hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into rust-experiment

Browse Source
This commit is contained in:
Paolo Tranquilli
2024-09-05 12:29:29 +02:00
parent 885e89a927 28a7fca7ed
commit b23e482ed2
1517 changed files with 24274 additions and 7896 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
swift/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.1.2
No user-facing changes.
## 1.1.1
### Minor Analysis Improvements

5
swift/ql/lib/change-notes/2024-09-03-outdated-deprecations.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: breaking
---
* Deleted the deprecated `explorationLimit` predicate from `DataFlow::Configuration`, use `FlowExploration<explorationLimit>` instead.
* Deleted the deprecated `getDerivedTypeDecl` predicate from the `TypeDecl` class, use `getADerivedTypeDecl` or `getABaseTypeDecl` instead.

3
swift/ql/lib/change-notes/released/1.1.2.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.1.2
No user-facing changes.

2
swift/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.1.1
lastReleaseVersion: 1.1.2

8
swift/ql/lib/codeql/swift/dataflow/internal/DataFlowImpl1.qll
View File

@@ -168,14 +168,6 @@ abstract deprecated class Configuration extends string {
*/
predicate hasFlowToExpr(DataFlowExpr sink) { this.hasFlowTo(exprNode(sink)) }
/**
* DEPRECATED: Use `FlowExploration<explorationLimit>` instead.
*
* Gets the exploration limit for `hasPartialFlow` and `hasPartialFlowRev`
* measured in approximate number of interprocedural steps.
*/
deprecated int explorationLimit() { none() }
/**
* Holds if hidden nodes should be included in the data flow graph.
*

7
swift/ql/lib/codeql/swift/elements/decl/TypeDecl.qll
View File

@@ -75,13 +75,6 @@ class TypeDecl extends Generated::TypeDecl {
*/
TypeDecl getABaseTypeDecl() { result = this.getABaseType().(AnyGenericType).getDeclaration() }
/**
* Gets a declaration that has this type as its `index`th base type.
*
* DEPRECATED: The index is not very meaningful here. Use `getADerivedTypeDecl` or `getABaseTypeDecl`.
*/
deprecated TypeDecl getDerivedTypeDecl(int i) { result.getBaseTypeDecl(i) = this }
/**
* Gets the declaration of any type derived from this type declaration. Expands protocols
* added in extensions and expands type aliases. For example in the following code, `B`

2
swift/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/swift-all
version: 1.1.2-dev
version: 1.1.3-dev
groups: swift
extractor: swift
dbscheme: swift.dbscheme

6
swift/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,9 @@
## 1.0.6
### Minor Analysis Improvements
* False positive results from the `swift/cleartext-transmission` ("Cleartext transmission of sensitive information") query involving `tel:`, `mailto:` and similar URLs have been fixed.
## 1.0.5
### Minor Analysis Improvements

7
swift/ql/src/change-notes/2024-08-12-cleartext-transmission.md → swift/ql/src/change-notes/released/1.0.6.md
View File

@@ -1,4 +1,5 @@
---
category: minorAnalysis
---
## 1.0.6
### Minor Analysis Improvements
* False positive results from the `swift/cleartext-transmission` ("Cleartext transmission of sensitive information") query involving `tel:`, `mailto:` and similar URLs have been fixed.

2
swift/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.0.5
lastReleaseVersion: 1.0.6

2
swift/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/swift-queries
version: 1.0.6-dev
version: 1.0.7-dev
groups:
- swift
- queries

4
swift/ql/src/queries/Security/CWE-020/IncompleteHostnameRegex.qhelp
View File

@@ -46,7 +46,7 @@
</p>
<sample src="IncompleteHostnameRegexBad.swift"/>
<sample src="IncompleteHostnameRegexBad.swift" language=""/>
<p>
@@ -63,7 +63,7 @@
</p>
<sample src="IncompleteHostnameRegexGood.swift"/>
<sample src="IncompleteHostnameRegexGood.swift" language=""/>
</example>

2
swift/ql/src/queries/Security/CWE-116/BadTagFilter.qhelp
View File

@@ -28,7 +28,7 @@ likely to handle corner cases correctly than a custom implementation.
The following example attempts to filters out all <code>&lt;script&gt;</code> tags.
</p>
<sample src="BadTagFilterBad.swift" />
<sample src="BadTagFilterBad.swift" language="" />
<p>
The above sanitizer does not filter out all <code>&lt;script&gt;</code> tags.

4
swift/ql/src/queries/Security/CWE-1333/ReDoS.qhelp
View File

@@ -3,7 +3,7 @@
<include src="ReDoSIntroduction.inc.qhelp" />
<example>
<p>Consider the following regular expression:</p>
<sample language="swift">
<sample language="">
/^_(__|.)+_$/</sample>
<p>
Its sub-expression <code>"(__|.)+"</code> can match the string
@@ -19,7 +19,7 @@
the ambiguity between the two branches of the alternative inside the
repetition:
</p>
<sample language="swift">
<sample language="">
/^_(__|[^_])+_$/</sample>
</example>
<include src="ReDoSReferences.inc.qhelp"/>

8
swift/third_party/load.bzl vendored
View File

@@ -1,11 +1,11 @@
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
load("@bazel_tools//tools/build_defs/repo:utils.bzl", "maybe")
_swift_prebuilt_version = "swift-5.10-RELEASE.322"
_swift_prebuilt_version = "swift-5.10.1-RELEASE.323"
_swift_sha_map = {
"Linux-X64": "634497779e930a808489e5d472753b604c07085abf411356cae7921bde14130f",
"macOS-ARM64": "293df92da9a3cc79c595a28b1b4ec881a5fdb248ea7eac34c89943e94deff700",
"macOS-X64": "813c1746777701d30e716c130b0bb087a9c5b7ab025fd99afc695ec52cd432ad",
"Linux-X64": "29c7c53ab2f438e85daecdb4567173c78ac32afc45753d7277d744aed515229d",
"macOS-ARM64": "e697f423c8abcb8a942246489fd4f8ce71472119510b64b2073eaeaec86b771e",
"macOS-X64": "faef29334e8615e8a71263c7453ebc7e566d6f2928d827675f6faae233c544a6",
}
_swift_arch_map = {