codeql

mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00

Author	SHA1	Message	Date
Geoffrey White	a568d0af7f	Swift: Remove unused variable.	2023-01-17 18:10:02 +00:00
Geoffrey White	b3d30bfc4f	Swift: Add NumberLiteral sources as well.	2023-01-17 18:04:26 +00:00
Geoffrey White	d1cfdb97ee	Swift: Model RNCryptor.	2023-01-17 17:55:52 +00:00
Geoffrey White	a92e1c7ea0	Swift: Add tests for RNCryptor library.	2023-01-17 17:31:49 +00:00
Geoffrey White	9911dd53e1	Merge branch 'main' into coredata	2023-01-17 16:22:53 +00:00
Geoffrey White	ea06ad1933	Merge pull request #11529 from geoffw0/format Swift: Uncontrolled format string query	2023-01-17 16:16:10 +00:00
Geoffrey White	3c55cdd5be	Swift: Catch the last two test results as well.	2023-01-17 16:04:58 +00:00
Geoffrey White	d42848bb7e	Swift: Upgrade the query from dataflow to taint tracking, so as to support more flows.	2023-01-17 16:04:58 +00:00
Geoffrey White	a8ef9cc987	Swift: Add tests for RNCryptor library.	2023-01-17 16:04:57 +00:00
Geoffrey White	037b49b454	Update swift/ql/test/query-tests/Security/CWE-259/rncryptor.swift Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>	2023-01-17 14:16:52 +00:00
Geoffrey White	74a37475db	Swift: Model RNCryptor.	2023-01-17 11:54:12 +00:00
Geoffrey White	449ebb8a12	Swift: Add tests for RNCryptor library.	2023-01-17 09:03:07 +00:00
Tony Torralba	bd5619147d	Merge pull request #11590 from atorralba/atorralba/swift/sensitive-info-logs Swift: Add Cleartext Logging query	2023-01-16 16:22:20 +01:00
Geoffrey White	6a0b56bf40	Swift: Fix for extensions.	2023-01-11 18:32:07 +00:00
Geoffrey White	2622de9747	Swift: Improve Core Data coverage.	2023-01-11 18:26:34 +00:00
Geoffrey White	82f9903bf0	Swift: Additional test cases for swift/cleartext-storage-database on Core Data.	2023-01-11 18:22:32 +00:00
Tony Torralba	c115a9fee4	Add more path injection sinks	2023-01-11 14:28:24 +01:00
Tony Torralba	a4f813183e	Merge pull request #11785 from atorralba/atorralba/swift/grdb-sinks Swift: Add sinks for the GRDB library	2023-01-11 11:49:37 +01:00
Tony Torralba	49a41c98ee	Test that hashed passwords are 'safe' to log This doesn't seem completely right, but the heuristic approach we have regarding sensitive expressions has to draw the line somewhere.	2023-01-09 18:01:07 +01:00
Tony Torralba	7e0869965c	Uncomment tests	2023-01-09 18:01:07 +01:00
Tony Torralba	c1f19dd145	Add stub so that tests work on Linux	2023-01-09 18:01:07 +01:00
Tony Torralba	b203a9eb6e	Add a sanitizer for OSLogPrivacy options Add test cases to verify how the sanitizer behaves depending on the argument type and the privacy option being used.	2023-01-09 18:01:07 +01:00
Tony Torralba	aad56097ac	Add Cleartext Loggin query for Swift. With some caveats: see TODO comments and failing tests.	2023-01-09 18:01:07 +01:00
Tony Torralba	eb78661c1f	Add missing SQL injection tests for the GRDB SQL class	2023-01-09 17:36:54 +01:00
Geoffrey White	9333e80def	Swift: Add getVaList stub to the test.	2023-01-09 10:29:37 +00:00
Mathias Vorreiter Pedersen	9be9636816	Merge pull request #11670 from atorralba/atorralba/swift/predicate-injection Swift: Add predicate injection query	2023-01-09 08:54:13 +00:00
Geoffrey White	fc646a6d48	Swift: Update .expected following a toString change in main.	2023-01-03 16:25:14 +00:00
Geoffrey White	e05bb7fcee	Merge branch 'main' into format	2023-01-03 15:14:55 +00:00
Tony Torralba	07d99bd643	Add path injection sinks	2022-12-23 17:16:06 +01:00
Tony Torralba	4215a89bc8	Add cleartext storage database sinks	2022-12-23 17:15:59 +01:00
Tony Torralba	ac39aeb6b6	Add SQLi sinks	2022-12-23 17:03:31 +01:00
Mathias Vorreiter Pedersen	b330b628e3	Merge pull request #11595 from d10c/swift/extract-mainactor Swift: MethodRefExpr -> MethodLookupExpr	2022-12-22 10:22:33 +00:00
Arthur Baars	7111d950c1	Swift: add AlertSuppression.ql	2022-12-21 13:15:26 +01:00
Nora Dimitrijević	8b0da01e0d	Swift: allow self./super. sinks in StaticInitializationVector Assumption: the extra path is not an issue in practice as the body of the cryptographic library's init methods are not normally extracted, only the stubs in this test are.	2022-12-19 17:39:44 -05:00
Geoffrey White	1f7d96a74a	Merge branch 'main' into format	2022-12-15 15:17:54 +00:00
Tony Torralba	11c03fb8c9	Add 'good' test cases	2022-12-15 12:35:47 +01:00
Nora Dimitrijević	5faa44389e	Swift: Basic acceptance of UnsafeJsEval test TODO: Fix remaining problem in a separate PR: - path found to one async `@MainActor` evaluateJavaScript call, but not others. Investigate why. - Remove duplicate paths and those with unnecessary [summary] nodes.	2022-12-14 15:02:15 -05:00
Nora Dimitrijević	95d4c304da	Swift: Fix .expected tests Only UnsafeJsEval remains.	2022-12-14 15:02:15 -05:00
Tony Torralba	d72d096c86	Add predicate injection query	2022-12-13 10:27:29 +01:00
Tony Torralba	7dca1b4b06	Merge branch 'main' into atorralba/swift/path-injection	2022-12-05 16:21:22 +01:00
Geoffrey White	85a0a42da9	Swift: try again to satisfy ql-for-ql.	2022-12-02 10:15:11 +00:00
Geoffrey White	f7ebd1312e	Swift: Corrections.	2022-12-01 20:13:56 +00:00
Geoffrey White	32c4728f83	Swift: Add tests.	2022-12-01 16:32:33 +00:00
Karim Ali	f6bc88471a	update the expected output for CWE-079 Now that we have support for taint through fields of String, we can now detect certain flows that we previously marked as [NOT DETECTED]. This commit updates the expected output of CWE-079 (and the in-code annotation of the accompanying test case) to reflect that update.	2022-11-30 16:34:24 +02:00
Tony Torralba	e222807693	Remove dubious sinks	2022-11-30 13:25:17 +01:00
Tony Torralba	bf023b0aed	Use dominance in path injection sanitizer to avoid FNs	2022-11-29 13:33:27 +01:00
Tony Torralba	52ebf66d21	Add basic path sanitizer	2022-11-29 11:55:04 +01:00
Tony Torralba	1576ee9410	Add additional stub to avoid errors when building on Linux	2022-11-29 11:55:03 +01:00
Tony Torralba	8cc66172c3	Add path injection query	2022-11-29 11:55:03 +01:00
Geoffrey White	ffbd201450	Swift: Implement basic model of WKUserScript.	2022-11-28 12:20:29 +00:00

... 6 7 8 9 10 ...

555 Commits