hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4437 Commits

Author SHA1 Message Date
Geoffrey White
8273fa1a8c Swift: Track parse modes (prototype version). 2023-07-19 08:33:43 +01:00
Robert Marsh
093c6905dd Swift: only read ArrayContent from subscript keypaths 2023-07-18 19:42:54 +00:00
Geoffrey White
5dea539f3f Swift: Fix QL-for-QL suggestion. 2023-07-18 16:51:12 +01:00
Arthur Baars
99d8ae720f Swift: improve print-cfg query 2023-07-18 16:49:58 +02:00
Robert Marsh
bcc45658b3 Swift: Change note for ArrayContent 2023-07-18 14:12:53 +00:00
Robert Marsh
1fac08ef6c Swift: add qldoc for ArrayContent and Array models 2023-07-18 14:08:33 +00:00
Robert Marsh
dfa5e18988 Swift: autoformat 2023-07-18 14:01:30 +00:00
Geoffrey White
efea11fd0f Swift: getFullName. 2023-07-18 12:53:45 +01:00
Geoffrey White
1deacf40ca Merge pull request #13660 from geoffw0/regexinjection 
Swift: Query for regular expression injection
 2023-07-18 10:25:30 +01:00
Geoffrey White
96dece3c88 Swift: ReDoS query result changes. 2023-07-18 10:11:22 +01:00
Geoffrey White
86c6960e2a Swift: Add RegexUseFlow and modify the role of StringLiteralUseFlow. 2023-07-18 09:49:47 +01:00
Geoffrey White
c76d85df1b Swift: Create a model for RegexCreation. 2023-07-18 09:49:47 +01:00
Geoffrey White
734a00d616 Swift: Rename so that different data flows will be clear. 2023-07-18 09:49:47 +01:00
Geoffrey White
f243e854ae Swift: Move regex dataflow code into a RegexTracking library (similar to the layout in Ruby and Python). 2023-07-18 09:49:36 +01:00
Geoffrey White
b5a8a8d431 Merge pull request #13715 from geoffw0/parsemode 
Swift: Recognize regular expression parse mode flags
 2023-07-18 09:09:56 +01:00
Robert Marsh
81a25b23ba Swift: fix tests for array concatenation 2023-07-17 19:10:46 +00:00
Robert Marsh
d4b635d674 Swift: add ArrayContent summary support 2023-07-17 19:09:05 +00:00
Robert Marsh
169326ffe5 Swift: support array keypath reads in dataflow 2023-07-17 18:05:06 +00:00
Robert Marsh
0b35be284e Swift: additional dataflow tests for arrays 2023-07-17 18:03:20 +00:00
Geoffrey White
ddb499071c Swift: Pragmatic fix for CustomUrlSchemes.qll. 2023-07-17 16:10:37 +01:00
Geoffrey White
05cb429635 Swift: Add CfgConsistency.expected. 2023-07-17 15:59:18 +01:00
Robert Marsh
ef9376d39c Swift: more ArrayContent tests 2023-07-17 14:58:40 +00:00
Geoffrey White
70a9fe3974 Swift: Change note. 2023-07-17 15:42:56 +01:00
Geoffrey White
eca2c21af5 Swift: Model referrerURL. 2023-07-17 15:42:51 +01:00
Geoffrey White
bc4724b1fb Swift: Test the customurlschemes fields that inherit taint. 2023-07-17 15:39:02 +01:00
Geoffrey White
869ad2eb65 Apply suggestions from code review 
Co-authored-by: Matt Pollard <mattpollard@users.noreply.github.com>
 2023-07-17 15:17:24 +01:00
Geoffrey White
69b98c769c Merge pull request #13354 from geoffw0/sharedsensitive2 
Swift: Improve SensitiveExprs.qll Heuristics
 2023-07-17 09:16:09 +01:00
Geoffrey White
4644b7184b Swift: # -> // 2023-07-17 09:12:01 +01:00
Maiky
378313332b Fix sink 2023-07-14 20:55:24 +02:00
Geoffrey White
1c8297b91b Merge pull request #13548 from geoffw0/redos 
Swift: Query for REDOS (Regular Expression Denial Of Service)
 2023-07-14 10:44:52 +01:00
Geoffrey White
1274393c72 Swift: Remove 'cached' annotations. 2023-07-14 10:11:09 +01:00
Robert Marsh
42cc6448cc Swift: add DataFlow::Content for arrays 2023-07-13 20:16:21 +00:00
Geoffrey White
962c16d918 Apply suggestions from code review 
Co-authored-by: Ben Ahmady <32935794+subatoi@users.noreply.github.com>
 2023-07-13 19:20:49 +01:00
Geoffrey White
2b9d25b317 Swift: Additional test cases. 2023-07-13 17:30:03 +01:00
Anders Schack-Mulligen
837df2ad37 Dataflow: Sync. 2023-07-13 10:55:39 +02:00
Jeroen Ketema
52ab215560 C++/Swift: Remove none() dataflow configuration predicates 
These now have default implementations that are also `none()`
 2023-07-12 23:49:29 +02:00
Geoffrey White
0bd522aa7b Merge branch 'main' into sharedsensitive2 2023-07-12 21:07:06 +01:00
Ed Minnix
63299688d5 Add change notes for default implementations of isBarrier and isAdditionalFlowStep 2023-07-12 15:21:16 -04:00
Ed Minnix
18b606f930 Swift: Add default implementation of StateConfigSig::isAdditionalFlowStep/4 2023-07-12 15:06:25 -04:00
Ed Minnix
b76b9812fd Swift: Add default implementation of StateConfigSig::isBarrier/2 2023-07-12 15:06:25 -04:00
Geoffrey White
6d4c831ec5 Swift: Compute sensitive strings centrally (much more efficient evaluation). 2023-07-12 19:34:09 +01:00
Geoffrey White
02ddcab773 Swift: Cleanup / corrections. 2023-07-12 18:26:59 +01:00
Geoffrey White
5c6b8bd36e Swift: Introduce EnumElmentDecl.hasQualifiedName and use it to clean up the code. 2023-07-12 17:18:04 +01:00
Maiky
c9fadd98f4 Support CommandInjectionAdditionalFlowStep and fix doc errors 2023-07-12 16:48:27 +02:00
Maiky
d7d9ffc449 Doc error 
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
 2023-07-12 16:44:17 +02:00
Maiky
cea3477ac2 Qhelp and examples 2023-07-12 02:13:07 +02:00
Geoffrey White
5f8f1b64c6 Swift: Model Connection.Location.uri sink. 2023-07-11 18:10:43 +01:00
Geoffrey White
ebb379f08c Swift: Fix sqlite3_temp_directory sink. 2023-07-11 16:50:42 +01:00
Geoffrey White
cffdc0a8a7 Merge pull request #13698 from geoffw0/url2 
Swift: Expand taint models for URL
 2023-07-11 13:14:20 +01:00
Geoffrey White
fcc98f83c0 Swift: Autoformat. 2023-07-11 10:05:24 +01:00