f588 Move PrintAst.ql and update import statement 2021-11-11 13:27:12 +01:00
Anders Schack-Mulligen 7ffd9b4f9e Dataflow: Include read/store steps when finding non-hidden return. 2021-11-11 11:26:21 +01:00
Tom Hvitved 82abab1510 C#: Hide parameters of summarized callables 2021-11-10 15:11:13 +01:00
Anders Schack-Mulligen 6d9fb3ca43 Dataflow: Sync. 2021-11-10 15:11:13 +01:00
Rasmus Wriedt Larsen 9710aeecbf Python/C#: Add CWE-1333 to redos queries 
As is already done in JS and Ruby.
 2021-11-09 16:10:38 +01:00
Geoffrey White d9e02e83fe
Merge pull request #6825 from MathiasVP/use-shared-ssa-in-ir-dataflow 
C++: Redesign IR dataflow using the shared SSA library
 2021-11-09 10:19:50 +00:00
Mathias Vorreiter Pedersen fff5d293ff Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-11-08 10:44:36 +00:00
Cornelius Riemenschneider 03ff2c622a Remove macos compatibility stanzas from tracing config. 2021-11-08 11:30:31 +01:00
Tom Hvitved 77aca0a365
Merge pull request #7041 from hvitved/csharp/consistent-ids 
C#: Use `cs/` prefix in all query IDs
 2021-11-08 09:55:11 +01:00
Tom Hvitved df6962143d Shared SSA: Sync files 2021-11-03 14:21:50 +01:00
Tom Hvitved 5539b7ffed Shared SSA: Improved dominance frontier calculation 2021-11-03 14:21:39 +01:00
Mathias Vorreiter Pedersen dfbfbe4953 Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-11-03 10:39:22 +00:00
Tom Hvitved 51f4f57617 C#: Use `cs/` prefix in all query IDs 2021-11-03 10:25:21 +01:00
Mathias Vorreiter Pedersen 4a2894a707
Merge pull request #7025 from MathiasVP/nomagic-parameterCand 
Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma
 2021-11-02 20:40:44 +00:00
Anders Schack-Mulligen 7d0152f3c0
Merge pull request #6932 from aschackmull/dataflow/flow-features 
Dataflow: Add support for call context restrictions on sources/sinks.
 2021-11-02 13:24:17 +01:00
Mathias Vorreiter Pedersen 6f4107ff23 Dataflow: Replace a 'noinline' pragma with a 'nomagic' pragma. 2021-11-02 11:37:40 +00:00
CodeQL CI 5d62aa5b29
Merge pull request #6994 from erik-krogh/redundant-cast 
Approved by RasmusWL, aschackmull, esbena, geoffw0, hvitved, nickrolfe
 2021-11-02 03:45:48 -07:00
Tamás Vajk 18b08060ae
Merge pull request #5110 from porcupineyhairs/ssrfCsharp 
C# : Add query to detect SSRF
 2021-11-02 09:50:28 +01:00
Erik Krogh Kristensen d36c66cfca remove redundant inline casts in arguments where the type is inferred by the call target 2021-10-29 14:37:56 +02:00
Anders Schack-Mulligen 5951ae79b9 Dataflow: Add language specific predicates. 2021-10-29 11:11:35 +02:00
Anders Schack-Mulligen 00df6798b1 Dataflow: Sync 2021-10-29 11:00:23 +02:00
Erik Krogh Kristensen e75448ebb0 remove redundant inline casts 2021-10-28 16:35:53 +02:00
Mathias Vorreiter Pedersen fc3ff41d65 Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-10-28 12:36:36 +01:00
Mathias Vorreiter Pedersen 8135dcefdd Merge branch 'main' into use-shared-ssa-in-ir-dataflow 2021-10-28 12:36:25 +01:00
Mathias Vorreiter Pedersen 13ce2569d7 C++/C#: Sync identical IR files· 2021-10-28 10:52:00 +01:00
Anders Schack-Mulligen 699630af54 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Anders Schack-Mulligen 034c7f3538 Dataflow: Sync. 2021-10-27 13:57:44 +02:00
Mathias Vorreiter Pedersen 67fd38f328 C#/Ruby: Use a 'noinline' instead of a 'only_bind_into'. 2021-10-26 09:41:52 +01:00
Mathias Vorreiter Pedersen 9145382660 C#: Sync identical files. 2021-10-25 21:55:28 +01:00
Mathias Vorreiter Pedersen ff35100d52 C#: Fix join order in 'inDefDominanceFrontier'. 2021-10-25 21:55:09 +01:00
Tom Hvitved 4e40337d02 C#: Improve join-order in `defaultDelegateConversion` 2021-10-22 10:12:18 +02:00
Porcuiney Hairs f70d808e2f fix testcases 2021-10-22 00:58:59 +05:30
Porcuiney Hairs 9fe822f41c Include suggestions from review 2021-10-22 00:55:01 +05:30
Tom Hvitved f9fb046e9f C#: Update expected test output after rebase 2021-10-20 12:15:27 +02:00
Tom Hvitved 0bf5238f39 Update QL doc for `allowParameterReturnInSelf` 2021-10-20 12:08:58 +02:00
Tom Hvitved 53d4d72fe5 C#: Simplify `SummarizedCallableDefaultClearsContent` 2021-10-20 12:08:58 +02:00
Tom Hvitved dd138b0429 Address review comments 2021-10-20 12:08:58 +02:00
Tom Hvitved a1511e13d8 Data flow: Sync files 2021-10-20 12:08:57 +02:00
Tom Hvitved 1196d0c624 C#: Rework `SummarizedCallable::clearsContent/2` 2021-10-20 12:08:57 +02:00
Tamas Vajk c7c35401e0 C#: Remove cartesian product in stubbing (GeneratedType::getStub) 2021-10-19 12:56:23 +02:00
Geoffrey White 3f3c79f48f
Merge pull request #6884 from geoffw0/setliterals 
Replace or chains with set literals.
 2021-10-18 16:46:55 +01:00
Anders Schack-Mulligen b67032d1cc
Merge pull request #6891 from erik-krogh/fix-java-this 
add explicit this qualifier on all of java
 2021-10-18 17:13:37 +02:00
Tom Hvitved a10bde5795
Merge pull request #6872 from hvitved/dataflow/path-into-callable0-join 
Data flow: Performance tweaks
 2021-10-18 16:25:10 +02:00
Tom Hvitved e6954292aa Address review comments 2021-10-18 14:09:44 +02:00
Anders Schack-Mulligen 91ea064980 Sync 2021-10-18 14:04:50 +02:00
Tom Hvitved 888a1b38aa C#: Handle `Nullable<T>` default parameter values in assemblies 2021-10-15 14:23:18 +02:00
Tom Hvitved 86b1305e35
Merge pull request #6883 from hvitved/csharp/inline-expectations 
C#: Adopt inline test expectations framework
 2021-10-15 09:33:22 +02:00
Geoffrey White 8f30b8b586 Autoformat. 2021-10-14 16:00:23 +01:00
Geoffrey White f08d2ee759 Merge branch 'main' into setliterals 2021-10-14 14:39:39 +01:00
Geoffrey White 3983587682 C#: Set literals. 2021-10-14 14:22:39 +01:00
Tom Hvitved 083214f85a C#: Use inline test expectations for `FieldFlow.ql` 2021-10-14 15:22:21 +02:00
Tom Hvitved ed6a182cd1 C#: Adopt inline test expectations framework 2021-10-14 15:22:21 +02:00
Anders Schack-Mulligen 8b6baa250c
Merge pull request #6878 from aschackmull/remove-singleton-setliteral 
C++/C#/Java/JavaScript/Python: Remove singleton set literals.
 2021-10-14 14:53:05 +02:00
Tom Hvitved f5420333e2 Sync shared files 2021-10-14 11:49:02 +02:00
Anders Schack-Mulligen 57cb300759 C++/C#/Java/JavaScript/Python: Remove singleton set literals. 2021-10-14 11:34:22 +02:00
Erik Krogh Kristensen a358a192c4 add explicit this to all calls to class predicates 2021-10-14 10:11:55 +02:00
Mathias Vorreiter Pedersen a2371370ff
Merge pull request #6865 from MathiasVP/fix-if-none 
C++/C#/JS/Python: Replace 'if p() then q() else none()' with a conjunction
 2021-10-13 19:47:55 +01:00
Tom Hvitved c14dcfbfe4 Data flow: Sync 2021-10-13 20:13:28 +02:00
Tom Hvitved 5be7a97a16 Data flow: Avoid unnecessary non-linear recursion via `getConfiguration()` 2021-10-13 20:10:26 +02:00
Tom Hvitved ee44e742f6 Data flow: Avoid bad join-order in `pathIntoCallable0` 2021-10-13 20:09:43 +02:00
Andrew Eisenberg 878203f1d0
Merge pull request #6862 from github/aeisenberg/tutorial 
Move tutorial directly into each qlpack
 2021-10-13 09:29:37 -07:00
Andrew Eisenberg 0d1632a5d2 Move tutorial directly into each qlpack 
Previously, the tutorial was injected during build time. This is much
simpler.
 2021-10-13 08:37:04 -07:00
Philip Ginsbach c9c0c7f24f fix formatting 2021-10-13 13:10:37 +01:00
Mathias Vorreiter Pedersen 7690625114 C#: Replace 'if p() then q() else none()' with a conjunction. 2021-10-13 12:11:50 +01:00
Philip Ginsbach 6b9ddf1f65 Guard non-extending subtype of G::Guard 2021-10-13 11:44:22 +01:00
Philip Ginsbach e3e741251f ParameterNode non-extending subtype of ParameterNodeImpl 2021-10-13 11:42:41 +01:00
Philip Ginsbach aa656f7542 ArgumentNode non-extending subtype of ArgumentNodeImpl 2021-10-13 11:41:40 +01:00
Andrew Eisenberg bbb2637bcc QlPacks: Add the defaultSuite to query packs that are missing it 
Also, change some examples pack names from `codeql-lang-examples` to
`codeql/lang-examples`. This doesn't affect behaviour since internally,
the legacy name is converted to the modern name.
 2021-10-12 11:54:50 -07:00
Tom Hvitved 10739b11ee
Merge pull request #6841 from hvitved/dataflow/incorrect-summary-chaining 
Data flow: Add tests for missing summary flow
 2021-10-12 15:44:21 +02:00
Tom Hvitved 296e268339
Apply suggestions from code review 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2021-10-12 14:28:32 +02:00
Tom Hvitved 68ea3e7b49 Data flow: Add debugging predicates for rendering data flow graphs for summarized callables 2021-10-11 11:29:08 +02:00
Tom Hvitved 30bf2aade4 C#: Add test for missing summary flow 2021-10-11 11:29:08 +02:00
Tom Hvitved 61973c399e C#: Make `GetCSharpArgsLogs` robust against log directory not existing 2021-10-11 11:28:49 +02:00
Tom Hvitved b05d76a131 C#: Avoid bad magic in `interpretElement0` 2021-10-11 09:30:52 +02:00
Anders Schack-Mulligen 446c738f20
Merge pull request #6790 from aschackmull/dataflow/force-precision 
Dataflow: Force high precision of certain Contents.
 2021-10-08 11:44:26 +02:00
Tom Hvitved 951df380a9
Merge pull request #6829 from hvitved/csharp/gvn-to-string-concat-range 
C#: Speedup GVN string `concat`s by pulling ranges into separate predicates
 2021-10-08 10:02:31 +02:00
Anders Schack-Mulligen 1bec58dee5 Dataflow: Fix more qldoc: s/accesspath/access path/. 2021-10-08 09:41:26 +02:00
Robert Marsh 2539e3247a
Merge pull request #6814 from MathiasVP/fix-qldoc-in-copy-instruction 
C++/C#: Fix QLDoc of `CopyInstruction`
 2021-10-07 11:18:38 -07:00
Anders Schack-Mulligen 2b88a2aa0c Dataflow: Fix qldoc: s/accesspath/access path/. 2021-10-07 14:46:24 +02:00
Tom Hvitved 764a987b09 C#: Speedup GVN string `concat`s by pulling ranges into separate predicates 2021-10-07 13:51:05 +02:00
Andrew Eisenberg e2b1f6ac50 Packaging: Add library flag to upgrades packs 
This flag was missing. It should be there. Otherwise, this
pack cannot be built.
 2021-10-06 14:29:55 -07:00
Mathias Vorreiter Pedersen b089e6d84e C++/C#: Fix QLDoc of 'CopyInstruction'. 2021-10-05 09:14:20 +01:00
Tom Hvitved 70e41b180e
Merge pull request #6800 from hvitved/csharp/constant-cond-tuple-discard 
C#: Filter discards in tuples in `ConstantCondition.ql`
 2021-10-04 14:38:45 +02:00
Tom Hvitved 9762ce706b
Merge pull request #6799 from hvitved/csharp/dead-store-using-discard 
C#: Filter using `var _ = ... results` from `DeadStoreOfLocal.ql`
 2021-10-04 14:38:15 +02:00
Tom Hvitved a315640082 C#: Address review comments 2021-10-04 13:15:26 +02:00
Tom Hvitved f06632a8e7 C#: Filter discards in tuples in `ConstantCondition.ql` 2021-10-04 13:04:18 +02:00
Anders Schack-Mulligen 65a4f36cf8
Merge pull request #6767 from aschackmull/dataflow/callback-postupdate 
Dataflow: Support side-effects for callbacks in summaries.
 2021-10-04 11:13:18 +02:00
Tom Hvitved 70b9b002cb C#: Add change note 2021-10-04 10:48:07 +02:00
Tom Hvitved 682a2aae3a C#: Filter `using var _ = ...` results from `DeadStoreOfLocal.ql` 2021-10-04 10:45:44 +02:00
Porcuiney Hairs cf31b6e7f6 fix testcases 2021-10-02 02:10:18 +05:30
Anders Schack-Mulligen 99ba80d492 C#: Adjust test output. 2021-10-01 16:57:30 +02:00
Anders Schack-Mulligen 98f68cb053 Dataflow: Sync. 2021-10-01 13:11:43 +02:00
Anders Schack-Mulligen 490df2027b Dataflow: Add language-specific predicate forceHighPrecision(). 2021-10-01 13:11:14 +02:00
CodeQL CI e9b4e571e1
Merge pull request #6775 from RasmusWL/fix-hasLocationInfo-url 
Approved by aschackmull, erik-krogh, hvitved, jbj, tausbn
 2021-09-29 16:51:08 +01:00
Rasmus Wriedt Larsen 987b573709 Fix `hasLocationInfo` URL reference 
Follow up to https://github.com/github/codeql/pull/5830
 2021-09-29 13:47:58 +02:00
Tamas Vajk e17071723f C#: Handle invalid code gracefully: global statements in library 2021-09-29 10:23:33 +02:00
Porcuiney Hairs b9c08167f3 C# : Add query to detect SSRF 2021-09-29 04:14:22 +05:30
Anders Schack-Mulligen e95dc82087 Autoformat. 2021-09-28 13:00:50 +02:00
Anders Schack-Mulligen b11cb88a9f Dataflow: Sync to C#. 2021-09-28 11:45:33 +02:00
Geoffrey White 3e1bc66984
Merge pull request #6733 from MathiasVP/fix-qldoc-in-initialize-dynamic-allocation-instruction 
C++/C#: Fix QLDoc on `InitializeDynamicAllocationInstruction`.{`getAllocationAddressOperand` and `getAllocationAddress`}
 2021-09-24 14:30:03 +01:00
Mathias Vorreiter Pedersen 24214002a1 C#/C++: Sync identical files. 2021-09-24 13:13:09 +01:00
Mathias Vorreiter Pedersen 35baff8bac C#/C++: Sync identical files. 2021-09-22 13:32:29 +01:00
Tom Hvitved 364dab6990 Remove `CODEQL_REDUCE_FILES_FOLDERS_RELATIONS` 2021-09-22 09:43:56 +02:00
Anders Schack-Mulligen 044623a360 Dataflow: Sync. 2021-09-20 14:58:28 +02:00
Tom Hvitved 82d463e86e
Merge pull request #6718 from hvitved/csharp/xss-subpath 
C#: Add `subpaths` predicate to XSS queries
 2021-09-20 12:47:27 +02:00
Tom Hvitved 64507ab316
Merge pull request #6712 from hvitved/csharp/subsumption-perf-take2 
C#: Speedup type subsumption calculation
 2021-09-20 11:59:24 +02:00
Tom Hvitved b9c4abe7dc C#: Fix qldoc typos 2021-09-20 10:42:01 +02:00
Tom Hvitved 6d315a5d16 C#: Add `subpaths` predicate to XSS queries 2021-09-20 10:40:54 +02:00
github-actions[bot] f0e7be7d56 Add changed framework coverage reports 2021-09-20 00:08:08 +00:00
Tom Hvitved c6c1ad1b90 C#: Update `toString` for nested types 2021-09-18 19:51:37 +02:00
Tom Hvitved 07fe29cc67 C#: Speedup type subsumption calculation 2021-09-18 19:51:37 +02:00
Tamas Vajk 8232698254 C#: Migrate SQL sinks to CSV format 2021-09-17 10:21:31 +02:00
Tamas Vajk f015cea590 Merge branch 'main' into feature/service-stack 2021-09-16 09:42:42 +02:00
Tamas Vajk 05dd3fa0e7 Adjust review findings 2021-09-16 09:42:38 +02:00
Anders Schack-Mulligen c0fd44c909 Dataflow: Sync. 2021-09-15 16:10:54 +02:00
Tom Hvitved 2730423ab2 C#: Upgrade script 2021-09-13 09:49:10 +02:00
Tom Hvitved 5d048a9518 C#: Drop redundant columns from `files` and `folders` relations 2021-09-13 09:49:09 +02:00
Tom Hvitved 0abfb00032
Merge pull request #6660 from hvitved/csharp/dotnet-exec-tracing-windows 
C#: Handle `dotnet exec csc.dll` compiler calls on Windows
 2021-09-13 09:07:50 +02:00
Andrew Eisenberg 9c0f18b88d Remove incorrect directive 
This directive should only be in the
pack.
 2021-09-10 08:57:37 -07:00
Tom Hvitved 649c2ce188
Merge pull request #6586 from hvitved/dataflow/stage2-precise-call-ctx-take2 
Data flow: Add precise call contexts to stage 2
 2021-09-10 11:34:35 +02:00
Tom Hvitved af0b9abab7 C#: Handle `dotnet exec csc.dll` compiler calls on Windows 2021-09-10 11:26:43 +02:00
Tom Hvitved 296d10fe2a Data flow: Adjust `callMayFlowThroughFwd` pragmas 2021-09-10 09:21:24 +02:00
Tamás Vajk ad04099ac2
Merge pull request #6630 from tamasvajk/feature/interface-runtimecallable 
C# Extend runtime callables to cover interface members with default implementation
 2021-09-09 17:24:55 +02:00
Tamas Vajk abe6c90829 Update change note 2021-09-09 13:04:47 +02:00
Tamas Vajk 0a17ab9325 Merge branch 'main' into feature/service-stack 2021-09-09 13:01:43 +02:00
Tamas Vajk 9ab6c29cd3 Extend runtime callables to cover interface members with default implementation 2021-09-08 15:07:49 +02:00
Anders Schack-Mulligen 1af39f0776 Dataflow: Sync. 2021-09-08 13:02:07 +02:00
Anders Schack-Mulligen 2b7882e6e5
Merge pull request #5032 from aschackmull/dataflow/subpaths 
Dataflow: Add subpaths query predicate.
 2021-09-08 11:52:41 +02:00
Tamás Vajk f90d1fd70e
Merge pull request #6636 from tamasvajk/fix/stubbing-2 
C#: Fix member order (yet again) in stubbing
 2021-09-07 17:37:29 +02:00
Rasmus Wriedt Larsen 995a8192a9
Merge pull request #6635 from github/RasmusWL/fix-csharp-cwe-tag 
C#: Fix CWE tag for `cs/insufficient-key-size`
 2021-09-07 15:54:42 +02:00
Tamas Vajk 469993f6d3 C#: Fix member order (yet again) in stubbing 
With explicit interface implementation, the same member name can show up multiple times in a type declaration. This commit defines an explicit order
for these members.
 2021-09-07 15:26:03 +02:00
Tamás Vajk d7934865c9
Merge pull request #6628 from tamasvajk/feature/fix-stub-escaping 
C#: improve stubbing to escape more member names (not just fields)
 2021-09-07 14:29:44 +02:00
Tom Hvitved bef05f885c C#: Update CIL data flow tests 2021-09-07 13:02:20 +02:00
Anders Schack-Mulligen f30dad7705 Dataflow: Update test expected outputs. 2021-09-07 13:02:20 +02:00
Rasmus Wriedt Larsen 8f52089475
C#: Fix CWE tag for `cs/insufficient-key-size` 
Since this targets

CWE-326 Inadequate Encryption Strength

> The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.
> \- https://cwe.mitre.org/data/definitions/326.html

and not

CWE-327: Use of a Broken or Risky Cryptographic Algorithm

> The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information.
> \- https://cwe.mitre.org/data/definitions/327.html

This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql
 2021-09-07 12:59:10 +02:00
Anders Schack-Mulligen 7ec1fa2ebe Dataflow: Sync. 2021-09-07 12:51:42 +02:00
Anders Schack-Mulligen 3c3d71d4a0 Dataflow: Sync 2021-09-07 12:51:42 +02:00
Tamás Vajk 1dc712f54d
Merge pull request #6629 from tamasvajk/feature/dispatch-fix 
C#: Fix dispatch library to handle summarized callables with no runti…
 2021-09-07 12:35:45 +02:00
Tamas Vajk 203ca3f91b C#: improve stubbing to escape more member names (not just fields) 2021-09-07 12:34:23 +02:00
Tamás Vajk 7befdc9c5c
Merge pull request #6627 from tamasvajk/feature/stub-readme 
C#: Add readme to stub folder
 2021-09-07 12:09:52 +02:00
Tamás Vajk c63fd4a254
Merge pull request #6260 from tamasvajk/feature/method-name 
C#: Change generic method names to include <> and type args/params
 2021-09-07 12:09:27 +02:00
Tamas Vajk 3a9cf639bd Change ServiceStack redis sinks to code injection instead of SQL injection 2021-09-06 16:59:31 +02:00
Tamas Vajk 5fa9f16c01 Adjust ServiceStack CSV rows with generic method names 2021-09-06 16:45:21 +02:00
Tamas Vajk f6366e1e1f Merge branch 'feature/method-name' into feature/service-stack 2021-09-06 15:52:08 +02:00
Tamas Vajk 207d8f6030 Merge branch 'main' into feature/service-stack 2021-09-06 15:46:43 +02:00
Tamas Vajk 5014ef2337 C#: Add ServiceStack support with CSV data model 2021-09-06 14:06:37 +02:00
Tamas Vajk 43ccc14162 Add ServiceStack stubs and empty test referencing it 2021-09-06 14:05:41 +02:00
Tamas Vajk e3a49f8213 C#: improve stubbing to escape more member names (not just fields) 2021-09-06 14:02:42 +02:00
Tamas Vajk 270b56af1b Extend runtime callables to interface members with default implementation 2021-09-06 14:02:42 +02:00
Tamas Vajk 39a88d2e43 Fix dispatch library to handle summarized callables with no runtime target 2021-09-06 14:02:42 +02:00
Tamas Vajk 648197db35 C#: Fix dispatch library to handle summarized callables with no runtime target 2021-09-06 13:45:43 +02:00
Tamas Vajk 0d88d18781 C#: Add readme to stub folder 2021-09-06 13:42:36 +02:00
Andrew Eisenberg bb9911e06f
Merge pull request #6605 from aeisenberg/aeisenberg/pack/consistency 2021-09-06 04:40:58 -07:00
Tamas Vajk b7f13a7e1f C#: Change generic method names to include <> and type args/params 2021-09-06 11:48:22 +02:00
Andrew Eisenberg 6a47fcaf1f Packaging: Normalize all qlpack.yml files for all languages 
This commit ensures consistency among all of our qlpacks. Here are the
changes:

1. Ensure only modern references are used (codeql-{lang} is converted to
   codeql/{lang}-all or codeql/{lang}-queries where appropriate).
2. Use consistent version numbers. All languages are at 0.0.2 except
   javascript, which is 0.0.3.
3. Convert all `libraryPathDependencies` to `dependencies` with version
   constraints
4. Dependencies from query packs to other packs are always `"*"` since
   these dependencies are always from source and we should get the
   latest.
5. Dependencies from codeql/{lang}-lib to codeql/{lang}-upgrades must
   be strict since there is a tight connection between the libary
   and its relevant upgrades.
 2021-09-03 11:53:28 -07:00
Tamas Vajk c02a743835 Revert redundant order by 2021-09-03 16:51:32 +02:00
Tamas Vajk 3560853f36 C#: Fix ordering of stubbed type members, implemented interfaces, and location comments 2021-09-03 09:53:34 +02:00
Tamás Vajk 82f61ca015
Merge pull request #6577 from tamasvajk/fix/cil-modified-pointer 
C#: Temporarily extract modified pointers as unmodified during CIL ex…
 2021-09-02 10:48:51 +02:00
Tom Hvitved c3ecae503b Data flow: Sync files 2021-09-01 19:58:47 +02:00
Tom Hvitved 136c8b5192 Data flow: Improve `callMayFlowThroughFwd` join order 
Before:
```
[2021-08-25 09:56:29] (1395s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@111fb3:
                      15495496   ~5%         {5} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.3, In.4, In.2 'config', In.0 'call', In.1
                      1450611958 ~6335%      {5} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlow#fffff_03412#join_rhs ON FIRST 3 OUTPUT Lhs.3 'call', Lhs.4, Lhs.2 'config', Rhs.3, Rhs.4
                      7043648    ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 5 OUTPUT Lhs.0 'call', Lhs.2 'config'
                                             return r3
```

After:
```
[2021-08-25 10:57:02] (2652s) Tuple counts for DataFlowImpl2::Stage3::callMayFlowThroughFwd#ff/2@d3e27b:
                      15495496 ~0%         {6} r1 = SCAN DataFlowImpl2::Stage3::fwdFlowOutFromArg#fffff#reorder_0_2_4_1_3 OUTPUT In.0 'call', In.1, In.2 'config', In.3, In.4, In.2 'config'
                      9236888  ~22%        {7} r2 = JOIN r1 WITH DataFlowImpl2::Stage3::fwdFlowIsEntered#fffff#reorder_0_3_4_1_2 ON FIRST 3 OUTPUT Lhs.3, Rhs.3, Rhs.4, Lhs.4, Lhs.5, Lhs.0 'call', Lhs.2 'config'
                      7043648  ~20415%     {2} r3 = JOIN r2 WITH DataFlowImpl2::Stage3::fwdFlow#fffff ON FIRST 5 OUTPUT Lhs.5 'call', Lhs.6 'config'
                                           return r3
```
 2021-09-01 19:57:29 +02:00
Tamás Vajk e9ff6e8755
Merge pull request #6578 from tamasvajk/fix/cil-local-decoding 
C#: Handle non-critical exception in CIL local variable extraction
 2021-09-01 12:52:53 +02:00
Tamas Vajk b267d26ff8 C#: Fix completely broken type argument extraction in NoMetadataHandleType 2021-08-31 14:34:27 +02:00