hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 02:44:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
82,643 Commits 1,672 Branches 157 Tags
alexet/avoid-path-node-java
Commit Graph

4437 Commits

Author SHA1 Message Date
Tom Hvitved
4e3fcc3235 Swift: Avoid calls to deprecated SSA predicates 2022-11-03 09:03:20 +01:00
Dave Bartolomeo
a475e5758d Merge remote-tracking branch 'upstream/main' into dbartol/use-workspace-versions 2022-11-02 12:38:03 -04:00
Karim Ali
f6484e6e6b cleanup old code comments 2022-11-02 16:21:51 +02:00
Karim Ali
27d2dc6d9e update expected results 2022-11-02 16:13:50 +02:00
Karim Ali
eefda61445 add a query that checks for the use of static IVs 2022-11-02 16:09:00 +02:00
Paolo Tranquilli
2c517a3237 Swift: fix codegen test invocation 2022-11-02 14:48:20 +01:00
Paolo Tranquilli
99764450b3 Swift: remove redundant test run 2022-11-02 14:44:33 +01:00
Paolo Tranquilli
bc65d358f2 Swift: fix wrongly exchanged action bodies 2022-11-02 14:43:57 +01:00
Paolo Tranquilli
6ce6d9dc37 Swift: fix quick tests action, again 2022-11-02 14:42:14 +01:00
Paolo Tranquilli
08909e5c69 Swift: fix quick tests action 2022-11-02 14:38:07 +01:00
Paolo Tranquilli
e6d4685109 Swift: split quick tests in separate action 
Also, make the quick test list explicit in the action code, so we can
catch an inadvertant test deletion.
 2022-11-02 14:32:45 +01:00
Paolo Tranquilli
3acd4486a3 Swift: add tests for RUN_UNDER support 
While I would have preferred to add a proper unit test, this required
more infrastructure for mocking system calls. Instead I made `qltest.sh`
accept a `//codeql-extractor-env` header and used that to write a QL
test exercising the `RUN_UNDER` functionality.
 2022-11-02 12:09:13 +01:00
Tony Torralba
759ffc4743 Merge pull request #11027 from atorralba/atorralba/swift/webview-js-native-bridge-sources 
Swift: WebView JS-native bridge sources
 2022-11-02 09:32:57 +01:00
Paolo Tranquilli
82998ce3a3 Merge branch 'main' into redsun82/swift-filtered-debugging 2022-11-02 06:39:16 +01:00
Paolo Tranquilli
57a616262f Swift: fix run cwd 2022-11-02 06:27:09 +01:00
Paolo Tranquilli
0d9ecfc4de Swift: move small bazel tests to build action 2022-11-02 06:23:44 +01:00
Paolo Tranquilli
6e370beb92 Swift: turn on macOS QL tests with slicing 2022-11-02 06:07:55 +01:00
Geoffrey White
85e99feb49 Swift: Have swift/unsafe-webview-fetch use indices instead of parameter names. 2022-11-01 22:58:48 +00:00
Geoffrey White
d87117f623 Swift: Have swift/string-length-conflation use indices instead of parameter names. 2022-11-01 22:51:10 +00:00
Dave Bartolomeo
9d5e5e3ee7 ${workspace} all the things 2022-11-01 13:29:05 -04:00
Dave Bartolomeo
49c4c554c4 Merge from main 2022-11-01 13:22:40 -04:00
Karim Ali
8be4d47178 fix typos 2022-11-01 16:03:36 +02:00
Geoffrey White
84c754e007 Merge pull request #11062 from geoffw0/rename 
Swift: Rename ECB-Encryption directory
 2022-11-01 12:59:53 +00:00
Karim Ali
fe408cfb41 add a query that detects the use of constant passwords 2022-11-01 14:03:27 +02:00
Geoffrey White
c3577b2256 Swift: Rename test directory. 2022-11-01 09:21:50 +00:00
Geoffrey White
7d80c5c7f7 Swift: Rename query directory. 2022-11-01 09:21:10 +00:00
Paolo Tranquilli
59284739dd Swift: reenable ql tests on macos 2022-10-31 17:07:56 +01:00
Paolo Tranquilli
003866621f Swift: rework workflows 
* A unique workflow file has been created merging all `swift-*.yml`
  workflows
* Change filtering at job level was added using [dorny/paths-filter][1]
* only one build of the extractor is made, and then shared via cache
  (not as an artifact because of [this longstading issue][2])
* integration tests are now run on on macOS
* qltests are not run any more on macOS to cut on feedback time
* autobuilder tests were moved to the macOS build step to avoid loading
  bazel twice

[1]: https://github.com/dorny/paths-filter#examples
[2]: https://github.com/actions/upload-artifact/issues/38
 2022-10-31 16:59:11 +01:00
Karim Ali
3911f3b202 update query description following docs review 2022-10-31 13:54:35 +02:00
Karim Ali
76a330d4b9 update code example to be OWASP compliant 2022-10-31 13:52:49 +02:00
Karim Ali
723ca8ed88 update documentation following docs review 2022-10-31 13:50:30 +02:00
Tony Torralba
b62ede1544 Fix issue in JsExportedSource 
Model the source as an access to the tainted field, instead of the field itself (which didn't work)
 2022-10-31 12:08:03 +01:00
Geoffrey White
ca586b4f3d Merge remote-tracking branch 'upstream/main' into global 2022-10-31 10:28:29 +00:00
Geoffrey White
0dd8f574a7 Swift: Redesign as a FreeFunctionDecl class + add some qldoc. 2022-10-31 10:24:12 +00:00
Geoffrey White
c161bb5e95 Merge pull request #11035 from geoffw0/simplify2 
Swift: Simplify some more QL
 2022-10-31 09:50:55 +00:00
Paolo Tranquilli
2b395985e6 Swift: remove unneeded trailing / in README.md 2022-10-31 09:55:03 +01:00
Paolo Tranquilli
e62acb1e8c Swift: revert wrong paragraph edit in README.md 2022-10-31 09:54:15 +01:00
Paolo Tranquilli
7237362feb Swift: add debug path mapping to README.md 
This allows breakpoints to work more reliably, including on a bazel
project in CLion.
 2022-10-31 09:51:41 +01:00
Paolo Tranquilli
46c7ee0e4f Swift: refactor RUN_UNDER code 2022-10-31 09:51:20 +01:00
Paolo Tranquilli
80debe19e0 Swift: fix RUN_UNDER_FILTER check 2022-10-31 09:50:45 +01:00
Geoffrey White
840b74dbb5 Swift: Add and use ApplyExpr.getArgumentByParamName. 2022-10-28 17:55:11 +01:00
Geoffrey White
f122005aaf Swift: Simplify out some variables. 2022-10-28 17:26:17 +01:00
Tony Torralba
2402504a4c Add missing SummaryPostUpdateNode 2022-10-28 18:24:17 +02:00
Geoffrey White
b4d939a620 Swift: Correct a comment. 2022-10-28 17:11:24 +01:00
Chris Smowton
5ad5cdce47 Swift integration-test runner: use --additional-packs 2022-10-28 16:07:38 +01:00
Chris Smowton
ee63e60bb7 qlpacks: libraryPathDependencies -> dependencies 2022-10-28 16:07:36 +01:00
Geoffrey White
648c2d09f9 Swift: Simplify InsecureTLS.ql. 2022-10-28 15:56:03 +01:00
Tony Torralba
baf7986cfa Rework types exported through JSContext 
Better model the JSExport protocol logic
 2022-10-28 15:56:05 +02:00
Geoffrey White
cf9c3afc86 Swift: Add and use AbstractFunctionDecl.hasGlobalName predicate. 2022-10-28 13:57:24 +01:00
Paolo Tranquilli
3dcdc739de Swift: add possibility to run the extractor under an env-specified tool 
if `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER` env variable is set, and either
* `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER_FILTER` is not set, or
* it is set to a regexp matching any substring of the extractor call
then the extractor process is substituted with the command (and possibly
options) stated in `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER`, followed by the
system arguments of the extractor itself (which should include the
extractor program itself at the start).

Before calling `exec`, `CODEQL_EXTRACTOR_SWIFT_RUN_UNDER` is unset to
avoid unpleasant loops.

An example usage is to run the extractor under `gdbserver :1234` when
the arguments match a given source file.
 2022-10-28 14:12:27 +02:00