[DIFF-INFORMED] Swift: InsecureTLS

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/swift/ql/src/queries/Security/CWE-757/InsecureTLS.ql#L18
2025-12-16 16:53:25 +01:00 · 2025-07-16 16:47:04 +02:00
parent 6dea73b081
commit b1e723991e
1 changed files with 4 additions and 0 deletions
--- a/swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll
+++ b/swift/ql/lib/codeql/swift/security/InsecureTLSQuery.qll
@@ -21,6 +21,10 @@ module InsecureTlsConfig implements DataFlow::ConfigSig {
  predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
    any(InsecureTlsExtensionsAdditionalFlowStep s).step(nodeFrom, nodeTo)
  }
+
+  predicate observeDiffInformedIncrementalMode() {
+    none() // query selects some Swift nodes (e.g. "[post] self") that have location file://:0:0:0:0, which always fall outside the diff range.
+  }
 }

 module InsecureTlsFlow = TaintTracking::Global<InsecureTlsConfig>;