hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4437 Commits

Author SHA1 Message Date
Geoffrey White
c462e010d1 Merge pull request #12266 from geoffw0/taintplusequals 
Swift: Taint through arithmetic
 2023-02-21 09:32:53 +00:00
Geoffrey White
cb8f5979d1 Swift: Update swift/string-length-conflation to taint tracking and remove a special case that's now covered by taint. 2023-02-20 18:18:15 +00:00
Geoffrey White
9b117fefd7 Swift: Generalize the arithmetic we allow taint through. 2023-02-20 18:18:15 +00:00
Geoffrey White
a5bb336647 Merge pull request #12265 from geoffw0/taintunaryplus 
Swift: Add unary +
 2023-02-20 18:04:37 +00:00
Geoffrey White
87c0b6195f Swift: Add taint tests for various arithmetic operators. 2023-02-20 17:22:51 +00:00
Geoffrey White
3038543242 Swift: Add UnaryPlusExpr. 2023-02-20 17:15:20 +00:00
Geoffrey White
e19e28fbb9 Merge pull request #12263 from geoffw0/flowsourceinline 
Swift: Convert the flow sources test to inline expectations.
 2023-02-20 16:13:01 +00:00
Geoffrey White
31967cc032 Swift: Add a couple of dataflow test cases for operators that behave as an identity function. 2023-02-20 15:42:07 +00:00
Geoffrey White
690b5debf4 Swift: Remove the old test. 2023-02-20 13:58:53 +00:00
Geoffrey White
dd7f54677b Swift: Add inline expectation tags. 2023-02-20 13:57:24 +00:00
Michael Nebel
813ffa440c Java: Consider ai-generated flow summaries to as generated summaries in dataflow. 2023-02-20 12:11:48 +01:00
Geoffrey White
b66ed57e17 Swift: Fix a mistake in FlowSources.qll. 2023-02-20 11:11:46 +00:00
Geoffrey White
d9f2d348f4 Swift: Add an inline expectations test for flow sources. 2023-02-20 11:03:10 +00:00
Tom Hvitved
658cc33bb8 Merge pull request #12212 from hvitved/util/inline-expect-test-use-end-line 
Util: Use end line instead of start line for actual results
 2023-02-20 11:41:02 +01:00
Geoffrey White
6cec8ece3f Swift: Split off FlowConfig.qll. 2023-02-20 10:27:40 +00:00
Geoffrey White
343ddede5a Merge branch 'main' into nsstring 2023-02-20 09:15:58 +00:00
Geoffrey White
7a9bbb1414 Swift: Model FileManager sources. 2023-02-17 20:04:27 +00:00
Geoffrey White
5d125572ec Swift: Test for FileManager taint sources. 2023-02-17 18:14:16 +00:00
Geoffrey White
ad886a3241 Swift: Autoformat. 2023-02-17 13:50:11 +00:00
Tom Hvitved
37fc8f5039 Swift: Update test expectations 2023-02-17 13:24:28 +01:00
Geoffrey White
417d175ff2 Merge branch 'main' into nsstring 2023-02-17 11:32:40 +00:00
Geoffrey White
c692a316b0 Swift: Add new results found in UncontrolledFormatString test. 2023-02-17 10:07:32 +00:00
Geoffrey White
9cd9627778 Swift: Fix identical rows. 2023-02-17 10:00:06 +00:00
Geoffrey White
981f232ea9 Swift: Additional test cases. 2023-02-17 09:49:02 +00:00
Paolo Tranquilli
c4c9fd72bb Swift: update to 5.7.3 
No changes to the Swift frontend library headers, so no changes to the
extractor seem to be required.
 2023-02-17 10:03:52 +01:00
Geoffrey White
0aa9c76f42 Swift: Grammar and formatting. 2023-02-17 08:45:51 +00:00
Geoffrey White
a894fc6ce8 Swift: Fix mistakes in String.qll models. 2023-02-16 18:24:36 +00:00
Geoffrey White
f64cb2983a Swift: Add tests for a few models we didn't cover. 2023-02-16 18:15:17 +00:00
Paolo Tranquilli
300db4f236 Merge pull request #12214 from github/redsun82/swift-codegen 
Swift: fix weird module naming in codegen
 2023-02-16 17:24:03 +01:00
Geoffrey White
cb11524dde Merge pull request #12154 from geoffw0/pathinjectionext 
Swift: More path injection sinks
 2023-02-16 16:00:31 +00:00
Paolo Tranquilli
f50382ba70 Swift: fix weird module naming in codegen 2023-02-16 14:53:31 +01:00
Paolo Tranquilli
3ec2a3c711 Swift: fix subtle codegen bug on missing files 
While the internal registry was being cleaned up from files removed by
codegen itself, it was not dropping files removed outside of codegen.

Because of this files removed by the user were not being regenerated
again if no change was staged to them, unless `--force` was provided.

This also fixes some such "ghost" entries in the registry and some
missing generated files.
 2023-02-16 11:46:51 +01:00
Paolo Tranquilli
e2d7a6910c Swift: generate raw helpers in synthesized stubs 
This will add helpers to get the underlying raw entities or constructor
arguments on stubs for synthesized classes.

For example a schema like:

```
@synth.from_class(A)
class B:
    pass

@synth.on_arguments(base=A, index=int)
class C:
    pass
```

will generate

```
cached
private Raw::A getUnderlyingEntity() { this = Synth::TB(result) }
```
in the `B.qll` stub and
```
cached
private Raw::A getUnderlyingBase() { this = Synth::TC(result, _) }

cached
private int getUnderlyingIndex() { this = Synth::TC(_, result) }
```
in the `C.qll` stub.

As stubs these can be freely changed later on.
 2023-02-16 10:49:21 +01:00
Geoffrey White
00302dc05f Swift: Model NSObject. 2023-02-15 22:12:39 +00:00
Geoffrey White
7e8645a1f6 Swift: Model NSMutableString. 2023-02-15 21:50:05 +00:00
Geoffrey White
d04ed14b8c fix model -2 2023-02-15 21:18:50 +00:00
Geoffrey White
75dd95f458 Swift: Correct one of the tests. 2023-02-15 18:37:51 +00:00
Geoffrey White
99caafb9b9 Swift: Model NSString. 2023-02-15 18:37:51 +00:00
Geoffrey White
d763c5a3a0 Swift: Update LocalTaint.expected for the changes so far. 2023-02-15 11:42:42 +00:00
Geoffrey White
2882286c3f Swift: Test taint sources for NSString. 2023-02-15 11:42:42 +00:00
Geoffrey White
9f734076b7 Swift: Test taint through NSString member variables. 2023-02-15 11:04:16 +00:00
Geoffrey White
452ca4ef0f Swift: Test taint through NSMutableString. 2023-02-15 11:04:01 +00:00
Geoffrey White
16ec29e3df Swift: Test taint throguh some NSObject methods. 2023-02-15 11:03:45 +00:00
Geoffrey White
85a0fd9b30 Swift: Test taint through NSString. 2023-02-15 11:03:06 +00:00
Paolo Tranquilli
81de500301 Swift: fix import not working in all python versions 2023-02-14 10:40:05 +01:00
Paolo Tranquilli
8e079320f3 Swift: some restructuring of codegen 
Loading of the schema and dbscheme has been moved to a separate
`loaders` package for better separation of concerns.
 2023-02-14 09:53:02 +01:00
Anders Schack-Mulligen
e877b161d8 Merge pull request #12124 from hvitved/dataflow/stage1-dispatch 
Data flow: Call context virtual dispatch pruning in stage 1
 2023-02-13 13:13:43 +01:00
Paolo Tranquilli
f07c598a22 Merge pull request #12164 from github/redsun82/swift-codegen-outside-bazel 
Swift: make `codegen` run also outside `bazel`
 2023-02-13 10:32:20 +01:00
Geoffrey White
124e4ddd4f Merge pull request #12150 from geoffw0/cfg2 
Swift: control flow for #available
 2023-02-13 09:17:06 +00:00
Paolo Tranquilli
483a87abe9 Swift: make codegen run also outside bazel 2023-02-13 09:39:31 +01:00