Merge branch 'main' of https://github.com/github/codeql into post-release-prep/codeql-cli-2.25.1

2026-04-22 15:25:18 +02:00 · 2026-03-30 10:51:12 +02:00
parent ce6e6d5db3 898d12b0be
commit 59eec7ffa2
765 changed files with 13826 additions and 27987 deletions
--- a/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Security.qll
+++ b/swift/ql/lib/codeql/swift/frameworks/StandardLibrary/Security.qll
@@ -1,5 +1,5 @@
 /**
- * Provides models for standard library Swift classses related to security
+ * Provides models for standard library Swift classes related to security
 * (certificate, key and trust services).
 */

--- a/swift/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
+++ b/swift/ql/src/change-notes/2026-03-13-adjust-xss-and-log-injection-severity.md
@@ -0,0 +1,4 @@
+---
+category: queryMetadata
+---
+* The `@security-severity` metadata of `swift/unsafe-webview-fetch` has been increased from 6.1 (medium) to 7.8 (high).
--- a/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
+++ b/swift/ql/src/queries/Security/CWE-079/UnsafeWebViewFetch.ql
@@ -3,7 +3,7 @@
 * @description Fetching data in a WebView without restricting the base URL may allow an attacker to access sensitive local data, or enable cross-site scripting attack.
 * @kind path-problem
 * @problem.severity warning
- * @security-severity 6.1
+ * @security-severity 7.8
 * @precision high
 * @id swift/unsafe-webview-fetch
 * @tags security