Merge branch 'main' into rust-df-inconsistency-no-location

Author: paldepind

csharp/ql/lib/change-notes/2024-11-26-model-microsoft.jsinterop.ijsruntime.md

@@ -0,0 +1,5 @@
+---
+category: minorAnalysis
+---
+* Added `js-interop` sinks for the `InvokeAsync` and `InvokeVoidAsync` methods of `Microsoft.JSInterop.IJSRuntime`, which can run arbitrary JavaScript. 
+

csharp/ql/lib/ext/Microsoft.JSInterop.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sinkModel
+    data:
+      - ["Microsoft.JSInterop", "JSRuntimeExtensions", True, "InvokeAsync<TValue>", "", "", "Argument[1]", "js-injection", "manual"]
+      - ["Microsoft.JSInterop", "JSRuntimeExtensions", True, "InvokeVoidAsync", "", "", "Argument[1]", "js-injection", "manual"]

csharp/ql/test/library-tests/dataflow/library/FlowSummaries.expected

@@ -256,6 +256,12 @@ sink
 | Microsoft.EntityFrameworkCore;RelationalDatabaseFacadeExtensions;ExecuteSqlRawAsync;(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Object[]);Argument[1];sql-injection;manual |
 | Microsoft.EntityFrameworkCore;RelationalDatabaseFacadeExtensions;ExecuteSqlRawAsync;(Microsoft.EntityFrameworkCore.Infrastructure.DatabaseFacade,System.String,System.Threading.CancellationToken);Argument[1];sql-injection;manual |
 | Microsoft.EntityFrameworkCore;RelationalQueryableExtensions;FromSqlRaw<TEntity>;(Microsoft.EntityFrameworkCore.DbSet<TEntity>,System.String,System.Object[]);Argument[1];sql-injection;manual |
+| Microsoft.JSInterop;JSRuntimeExtensions;InvokeAsync<TValue>;(Microsoft.JSInterop.IJSRuntime,System.String,System.Object[]);Argument[1];js-injection;manual |
+| Microsoft.JSInterop;JSRuntimeExtensions;InvokeAsync<TValue>;(Microsoft.JSInterop.IJSRuntime,System.String,System.Threading.CancellationToken,System.Object[]);Argument[1];js-injection;manual |
+| Microsoft.JSInterop;JSRuntimeExtensions;InvokeAsync<TValue>;(Microsoft.JSInterop.IJSRuntime,System.String,System.TimeSpan,System.Object[]);Argument[1];js-injection;manual |
+| Microsoft.JSInterop;JSRuntimeExtensions;InvokeVoidAsync;(Microsoft.JSInterop.IJSRuntime,System.String,System.Object[]);Argument[1];js-injection;manual |
+| Microsoft.JSInterop;JSRuntimeExtensions;InvokeVoidAsync;(Microsoft.JSInterop.IJSRuntime,System.String,System.Threading.CancellationToken,System.Object[]);Argument[1];js-injection;manual |
+| Microsoft.JSInterop;JSRuntimeExtensions;InvokeVoidAsync;(Microsoft.JSInterop.IJSRuntime,System.String,System.TimeSpan,System.Object[]);Argument[1];js-injection;manual |
 | ServiceStack.Messaging;BackgroundMqClient;SendAllOneWay;(System.Collections.Generic.IEnumerable<System.Object>);Argument[1].Element;file-content-store;manual |
 | ServiceStack.Messaging;BackgroundMqClient;SendOneWay;(System.Object);Argument[0];file-content-store;manual |
 | ServiceStack.Messaging;BackgroundMqClient;SendOneWay;(System.String,System.Object);Argument[1];file-content-store;manual |

python/extractor/semmle/util.py

@@ -10,7 +10,7 @@
 
 #Semantic version of extractor.
 #Update this if any changes are made
-VERSION = "7.1.1"
+VERSION = "7.1.2"
 
 PY_EXTENSIONS = ".py", ".pyw"
 

python/ql/lib/change-notes/2024-11-26-fix-match-cfg-pruning.md

@@ -0,0 +1,5 @@
+---
+category: fix
+---
+
+- Fixed a problem with the control-flow graph construction, where writing `case True:` or `case False:` would cause parts of the graph to be pruned by mistake.