Skip to content

Commit cfc2c83

Browse files
author
Paolo Tranquilli
committed
Merge branch 'main' into redsun82/cargo-upgrade-2
2 parents fb327aa + 00c7bc1 commit cfc2c83

File tree

139 files changed

+6298
-276
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

139 files changed

+6298
-276
lines changed

.gitignore

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -62,6 +62,7 @@ node_modules/
6262

6363
# Temporary folders for working with generated models
6464
.model-temp
65+
/mad-generation-build
6566

6667
# bazel-built in-tree extractor packs
6768
/*/extractor-pack

Cargo.toml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ members = [
1010
"rust/ast-generator",
1111
"rust/autobuild",
1212
]
13+
exclude = ["mad-generation-build"]
1314

1415
[patch.crates-io]
1516
# patch for build script bug preventing bazel build

cpp/ql/lib/semmle/code/cpp/rangeanalysis/new/internal/semantic/SemanticCFG.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ private import SemanticExprSpecific::SemanticExprConfig as Specific
1010
*/
1111
class SemBasicBlock extends Specific::BasicBlock {
1212
/** Holds if this block (transitively) dominates `otherblock`. */
13-
final predicate bbDominates(SemBasicBlock otherBlock) { Specific::bbDominates(this, otherBlock) }
13+
final predicate dominates(SemBasicBlock otherBlock) { Specific::bbDominates(this, otherBlock) }
1414

1515
/** Gets an expression that is evaluated in this basic block. */
1616
final SemExpr getAnExpr() { result.getBasicBlock() = this }
Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
{
22
"sdk": {
3-
"version": "9.0.100"
3+
"version": "9.0.300"
44
}
55
}

csharp/ql/integration-tests/all-platforms/blazor_build_mode_none/XSS.expected

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,8 +3,8 @@
33
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | User-provided value |
44
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | $@ flows to here and is written to HTML or JavaScript. | BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | User-provided value |
55
edges
6-
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
7-
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
6+
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | provenance | Src:MaD:2 MaD:3 |
7+
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | BlazorTest/Components/MyOutput.razor:5:53:5:57 | access to property Value | provenance | Sink:MaD:1 |
88
models
99
| 1 | Sink: Microsoft.AspNetCore.Components; MarkupString; false; MarkupString; (System.String); ; Argument[0]; html-injection; manual |
1010
| 2 | Source: Microsoft.AspNetCore.Components; SupplyParameterFromQueryAttribute; false; ; ; Attribute.Getter; ReturnValue; remote; manual |
@@ -14,5 +14,5 @@ nodes
1414
| BlazorTest/Components/Pages/TestPage.razor:11:48:11:55 | access to property UrlParam | semmle.label | access to property UrlParam |
1515
| BlazorTest/Components/Pages/TestPage.razor:20:60:20:69 | access to property QueryParam | semmle.label | access to property QueryParam |
1616
| BlazorTest/Components/Pages/TestPage.razor:85:23:85:32 | access to property QueryParam : String | semmle.label | access to property QueryParam : String |
17-
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:569:16:577:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
17+
| test-db/working/razor/AC613014E59A413B9538FF8068364499/Microsoft.CodeAnalysis.Razor.Compiler/Microsoft.NET.Sdk.Razor.SourceGenerators.RazorSourceGenerator/Components_Pages_TestPage_razor.g.cs:553:16:561:13 | call to method TypeCheck<String> : String | semmle.label | call to method TypeCheck<String> : String |
1818
subpaths

csharp/ql/integration-tests/posix/query-suite/csharp-security-and-quality.qls.expected

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,6 @@ ql/csharp/ql/src/Concurrency/SynchSetUnsynchGet.ql
3838
ql/csharp/ql/src/Concurrency/UnsafeLazyInitialization.ql
3939
ql/csharp/ql/src/Concurrency/UnsynchronizedStaticAccess.ql
4040
ql/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
41-
ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
4241
ql/csharp/ql/src/Dead Code/DeadStoreOfLocal.ql
4342
ql/csharp/ql/src/Diagnostics/CompilerError.ql
4443
ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
@@ -146,8 +145,6 @@ ql/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql
146145
ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
147146
ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
148147
ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
149-
ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
150-
ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
151148
ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
152149
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
153150
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql

csharp/ql/integration-tests/posix/query-suite/csharp-security-extended.qls.expected

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,4 @@
11
ql/csharp/ql/src/Configuration/EmptyPasswordInConfigurationFile.ql
2-
ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
32
ql/csharp/ql/src/Diagnostics/CompilerError.ql
43
ql/csharp/ql/src/Diagnostics/CompilerMessage.ql
54
ql/csharp/ql/src/Diagnostics/DiagnosticExtractionErrors.ql
@@ -49,8 +48,6 @@ ql/csharp/ql/src/Security Features/CWE-639/InsecureDirectObjectReference.ql
4948
ql/csharp/ql/src/Security Features/CWE-643/XPathInjection.ql
5049
ql/csharp/ql/src/Security Features/CWE-730/ReDoS.ql
5150
ql/csharp/ql/src/Security Features/CWE-730/RegexInjection.ql
52-
ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
53-
ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
5451
ql/csharp/ql/src/Security Features/CWE-807/ConditionalBypass.ql
5552
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadDomain.ql
5653
ql/csharp/ql/src/Security Features/CookieWithOverlyBroadPath.ql

csharp/ql/integration-tests/posix/query-suite/not_included_in_qls.expected

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ ql/csharp/ql/src/Bad Practices/Naming Conventions/DefaultControlNames.ql
2626
ql/csharp/ql/src/Bad Practices/Naming Conventions/VariableNameTooShort.ql
2727
ql/csharp/ql/src/Bad Practices/UseOfHtmlInputHidden.ql
2828
ql/csharp/ql/src/Bad Practices/UseOfSystemOutputStream.ql
29+
ql/csharp/ql/src/Configuration/PasswordInConfigurationFile.ql
2930
ql/csharp/ql/src/Dead Code/DeadRefTypes.ql
3031
ql/csharp/ql/src/Dead Code/NonAssignedFields.ql
3132
ql/csharp/ql/src/Dead Code/UnusedField.ql
@@ -89,6 +90,8 @@ ql/csharp/ql/src/Security Features/CWE-321/HardcodedSymmetricEncryptionKey.ql
8990
ql/csharp/ql/src/Security Features/CWE-327/DontInstallRootCert.ql
9091
ql/csharp/ql/src/Security Features/CWE-502/UnsafeDeserialization.ql
9192
ql/csharp/ql/src/Security Features/CWE-611/UseXmlSecureResolver.ql
93+
ql/csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql
94+
ql/csharp/ql/src/Security Features/CWE-798/HardcodedCredentials.ql
9295
ql/csharp/ql/src/Security Features/CWE-838/InappropriateEncoding.ql
9396
ql/csharp/ql/src/Useless code/PointlessForwardingMethod.ql
9497
ql/csharp/ql/src/definitions.ql

csharp/ql/src/Configuration/PasswordInConfigurationFile.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* @kind problem
55
* @problem.severity warning
66
* @security-severity 7.5
7-
* @precision medium
7+
* @precision low
88
* @id cs/password-in-configuration
99
* @tags security
1010
* external/cwe/cwe-013

csharp/ql/src/Security Features/CWE-798/HardcodedConnectionString.ql

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
* @kind path-problem
55
* @problem.severity error
66
* @security-severity 9.8
7-
* @precision medium
7+
* @precision low
88
* @id cs/hardcoded-connection-string-credentials
99
* @tags security
1010
* external/cwe/cwe-259

0 commit comments

Comments
 (0)